[Feature Request] Liberty Lite does what Shadown’t #131
Comments
|
Is there a possibility that the app was updated since iOS 13 with new detection methods? I believe LL includes app-specific bypasses, something that Shadow is not designed for. |
|
Sorry for late reply, for some reason github did not notify me that you replied. Apps I'm having problems with are the same versions as they were on ios13. In fact, I tried all versions I could downgrade them to. I'm using palera1n 2.0.0 (rootful) on iphone 8 ios 15.7.2. |
|
There is a fs_usage utility.. this will log all file accesses but can be pretty chatty in logs. See if you are able to run this. Not sure if it needs to be resigned with ldid on device. Also if you are able to compile shadow from source as a debug build it will output logs of every file access as well. Any suspicious paths you can retest with the shdw command. https://www.icloud.com/iclouddrive/0d8k3XS2hYmOUyS7zbxfSAp7g#fs_usage |
|
Thanks. I will investigate and report. fs_usage is included in palera1n setup btw |
|
Tried banking app first.
How ancient is their code anyway, blackra1n is ios 3 jailbreak... |
|
It is also possible that I may be "hiding" too many paths and that itself can trigger a flag... for example if I were to hide |
|
I thought If path is "hidden", shouldn't it cause some error on stat64 call from app? The listing above was captured while Shadow enabled for this app. |
|
It is possible to manually add your own paths by creating a ruleset plist.. 😆 although this is likely for more advanced users and not really necessary for the most part Those calls will still come though. The capture appears to be what the kernel sees, but Shadow modifies what the app sees. |
|
Okay, out of all paths checked by banking app only these are "allowed": Out of which only these actually exist on my iphone: Probably they should be allowed as they contain non-jb stuff. The other app is also doing some suspicious calls, out of which these are "allowed": Out of which only I guess you were right from the beginning and these apps use other detection methods. Or rather combination of methods. |
why not use snaputil in order to mount the snap and get the system partition without jailbreak so they will think that you are not jailbroken |
I would like to see your proof of concept on that. Besides, the secondary goal for Shadow is to allow tweaks to run while bypassing detection. This differentiates it from other bypass tweaks with not as good tweak compatibility or lack of tweaks at all. |
ohh well, ok |
have you ever tried amazon music app ? i tried but this doesn't work on it probably because it has implemented the DRM jailbreak detection widevine_cdm_secured_ios.framework. i tried all jailbreak bypass and none works. what do you think they did to get unbypassable ? |
|
Last i tried, it works with vnodebypass. So its quite possible they have injection detection plus filesystem detection via supervised syscalls. (The latter of which is currently not handled by Shadow yet) |
I can't install vnodebypass for testing. The package from alias20 repo gives "unable to locate package" error, the one from ichitaso repo crashes dpkg. |
i add my paths file to the JailbreakMisc.plist so could you please tell me if it automatically will bypass that files that i add ? |
First of all, great work. There really aren’t that much working bypasses for iOS 14+ and Shadow is the best in my opinion.
Sadly it still doesn’t bypass some of apps I used to use back on iOS 13 with Liberty Lite. One of the apps I use actually crashes when jailbroken and using Liberty on it stopped it from crashing, which Shadow sadly doesn’t help with.
Is there any chance that you could get some insights from Liberty Lite to implement missing bypass functionality into Shadow? Maybe even getting in touch with developer. That would be great!
I could share whatever little information I got like apps ids/versions, iOS version and jb I’m using.
The text was updated successfully, but these errors were encountered: