In iOS13.3.1, Apple added a new mechanism. Unless launchd_missing_exec_no_panic = 1 is added to boot-args, if you try to control launchd to load a launchdaemon file that does not exist in the corresponding executable, it will cause panic.
Successfully futurerestored from iOS 13.5 -> iOS 14.3 using iOS 14.4’s SEP/Baseband on my iPhoneSE2 (A13)!
Thanks to
@marijuanARM
@Cryptiiiic
everyone who took the risk to test futurerestore before me... and anyone else I missed!
[Release]: Generator Auto Setter
Auto set your generator when jailbreaking!
Only Support Checkra1n. (Because other jailbreak tool doesn't need that.)
It's on my repo NOW:
Apple removed -(BOOL)setUsagePoliciesForBundle:(id)arg1 cellular:(BOOL)arg2 wifi:(BOOL)arg3 ; in PSAppDataUsagePolicyCache, that's why TrollStore installed apps can't access network in Chinese models.
So, that's how I made palera1n semi-tethered:
1. Create a partition: newfs_apfs -A -v System -e /dev/disk0s1 that will be disk0s1s8
2. Copy root file system to disk0s1s8
3. add rd=disk0s1s8 to boot-args
(1/2)
Checkra1n users may be able to delete /System/Library/LaunchDaemons/com.apple.MobileFileIntegrity.plist to completely disable amfid. And this will not have any impact on using the device in a non-jailbroken state.
Networkfixer App for all TrollStore users released here:
Fix network permission for apps in Chinese models
This fix will also included in next release of TrollStore😈
Add entitlement .DiagnosticReports to access /var/containers/Shared/SystemGroup/systemgroup.com.apple.osanalytics/DiagnosticReports (New system crash log path).
So just to be 100% clear
Before OTA update: Make sure TrollStore is open in app switcher
After OTA update: Start TrollStore through app switcher and immediately install the persistence helper into a system app
Must have entitlements:
<key>.private.pmp.performance-spi</key>
<true/>
<key>.exception.iokit-user-client-class</key>
<array>
<string>ApplePMPUserClient</string>
</array>
first, so must find other exploit to work with.
cicuta_virosa - iOS 14.3 kernel LPE for ALL devices.
@FCE365
@RazMashat
@CStar_OW
please share it across jailbreak community.
We are Anonymous. We are Legion.
Made an app that removes the three app limit for free provisioning.
Hit "Go" just before installing apps.
Should work on iOS 16.1.2 and below / iOS 15.7.1 and below.
Thanks to XsF1re for figuring out the methods to patch:
[Release]:TimeMachine on iOS v0.1.0
update notes:
Make TimeMachine looks "more open source"
So there need a file named "Makefile"
Simplify the way of system version checking
Now support for iOS 11.4.x and above (iOS12).
Why the arm64 device does not need to read the apnonce beforehand to save blobs: Because arm64 device uses a deterministic algorithm to calculate apnonce from generator, you can use these codes to calculate it on any computer.
Some Tips:
1. OTA/iTunes upgrade will clean all snapshots on rootfs/varfs.
2. Starting with iOS 13, iOS has added a new detection mechanism. If the rootfs was modified, the OTA can only download the full package. (1/2)
@mild_tsunami
@pwn30wnd
@coolstarorg
I can tell you responsibly that due to incorrect file checking and poor snapshot management, chimera does bootlooped some people’s device.
Two points I guess:
1.Doesn't work on A14
2.Can't verify update if you are using higher version of sep/baseband
If you have sufficient evidence to break one of the above points, please leave a message
So, when I'm not boot with palera1n, my rootfs normal and sealed so I can boot as unjailbroken. And when I boot with palera1n, iBoot will read my boot-args and mount disk0s1s8 as rootfs, so it's jailbroken.
Have fun!🕺
It seems that EmojPort conflicts with Safari Plus. But this happens only when the Rocketbootstrap version is 1.0.7~beta3, and it will not appear if you downgrade it to 1.0.6.
@opa334dev
@PoomSmart
@rpetrich