search

akusio / KernBypass-Public

chroot based kernel level jailbreak detection bypass.
GNU General Public License v3.0
486 stars 177 forks source link

Using hardlinking ineffective against checking /private/var folder #3

Open NewDwarf opened 4 years ago

NewDwarf commented 4 years ago

Hardlinking of the /private/var folder into the /private/var/MobileSoftwareUpdate/mnt1/private/var mirrors all files. It makes impossible to hide, say Cydia metafiles, package management system (apt, dpkg). /private/var/lib/cydia/ -> /private/var/MobileSoftwareUpdate/mnt1/private/var/lib/cydia/

        if(access(FAKEROOTDIR"/private/var/containers", F_OK) != 0){

            printf("hardlink /private/var\n");

            copy_file_in_memory(FAKEROOTDIR"/private/var", "/private/var");

            //set_vnode_usecount(get_vnode_with_chdir("/private/var/MobileSoftwareUpdate/mnt1/private/var"), 0xffff);

        }

The JB detection based on checking /private/var/lib/cydia/ will still be able to detect jailbroken device.

Randomblock1 commented 4 years ago

/private/var/tmp/cydia.log is also not hidden, and some apps use this for detection. Found this website that lists what they use to detect a JB. https://tune.docs.branch.io/sdk/detecting-ios-jailbroken-devices/ It is pretty outdated, but some file checks are not hidden with KernBypass.

avltree9798 commented 4 years ago

I tried to link one-by-one the path under /private/var except for lock and lib but so far no luck.

image
Randomblock1 commented 4 years ago

Someone made a modified version at https://repo.misty.moe, it’s not the best solution but it works.