jjolano
commented
1 year ago Does this work in another app that doesn't have jailbreak detection but Shadow enabled? Also, which options do you have enabled?
Closed osyduck closed 1 year ago
jjolano
commented
1 year ago Does this work in another app that doesn't have jailbreak detection but Shadow enabled? Also, which options do you have enabled?
osyduck
commented
1 year ago Yes, even if shadow is not enabled with another app, that will crash too. I checked all options, and when I enable recommended & essential, some apps still detected jailbreak, so I enabled all options & I can bypass jailbreak detection.
jjolano
commented
1 year ago It's very possible that this is a conflict at the hook level, but to be honest I'm not sure what I could do about it. Maybe it's better if there was a dedicated tweak rather than Frida that achieves the desired result.
The relevant hook option is likely within NSURLSession which is controlled by the Foundation Framework setting. Even then, the hooks from Shadow are extremely minimal.
MrR1p
commented
1 year ago Hi! I could give some more explanation here. Frida conflicts with some hooking methods when the "Dynamic Libraries" in "Essential Hooks" section are selected.
I think there is conflict here, because frida loads as dynamic library. But this is interesting thing, that not all frida-scripts failed. For example "keychain dump" fails, but script for detecting "enabling custom keyboards" works perfect.
May be it is possible to do some "white list" for the known libraries? Or something like this, because it is really important sometimes to use shadow within frida.
And yes, againm thank you for this awesome tool!
I couldn't use shadow with frida. I need to bypass jailbreak detection using shadow & bypass SSL pinning with frida but unfortunately, when I run my frida or objection, the frida script & app is crashed. It affects not only the app that enabled jb detection from shadow but also all the other apps is crashed.