So far as I know, in iOS there are three techniques of function hooking:
- preload library using DYLD_INSERT_LIBRARIES
- imported symbol table redirection using fishhook
- patch the functions when they are already loaded - i.e. already in memory using substrate MSHookFunction
These expose security issues so I wanna be able to detect when such things happen. For point number 1, I can apply function pointer verification to detect. However for 2 and 3, I haven't had any idea. I am very thankful for ideas that can be done to address the issue.
I had the same issue - trying to avoid any potential function hooking within my app.
My app was recently PEN tested and was found to have a vulnerability around function hooking. The security report referenced Frida as one of the main culprits for executing such an act. I'm sure most of you peeps would be familiar with this tool.
OWASP suggests a few remedial solutions for securing your app, but in this context, the section titled Anti-Debugging Checks would be the main focus.
As suggested by OWASP, I used ptrace with PT_DENY_ATTACH - denying a GDB/LLDB process to attach to the application.
From OWASP:
Here is the solution I used (for Swift). I also had help from this Raywenderlich.com article (Objective-C). I can confirm that using the linked solution works - the app launches but the debugger cuts out, stopping all logs to the console. This could potentially deter hackers, but there will always be a way to get around this. As stated the Raywenderlich article linked:
However, according to Joseph Lord, writing apps using Swift can hopefully help you here. But then again, the reverse engineer always wins.
I hope this helps, in some way or form ...