當然有手動繞過越獄檢測的辦法帅韧，比如自己利用Fishhook或者OC的runtime機制去替換越獄檢測的函數(shù)江锨，甚至可以使用frida來Hook函數(shù)的返回值车份。這些都是比較穩(wěn)妥的方法，本篇文章主要介紹的是自動繞過檢測的工具Liberty Lite。

由于之前繞過越獄檢測的xCon已經(jīng)許久不更新碾褂，而且在iOS10.3以后的越獄手機上會導致很多APP崩潰榆俺。xCon沒有白名單機制，因此只要安裝就是全局起作用预烙，導致Cydia崩潰后無法通過Cydia卸載該插件墨微。因此有人推出了新的，支持iOS11-iOS12設(shè)備的繞過越獄檢測的tweak扁掸。

首先在Cydia中新增軟件源「https://ryleyangus.com/repo/」
然后在Sources中點擊Ryley‘s Repo翘县，點擊Tweaks，找到「Liberty Lite」也糊。這里建議安裝Liberty Lite Beta版本炼蹦。

安裝好之后會提示Restart SpringBoard。

使用方法：
進入系統(tǒng)設(shè)置->找到Liberty->點擊Block Jalibreak Detection->選擇需要生效的APP

由于添加了白名單機制狸剃，因此比之前的xCon更安全掐隐。

文件分析

在Cydia中安裝完之后，ssh連接手機，然后進入/Library/MobileSubstrate/DynamicLibraries目錄下

cd /Library/MobileSubstrate/DynamicLibraries
ls

851AB7E5-ECD7-4394-A357-BB4567546325.png

這里會發(fā)現(xiàn)Liberty Lite安裝了AppList.dylib虑省、PreferenceLoader.dylib匿刮、RocketBootstrap.dylib、zzzzLiberty.dylib四個庫以及他們各自的plist文件探颈。其中AppList熟丸，PreferenceLoader，RocketBootstrap都是跟設(shè)置有關(guān)的tweak伪节，主要代碼在zzzzLiberty中光羞。

我們通過分析zzzzLiberty.plist會發(fā)現(xiàn)他依舊是在加載UIKit的時候執(zhí)行，這一點跟xCon一樣：

B491E1B4-70A5-44C2-B2EF-FE846726747E.png

同樣的怀大，我們利用otool和strings命令纱兑，逆向以及獲取里面的字符串：

?  Desktop otool -tV zzzzLiberty.dylib > xCon
?  Desktop strings zzzzLiberty.dylib
/Applications
/Applications/
/Applications/Cydia.app
/Applications/Cydia.app/
/Applications/Cydia.app/Cydia
/Applications/Cydia.app/Info.plist
/Applications/Cydia.app/../Cydia.app
/Applications/Cydia.app/../Cydia.app/
/Applications/Cydia.app/../Cydia.app/Info.plist
/Applications/FakeCarrier.app
/Applications/Icy.app
/Applications/Iny.app
/Applications/iFile.app
/Applications/Activator.app
/Applications/IntelliScreen.app
/Applications/MxTube.app
/Applications/RockApp.app
/Applications/SBSettings.app
/Applications/WinterBoard.app
/Applications/blackra1n.app
/Library/Activator
/Library/Flipswitch
/Library/Frameworks/CydiaSubstrate.framework
/Library/MobileSubstrate
/Library/MobileSubstrate/DynamicLibraries
/Library/MobileSubstrate/DynamicLibraries/LiveClock.plist
/Library/MobileSubstrate/DynamicLibraries/Veency.plist
/Library/MobileSubstrate/MobileSubstrate.dylib
/Library/MobileSubstrateMobileSubstrate.dylib
/Library/Ringtones
/Library/Switchs
/Library/Wallpaper
/System/Library/LaunchDaemons/com.ikey.bbot.plist
/System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist
/bin/bash
/bin/sh
/bin
/bin/su
/etc/apt
/etc/apt/
/etc/clutch.conf
/etc/clutch_cracked.plist
/etc/ssh/sshd_config
/private/
/private
/private/vstb_writable_check
/private/etc/fstab
/private/Miitomo
/private/var/lib/apt
/private/var/lib/apt/
/private/var/lib/cydia
/private/var/lib/cydia/
/private/var/tmp/cydia.log
/private/var/mobile/Library/SBSettings/Themes
/private/var/mobileLibrary/SBSettingsThemes/
/private/var/stash
/private/var/stash/
/private/var/tmp/Cydia.log
/usr/arm-apple-darwin9
/usr/bin/ssh
/usr/bin/sshd
/usr/binsshd
/usr/sbin
/usr/sbinsshd
/usr/include
/usr/lib/pam
/usr/lib/python2.5
/usr/libexec
/usr/libexec/cydia
/usr/libexec/cydia/
/usr/libexec/sftp-server
/usr/libexec/ssh-keysign
/usr/sbin/sshd
/usr/share
/var/cache/apt
/var/cache/apt/
/var/cache/clutch.plist
/var/cache/clutch_cracked.plist
/var/lib/apt
/var/lib/apt/
/var/lib/clutch/overdrive.dylib
/var/lib/cydia
/var/lib/cydia/
/var/lib/dpkg/info
/var/log/syslog
/var/root/Documents/Cracked/
/var/tmp/cydia.log
/var/stash/Library/Ringstones
/var/stash/Library/Wallpaper
/var/stash/usr/include
/var/stash/usr/libexec
/var/stash/usr/share
//Systetem/Library/LaunchDaemons/com.ikey.bbot.plist
//System/Library/LaunchDaemons/com.saurik.Cy@dia.Startup.plist
//Library/MobileSubstrate/MobileSubstrate.dylib
//var/cache/apt/
//var/lib/apt/
//var/lib/cydia/
//var/log/syslog
//bin/bash
//bin/sh
//etc/apt/
//etc/ssh/sshd_config
//usr/libexec/ssh-keysign
Library/MobileSubstrate/MobileSubstrate.dylib
Applications/Cydia.app
var/cache/apt
var/lib/cydia
var/log/syslog
var/tmp/cydia.log
bin/bash
bin/sh
usr/sbin/sshd
usr/libexec/ssh-keysign
etc/ssh/sshd_config
etc/apt
/var/root/.tastest
/Library/Managed Preferences/mobile/.GlobalPreferences.plist
/Library/Preferences/com.apple.security.plist
/private/var/mobile/home/duh
/etc/rel
/System/Library/LaunchDaemons/com.apple.period.plist
/System/Library/LaunchDaemons/com.apple.ksyslog.plist
/private/var/mobile/home/syslog
/private/var/mobile/home/sshd
/Library/MobileSubstrate/DynamicLibraries/sfbase.dylib
/usr/lib/libsubstrate.dylib
/usr/bin
/boot
/var/root
/var
/private/var
/library/MobileSubstrate/MobileSubstrate.dylib
/mnt
/lib
/panguaxe
/panguaxe.installed
/private/var/mobile/Media/panguaxe.installed
/private/var/lib/dpkg/info/io.pangu.axe7.list
/private/var/lib/dpkg/info/io.pangu.axe7.prerm
/System/Library/LaunchDaemons/io.pangu.axe.untether.plist
/private/var/lib/dpkg/info/taiguntether83x.extrainst_
/private/var/lib/dpkg/info/taiguntether83x.list
/private/var/lib/dpkg/info/taiguntether83x.preinst
/private/var/lib/dpkg/info/taiguntether83x.prerm
/taig/
/taig/taig
/private/var/lib/dpkg/info/io.pangu.fuxiqin9.list
/private/var/lib/dpkg/info/io.pangu.fuxiqin9.prerm
/pguntether
/var/stash/
/var/stash
/private/var/cache/apt/
/private/var/log/syslog
/private/etc/apt/
/private/etc/ssh/sshd_config
/var/mobile/Library/Application Support/Flex3/patches.plist
/private/etc/dpkg/origins/debian
......

我們發(fā)現(xiàn)這里跟xCon驚人的相似。化借。潜慎。畢竟檢測越獄就這么多手段。