1: add threat detection source code and set min target to 13

Author: Choura, Yessine

Package.swift

@@ -5,7 +5,7 @@ import PackageDescription
 let package = Package(
     name: "SecurityToolkit",
     platforms: [
-        .iOS(.v12),
+        .iOS(.v13),
     ],
     products: [
         .library(

Sources/HooksDetection.swift

@@ -0,0 +1,72 @@
+import Foundation
+import MachO
+
+// MARK: - Internal
+internal final class HooksDetection {
+    
+    static func threatDetected() -> Bool {
+        hasDynamicLibrariesLoaded() || hasSuspiciousFiles() || hasOpenPorts()
+    }
+}
+
+// MARK: - Private
+fileprivate extension HooksDetection {
+    
+    /// Check has loaded dynamic libraries
+    private static func hasDynamicLibrariesLoaded() -> Bool {
+        let suspiciousLibraries: Set<String> = [
+            "frida",
+            "cynject",
+            "libcycript"
+        ]
+
+        for index in 0..<_dyld_image_count() {
+            let imageName = String(cString: _dyld_get_image_name(index))
+            for library in suspiciousLibraries where imageName.lowercased().contains(library) {
+                return true
+            }
+        }
+
+        return false
+    }
+
+    /// Check has suspicious files
+    private static func hasSuspiciousFiles() -> Bool {
+        let suspiciousFiles = [
+            "/usr/sbin/frida-server"
+        ]
+        return suspiciousFiles.contains(where: FileManager.default.fileExists(atPath:))
+    }
+
+    /// Check has open ports
+    private static func hasOpenPorts() -> Bool {
+        let ports = [
+            27042, // Frida
+            4444, // Needle
+            22, // OpenSSH
+            44 // checkrain
+        ]
+        return ports.contains(where: canOpenLocalConnection(port:))
+    }
+
+    /// Check if it can open local connection
+    private static func canOpenLocalConnection(port: Int) -> Bool {
+        var serverAddress = sockaddr_in()
+        serverAddress.sin_family = sa_family_t(AF_INET)
+        serverAddress.sin_addr.s_addr = inet_addr("127.0.0.1")
+        serverAddress.sin_port = Int(OSHostByteOrder()) == OSLittleEndian
+        ? _OSSwapInt16(in_port_t(port))
+        : in_port_t(port)
+        let sock = socket(AF_INET, SOCK_STREAM, 0)
+
+        let result = withUnsafePointer(to: &serverAddress) {
+            $0.withMemoryRebound(to: sockaddr.self, capacity: 1) {
+                connect(sock, $0, socklen_t(MemoryLayout<sockaddr_in>.stride))
+            }
+        }
+        defer {
+            close(sock)
+        }
+        return result != -1
+    }
+}

Sources/JailbreakDetection.swift

@@ -0,0 +1,79 @@
+import Foundation
+import UIKit
+
+// MARK: - Internal
+internal final class JailbreakDetection {
+    
+    static func threatDetected() -> Bool {
+        hasSuspiciousFiles() || hasUnexpectedFilePermissions() || canOpenSuspiciousLinks()
+    }
+}
+
+// MARK: - Private
+fileprivate extension JailbreakDetection {
+    
+    /// Check for suspicious files
+    static func hasSuspiciousFiles() -> Bool {
+        let suspiciousFiles = [
+            "/Applications/Cydia.app",
+            "/Applications/FakeCarrier.app",
+            "/Applications/Icy.app",
+            "/Applications/IntelliScreen.app",
+            "/Applications/MxTube.app",
+            "/Applications/RockApp.app",
+            "/Applications/SBSettings.app",
+            "/Applications/WinterBoard.app",
+            "/Applications/blackra1n.app",
+            "/Library/MobileSubstrate/DynamicLibraries/LiveClock.plist",
+            "/Library/MobileSubstrate/DynamicLibraries/Veency.plist",
+            "/Library/MobileSubstrate/MobileSubstrate.dylib",
+            "/System/Library/LaunchDaemons/com.ikey.bbot.plist",
+            "/System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist",
+            "/private/var/lib/apt",
+            "/private/var/lib/cydia",
+            "/private/var/mobile/Library/SBSettings/Themes",
+            "/private/var/stash",
+            "/private/var/tmp/cydia.log",
+            "/var/tmp/cydia.log",
+            "/var/cache/apt",
+            "/var/lib/apt",
+            "/var/lib/cydia",
+            "/usr/sbin/frida-server",
+            "/usr/bin/cycript",
+            "/usr/local/bin/cycript",
+            "/usr/lib/libcycript.dylib",
+            "/var/log/syslog",
+            // manually checked list for rootless palera1n jb
+            "/var/jb",
+            "/var/jb/.installed_dopamine",
+            "/var/jb/Applications/Sileo.app",
+        ]
+        
+        return suspiciousFiles.contains(where: FileManager.default.fileExists(atPath:))
+    }
+    
+    /// Will try to create and remove a file in a path which should be not allowed without root access
+    private static func hasUnexpectedFilePermissions() -> Bool {
+        let files = ["/private/jailbreak.txt", "/var/jb/jailbreak.txt", "/private/var/jb/jailbreak.txt"]
+        for file in files {
+            do {
+                try "Test".write(toFile: file, atomically: true, encoding: String.Encoding.utf8)
+                try FileManager.default.removeItem(atPath: file)
+                return true
+            } catch {
+                // We actually want an error to be thrown, which means we were unable to create/delete the file which makes sense
+            }
+        }
+        return false
+    }
+    
+    private static func canOpenSuspiciousLinks() -> Bool {
+        let urls = [
+            URL(string: "cydia://url/https://cydia.saurik.com/api/share#?source=https://beta.autotouch.net/")!,
+            URL(string: "installer://add/repo=https://beta.autotouch.net/")!,
+            URL(string: "sileo://source/https://beta.autotouch.net/")!,
+            URL(string: "zbra://sources/add/https://beta.autotouch.net/")!
+        ]
+        return urls.contains(where: UIApplication.shared.canOpenURL)
+    }
+}

Sources/SimulatorDetection.swift

@@ -0,0 +1,25 @@
+import Foundation
+
+// MARK: - Internal
+internal final class SimulatorDetection {
+    
+    static func threatDetected() -> Bool {
+        runsInSimulator()
+    }
+}
+
+// MARK: - Private
+fileprivate extension SimulatorDetection {
+    
+    /// Check if the app is running in a simulator
+    static func runsInSimulator() -> Bool {
+        #if targetEnvironment(simulator)
+        return true
+        #else
+        if ProcessInfo.processInfo.environment["SIMULATOR_UDID"] != nil {
+            return true
+        }
+        return false
+        #endif
+    }
+}

Sources/ThreatDetectionCenter.swift

@@ -0,0 +1,46 @@
+import Foundation
+
+public final class ThreatDetectionCenter {
+    
+    public static var areRootPrivilegesDetected: Bool {
+        JailbreakDetection.threatDetected()
+    }
+    
+    public static var areHooksDetected: Bool {
+        HooksDetection.threatDetected()
+    }
+    
+    public static var isSimulatorDetected: Bool {
+        SimulatorDetection.threatDetected()
+    }
+    
+	
+	// MARK: - Async Threat Detection
+	
+	/// Defines all possible threats, that can be reported via the stream
+    public enum Threat: String {
+        case rootPrivileges
+        case hooks
+        case simulator
+    }
+	
+	/// Stream that contains possible threats that could be detected
+    public static var threats: AsyncStream<Threat> {
+        AsyncStream<Threat> { continuation in
+            
+            if JailbreakDetection.threatDetected() {
+                continuation.yield(.rootPrivileges)
+            }
+            
+            if HooksDetection.threatDetected() {
+                continuation.yield(.hooks)
+            }
+            
+            if SimulatorDetection.threatDetected() {
+                continuation.yield(.simulator)
+            }
+            
+            continuation.finish()
+        }
+    }
+}