From The Apple Wiki
(Redirected from RootHide)

Roothide is a type of jailbreak environment with a focus of evading jailbreak detection. It can be considered as a type of rootless. However, in general usage, rootless refers to the jailbreak environment with fixed paths at /var/jb, and roothide refers to the type of environment that exclusively uses ramdomized paths for jailbreak.

Location of bootstrap

In roothide, the location of a bootstrap is an implementation detail, and is always randomized, so it should not be hardcoded. Currently, existing implementations uses a path under /var/containers/Bundle since it allows non-platform binaries to be executed, and does not cause detection problems. External packages are expected to use libroothide to obtain the bootstrap path at runtime.

Evading jailbreak detection

It is important to note that the randomized bootstrap path is merely one of the requisites of evading jailbreak detection. A jailbreak has many other aspects that could potentially be detected as well. So a jailbreak implementating roothide support will need to do more than using the roothide jailbreak environment to make itself undetectable.


Roothide packages uses a deb Architecture value of iphoneos-arm64e. Despite its name, it has nothing to do with arm64e. The package structure is same as a rootful package, and dpkg will automatically install the files into the randomized bootstrap path.

Linking and loading libraries

All directories containing a Mach-O should contain a .jbroot symlink pointing to the root of the randomized path. This symlink could be created by dpkg, or by the jailbreak while loading a Mach-O. This way, binaries in the randomzied bootstrap path can refers to libraries as such:


jbroot path and real path

A jbroot path is a path rooted from the root directory of the randomized bootstrap path. A real path is a path rooted from the actual root directory of the system.


libroothide is a support library that provides support functions and command line tools to convert a jbroot path from/to a real path. This library is intended for software that are specifically designed to run on roothide, such as tweaks compatible with roothide. It is internally used by libvroot which will be discussed in the next section.


libvroot is a library that hooks many path APIs such that it appears that the root of the randomized bootstrap path is at /. It is intended for software in the bootstrap, which is generally not specifically designed to run on a jailbreak environment. As a result, tools in the bootstrap accepts jbroot paths instead of real paths. In libvroot, the actual root filesystem can be accessed at /rootfs. For example, a real path of /sbin/launchd is /rootfs/sbin/launchd in libvroot. The libvroot library removes the need to patch all hardcoded paths in all bootstrap softeare, which would have been highly tedious, and prone to missing out on some paths.

File mirroring

Some paths in the randomized bootstrap path are actually symbolic links to a path outside of the bootstrap path. It simplifies the maintenance of jailbreak applications or tweaks.

  • (the randomized bootstrap path itself)
  • /dev
  • /private/preboot
  • /var/containers
  • /var/mobile/Containers
  • /usr/share/misc/
  • /usr/share/zoneinfo
  • /etc/hosts.equiv
  • /etc/hosts
  • /var/run/utmpx
  • /var/db/timezone
  • /System/Library/CoreServices/SystemVersion.plist

Ecosystem support

The following software supports roothide:

Package Support Notes
Sileo Yes Only supported in roothide's fork of Sileo
Zebra Yes Only supported in roothide's fork of Zebra
Theos Yes Only supported in roothide's fork of Theos
ElleKit Yes Only supported in roothide's fork of ellekit.
Dopamine-roothide Yes Currently based on Dopamine 1.x
Serotonin Yes This tool supports the roothide environment, but might leave extra details that could potentially be detected by apps.
Bootstrap Yes

External Links