[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-7094":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":16,"forks30d":16,"starsTrendScore":17,"compositeScore":19,"rankGlobal":10,"rankLanguage":10,"license":20,"archived":21,"fork":21,"defaultBranch":22,"hasWiki":23,"hasPages":21,"topics":24,"createdAt":10,"pushedAt":10,"updatedAt":25,"readmeContent":26,"aiSummary":27,"trendingCount":16,"starSnapshotCount":16,"syncStatus":28,"lastSyncTime":29,"discoverSource":30},7094,"IOSSecuritySuite","securing\u002FIOSSecuritySuite","securing","iOS platform security & anti-tampering Swift library","https:\u002F\u002Fwww.securing.biz\u002F",null,"Swift",2673,337,72,5,0,1,19,61.99,"Other",false,"master",true,[],"2026-06-12 04:00:32","## ⭐️ Do you want to become a certified iOS Application Security Engineer? ⭐️\n\nCheck out our practical & fully online course at: [https:\u002F\u002Fcourses.securing.pl\u002Fcourses\u002Fiase](https:\u002F\u002Fcourses.securing.pl\u002Fcourses\u002Fiase?utm_source=githubiosss&utm_medium=githubiosss&utm_campaign=githubiosss&utm_id=githubiosss)\n\n![iASE logo](.\u002Fiase_bg.png)\n\n\n## ISS Description\n\n![ISS logo](.\u002Flogo.png)\n### by [@_r3ggi](https:\u002F\u002Ftwitter.com\u002F_r3ggi)\n\n🌏 iOS Security Suite is an advanced and easy-to-use platform security & anti-tampering library written in pure Swift! If you are developing for iOS and you want to protect your app according to the OWASP [MASVS](https:\u002F\u002Fgithub.com\u002FOWASP\u002Fowasp-masvs) standard, chapter v8, then this library could save you a lot of time. 🚀\n\nWhat ISS detects:\n\n* Jailbreak 🧨\n* Attached debugger 👨🏻‍🚀\n* If an app was run in an emulator 👽\n* Common reverse engineering tools running on the device 🔭\n\n## Setup\nThere are 4 ways you can start using IOSSecuritySuite\n\n### 1. Add source\nAdd `IOSSecuritySuite\u002F*.swift` files to your project\n\n### 2. Setup with CocoaPods\n`pod 'IOSSecuritySuite'`\n\n### 3. Setup with Carthage\n`github \"securing\u002FIOSSecuritySuite\"`\n\n### 4. Setup with Swift Package Manager\n```swift\n.package(url: \"https:\u002F\u002Fgithub.com\u002Fsecuring\u002FIOSSecuritySuite.git\", from: \"1.5.0\")\n```\n\n### Update Info.plist\nAfter adding ISS to your project, you will also need to update your main Info.plist. There is a check in jailbreak detection module that uses ```canOpenURL(_:)``` method and [requires](https:\u002F\u002Fdeveloper.apple.com\u002Fdocumentation\u002Fuikit\u002Fuiapplication\u002F1622952-canopenurl) specifying URLs that will be queried.\n\n```xml\n\u003Ckey>LSApplicationQueriesSchemes\u003C\u002Fkey>\n\u003Carray>\n    \u003Cstring>undecimus\u003C\u002Fstring>\n    \u003Cstring>sileo\u003C\u002Fstring>\n    \u003Cstring>zbra\u003C\u002Fstring>\n    \u003Cstring>filza\u003C\u002Fstring>\n\u003C\u002Farray>\n```\n\n### Pricing\n\nCheck our EULA license for the details.\n\nTLDR:\nIf your company employs:\n* 0-99 people - **free to use**\n* 100-1000 - 3k EUR\u002Fyear\n* 1000+ - 10k EUR\u002Fyear\n\nIf you want to sell a module that uses the iOS Security Suite (it is not used directly in your app) - 10k EUR\u002Fyear\n\n### Notice\n\niOS Security Suite is meant to be used on iOS\u002FiPadOS. It should not be used on Macs with Apple Silicon.\n\n## How to use\n\n### Jailbreak detector module\n\n* **The simplest method** returns True\u002FFalse if you just want to know if the device is jailbroken or jailed\n\n```Swift\nif IOSSecuritySuite.amIJailbroken() {\n\tprint(\"This device is jailbroken\")\n} else {\n\tprint(\"This device is not jailbroken\")\n}\n```\n\n* **Verbose**, if you also want to know what indicators were identified\n\n```Swift\nlet jailbreakStatus = IOSSecuritySuite.amIJailbrokenWithFailMessage()\nif jailbreakStatus.jailbroken {\n\tprint(\"This device is jailbroken\")\n\tprint(\"Because: \\(jailbreakStatus.failMessage)\")\n} else {\n\tprint(\"This device is not jailbroken\")\n}\n```\nThe failMessage is a String containing comma-separated indicators as shown on the example below:\n`sileo:\u002F\u002F URL scheme detected, Suspicious file exists: \u002FLibrary\u002FMobileSubstrate\u002FMobileSubstrate.dylib, Fork was able to create a new process`\n\n* **Verbose & filterable**, if you also want to for example identify devices that were jailbroken in the past, but now are jailed\n\n```Swift\nlet jailbreakStatus = IOSSecuritySuite.amIJailbrokenWithFailedChecks()\nif jailbreakStatus.jailbroken {\n   if (jailbreakStatus.failedChecks.contains { $0.check == .existenceOfSuspiciousFiles }) && (jailbreakStatus.failedChecks.contains { $0.check == .suspiciousFilesCanBeOpened }) {\n         print(\"This is real jailbroken device\")\n   }\n}\n```\n\n### Debugger detector module\n```Swift\nlet amIDebugged: Bool = IOSSecuritySuite.amIDebugged()\n```\n\n### Deny debugger at all\n```Swift\nIOSSecuritySuite.denyDebugger()\n```\n\n### Emulator detector module\n```Swift\nlet runInEmulator: Bool = IOSSecuritySuite.amIRunInEmulator()\n```\n\n### Reverse engineering tools detector module\n\n* **The simplest method** returns True\u002FFalse if you just want to know if the device has evidence of reverse engineering\n\n```Swift\nif IOSSecuritySuite.amIReverseEngineered() {\n  print(\"This device has evidence of reverse engineering\")\n} else {\n  print(\"This device hasn't evidence of reverse engineering\")\n}\n```\n\n* **Verbose & filterable**, if you also want the list of checks done\n\n```Swift\nlet reverseStatus = IOSSecuritySuite.amIReverseEngineeredWithFailedChecks()\nif reverseStatus.reverseEngineered {\n   \u002F\u002F check for reverseStatus.failedChecks for more details\n}\n```\n\n### System proxy detector module\n\nNow you can also detect if an app is connected to VPN\n```Swift\nlet amIProxied: Bool = IOSSecuritySuite.amIProxied(considerVPNConnectionAsProxy: true)\n```\n\n### Lockdown mode detector module\n```Swift\nlet amIInLockdownMode: Bool = IOSSecuritySuite.amIInLockdownMode()\n```\n\n## Experimental features\n\n### Runtime hook detector module\n```Swift\nlet amIRuntimeHooked: Bool = amIRuntimeHook(dyldWhiteList: dylds, detectionClass: SomeClass.self, selector: #selector(SomeClass.someFunction), isClassMethod: false)\n```\n### Symbol hook deny module\n```Swift\n\u002F\u002F If we want to deny symbol hook of Swift function, we have to pass mangled name of that function\ndenySymbolHook(\"$s10Foundation5NSLogyySS_s7CVarArg_pdtF\")   \u002F\u002F denying hooking for the NSLog function\nNSLog(\"Hello Symbol Hook\")\n     \ndenySymbolHook(\"abort\") \nabort()\n```\n\n### MSHook detector module\n```Swift\n\u002F\u002F Function declaration\nfunc someFunction(takes: Int) -> Bool {\n\treturn false\n} \n\n\u002F\u002F Defining FunctionType : @convention(thin) indicates a “thin” function reference, which uses the Swift calling convention with no special “self” or “context” parameters.\ntypealias FunctionType = @convention(thin) (Int) -> (Bool)\n\n\u002F\u002F Getting pointer address of function we want to verify\nfunc getSwiftFunctionAddr(_ function: @escaping FunctionType) -> UnsafeMutableRawPointer {\n\treturn unsafeBitCast(function, to: UnsafeMutableRawPointer.self)\n}\n\nlet funcAddr = getSwiftFunctionAddr(someFunction)\nlet amIMSHooked = IOSSecuritySuite.amIMSHooked(funcAddr)\n```\n\n### MSHook deny module\n```Swift\n\u002F\u002F Function declaration\nfunc denyDebugger(value: Int) {\n}\n\n\u002F\u002F Defining FunctionType : @convention(thin) indicates a “thin” function reference, which uses the Swift calling convention with no special “self” or “context” parameters.\ntypealias FunctionType = @convention(thin) (Int)->()\n\n\u002F\u002F Getting original function address\nlet funcDenyDebugger: FunctionType = denyDebugger \nlet funcAddr = unsafeBitCast(funcDenyDebugger, to: UnsafeMutableRawPointer.self)\n\n\nif let originalDenyDebugger = denyMSHook(funcAddr) {\n\u002F\u002F Call the original function with 1337 as Int argument\n     unsafeBitCast(originalDenyDebugger, to: FunctionType.self)(1337)\n } else {\n     denyDebugger()\n }\n```\n\n### File integrity verifier module\n\n```Swift\n\u002F\u002F Determine if application has been tampered with \nif IOSSecuritySuite.amITampered([.bundleID(\"biz.securing.FrameworkClientApp\"),\n    .mobileProvision(\"2976c70b56e9ae1e2c8e8b231bf6b0cff12bbbd0a593f21846d9a004dd181be3\"),\n    .machO(\"IOSSecuritySuite\", \"6d8d460b9a4ee6c0f378e30f137cebaf2ce12bf31a2eef3729c36889158aa7fc\")]).result {\n    print(\"I have been Tampered.\")\n}\nelse {\n    print(\"I have not been Tampered.\")\n}\n\n\u002F\u002F Manually verify SHA256 hash value of a loaded dylib\nif let hashValue = IOSSecuritySuite.getMachOFileHashValue(.custom(\"IOSSecuritySuite\")), hashValue == \"6d8d460b9a4ee6c0f378e30f137cebaf2ce12bf31a2eef3729c36889158aa7fc\" {\n    print(\"I have not been Tampered.\")\n}\nelse {\n    print(\"I have been Tampered.\")\n}\n \n\u002F\u002F Check SHA256 hash value of the main executable\n\u002F\u002F Tip: Your application may retrieve this value from the server\nif let hashValue = IOSSecuritySuite.getMachOFileHashValue(.default), hashValue == \"your-application-executable-hash-value\" {\n    print(\"I have not been Tampered.\")\n}\nelse {\n    print(\"I have been Tampered.\")\n}\n```\n\n### Breakpoint detection module\n\n```Swift\nfunc denyDebugger() {\n    \u002F\u002F Set breakpoint here\n}\n     \ntypealias FunctionType = @convention(thin) ()->()\nlet func_denyDebugger: FunctionType = denyDebugger   \u002F\u002F `: FunctionType` is a must\nlet func_addr = unsafeBitCast(func_denyDebugger, to: UnsafeMutableRawPointer.self)\nlet hasBreakpoint = IOSSecuritySuite.hasBreakpointAt(func_addr, functionSize: nil)\n\nif hasBreakpoint {\n    print(\"Breakpoint found in the specified function\")\n} else {\n    print(\"Breakpoint not found in the specified function\")\n}\n```\n\n### Watchpoint detection module\n\n```Swift\n\u002F\u002F Set a breakpoint at the testWatchpoint function\nfunc testWatchpoint() -> Bool{\n\t\t\u002F\u002F lldb: watchpoint set expression ptr\n    var ptr = malloc(9)\n    \u002F\u002F lldb: watchpoint set variable count\n    var count = 3\n    return IOSSecuritySuite.hasWatchpoint()\n}\n```\n\n\n\n## Security considerations\n\nBefore using this and other platform security checkers, you have to understand that:\n\n* Including this tool in your project is not the only thing you should do in order to improve your app security! You can read a general mobile security whitepaper [here](https:\u002F\u002Fwww.securing.biz\u002Fen\u002Fmobile-application-security-best-practices\u002Findex.html).\n* Detecting if a device is jailbroken is done locally on the device. It means that every jailbreak detector may be bypassed (even this)! \n* Swift code is considered to be harder to manipulate dynamically than Objective-C. Since this library was written in pure Swift, the IOSSecuritySuite methods shouldn't be exposed to Objective-C runtime (which makes it more difficult to bypass ✅). You have to know that attacker is still able to MSHookFunction\u002FMSFindSymbol Swift symbols and dynamically change Swift code execution flow.\n\n## Contribution ❤️\nYes, please! If you have a better idea or you just want to improve this project, please text me on [Twitter](https:\u002F\u002Ftwitter.com\u002F_r3ggi) or [LinkedIn](https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fwojciech-regula\u002F). Pull requests are more than welcome!\n\n### Special thanks: 👏🏻\n\n* [kubajakowski](https:\u002F\u002Fgithub.com\u002Fkubajakowski) for pointing out the problem with ```canOpenURL(_:)``` method\n* [olbartek](https:\u002F\u002Fgithub.com\u002Folbartek) for code review and pull request \n* [benbahrenburg](https:\u002F\u002Fgithub.com\u002Fbenbahrenburg) for various ISS improvements\n* [fotiDim](https:\u002F\u002Fgithub.com\u002FfotiDim) for adding new file paths to check\n* [gcharita](https:\u002F\u002Fgithub.com\u002Fgcharita) for adding the Swift Package Manager support\n* [rynaardb](https:\u002F\u002Fgithub.com\u002Frynaardb) for creating the `amIJailbrokenWithFailedChecks()` method\n* [undeaDD](https:\u002F\u002Fgithub.com\u002FundeaDD) for various ISS improvements\n* [fnxpt](https:\u002F\u002Fgithub.com\u002Ffnxpt) for adding multiple JB detections\n* [TannerJin](https:\u002F\u002Fgithub.com\u002FTannerJin) for MSHook, RuntimeHook, SymbolHook and Watchpoint Detection modules\n* [NikoXu](https:\u002F\u002Fgithub.com\u002FNikoXu) for adding file integrity module\n* [hellpf](https:\u002F\u002Fgithub.com\u002Fhellpf) for fixing a dangling socket problem\n* [Ant-tree](https:\u002F\u002Fgithub.com\u002FAnt-tree) for improving hooking resistence\n* [izmcm](https:\u002F\u002Fgithub.com\u002Fizmcm) for implementing the `amIReverseEngineeredWithFailedChecks()` method\n* [sanu](https:\u002F\u002Fgithub.com\u002Fsanu) for new providing new file checks\n* [marsepu](https:\u002F\u002Fgithub.com\u002Fmarsepu) for a well-done PR with new improvements\n* [mkj-is](https:\u002F\u002Fgithub.com\u002Fmkj-is) for a PR improving ISS performance 🚄\n* [LongXiangGuo](https:\u002F\u002Fgithub.com\u002FLongXiangGuo) for a PR adding the privacy manifest\n\n\n## TODO\n\n* [ ] Research Installer5 and Zebra Package Manager detection ( Cydia Alternatives )\n\n## License\nSee the LICENSE file.\n\n## References\nWhile creating this tool I used:\n\n* 🔗 https:\u002F\u002Fgithub.com\u002FTheSwiftyCoder\u002FJailBreak-Detection\n* 🔗 https:\u002F\u002Fgithub.com\u002Fabhinashjain\u002Fjailbreakdetection \n* 🔗 https:\u002F\u002Fgist.github.com\u002Fddrccw\u002F8412847\n* 🔗 https:\u002F\u002Fgist.github.com\u002Fbugaevc\u002F4307eaf045e4b4264d8e395b5878a63b\n* 📚 \"iOS Application Security\" by David Thiel\n","IOSSecuritySuite 是一个专注于 iOS 平台安全与防篡改的 Swift 库。它能够检测设备是否越狱、是否有调试器连接、应用是否在模拟器中运行以及设备上是否存在常见的逆向工程工具，从而帮助开发者依据OWASP MASVS标准保护其应用程序。该库完全采用 Swift 编写，易于集成到现有项目中，并提供了多种安装方式如CocoaPods、Carthage和Swift Package Manager等。适用于需要增强移动应用安全性以防止未授权访问或恶意攻击的企业和个人开发者使用。",2,"2026-06-11 03:10:29","top_language"]