Prevents TrollStore detection by modifying bundle IDs#923
Open
gzz2000 wants to merge 1 commit intoopa334:mainfrom
Open
Prevents TrollStore detection by modifying bundle IDs#923gzz2000 wants to merge 1 commit intoopa334:mainfrom
gzz2000 wants to merge 1 commit intoopa334:mainfrom
Conversation
Owner
|
This looks like an interesting approach. My fear however is that there may be exploits that can list all installed app ids instead of just being able to probe against pre-set identifiers. I'm not fully sure how CVE-2025-31207 worked in this regard... |
Contributor
Author
|
From what I see in the writeups (1, 2) I am able to find, it seems these apps are all exploiting |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hey @opa334, I’ve been working on a TrollStore stealth mode idea and wanted your take on it.
Lately more apps seem to detect TrollStore installs by abusing CVE-2025-31207, so this patch tries to invalidate that without having to bother Apple.
Basically this updates TrollStore’s bundle ID from
com.opa334.TrollStoretocom.opa334.TrollStore.TS_<random>. It also gives users a Stealth Install option for their IPAs: bundle ID gets the same random suffix treatment, and URL schemes are stripped. Normal install is still kept because some IPAs may break when Info.plist is patched.For updating, users currently need to open the new TrollStore.tar once in TrollStore, let it update, then do it again; on the second update, TrollStore reinstalls itself with the stealth suffix.