CN114065141A

CN114065141A - Equipment jail-crossing detection method and device, storage medium and electronic equipment

Info

Publication number: CN114065141A
Application number: CN202010779988.1A
Authority: CN
Inventors: 郝林巍; 朱学文; 张毅然
Original assignee: Beijing Sankuai Online Technology Co Ltd
Current assignee: Beijing Sankuai Online Technology Co Ltd
Priority date: 2020-08-05
Filing date: 2020-08-05
Publication date: 2022-02-18

Abstract

The disclosure relates to a device jail-crossing detection method, a device, a storage medium and an electronic device, wherein the method comprises the following steps: in response to receiving a prison crossing detection request aiming at equipment to be detected, executing a target inline assembly function, and carrying out prison crossing detection on a target file path through assembly language to obtain a detection result; and determining the jail crossing state of the device to be detected according to the detection result. In the technical scheme, the detection process for the equipment to be detected is completed by the assembly instruction, namely, related functions are not directly called in the detection process. Therefore, by adopting the technical scheme, the relevant anti-jail inserter is difficult to find a proper cut-in point to modify the detection process, so that the authenticity of jail detection results can be improved. In addition, since the above technical scheme performs the jail crossing detection by the assembly instruction, the execution efficiency is higher, and the jail crossing detection speed can be increased.

Description

Equipment jail-crossing detection method and device, storage medium and electronic equipment

Technical Field

The disclosure relates to the technical field of intelligent device safety, in particular to a device jail-breaking detection method and device, a storage medium and an electronic device.

Background

iOS Jailbreaking is a technical means for obtaining the highest privilege of iOS for the operating system of portable devices from apple inc. The user can obtain the highest authority of the iOS by using the technology and the software, so that the functions of virtual positioning, software plug-in and the like can be realized through related plug-ins, and even the limitation of an operator on a mobile phone network can be further released, so that great potential safety hazards exist.

In the related art, the jail crossing state of the device can be detected by some jail crossing detection inserts. However, there are also a large number of anti-jail detection inserts in the market, which can affect the jail detection process, resulting in a reduced authenticity of the jail detection result.

Disclosure of Invention

The present disclosure is directed to a device jail-breaking detection method, apparatus, storage medium, and electronic device, so as to solve the above-mentioned related technical problems.

In order to achieve the above object, according to a first aspect of embodiments of the present disclosure, there is provided a device jail-crossing detection method, including:

in response to receiving a prison crossing detection request aiming at equipment to be detected, executing a target inline assembly function, and carrying out prison crossing detection on a target file path through assembly language to obtain a detection result;

and determining the jail crossing state of the device to be detected according to the detection result.

By the technical scheme, when the device to be detected needs to perform jail crossing detection, the target inline assembly function can be executed, so that jail crossing detection of a target file path is realized in an assembly language mode, and the jail crossing state of the device to be detected can be determined according to a detection result. That is to say, in the above technical solution, the detection process for the device to be detected is completed by the assembler instruction, that is, the related function is not directly called in the detection process. Therefore, by adopting the technical scheme, the relevant anti-jail inserter is difficult to find a proper cut-in point to modify the detection process, so that the authenticity of jail detection results can be improved. In addition, since the above technical scheme performs the jail-breaking detection through the assembly instruction, the jail-breaking detection method has higher execution efficiency, and thus the detection speed can be improved.

Optionally, the executing the target inline assembly function includes:

switching the working mode of the processor of the device to be detected to a management mode;

acquiring detection parameters in a target register, wherein the detection parameters comprise system calling parameters and file path parameters for representing a target file path;

and detecting the target file path according to the detection parameters to obtain a detection result aiming at the target file path.

In this way, by acquiring the detection parameter in the target register, the processor can implement detection of the target file path according to the detection parameter in the management mode.

Optionally, the detecting the target file path according to the detection parameter includes:

calling a corresponding function module according to the system calling parameter;

and detecting the file path corresponding to the file path parameter according to the functional module.

Optionally, the method further comprises:

acquiring information of a path to be detected to obtain a candidate path set;

and taking each path to be detected in the candidate path set as the target file path, and sending the path information of the path to be detected to the target register.

In the technical scheme, the acquired path to be detected can be used as the target file path, so that the path information of the path to be detected can be sent to the target register, and the detection of the path to be detected is further realized. That is to say, the detection path in the above technical solution is dynamically configurable, so that the flexibility of the detection process can be improved.

Optionally, the jail crossing detection request is sent by an application program, and the executing a target inline assembly function includes:

acquiring file path parameters which are transmitted by the application program and used for representing a target file path through a target register;

and calling a corresponding function module according to the system calling parameters in the inline assembly function, and detecting the file path represented by the file path parameters to obtain a detection result aiming at the target file path.

According to the technical scheme, the target file path can be detected according to the file path parameters transmitted by the application program, so that the jail crossing state of the device to be detected can be detected according to the requirement of the application program. Therefore, the application program can have the function of dynamic configuration detection based on the technical scheme, and the flexibility of the detection process can be improved.

Optionally, the determining the jail crossing state of the device to be detected according to the detection result includes:

determining the jail crossing state of the device to be detected according to the file information in the target file path in the detection result; and/or the presence of a gas in the gas,

and determining the jail crossing state of the device to be detected according to the authority information of the target file path in the detection result.

Therefore, the jail crossing state of the device to be detected can be judged by the authority information of the target file path and/or the file information under the target file path.

According to a second aspect of embodiments of the present disclosure, there is provided a device jail crossing detection apparatus comprising:

the execution module is configured to execute a target inline assembly function in response to receiving a jail crossing detection request aiming at the device to be detected, so as to perform jail crossing detection on a target file path through an assembly language and obtain a detection result;

the determination module is configured to determine the jail crossing state of the device to be detected according to the detection result.

Optionally, the execution module includes:

the first switching submodule is configured to switch the working mode of the processor of the device to be detected to a management mode;

the first obtaining submodule is configured to obtain detection parameters in a target register, and the detection parameters include a system call parameter and a file path parameter for representing a target file path;

and the detection submodule is configured to detect the target file path according to the detection parameters to obtain a detection result for the target file path.

Optionally, the detection submodule includes:

the calling subunit is configured to call the corresponding functional module according to the system calling parameter;

and the detection subunit is configured to detect the file path corresponding to the file path parameter according to the functional module.

Optionally, the apparatus further comprises:

the acquisition module is configured to acquire information of a path to be detected to obtain a candidate path set;

and the sending module is configured to take each path to be detected in the candidate path set as the target file path and send path information of the path to be detected to the target register.

Optionally, the jail crossing detection request is sent by an application program, and the execution module includes:

the second switching submodule is configured to be used for switching the working mode of the processor of the device to be detected to a management mode;

the second acquisition submodule is configured to acquire, through a target register, file path parameters, which are used for characterizing a target file path, transmitted by the application program;

and the execution sub-module is configured to call a corresponding function module according to the system call parameter in the inline assembly function, detect the file path represented by the file path parameter, and obtain a detection result for the target file path.

Optionally, the determining module includes:

the first determination submodule is configured to determine the jail crossing state of the device to be detected according to file information in the target file path in the detection result; and/or the presence of a gas in the gas,

and the second determination submodule is configured to determine the jail crossing state of the device to be detected according to the authority information of the target file path in the detection result.

According to a third aspect of embodiments of the present disclosure, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method of any one of the above-mentioned first aspects.

According to a fourth aspect of the embodiments of the present disclosure, there is provided an electronic apparatus including:

a memory having a computer program stored thereon;

a processor for executing the computer program in the memory to implement the steps of the method of any of the first aspects above.

Additional features and advantages of the disclosure will be set forth in the detailed description which follows.

Drawings

The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure without limiting the disclosure. In the drawings:

fig. 1 is a flow chart illustrating detection of a device jail-break state according to an exemplary embodiment of the present disclosure.

Fig. 2 is a flow chart of a device jail-break detection method shown in an exemplary embodiment of the present disclosure.

Fig. 3 is a schematic diagram illustrating an execution flow of a target inline assembly function according to an exemplary embodiment of the present disclosure.

Fig. 4 is a flow chart of a device jail-break detection method shown in an exemplary embodiment of the present disclosure.

Fig. 5 is a block diagram of a device jail-break detection apparatus shown in an exemplary embodiment of the present disclosure.

FIG. 6 is a block diagram of an electronic device shown in an exemplary embodiment of the present disclosure.

Detailed Description

The following detailed description of specific embodiments of the present disclosure is provided in connection with the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present disclosure, are given by way of illustration and explanation only, not limitation.

Before introducing the device jail-breaking detection method, device, storage medium, and electronic device provided by the present disclosure, an application scenario of the present disclosure is first introduced. The embodiments provided by the disclosure can be applied to various devices and used for detecting and judging the jail crossing state of the device to be detected which is provided with the iOS operating system.

iOS Jailbreaking is a technical means for obtaining the highest privilege of iOS for the operating system of portable devices from apple inc. The user can acquire the highest authority of the iOS by using the technology and software, so that some cheating operations can be implemented by bypassing relevant rules. For example, the position information of the user can be forged by virtual positioning through the related plug-in; or, the information such as the equipment identification code can be forged through the related plug-in, so that the related platform activity can be participated maliciously, and illegal benefits can be obtained.

In some implementations, the jail-crossing state of a device may be determined by detecting some files or file paths of the device. For example, in some embodiments, the relevant file path may be detected by a C/C + + function such as stat (), fopen (), or an Objective-C function such as writeToFile:, fileExistAtPath, etc., to determine the jail-crossing status of the device based on the detected arrival.

Applicants have discovered that the confidence in the results returned by an iOS device performing a relevant detection operation after it has broken a prison may be low. For example, for Objective-C function, Objective-C is a dynamic language (i.e., OC-runtime), and the function execution is called at run-time. Therefore, in the period from the compiling period to the running period, various schemes exist to modify the execution path of the original function so as to achieve the purpose of modifying the execution result. In addition, for C language functions, because the apple uses a PIC (Position-independent code) technology in the iOS system, when a certain C function is called for the first time, the memory address of the function can be fetched from the system memory and bound to the corresponding function in the application program, thereby realizing normal C function calling. Thus, the C language used in iOS development is not a truly static language, which can still accomplish dynamic modification of functions during runtime.

For example, referring to a flow diagram for detection of a device jail-crossing state shown in fig. 1, in some jail-crossing detection scenarios, the jail-crossing state of the device may be disguised by an anti-jail-crossing detection plugin. The anti-jail-crossing plug-in can influence the execution process of the jail-crossing detection function in an injection or repacking mode, so that the detection result is modified, and the false jail-crossing state of the equipment is obtained. Therefore, the prison detection result obtained by the prison-crossing detection mode is low in authenticity.

To this end, the present disclosure provides a device-jail-crossing detection method, which, with reference to the flow chart of one device-jail-crossing detection method shown in fig. 2, includes:

s21, in response to the fact that a jail crossing detection request aiming at the to-be-detected device is received, executing a target inline assembly function, and performing jail crossing detection on a target file path through assembly language to obtain a detection result;

and S22, determining the jail crossing state of the device to be detected according to the detection result.

In particular, the method may be applied, for example, to a device to be detected that, after receiving the jail detection request, may respond to the jail detection request in step S21. The jail crossing detection request can be generated according to the operation of a user on the device to be detected, for example. For example, the device to be detected may generate the jail crossing detection request in response to a user clicking, sliding, or the like on a screen control. Of course, in some embodiments, the device to be detected may also receive the jail crossing detection request from another device through wired or wireless communication, which is not limited in this disclosure.

Therefore, after the cross-prison detection request is received, the device to be detected can respond to the cross-prison detection request and execute a target inline assembly function so as to perform cross-prison detection on a target file path through assembly language. For example, the device under test may call an inline assembly function via inline assembly code format __ asm ____ vollatile __. Wherein __ asm __ is used for instructing the compiler to insert the assembly statement therein, and __ predicate __ is used for instructing the compiler to strictly prohibit the assembly statement therein from being optimized with other statements, that is, the assembly herein is processed according to the original style of the instruction. Furthermore, for the target file path, the target file path may be a file path characterizing device jail, such as/bin/bash or/etc. After the iOS device breaks the prison, the access rights of the related file paths may change, or some file paths representing the break-in state may be added to the device. Therefore, by detecting these file paths, the jail-crossing state of the device to be detected can be determined. Of course, in some embodiments, the jail-crossing device may further include a corresponding file (e.g., cydia. App, which is equivalent to App Store application in the non-jail-crossing device) for characterizing the jail-crossing state of the device, and in this case, the file in the path of the target file may also be detected, which is not limited in this disclosure.

In addition, in some embodiments, the related information of the target file path may also be saved in a related register. In this way, in the process of executing the inline assembly function, the processor of the device to be detected may further obtain a target file path to be detected through the register, so as to call a related function module in a system call manner to perform a detection result for the target file path.

In this way, in step S22, after the detection result for the target file path is obtained, the jail crossing state of the device to be detected may be determined according to the detection result. For example, the execution return value of the inline assembly function may be obtained through the register x0, so that the jail crossing state of the device to be detected may be determined according to the detection result.

Fig. 3 is a schematic diagram illustrating an execution flow of a target inline assembly function according to an exemplary embodiment of the present disclosure, where the execution flow of the target inline assembly function, as shown in fig. 3, includes:

s31, switching the working mode of the processor of the device to be detected to a management mode;

s32, acquiring detection parameters in the target register;

and S33, detecting the target file path according to the detection parameters to obtain a detection result aiming at the target file path.

For example, in step S31, the processor operation mode of the device under test may be switched to the management mode by means of a soft interrupt. For example, the switching of the operating mode of the processor to the management mode may be performed by an SVC command to switch the operating mode of the processor to the management mode to complete the system call.

Thus, in step S32, the processor may obtain the relevant detection parameter through the target register. The detection parameters may include, for example, a system call parameter and a file path parameter characterizing a target file path. For example, the file path parameters may be saved in registers x0 and x1, and the system call parameters may be saved in register x16, for example. In this case, the step S32 is to obtain the file path parameters characterizing the target file path through the registers x0 and x1, and obtain the corresponding system call number through the register x 16. In step S33, the target file path is detected according to the obtained detection parameters, and a detection result for the target file path is obtained.

For the detection process of the target file path, in a possible implementation manner, the step S33 includes:

In the above example, the system call parameter in the register x16 may be, for example, 188, and the Mach Trap Table indicates that the function module corresponding to the Trap index 188 is stat. Therefore, after the Mach trap mechanism is triggered, the corresponding stat function can be executed to detect the target file path corresponding to the file path parameters in the registers x0 and x 1.

In the above embodiment, the detection process of the target file path is exemplified by taking the system call number 188 as an example. However, those skilled in the art should understand that the above embodiment is only an example, and in the specific implementation, the functional module may further include fopen, writeToFile, and the like, and accordingly, the system call number may also be other corresponding values, which is not limited in this disclosure.

Furthermore, for the detection parameter in the target register, in a possible implementation, the method further includes:

acquiring information of a path to be detected to obtain a candidate path set;

The path to be detected can be a path representing the jail crossing state of the device, such as/private/var/stamp,/var/cache/apt,/bin/bash, and the like. In some possible embodiments, the device to be detected may store the paths detected by the historical jail-crossing to obtain the candidate path set. In other embodiments, the path information to be detected may also be received by the device to be detected through wired or wireless communication. For example, the device to be detected can receive the path information to be detected sent by the server, so that the device to be detected can update the path to be detected along with the server, the range of the prison-crossing detection path is conveniently enlarged, and the detection effect is enhanced.

In this way, in specific implementation, each path to be detected in the candidate path set may be used as the target file path, and the path information of the path to be detected may be sent to the target register. Following the above example, in an implementation, pointers to externally-incoming parameters may be recorded via registers x0 and x 1. Thus, the transmission of the path information parameters of each path to be detected can be completed in sequence through the pointer. After the path information of each path to be detected is transmitted to the register, the processor can be switched to a management mode through soft interrupt, so that the corresponding functional module is called to detect the path to be detected corresponding to the path information.

With reference to the flow chart of a device jail-crossing detection method shown in fig. 4, the relevant steps in the business layer will be described first. In steps S401 to S403, the device to be tested may first collect the paths to be tested. The device to be detected can obtain the path to be detected by itself or by performing wireless or wired communication with a third-party device, and the path to be detected can include, for example,/private/var/status,/var/cache/apt,/bin/bash, etc. Thus, after the path to be detected is obtained, in step S402, the device to be detected may issue the path to be detected to the application program. The application program can have the acquisition requirement of the device out-of-prison state, for example, and when the application program needs to acquire the out-of-prison state of the device to be detected, the application program can generate the out-of-prison detection request so as to request the out-of-prison state of the device to be detected for detection. In this way, the application can dynamically configure the detection path as needed. For example, in step S403, the application program may transmit information of the path to be detected to an assembly function, so as to implement detection of the path to be detected.

In steps S404 to S406, after receiving the jail crossing detection request sent by the application program, the device to be detected may declare an inline assembly function in the embedded assembly code format __ asm ____ release __, where the function is capable of executing assembly code inside. Referring to steps S405 and S406, in the inline assembly function, pointers of externally-incoming parameters may be recorded through registers x0 to x7, so as to obtain target file path parameters passed by the application program, such as void function (a, b), where a and b correspond to registers x0 and x1, respectively. In addition, in the register x16, a corresponding system call parameter may be stored according to a function to be implemented. Taking the function of the inline assembler to implement the stat function as an example, in the steps S405 and S406, the destination path parameter may be stored in the registers x0 and x1, and the register x16 may store the trapidex 188 corresponding to the stat function.

In this way, after the completion of the transfer of the relevant parameters, in steps S407 to S409, the operating state of the processor may be switched to the management mode through the SVC command, and the corresponding function module is called according to the system call parameter 188 in the register x16, so that the target file path saved in the registers x0 and x1 is detected, and the execution result is obtained.

In steps S410 to S412, according to the assembly call rule, after the call is completed, the execution result may be saved to the register x0, and the operating state of the processor may be switched to the user mode while the asm local call function logic is exited.

It is also worth noting that the above-described method embodiments, for simplicity of description, are all represented as a series of combinations of acts, but those skilled in the art will appreciate that the present disclosure is not limited by the order of acts described. For example, the registers x 0-x 7 may fetch the incoming parameter values and the register x16 may record the interrupt number at the same time, without any distinction between them. Alternatively, the register x16 may record the interrupt number before the registers x0 to x7 obtain the incoming parameter values, which is not limited by the present disclosure. Further, those skilled in the art will also appreciate that the embodiments described in the specification are examples, and that the acts described are not necessarily required to practice the invention.

and determining the jail crossing state of the device to be detected according to the file information in the target file path in the detection result.

If the detection result shows that the file information in the target file path includes a file (for example, cydia. app) representing that the device is in a prison-crossing state, it can be determined that the device to be detected is in the prison-crossing state.

In some embodiments, the determining the jail crossing state of the device to be detected according to the detection result includes:

For example, if the authority information in the detection result indicates that a file path representing that the device to be detected breaks the prison exists in the device to be detected, it can be determined that the device to be detected is in the break-prison state. These paths may be paths that are not present in non-jail devices and are present in jail devices, for example, or may be paths that are inaccessible to non-jail devices but accessible to jail devices, for example.

In addition, in some possible embodiments, the method may also comprehensively judge the jail crossing state of the device to be detected according to the file information in the target file path in the detection result and the authority information of the target file path in the detection result, so that the detection accuracy can be improved, which is not limited by the disclosure. According to the technical scheme, the jail crossing state of the device to be detected can be judged through the authority information of the target file path and/or the file information under the target file path.

The present disclosure also provides a device-jail-crossing detection apparatus, the apparatus 500 comprising, with reference to the block diagram of one device-jail-crossing detection apparatus shown in fig. 5:

the execution module 501 is configured to execute a target inline assembly function in response to receiving a jail crossing detection request for a device to be detected, so as to perform jail crossing detection on a target file path through an assembly language to obtain a detection result;

a determining module 502 configured to determine the jail crossing state of the device to be detected according to the detection result.

Optionally, the executing module 501 includes:

Optionally, the detection submodule includes:

Optionally, the apparatus 500 further comprises:

Optionally, the jail crossing detection request is sent by an application program, and the executing module 501 includes:

Optionally, the determining module 502 includes:

With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.

The present disclosure also provides a computer-readable storage medium, on which a computer program is stored, which when executed by a processor implements the steps of the method described in the above embodiments.

a memory having a computer program stored thereon;

a processor for executing the computer program in the memory to implement the steps of the method in the above embodiments.

Fig. 6 is a block diagram illustrating an electronic device 600 according to an example embodiment. As shown in fig. 6, the electronic device 600 may be, for example, a terminal device running an iOS operating system, and the electronic device 600 may include: a processor 601 and a memory 602. The electronic device 600 may also include one or more of a multimedia component 603, an input/output (I/O) interface 604, and a communications component 605.

The processor 601 is configured to control the overall operation of the electronic device 600 to perform all or part of the steps of the above-described device jail-crossing detection method. The memory 602 is used to store various types of data to support operation at the electronic device 600, such as instructions for any application or method operating on the electronic device 600 and application-related data, such as contact data, transmitted and received messages, pictures, audio, video, and so forth. The Memory 602 may be implemented by any type of volatile or non-volatile Memory device or combination thereof, such as Static Random Access Memory (SRAM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read-Only Memory (EPROM), Programmable Read-Only Memory (PROM), Read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk or optical disk. The multimedia components 603 may include a screen and audio components. Wherein the screen may be, for example, a touch screen and the audio component is used for outputting and/or inputting audio signals. For example, the audio component may include a microphone for receiving external audio signals. The received audio signal may further be stored in the memory 602 or transmitted through the communication component 605. The audio assembly also includes at least one speaker for outputting audio signals. The I/O interface 604 provides an interface between the processor 601 and other interface modules, such as a keyboard, mouse, buttons, etc. These buttons may be virtual buttons or physical buttons. The communication component 605 is used for wired or wireless communication between the electronic device 600 and other devices. Wireless Communication, such as Wi-Fi, bluetooth, Near Field Communication (NFC), 2G, 3G, 4G, NB-IOT, eMTC, or other 5G, etc., or a combination of one or more of them, which is not limited herein. The corresponding communication component 605 may therefore include: Wi-Fi module, Bluetooth module, NFC module, etc.

In an exemplary embodiment, the electronic Device 600 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic components for performing the above-described Device out-of-prison detection method.

In another exemplary embodiment, a computer readable storage medium comprising program instructions which, when executed by a processor, implement the steps of the above-described device jail crossing detection method is also provided. For example, the computer readable storage medium may be the memory 602 described above including program instructions that are executable by the processor 601 of the electronic device 600 to perform the device jail crossing detection method described above.

In another exemplary embodiment, a computer program product is also provided, which comprises a computer program executable by a programmable apparatus, the computer program having code portions for performing the above-mentioned device jail crossing detection method when executed by the programmable apparatus.

The preferred embodiments of the present disclosure are described in detail with reference to the accompanying drawings, however, the present disclosure is not limited to the specific details of the above embodiments, and various simple modifications may be made to the technical solution of the present disclosure within the technical idea of the present disclosure, and these simple modifications all belong to the protection scope of the present disclosure.

It should be noted that, in the foregoing embodiments, various features described in the above embodiments may be combined in any suitable manner, and in order to avoid unnecessary repetition, various combinations that are possible in the present disclosure are not described again.

In addition, any combination of various embodiments of the present disclosure may be made, and the same should be considered as the disclosure of the present disclosure, as long as it does not depart from the spirit of the present disclosure.

Claims

1. A device jail-crossing detection method is characterized by comprising the following steps:

2. The method of claim 1, wherein executing the target inline assembly function comprises:

3. The method of claim 2, wherein the detecting the target file path according to the detection parameters comprises:

4. The method of claim 2, further comprising:

acquiring information of a path to be detected to obtain a candidate path set;

5. The method of claim 1, wherein the jail detection request is sent by an application, and wherein the executing a target inline assembly function comprises:

6. The method according to any one of claims 1 to 5, wherein the determining of the jail crossing state of the device to be detected according to the detection result comprises:

7. An apparatus jail-crossing detection device, comprising:

8. The apparatus of claim 7, wherein the execution module comprises:

the switching submodule is configured to switch the working mode of the processor of the device to be detected to a management mode;

the acquisition submodule is configured to acquire detection parameters in the target register, wherein the detection parameters include a system call parameter and a file path parameter for representing a target file path;

9. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 6.

10. An electronic device, comprising:

a memory having a computer program stored thereon;

a processor for executing the computer program in the memory to carry out the steps of the method of any one of claims 1 to 6.