https://github.com/trailofbits/ios-integrity-validator

Integrity validator for iOS devices
https://github.com/trailofbits/ios-integrity-validator

Last synced: about 1 year ago
JSON representation

Integrity validator for iOS devices

• Host: GitHub
• URL: https://github.com/trailofbits/ios-integrity-validator
• Owner: trailofbits
• License: bsd-2-clause
• Archived: true
• Created: 2013-06-16T01:06:30.000Z (about 13 years ago)
• Default Branch: master
• Last Pushed: 2019-02-28T20:45:21.000Z (over 7 years ago)
• Last Synced: 2024-08-04T04:09:23.467Z (almost 2 years ago)
• Language: Shell
• Homepage: https://blog.trailofbits.com/2013/07/24/iverify-is-now-available-on-github/
• Size: 223 KB
• Stars: 100
• Watchers: 61
• Forks: 11
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.txt

Awesome Lists containing this project

README

          
# iOS Integrity Validator

iOS Integrity Validator is an integrity validator for iOS devices capable of reliably detecting

modifications such as malware and jailbreaks, without the use of signatures. It

runs at boot-time to thoroughly inspect the device, identifying any changes and

collecting relevant artifacts of these changes for offline analysis.  This will

let you know if the device has simply been jailbroken or if it has been

modified in a much sneakier way.

## Usage

To setup iOS Integrity Validator:

    git clone https://github.com/trailofbits/ios-integrity-validator.git ios-integrity-validator

    cd ios-integrity-validator

    script/bootstrap

Then, plug your phone into your computer, put it in [DFU

mode](http://theiphonewiki.com/wiki/DFU_Mode), and run

    bin/iiv DEVICE VERSION

If you're not comfortable putting the phone in DFU mode by yourself, run

iOS Integrity Validator with the phone connected normally, and you will be walked through the

process.

## Supported Devices

This open-source release of iOS Integrity Validator comes with slightly limited device support,

since it relies on freely available tools like [redsn0w](http://www.redsn0w.us)

and [iphone-dataprotection](http://code.google.com/p/iphone-dataprotection/).

* iPhone3,1 (5.0 - 6.1.3)

* iPhone3,2 (6.0 - 6.1.3)

* iPhone3,3 (5.0 - 6.1.3)

* iPod4,1   (5.0 - 6.1.3)

## Technical Overview

iOS Integrity Validator uses redsn0w to boot a custom kernel and ramdisk generated by

iphone-dataprotection. It then uses `mtree` to check the type, user ID, group

ID, mode, and SHA-1 digest of every file on the root filesystem against a

specification generated from the firmware image itself. If any files have

changed, or if any files have been added, the files are copied off the device

for further inspection and analysis by the user.

## Note

This project was initially called iVerify when it was released in 2013.

## Contact

If you have not jailbroken your phone on purpose and iOS Integrity Validator finds evidence of

modifications, send us an [e-mail](mailto:opensource@trailofbits.com) with your

evidence file and we will take a look.