Disable jailbreak detection

[pimterry]

We need a feature to allow the addition of an external Frida script in order to bypass jailbreak detection and run the application smoothly.

I have a custom Frida script to bypass the jailbreak detection. It is working fine. However, if I run the "iOS App via Frida," it will relaunch the app and display a jailbreak detection banner.

Originally posted by @secureITmania in https://github.com/httptoolkit/httptoolkit/issues/11#issuecomment-2222033314

[pimterry]

Extracting this conversation out here, since it's really related to the scripts. Can you share the jailbreak detection script that's working for you? I'd be happy to include it here if it's relatively generic and reliable. All to the scripts here will be included in HTTP Toolkit releases later on, so they'll be automated within the "iOS App via Frida" button.

[secureITmania]

Please find the script link below. I used the generic jailmonkey Frida script to bypass jailbreak detection.

https://codeshare.frida.re/@darklotuskdb/ios-jailmonkey-jailbreak-detection-bypass/

[pimterry]

Thanks @secureITmania! That's really interesting. Is it possible to share an example app to test this against?

For now I've created a new ios/ios-disable-detection.js script to handle this detection mechanism: https://github.com/httptoolkit/frida-interception-and-unpinning/blob/main/ios/ios-disable-detection.js. If you could confirm that this works for you that would be very helpful (by default it will only log once if jailmonkey is installed, but it'll log for not-detected and for each avoided detection check too if you enable DEBUG_MODE).

I imagine that this jailmonkey case specifically is just the tip of the iceberg though (it's just for react native) so I'm very happy to expand that to cover over cases if there are more examples.