3

I detect IAP Cracker like this:

if ([[NSFileManager defaultManager] fileExistsAtPath:@"/Library/MobileSubstrate/DynamicLibraries/iap.dylib"]){
    NSLog(@"IAP Cracker detected");
}

How can I detect LocallAPStore?

colincameron
  • 2,696
  • 4
  • 23
  • 46
Susann Schulz
  • 73
  • 1
  • 5

3 Answers3

5

After extracting the Debian package of this hack, you can see that it has almost exactly the same structure as IAP cracker. So, you can write:

if ([[NSFileManager defaultManager] fileExistsAtPath:@"/Library/MobileSubstrate/DynamicLibraries/LocalIAPStore.dylib"]) {
    NSLog(@"Local IAP Store detected");
}

By the way, using this method is not quite effective. I'm sure that if a lot of developers use this approach, the makers of these tweaks will incorporate another hook into the dynamic library that makes the detection impossible, for example one can hook - [NSFileManager fileExistsAtPath:] and check if the path is equal to the dylib's path and unconditionally return NO in this case.

So, it is preferred that you use your own server for verification in case you want to use in-app purchases.

0

Just verify you IAP receipts with Apple to prevent spoof purchases. See: http://developer.apple.com/library/ios/#documentation/NetworkingInternet/Conceptual/StoreKitGuide/VerifyingStoreReceipts/VerifyingStoreReceipts.html

avive
  • 361
  • 2
  • 10
  • We have server side verification set up, and for some unknown reason, LocalIAPStore still manages to get away with purchases. The receipts sent to our validation server are successfully validated with Apple. Has anyone found a solution? – Gur Dotan Sep 16 '14 at 16:35
0

Also, you can use dyld (or Objective-C runtime) functions to detect if the library in question is loaded. If so, try unload it.

Maxthon Chan
  • 1,181
  • 8
  • 15