Jailbreak Detection Megaissue

[imnltsa]

This issue can be used to list off apps that have jailbreak detection advanced enough to detect WITHOUT injection with AppEnabler or even after uninstalling the bootstrap and removing /private/var/jb and /private/var/containers/Bundle/Application/.jbroot-$(jbrand)/ along with application data removal.

It's not necessarily helpful to link to tweaks which may bypass anything in here since this is an issue on the Bootstrap repo itself, but can narrow it down.

_Before commenting, please ensure you 100% do not have anything visible like Filza's URL scheme (Remove Filza from TrollStore and install the no URL scheme version) and any other jailbreak application that may expose their URL scheme. Also, ensure your results aren't stored anywhere by clearing application data by uninstalling and reinstalling the application, assuming the results are stored there._

[imnltsa]

Fix issue with Roothide manager clean/var

This doesn't address the issue at hand; the problem still exists with RootHide as a whole. Removing all files doesn't fix the fact that there's something wrong with the bootstraps anti-jb detection.

Plus, this is an issue for ALL apps that have jailbreak detection, you need somewhere to complain about it. This is that place.

Running varClean with 'select all' is a fix for people ditching/coming to the bootstrap, but certainly not one for people that want to keep using it.

[roothide]

follow this:

1: enable tweak for all trollstore apps

2: install roothide manager in sileo, try varClean all in roothide manager, some files may not be deleted automatically and you need to do it manually in filza.

[imnltsa]

follow this:

1: enable tweak for all trollstore apps

2: install roothide manager in sileo, try varClean all in roothide manager, some files may not be deleted automatically and you need to do it manually in filza.

How does this affect people who want to still use the bootstrap? This is fine for people leaving the bootstrap but deletes pretty important stuff if you want to continue using it.

[roothide]

follow this: 1: enable tweak for all trollstore apps 2: install roothide manager in sileo, try varClean all in roothide manager, some files may not be deleted automatically and you need to do it manually in filza.

How does this affect people who want to still use the bootstrap? This is fine for people leaving the bootstrap but deletes pretty important stuff if you want to continue using it.

1: Some users have installed other bootstrap with /var/jb before, and it is very easy to detect.

2: Some apps installed in the trollstore may be detected as jailbroken, not just because of URLSchemes. after enabling tweaks for them, Bootstrap will automatically hide some features for them.

3: Some tweaks and jailbreak apps (including apps installed in the trollstore) will generate some files in /var/ of the rootfs, which will also be used by the app to detect jailbreaks. they can be cleaned using roothide manager's varClean, and we strongly recommend tweaks and jailbreak apps should store their data and configuration in jbroot's /var/ rather than rootfs's /var/.

[imnltsa]

follow this: 1: enable tweak for all trollstore apps 2: install roothide manager in sileo, try varClean all in roothide manager, some files may not be deleted automatically and you need to do it manually in filza.

How does this affect people who want to still use the bootstrap? This is fine for people leaving the bootstrap but deletes pretty important stuff if you want to continue using it.

1: Some users have installed other bootstrap with /var/jb before, and it is very easy to detect.

2: Some apps installed in the trollstore may be detected as jailbroken, not just because of URLSchemes. after enabling tweaks for them, Bootstrap will automatically hide some features for them.

3: Some tweaks and jailbreak apps (including apps installed in the trollstore) will generate some files in /var/ of the rootfs, which will also be used by the app to detect jailbreaks. they can be cleaned using roothide manager's varClean, and we strongly recommend tweaks and jailbreak apps should store their data and configuration in jbroot's /var/ rather than rootfs's /var/.

What can people do to mitigate detection without doing a full varClean (data loss, I know a loss of preference bundles is guaranteed, along with files from TrollStore applications like Derootifier or misaka)? Yes, you should wipe previous jailbreak files, but you can't necessarily tell which files are used in the current bootstrap or utilized by your TrollStore apps.

[roothide]

whether it is a tweak or a trollstore app/jailbreak app, data and configuration should be stored in the sandbox container or jbroot:/var/, not rootfs:/var/.

the roothide manager can help users find files stored in rootfs:/var/ that may lead to the detection of jailbreak. once the future tweaks store data and configuration in the sandbox container or jbroot:/var/, then we can get rid of this is a legacy issue from history, but it will take time.

In rootihde jailbreak (such as roothide dopamine), the tweak preferences will be automatically redirected to jbroot for storage by cfprefsd-hook, but in Bootstrap we are not able to achieve this yet.

[Kawaoii]

Question. Idk if I ask this here. If I have a phone without JB but only ts. And want to install and use roothide bootstrap for sileo can banking/gov apps detect this process and/or are there steps to avoid this issue? Essentially what I want to know is if roothide bootstrap can be detected as JB.

[roothide]

Question. Idk if I ask this here. If I have a phone without JB but only ts. And want to install and use roothide bootstrap for sileo can banking/gov apps detect this process and/or are there steps to avoid this issue? Essentially what I want to know is if roothide bootstrap can be detected as JB.

any behavior beyond the scope allowed by apple may be detected as a jailbreak, including trollstore.

even if you only use a developer certificate to sideload some apps (such as filza), some appstore apps may report that your device is jailbroken.

the significance of roothide is that it provides a universal solution to these troubles.

[MysticallyQ8]

Hello, i have recently encountered my banking app that detect my JB, iphone 14 pro max ios 16.6.1, i have been using the app without no bypass tweaks and it was fine for almost 2 weeks until yesterday it detected as My device is unsecured Bc of jailbreak. I followed the uninstallation method from A to Z and yet i still get the window saying “Device is unsecured”

https://apps.apple.com/kw/app/gulf-bank-mobile-banking/id1577206679

^ this is the link to my banking application

[imnltsa]

Hello, i have recently encountered my banking app that detect my JB, iphone 14 pro max ios 16.6.1, i have been using the app without no bypass tweaks and it was fine for almost 2 weeks until yesterday it detected as My device is unsecured Bc of jailbreak. I followed the uninstallation method from A to Z and yet i still get the window saying “Device is unsecured”

https://apps.apple.com/kw/app/gulf-bank-mobile-banking/id1577206679

^ this is the link to my banking application

Sorry for getting back so late. varClean in uninstall guide is optional, have you done that?

[SATIS8CHIMPALEE]

TrueMoney Wallet App update to version 5.52.0 for jailbreak detection on bootstrap

previously version 5.51.0 works fine after downgrade by appstore++

PS. No Filza installed

https://apps.apple.com/th/app/truemoney/id663885752?l=th

[m1337v]

For me Gulfbank works without problems (as far as you can go without being a customer)

Can confirm Truemoney doesn't work without tweaks enabled for it (no Filza, Crane etc. installed and var completely cleaned)

[SATIS8CHIMPALEE]

For me Gulfbank works without problems (as far as you can go without being a customer)

Can confirm Truemoney doesn't work without tweaks enabled for it (no Filza, Crane etc. installed and var completely cleaned)

After doing varClean I was able to access the app. But only after opening Sileo. It can be detected Even though I didn't install any tweaks.

[imnltsa]

You may be able to use a Shortcut to open the app if you have openssh installed.

SSH into 127.0.0.1, and run a command that removes /var/mobile/Library/SplashBoard/Snapshots/org.coolstar.SileoStore (or the file that trips jailbreak detection). Then, add a block to open the app you're looking to bypass detection on.

You can then add this Shortcut to your homescreen and use that to open the application. Note, you will not get notification badges on that icon, and opening the application with ANY other means will trip jailbreak detection once more.

[MysticallyQ8]

yes i have to almost everything that i found in reddit and github yet no solution for it> > Hello, i have recently encountered my banking app that detect my JB, iphone 14 pro max ios 16.6.1, i have been using the app without no bypass tweaks and it was fine for almost 2 weeks until yesterday it detected as My device is unsecured Bc of jailbreak. I followed the uninstallation method from A to Z and yet i still get the window saying “Device is unsecured”

https://apps.apple.com/kw/app/gulf-bank-mobile-banking/id1577206679

^ this is the link to my banking application

Sorry for getting back so late. varClean in uninstall guide is optional, have you done that?

[jrew20]

I manage to fixed jailbreak detection, I'm using Gcash app from philippines and the app detected jailbroken even I did not enable from bootstrap.

I fixed it by deleting jb shortcuts in filza from private/var/ folder

you will find shortcuts with white icon to know that is from jb try to check details the "i" on right side then you will see path "var/jb" I deleted those shortcuts and restart the app and jailbreak detection gone.

[T5ive]

For me Gulfbank works without problems (as far as you can go without being a customer) Can confirm Truemoney doesn't work without tweaks enabled for it (no Filza, Crane etc. installed and var completely cleaned)

After doing varClean I was able to access the app. But only after opening Sileo. It can be detected Even though I didn't install any tweaks.

After doing varClean I still can't access the app Do you have any tips for fixing it?

[skell79]

will I tried like 5 times to run "Var Clean" but it just froze up each time.I deleted Filza but I see the files in there.. and I do have Appsmanager and AppStorePlusPlus installed to TrollStore.. could those 2 apps be causing this?

[imnltsa]

This issue has gone off track, please only list apps and tweak solutions / report applications that still detect the presence of a jailbreak. If you need help for a specific application, please do so in the roothide Discord server linked in this repositories README.md.

Please refer to the FAQ in README.md on how to self-remedy jailbreak detection.

[Double077]

Picky app : "NAFATH" detects Dopamine Roothide Crashes Immediately after opening

https://apps.apple.com/sa/app/%D9%86%D9%81%D8%A7%D8%B0-nafath/id1598909871

[roothider]

Picky app : "NAFATH" detects roothide Crashes Immediately after opening

https://apps.apple.com/sa/app/%D9%86%D9%81%D8%A7%D8%B0-nafath/id1598909871

roothide Dopamine or roothide Bootstrap?

[Double077]

Dopamine

[roothider]

Dopamine

known issue, try this version: https://filetransfer.io/data-package/MbuoIoLB#link

[Double077]

Nice works like a charm thank you

[imnltsa]

Request: I do not want to use varClean to address this issue because it may remove my tweak configurations (correct me if I'm wrong). Is there an alternative solution to bypass the roothide detection without compromising my existing tweaks?

A lot of the files are detectable. Instead of wiping everything, just delete everything that isn't related to preferences (usually named after the tweak itself and ending in .plist).

[imnltsa]

I just want to make sure, is the tweak's/app's plist related and would it be affected by this? I want to avoid deleting anything essential.

Send a list of the files and directories and I'll tell you which ones you should keep.

Are there any tricks to restore my apps or tweaks after doing a varClean, without having to reinstall each one manually?

No apps or tweaks are removed when doing a varClean as it's done in rootfs /var and not jbroot. The most damage that could be done is having a few tweaks that must be reconfigured.

[imnltsa]

Try removing all files and directories BUT the following and see if it fixes your issue:

• /var/mobile/.TrollApps/
• /var/mobile/.serotonin_hidetext
• /var/mobile/Serotonin.jp2
• /var/mobile/Documents/.DynamicCowBackups/
• Everything in /var/mobile/Library/Preferences/ (these are tweak preferences)

Directories in Saved Application State (or Snapshots, I really don't know anymore) will be created when applications are reopened (ex. Filza, Sileo). Please ensure these apps are closed and the directories removed before testing. If a file/directory being created when an application is opened causes your application to detect a jailbreak, look into this 'workaround'.

@honestyan

[imnltsa]

What should I do next? I mean to prevent it was happened again.

Just keep an eye out on when it's triggered again and do process of elimination when finding out which file/directory is specifically triggering the detection, and either remove it again or use the shortcut method I linked above to automate it.

[imnltsa]

Just to make sure—by deleting everything except the files and directories you mentioned, there won’t be any negative impact on my apps or jailbreak functionality, right?

Majority of it was stuff iOS creates on its own. It's safe to delete.

[imnltsa]

Can you send me a a docs which OpenSSH tweak? I been try any tweaks on redd*t but I cant find which one the truly one.

OpenSSH is provided by the Procursus repository and is available in the Procursus(roothide) repository. You can then SSH into 127.0.0.1 and rm (or rm -rf) the file/directory triggering detection.

[imnltsa]

OpenSSH is provided by the Procursus repository and is available in the Procursus(roothide) repository. You can then SSH into 127.0.0.1 and rm (or rm -rf) the file/directory triggering detection.

am I did any failure? cause the data not deleted after I ran my shortcuts

I would not delete the folders as a whole (probably broke something, not sure) but delete the specific files/directories that trigger detection (ex. a Filza directory inside the Snapshots directory). The purpose of this is to remove the offending file/directory then the application is immediately launched after removal using the "Open App" block, causing the application to open flawlessly.

[imnltsa]

It doesn't delete my folder. am I did something wrong?

Change /var/ to /rootfs/var/. roothide shenanigans :)

[roothider]

all packages from procursus use jbroot as the default filesystem root on roothide, ref to: https://github.com/roothide/Developer/blob/main/vroot.md