Shadow – Lightweight jailbreak detection bypass for iOS 12

Another day, another tweak. Shadow brings lightweight jailbreak detection bypass capability to iOS 12-compatible devices. Here’s how you can install it on your iPhone and iPad.      

How Shadow works

Liberty has been the go-to detection bypass tweak for jailbreak enthusiasts since years. However, its latest iteration doesn’t work as intended and causes a lot of side effects as compared to its iOS 11 version. That’s where this new tweak comes in.          

Shadow is an open source, lightweight jailbreak detection bypass for devices running the iOS 12 operating system. It is developed by newcomer J. Jolano. 

According to the developer, Shadow is capable of defeating basic and advanced jailbreak detection methods. Here’s the complete list of its features –     

• Hook Private Methods
• Hook Debugging Checks
• Lockdown Mode
• File map generation 
• dlsym() filtering  
• Hook Sandboxed Methods
• Hook Detection Libraries
• iOS 12 compatible
• A12/A12X iPhone/iPad support (iPhone XS (Max)/XS/iPad Pro 2018)

As of this writing, Shadow is confirmed to be working with the following apps –

• PhonePe
• Affinity Plus Mobile Banking
• OCBC Bank Singapore
• HSBC Mobile Banking

Are Snapchat and Uber Driver supported?

Per usual, Snapchat, Uber Driver, and banking apps remain out of the clutches of general-purpose bypass tweaks.

Snapchat, in particular, is an extremely tough nut to crack because it employs advanced code injection detection methods as well as server-side checks to monitor and flag illicit user activity. 

With that being said, Snapchat, despite being built like a fortress, isn’t impermeable to a bypass.

Since the social media app utilizes the dlsym method to detect Substrate (unc0ver) and Substitute (Chimera), it is susceptible to Shadow’s inbuilt dlsym hook. However, enabling it has one major side effect – the camera will stop working as soon as you run the app.             

How to bypass jailbreak detection on unc0ver/Chimera 

Installation

Step 1 Launch Cydia.

Step 2 Go to the Sources tab, tap Edit > Add and then input the URL of Jolano’s repository – https://ios.jjolano.me/

Step 3 Once the repository is added to Cydia, open it and select All Packages to view its contents. 

Step 4 Select Shadow and tap Install to install the Debian package on your Apple device. 

Setup 

Shadow Settings

• Enable Shadow (on) – Enables the base functionality of the tweak.
• Disable Shadow for Safe Apps (on) – Disables thew tweak for safe applications (apps that don’t have a DRM).

Application Settings

• Blacklist Mode (off) – Blacklist mode enables the bypass for all except selected apps. Use this option if most of your applications have a DRM.  
• Whitelist Mode (on) – Whitelist mode enables the bypass only for selected apps.  Use this option if most of your applications don’t have a DRM.

Advanced Settings

• Filter Dynamic Libraries (on) – Filtering dynamic libraries helps defeat intermediate levels of jailbreak detection. This setting will eventually become standard as implementation stability is confirmed.
• Hook Private methods (on) – Private Methods are undocumented Apple methods that apps can use to detect the jailbreak status of your device. App Store apps are not allowed to use these methods, but it shouldn’t hurt to hook them anyway.
• Hook Debugging Checks (on) – Some apps check if an external process is tracing or debugging the application. Enabling these hooks will prevent these checks.
• Hook Sandboxed Methods (off) – This hook is necessary if apps are able to use methods that the sandbox restricts otherwise.
• Hook Detection Libraries (on) – Attempts to hook on jailbreak detection library classed and skips their checking methods.

Experimental Settings     

• Experimental Hooks (off) – Experimental hooks are new bypass methods to Shadow and may potentially cause issues in some apps.
• Standardize path Strings (on) – Processes each path string passed through Shadow’s path filters by resolving any special path characters. This mitigates any funny business put in path strings by app developers.
• Hook dlsym() (off) – Hook dlsym() is an advanced jailbreak detection bypass. This hook is unstable in some apps and may cause issues.
• Use File Map (off) – File map enables Shadow to efficiently perform file path checks. 
• Generate File Map (off) – Generating a file map will scan installed package files and blacklist them. Due to the nature of this file map generation, tweaks that rely on their files during runtime will have issues.
• Lockdown Mode (Beta) (off) – Enabling this setting will disable all tweaks except Shadow for selected apps. It will forcibly enable all hooks in Shadow. We recommend generating a file map before using this feature.
• access() Workaround (on) – The access() workaround will reduce bypass effectiveness but may be necessary due to how tweaks are loaded by Substrate  (unc0ver). This setting has no effect on Substitute (Chimera/Electra).

Is Shadow jailbreak detection bypass worth installing?

After testing it with a good few apps, I can definitely say that Shadow does help you stay in the shadows – at least to a certain extent.

Despite being inherently lightweight, its bypass features are more superior and advanced to those present in Liberty.

If you are looking for a decent general-purpose jailbreak bypass, this tweak should be right up your alley.