I am looking at disassembled code of iOS deamon (preinstalled) and I see that it uses NSHomeDirectory().
I am wondering what is NSHomeDirectory() for it? A directory where binary is stored? or / or something else?
My guess is that jailbrake deamons should behave the same way as preinstalled deamons.
Technically, I think it's /var/username, where the username is the username that owns the daemon process. Basically, this could be /var/root, or /var/mobile depending on which user you run as.
By default, I'm seeing my daemon process run as root and therefore show /var/root when I call NSHomeDirectory(). However, if I modify the daemon's plist file to include:
<key>UserName</key>
<string>mobile</string>
Then the process runs as mobile and returns /var/mobile from a call to NSHomeDirectory().
But, I'm not 100% sure that the default I see on my phone is universal, as it could depend on other factors (including how you build and install your daemon).