Closed osyduck closed 1 year ago
Does this work in another app that doesn't have jailbreak detection but Shadow enabled? Also, which options do you have enabled?
Yes, even if shadow is not enabled with another app, that will crash too. I checked all options, and when I enable recommended & essential, some apps still detected jailbreak, so I enabled all options & I can bypass jailbreak detection.
It's very possible that this is a conflict at the hook level, but to be honest I'm not sure what I could do about it. Maybe it's better if there was a dedicated tweak rather than Frida that achieves the desired result.
The relevant hook option is likely within NSURLSession
which is controlled by the Foundation Framework setting. Even then, the hooks from Shadow are extremely minimal.
Hi! I could give some more explanation here. Frida conflicts with some hooking methods when the "Dynamic Libraries" in "Essential Hooks" section are selected.
I think there is conflict here, because frida loads as dynamic library. But this is interesting thing, that not all frida-scripts failed. For example "keychain dump" fails, but script for detecting "enabling custom keyboards" works perfect.
May be it is possible to do some "white list" for the known libraries? Or something like this, because it is really important sometimes to use shadow within frida.
And yes, againm thank you for this awesome tool!
I couldn't use shadow with frida. I need to bypass jailbreak detection using shadow & bypass SSL pinning with frida but unfortunately, when I run my frida or objection, the frida script & app is crashed. It affects not only the app that enabled jb detection from shadow but also all the other apps is crashed.