akusio / kernbypass-public Goto Github PK
View Code? Open in Web Editor NEWchroot based kernel level jailbreak detection bypass.
License: GNU General Public License v3.0
chroot based kernel level jailbreak detection bypass.
License: GNU General Public License v3.0
iPhone 11 Pro Max with iOS 13.5 and jail broken with latest unc0ver.
iPad 5th gen with iOS 13.5 and jail broken with checkra1n.
KernBypass installed from akusio.github.io
Terminal commands ran in NewTerm w/o any error.
Using this for Pokémon Go, which works fine. However I can’t buy any pokecoins.
Hi
I am using iPhone XS Max (iOS 12.2) and while trying to install the package, I got this error
dpkg: dependency problems prevent configuration of jp.akusio.kernbypass:
jp.akusio.kernbypass depends on firmware (>= 13.0); however:
Version of firmware on system is 12.2.
If I were to use apt, I would get a similar message
jp.akusio.kernbypass : Depends: firmware (>= 13.0) but 12.2 is installed
How do I try and install the package in iOS 12.x? Any advice is appreciated.
From time to time Kernbypass stops working and I have to do the 4 steps again:
In terminal, run su and type your password.
Run changerootfs & (don't forget "&").
Run disown %1
Done. The changerootfs is now a daemon.
After that it works perfectly again. Could you fix this or could someone make a script file for me, that I could run when this happens?
So it doesn’t seem to work for me on iOS 13.3 iPhone XR. When I try to uninstall it and reboot when I open Cydia again, the package is still installed for whatever reason.
When entering “changerootfs &” in NewTerm 2 or MTerminal, Cr4shed says that changerootfs crashed and returns this crash log: https://pastebin.com/F7m3BZZS I tried running “disown %1” even after “changerootfs &” failed and “disown %1” completes successfully. I’m on 13.5, iPhone 7 Plus, running checkra1n via BootRa1n v0.10.2.
Pokémon Go Version 1.141.2 is crashing instant on app launch. With version 1.141.1 it was working perfectly.
Slack application still detects jailbreak.
iOS 13.5 on iPhone X.
It doesn’t work with Pokémon Go Version 1.141.2 but it worked 100% fine with Pokémon Go Version 1.141.1, any help or a fix for this I’d appreciated.
iPhone:/var root# cd MobileSoftwareUpdate
iPhone:/var/MobileSoftwareUpdate root# ls
last_update_result.plist restore.log
iPhone:/var/MobileSoftwareUpdate root# pwd
/var/MobileSoftwareUpdate
iPhone:/var/MobileSoftwareUpdate root# ls -lsa
total 12
0 drwxr-xr-x 4 root wheel 128 May 8 22:18 .
0 drwxr-xr-x 40 root wheel 1280 May 9 13:12 ..
4 -rw-r--r-- 1 root wheel 505 May 8 22:18 last_update_result.plist
8 -rw-r--r-- 1 root wheel 5135 May 8 22:18 restore.log
iPhone:/var/MobileSoftwareUpdate root# mkdir mnt1
mkdir: cannot create directory ‘mnt1’: Operation not permitted
iPhone:/var/MobileSoftwareUpdate root# whoami
root
This tool is unable to bypass JB detection even checking of the '/' is performed.
Original snapshot is mounted
orig-fs@/dev/disk0s1s1 on /private/var/MobileSoftwareUpdate/mnt1 (apfs, local, nosuid, read-only, journaled)
but checking the files in /usr/lib doesn't work.
The changerootfs tool is able to get notifications
changerootfs[1023:9365] receive notify {
Pid = 1061;
}
vp = 0xffffffe003925078, usecount = 61444, iocount = 61442
but further kernel patching to change root has no effect.
The app still tries to access
/dev/disk0s1s1 on / (apfs, local, nosuid, union, journaled, noatime)
I think the problem is in the offsets which can be different from version to version of iOS
static const uint32_t off_p_pid = 0x68;
static const uint32_t off_p_pfd = 0x108;
static const uint32_t off_fd_rdir = 0x40;
static const uint32_t off_fd_cdir = 0x38;
static const uint32_t off_vnode_iocount = 0x64;
static const uint32_t off_vnode_usecount = 0x60;
It doesn't work at least on iPhone 8 (D201AP), iOS 13.4.1
After yesterday’s event, Fortnite has suddenly started to start detecting Jailbreak even with kernbypass turned on..!
The detection kicks in 10-15 seconds after landing on the main island..!
app still detects jb even after reinstall
Hardlinking of the /private/var folder into the /private/var/MobileSoftwareUpdate/mnt1/private/var mirrors all files.
It makes impossible to hide, say Cydia metafiles, package management system (apt, dpkg).
/private/var/lib/cydia/ -> /private/var/MobileSoftwareUpdate/mnt1/private/var/lib/cydia/
if(access(FAKEROOTDIR"/private/var/containers", F_OK) != 0){
printf("hardlink /private/var\n");
copy_file_in_memory(FAKEROOTDIR"/private/var", "/private/var");
//set_vnode_usecount(get_vnode_with_chdir("/private/var/MobileSoftwareUpdate/mnt1/private/var"), 0xffff);
}
The JB detection based on checking /private/var/lib/cydia/ will still be able to detect jailbroken device.
Here’s the picture & here’s the log for the UAF.
https://drive.google.com/file/d/1SVwGmbwu5u5da-I6A4x-_DvXf4OqnhNy/view?usp=drivesdk
iphone xs max on 13.5 unc0ver v5.0.1
e.g.: /private/var/mobile/Library/Caches/com.saurik.Cydia
somehow it doesn't work anymore. no matter how many times I reinstalled it or even restore rootfs and jailbreak my phone again. it just doesn't work.
can't used cycript when installed KernBypass and open in demo app.
Any apps that i turn on bypass for hangs on the loading screen and then crashes to the springboard.
Apps enabled in KernBypass seem to get stuck on the loadscreen (splash screen) and then crash after a while.
iPhone 8+, 13.2.2, using checkra1n jailbreak.
Tested on: Nintendo Switch Online, Animal Crossing: Pocket Camp & various apps that don't need jb bypass. Same issue for all.
Cr4shed did report a changerootfs crash when doing the stuff in terminal. Not sure if normal or not but here is some info from that:
Exception type: EXC_BAD_ACCES (SIGSEGV)
Exception subtype: KERN_INVALID_ADDRESS: 0x40
VM Protection: 0x40 is not in any region.
If I can be helpful in any way feel free to message me.
tested on iphone x on ios 13.3 jailbroken with checkra1n and using the latest santander app from the appstore. santander tries to open but crashes
my account banned today they detect the jailbreak any solution
After rejaillbreaking started freezing apps for some odd reason.
Any chance you can make it work with Caixabank Sign?
https://apps.apple.com/es/app/caixabank-sign/id1328811481?l=en
When I first installed kernbypass, ran the command and then I reinstalled the BDO Personal Banking banking app. It launched!!! And it worked. Now 24hrs after I can't get pass their JB detection anymore.
I read that maybe it's because of LDrestart so I ran the daemon again with the same command. And I can't get it working now..
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.