DylibSearch - See if you have any known malicious tweaks

[SoloTurk 4.4k]

 

DylibSearch is a new Jailbreak app that helps you quickly check to see if you have any known malicious tweaks, like KeyRaider, installed on your device. It does so by scanning the contents of the .dylib files contained in the filesystem’s MobileSubstrate directory.

By checking for known strings contained in malicious files, DylibSearch can quickly tell you if your iPhone is infected, or if it has a clean bill of health. This open source tweak is available by means of a special third-party repo, which you’ll find inside of this post.

 

To install DylibSearch, add the following repo to your Cydia sources:

Hidden Content

http://wolfposd.github.io/

 

After adding the repo, perform a search for DylibSearch, or simply open the repo folder to locate the package directly. After installing DylibSearch, you’ll find a new app icon on your Home screen.

 

Launch the DylibSearch app, and you’ll see a screen that lists all of the .dylib files found in /Library/MobileSubstrate/DynamicLibraries. Files that have a clean bill of health will have a green check mark next to the name, while infected files will stick out like a sore thumb with a red ‘x’ icon.

 

DylibSearch will help you identify bad files, but it won’t actually remove them. To do so, you’ll need to use an app like iFile to navigate to the DynamicLibraries folder, and purge the files manually.

 

The recent KeyRaider attack is one of those that DylibSearch can identify. As you can see from the open source project on GitHub, DylibSearch looks for the following strings in your DynamicLibraries directory:

*wushidou

*gotoip4

*bamu

*getHanzi

 

These are strings that are known to be contained in the malicious Cydia Substrate tweaks. Obviously, there are other ways of being able to identify bad jailbreak tweaks, such as using a recursive grep search at the command line, but it really doesn’t get any easier than this tweak.

 

Although the chance that you’ve been infected is slim none if you live outside of China and you’ve never download shady jailbreak tweaks, this is a good tool for quickly identifying a potential infection, and it’ll probably grow as it’s fleshed out with additional search strings.

Updated September 7, 2015 by SoloTurk

[Diversityy 32.1k]

Cool

[Rook 548.8k Donor]

Interesting, I'm testing this.

[DanYal 645]

Shit man , i'm on ios 8.4.1

[NitroxicDemon 3.2k]

Shit man , i'm on ios 8.4.1

[SoloTurk 4.4k]

Interesting, I'm testing this.

 

Check it out, my phone is safe

[Klepto 7.7k]

Noice

[Diversityy 32.1k]

Interesting, I'm testing this.

Add it with the iOSCheats Destroyer

[castix 18.4k]

Check it out, my phone is safe

 

It's not safe you said it yourself

 

 

 

It does so by scanning the contents .. for known strings contained in malicious files

 

It will not know new malware unless the author updates it

[SoloTurk 4.4k]

It's not safe you said it yourself

 

I have no unnecessary clutter on my device