Jailbreak Detection有提到方法和代码

Filesystem Tests ：

Existence of Jailbreak Files  

/Library/MobileSubstrate/MobileSubstrate.dylib

This is probably the most important file to check for. Almost every consumer jail- break available installs MobileSubstrate, which provides a foundation for preload- ing code directly into applications. In cases where it is not installed by the jailbreak tool, it is often installed at a later time to support many applications one might install using Cydia or other jailbreak software installers.

/Applications/Cydia.app

The path to the Cydia application installer, installed by most jailbreaking tools.

/var/cache/apt

The path to the apt repository, used by most third-party software installers in- cluding Cydia.

/var/lib/apt

Apt-related data files used by the apt repository.

/var/lib/cydia

Cydia-related data files used by Cydia.

/var/log/syslog

The syslog log file, created when syslog is redirected by some jailbreaking tools.

/var/tmp/cydia.log

A temporary logfile written when Cydia runs.

/bin/bash /bin/sh

The bash shell interpreter, almost always installed when a device is jailbroken using end user jailbreaking tools.

/usr/sbin/sshd

The SSH daemon, installed whenever SSH is installed on the device after jailbreak- ing.

/usr/libexec/ssh-keysign

A key signing utility for SSH, installed whenever SSH is installed on the device after jailbreaking.

/etc/ssh/sshd_config
Configuration file for sshd, installed whenever SSH is installed on the device after jailbreaking.

/etc/apt 

2.Size of /etc/fstab 

The file is commonly 80 bytes on an iOS 5 device, whereas the copy of the file installed by many jailbreaking tools is only 65 bytes. 

3.Evidence of Symbolic Linking 

App in /Applications then it was moved to (usually in /var/stash)  if it was jailbroken