Halo Michael
@halo_michael
Followers
2,974
Following
150
Media
446
Statuses
2,761
Explore trending content on Musk Viewer
#NevaPlay
• 505927 Tweets
SAROCHA X MODERN GURU
• 415409 Tweets
#MEGANxRM
• 364022 Tweets
NAMJOON
• 276963 Tweets
Ravens
• 255789 Tweets
Linkin Park
• 129477 Tweets
Lamar
• 117853 Tweets
Mahomes
• 87903 Tweets
Chester
• 67560 Tweets
FOR ASIAN MEN WE PAVED THE WAY
• 46523 Tweets
ABOUTZU RUN AWAY OUT NOW
• 38482 Tweets
サブスク解禁
• 36147 Tweets
FANZA
• 30825 Tweets
小泉進次郎
• 30216 Tweets
Hayırlı Cumalar
• 28042 Tweets
エイリアン
• 27168 Tweets
Mark Andrews
• 23957 Tweets
#ZeeNunew1stFMinJapan
• 23531 Tweets
夫婦別姓
• 17794 Tweets
TransisiSEJUK PRABOWOJKW
• 17535 Tweets
Isaiah Likely
• 17497 Tweets
KitaKOMPAK KitaMENANG
• 16912 Tweets
ちいかわ寿司
• 16372 Tweets
アストロボット
• 16346 Tweets
モモンガ
• 16067 Tweets
#ドミノシェイクは水不使用
• 13463 Tweets
ニューヨーク
• 12810 Tweets
ハチワレ
• 12244 Tweets
知的レベル
• 11793 Tweets
書類送検
• 11384 Tweets
Pinned Tweet
3
0
21
In iOS13.3.1, Apple added a new mechanism. Unless launchd_missing_exec_no_panic = 1 is added to boot-args, if you try to control launchd to load a launchdaemon file that does not exist in the corresponding executable, it will cause panic.
5
20
207
So, I wrote two exploit demo app here:
if anyone wants test it :P
flow_divert support <= 15.4.1
ipc_kmsgs support <= 15.3.1
enjoy!
48
49
193
Successfully futurerestored from iOS 13.5 -> iOS 14.3 using iOS 14.4’s SEP/Baseband on my iPhoneSE2 (A13)!
Thanks to
@marijuanARM
@Cryptiiiic
everyone who took the risk to test futurerestore before me... and anyone else I missed!
16
15
148
Untethered jailbreak, which is very valuable! so there is a high probability that it will not be released within ten years. But still excited me!
Demo of CVE-2021-30740, CVE-2021-30768, CVE-2021-30769, CVE-2021-30770 and CVE-2021-30773 on iOS 14.5.1, iPhone 12 Pro Max
218
687
3K
5
18
140
[Release]: Generator Auto Setter
Auto set your generator when jailbreaking!
Only Support Checkra1n. (Because other jailbreak tool doesn't need that.)
It's on my repo NOW:
17
37
137
Apple removed -(BOOL)setUsagePoliciesForBundle:(id)arg1 cellular:(BOOL)arg2 wifi:(BOOL)arg3 ; in PSAppDataUsagePolicyCache, that's why TrollStore installed apps can't access network in Chinese models.
7
10
134
If anyone wanna set resolution:
*TrollStore request⚠️
*Resolution value verify✅
*Reboot revert resolution✅
So it’s 100% safe
Have fun!😈
23
21
101
So, that's how I made palera1n semi-tethered:
1. Create a partition: newfs_apfs -A -v System -e /dev/disk0s1 that will be disk0s1s8
2. Copy root file system to disk0s1s8
3. add rd=disk0s1s8 to boot-args
(1/2)
6
12
102
Checkra1n users may be able to delete /System/Library/LaunchDaemons/com.apple.MobileFileIntegrity.plist to completely disable amfid. And this will not have any impact on using the device in a non-jailbroken state.
10
14
86
So… iOS17 mount disk1s2 as /var/mobile and mount disk1s8(a new created partition) as /var now💩
5
10
84
Thanks the tool "multi_path" from
@Jakeashacks
,now I can half jailbreak my iPhone7 on iOS11.3.1,and I can use dropbear to connect my phone.
19
10
72
8
4
72
For easy to switch between
#unc0ver
and
#checkra1n
without manually install Cydia Substrate, you can install [Unc0ver Support Package] from my repo: .
7
15
66
Tether downgrade to 13.2.3 with kernel version 19.2.0 on 6s+
4
9
66
[Tutorial] Set generator in any iOS version by using checkm8
0
20
65
Networkfixer App for all TrollStore users released here:
Fix network permission for apps in Chinese models
This fix will also included in next release of TrollStore😈
11
8
71
14.3 users with unc0ver jailbroken: You can now get untether without restore rootfs!🥳
8
8
59
You guys can install tvos16 profile as a replacement
If can't install, open with Safari.
7
22
61
iOS13.3 is VERY buggy.
8
3
58
TIPS: a tfp0 exploit demo always shows tfp0 on the last line, not the first line.
0
4
52
Add entitlement .DiagnosticReports to access /var/containers/Shared/SystemGroup/systemgroup.com.apple.osanalytics/DiagnosticReports (New system crash log path).
1
3
56
Due to iOS17 fixed xpc_crasher bug, Resolution Setter App now updated to 1.3.0 to support iOS17, enjoy!
5
8
53
Also it only effect devices which have ApplePMP, not ApplePMPv2, which means < A15 (not included)
7
5
50
@coolstarorg
Did you really feel that nothing was wrong when you clicked the send button in Twitter?
2
0
47
How to set generator via Unc0ver on A12 (12.1.3~12.4).
I just downgrade an iPhoneXR from 12.4 to 12.1.1b3 (And closed the password).
9
14
49
Ok, so... Anyone wants to test it?
TimeMachine on iOS, now have a preferenceloader bundle! Enjoy it ;)
8
7
48
It’s time to iOS17😈
Legal Notices: That’s only for me
So just to be 100% clear
Before OTA update: Make sure TrollStore is open in app switcher
After OTA update: Start TrollStore through app switcher and immediately install the persistence helper into a system app
24
15
212
9
6
49
Sorry, someone told me it only effect to iOS 17.1🤯. Can someone test it?
7
3
45
Must have entitlements:
<key>.private.pmp.performance-spi</key>
<true/>
<key>.exception.iokit-user-client-class</key>
<array>
<string>ApplePMPUserClient</string>
</array>
first, so must find other exploit to work with.
3
1
38
Remount rootfs as rw on Big Sur
Big Sur mounted a snapshot on rootfs as iOS11.3.
1
4
39
(Need free space: 4GB)
5
2
37
0
3
38
iPhone9,1 14.3
cicuta_virosa - iOS 14.3 kernel LPE for ALL devices.
@FCE365
@RazMashat
@CStar_OW
please share it across jailbreak community.
We are Anonymous. We are Legion.
87
369
1K
1
5
37
Finally, oob_timestamp can fully work on arm64 devices like on arm64e deivces now. Thanks for
@0x36b
:P
0
1
5
1
2
36
OK, test it success. Will release an "exploited" PPSSPP as soon as possible.
New blog post: "Psychic Paper"
The story of the best. Sandbox escape. Ever.
71
568
2K
6
8
36
🐛
kfd, short for kernel file descriptor, is a project to read and write kernel memory on Apple devices:
31
123
457
3
8
37
Exploit demo of ipv6_pathmtu and cuck00 is out on my repo (both killed in iOS13.3.1). Enjoy.
(Before use them, please check the notes first.)
2
4
32
Seems Dopamine’s forkfix request a real jb to do something, I stuck in dispatch_atfork_parent() anyway.
2
1
33
I can confirm it works; but I guess AltStore tethered itself so you can’t install more apps via AltStore hah
@altstoreio
Can your team fix it?
Made an app that removes the three app limit for free provisioning.
Hit "Go" just before installing apps.
Should work on iOS 16.1.2 and below / iOS 15.7.1 and below.
Thanks to XsF1re for figuring out the methods to patch:
65
139
550
5
3
31
"panicString" : "panic(cpu 1 caller 0xfffffff00dc589a4): \"userspace panic: File Radar to: [ launchd | missing executable ]. Set boot-arg launchd_missing_exec_no_panic=1 to work around.
0
4
33
Hey devs, don't compile your tweaks for arm64e with Xcode12. Otherwise you needs to change the machine specifier to the right value 0x2.
4
2
33
[Release]:TimeMachine on iOS v0.1.0
update notes:
Make TimeMachine looks "more open source"
So there need a file named "Makefile"
Simplify the way of system version checking
Now support for iOS 11.4.x and above (iOS12).
1
7
33
Still can't get unc0ver work on my iPhone7... Respring loop then reboot after jailbreak.
20
1
33
Open source now:
If anyone wanna set resolution:
*TrollStore request⚠️
*Resolution value verify✅
*Reboot revert resolution✅
So it’s 100% safe
Have fun!😈
23
21
101
6
5
29
It's really too many offsets needs hardcode🫠
That's the the only things I can got, I don't know how to get others
(only for SE2 16.1.2)
6
0
32
Why the arm64 device does not need to read the apnonce beforehand to save blobs: Because arm64 device uses a deterministic algorithm to calculate apnonce from generator, you can use these codes to calculate it on any computer.
1
7
30
Some Tips:
1. OTA/iTunes upgrade will clean all snapshots on rootfs/varfs.
2. Starting with iOS 13, iOS has added a new detection mechanism. If the rootfs was modified, the OTA can only download the full package. (1/2)
1
5
30
Anyone have already tested checkra1n 0.10.0 with iOS13.4.5b1?
7
2
27
Checkra1n's nvram_unlock patch finder seems is broken on 14.2b3.
1
3
26
@mild_tsunami
@pwn30wnd
@coolstarorg
I can tell you responsibly that due to incorrect file checking and poor snapshot management, chimera does bootlooped some people’s device.
2
0
26
For anyone who wants to test oob_timestamp and get some panic logs:
3
1
25
Now I prefer to talk about some jailbreaking techniques not related to checkm8 because now my main device is iPhoneSE2.
6
2
27
nvram .System.boot-nonce=0x1111111111111111
nvram IONVRAM-FORCESYNCNOW-PROPERTY=.System.boot-nonce
1
4
26
Two points I guess:
1.Doesn't work on A14
2.Can't verify update if you are using higher version of sep/baseband
If you have sufficient evidence to break one of the above points, please leave a message
6
6
26
So, when I'm not boot with palera1n, my rootfs normal and sealed so I can boot as unjailbroken. And when I boot with palera1n, iBoot will read my boot-args and mount disk0s1s8 as rootfs, so it's jailbroken.
Have fun!🕺
2
0
23
It seems that EmojPort conflicts with Safari Plus. But this happens only when the Rocketbootstrap version is 1.0.7~beta3, and it will not appear if you downgrade it to 1.0.6.
@opa334dev
@PoomSmart
@rpetrich
7
2
23
CVE-2022-26757,fixed in iOS15.5
1
4
21
Resolution changed && substitute loaded🕺
2
2
23
For those who want rename your snapshot on iOS12:
Warning: It’s ONLY for DEVELOPER TEST!
2
6
22
A fully oob_timestamp exploit without finding memory addresses manually?
1
3
22
Write into ppl protected address.
ml_dbgwrap_halt_cpu new value: 800000ff
dma_ctrl_1 new value: 8000000000070e01
kernel_addr phys_addr: fffffff14eca99d0 91db959d0
dma_ctrl_1 old value: 70e00
fffffff14eca99d0 : 4141414141414141
98
120
534
0
0
23
This is an App named "
#Shelly
" and you can download it from AppStore. when you done this, setting like that:
(password is alpine)
6
0
20
echo "/jb/usr/local/bin/dropbear -R -E --shell /jb/bin/bash -p 2222 > /dev/null 2>&1" > /jb/etc/rc.d/localdropbear && chmod 0755 /jb/etc/rc.d/localdropbear && /jb/etc/rc.d/localdropbear
(2/2)
4
3
21
Failed
Will test if futurerestore is working on iOS14 or not(use iPhoneSE1 which only I can test).
4
0
7
4
5
20