wh1te4ever
@wh1te4ever
Followers
3,207
Following
91
Media
81
Statuses
330
Explore trending content on Musk Viewer
Liam Payne
• 2235486 Tweets
ブロック
• 428641 Tweets
LINGORM PANTENE VOGUE TRIP
• 285806 Tweets
Twitterくん
• 275704 Tweets
西田さん
• 262756 Tweets
西田敏行さん
• 241685 Tweets
俳優さん
• 174516 Tweets
生成AI
• 140509 Tweets
Bluesky
• 117652 Tweets
ツイッター
• 111601 Tweets
AI学習
• 98894 Tweets
ブルスカ
• 97057 Tweets
Grok
• 95944 Tweets
利用規約
• 88875 Tweets
規約変更
• 80762 Tweets
イーロン
• 70176 Tweets
スーパームーン
• 66168 Tweets
イラスト投稿
• 64514 Tweets
ぐりとぐら
• 57562 Tweets
pixiv
• 49691 Tweets
블루스카이
• 38970 Tweets
タイッツー
• 35073 Tweets
#INDvsNZ
• 33811 Tweets
他のSNS
• 28940 Tweets
池中玄太80キロ
• 27740 Tweets
Misskey
• 27381 Tweets
ドクターX
• 22833 Tweets
無断転載
• 17317 Tweets
探偵ナイトスクープ
• 14840 Tweets
相互さん
• 14506 Tweets
絵師さん
• 10238 Tweets
TrollDecryptor
- Decrypt appstore apps
- This is just a... prototype apps
- Tested with KakaoTalk app
- You can get app pid from Cocoatop
Source Code:
27
49
290
Taurine v1.1.6-b Release (Unofficial)
- Now support iOS 14.0 - 14.4.2 (only arm64)
- Ported kfd smith exploit
- Reduced file size
23
49
205
Since debilitating sandbox, It would be interesting if we can patch /usr/libexec/installd using MacDirtyCow exploit!
haha
#MacDirtyCow
- Allow installing over-the-air signed apps by free developer certificate.
- Removes the 3 app limit for free developer accounts.
22
52
200
Hello, (experimental) dynamic patchfinder.
(no more needed to be unsandbox to get kernel or download kernel from ipswme)
11
19
167
Stable so far,
kfund-arm64 v1.0-dev1 uptime has been over 7 days alive!
15
12
158
Updated Axon/vnodebypass/A-Font/CoolCC with supporting iOS 16.x + Dopamine2z
14
28
157
vnodebypass v0.3
ChangeLog:
- Drop support iOS 12.x
- Drop support iOS 13.x
- Drop support iOS 14.x
- Drop support rootful environment
- ...
Compiled deb will not be released until some test.
8
32
133
Implemented ResSet16 via kid.
10
18
127
It even can be access /var/mobile/Library/SMS which macdirtycow(grant_full_disk_access) cannot be accessed.
10
7
123
Unfortunately, there will be no more update kfund-arm64 due to personal work.
Btw, kfund-arm64 jb uptime has been passed at least 1 day.
7
16
119
Got working trustcache injection on arm64.
(iPhone 6s/iOS 15.1).
7
13
115
Here's iPhone 14 Pro 16.1.2 offsets for kfd exploit.
There's nothing to be done here.
5
21
107
It works.
@XsF1re
Try this for MacDirtyCow
- mmap file on disk (read only)
- change read only to read write in kernel memory
- write to the file
3
1
33
6
4
96
Sorry for being late, I just re-released kfund-arm64.
Please read description before install jailbreak, Thanks.
4
22
97
Now we have a version of it that supports all 16.x devices.
The fact it's been 6 months since kfd dropped and we still do not have a version of it that supports all 16.x devices is really representing the state of the community.
Instead of trying to rush to make the shiny new thing first, we should have built solid infrastructure.
43
49
601
9
6
95
Congratz to release TrollStore2! Hooray~~
It's really enough to make motivation to build special apps, so I'm going to make it.
TrollStore 2 is out now
Installation methods and more info will follow soon.
430
404
2K
2
4
91
openra1n (unofficial fork) has been updated with dumped payload from palera1n v2.0.0-8.
1
21
95
To those who say jb is fake:
NekoJB is NOT fake (mineek/serena things too)
It is just that the development progress is inevitably slow because of personal business.
Just please wait patiently that you can do for now.
4
11
95
Fixed screendump that not working on some devices.
Confirmed works on iPhone 14 Pro / iOS 16.1.2.
You can get from
Source Code:
3
16
86
Got working dump entitlements on iOS 16 (just for fun),
Dopamine's DEREntitlementsDecode function works. but some apps not?
4
8
82
So, uhh....
Tweak injection works eventually on 6s 15.1 using kfd (sort of semi-untethered jb?)
Still many things need to be fixed,
but my goal has been approached anyway.
10
10
81
FanArt For
@opa334dev
!
Honestly, I'm not very good at painting, but I did my best.
Hope you'll do a good job presenting!
#Zer0Con
7
3
82
You will encounter this if you successfully jailbreak for the first time.
17
8
77
kfund-arm64 FINAL update (No more update will be)
- Add jbctl (to rebuild trustcache, set debugged as pid)
- Add libkrw0-kfund(libjbdrw) to gain kernel r/w (Now dimentio works to set apnonce)
4
9
77
dyld patched and mount /usr/lib to fakelib done.
Next step is implement jbdcall api and systemwide dylib injection.
4
6
75
Thanks
@Little_34306
,
@straight_tamago
for testing dynamic patchfinder.
Seems like kopen works for any device.
Confirmed working list:
iPhone 14 Pro - 16.1.2
iPhone 12 mini - 16.6 beta1
iPhone Xs Max - 16.4.1
12
7
73
It's impossible to Taurine get working in 14.5+ since a lot of thing has changed.
Also, there's closed-source jailbreakd in basebin.
Anyway, iOS 14.8/arm64 offset is now on my latest taurine fork commit, so refer who interested in.
11
4
75
Not only remove limit 3 app, but also it *WORKS* installing signed OVER-THE-AIR by free developer certificate.
Made an app that removes the three app limit for free provisioning.
Hit "Go" just before installing apps.
Should work on iOS 16.1.2 and below / iOS 15.7.1 and below.
Thanks to XsF1re for figuring out the methods to patch:
64
139
551
8
13
68
kfund arm64 tweak-injection preview
3
13
70
Now support smith exploit on Taurine.
7
11
67
Successfully jailbroke iptime router n604se / iptime ipcam c300
(Got shell, but NOT vulnerability)
5
4
64
vnodebypass v0.3.1
ChangeLog:
- Add bunch of files to hidePathList.plist
- Add CC Modules
9
13
61
It would be better to take care of my health status, NOT rank during CTF competition.
When I solve problem all night, then I just realized that my biorhythm and health has been ruined.
9
0
61
Reviving old iphones for test purposes.
Here's some cross-compiled debs (confirmed works on iOS6)
python3.11.9
libxml2
libxslt
openssl3
3
4
59
This will be final update.
ChangeLog
- Fixed panic when enabled Log Window
- Users can now choose physpuppet/smith exploit in Taurine Settings
- Fixed wrong mask on anything non A16,
8
14
56
A small attempt to get kcall/kalloc/kfree on iOS 14.
(Thanks
@mineekdev
for dirty_kalloc idea,
only works on iPhone 6s/14.4.2 since hardcoded offsets.)
5
4
56
Introduce getVnodeAtPathByChdir.
so you don't need to use findChildVnodeByVnode to get subdirectory's vnode anymore.
and possible to get vnode even if sandbox-restricted path.
For more info, see below link for usage.
4
4
55
I'm done with supporting for all iOS 16.0-16.6.1 devices.
(maybe...?)
5
10
54
Running dropbear(SSH) via trustcache injection Demo (on iOS 15.1/6s)
2
5
54
지금까지 한 일들에 정리하자면,
proc이나 ucred , task 구조체에 대한 필드를 오프셋 계산해서 전부 읽는데 성공하였지만, 대부분이 zalloc_ro에 할당되어 있기 때문에 자격 증명이나 코드 서명, task 플래그를 수정하기 위해 PPL 우회없이 필드를 쓰는 순간 패닉이 ��생합니다.
6
1
51
How to emulate macdirtycow.
1. open file with O_RDONLY.
2. patch rootvnode->v_mount->mnt_flag to ~MNT_RDONLY.
3. patch proc->p_fd->fd_ofiles->fp_glob->fg_flag to O_ACCMODE.
4. mmap and write our data.
4
5
50
Here is system-wide dylib injection, still need to be fixed a lot. :(
3
6
46
JAILBROKEN;
8
7
45
Tried to make support kernel debugger (KTRW) for iPhone 6s/iOS 14, but ends up buying iPhone 8 :(
2
6
44
I don't think there's any point to upgrade 16.5 since < 16.2 has better sandbox escape.
5
2
43
I've just noticed that binarie hashes are different after installing with TrollStore. That's why it happend.
4
3
43
I think I have skill issue kvtouaddr (exactly kcall8),
but, implemented dynamic trustcache anyway.
Next step is dyld patch and bind mount /usr/lib.
1
0
39
It's good time to figure how bypass techniques used. Used same jb detect framework like pushtanx.
Giving up trying to bypass the jailbreak detection bypass of pushTAN for now... Honestly it's really technically impressive, they probably put a lot of money into it.
7
4
59
2
2
36
- Need to opainject launchdhook.dylib to launchd yourself.
- Need to install ellekit without running postscript
- Need to fix appicon showing strange
- Need to implement userspace reboot
- Need to have forfix
- Many things still left....🤯
1
3
34
Found workaround fix:
Use C Function like open, write instead of objective-c method when create file.
@sourceloc
There's some issues that some files are not removed anymore if created out of sandbox.
0
0
15
5
6
33
I think my journey of kfd on arm64e has been end here.
Can I start my journey to contribute for future semi-untethered iOS 15/arm64 jailbreak?
Yes, go another journey
456
No, please stay..
286
11
1
35
Implemented funVnodeRedirectFile, funVnodeUnRedirectFile.
Example usage:
(fun.m:301,302)
This will replace launchd to photoShutter.caf and restore launchd.
4
1
33
@eveiyneee
Well, I tried to overwrite, but it crashed many apps like photos app, or freezes. even overwriting original data make it crashed.
5
0
31
Recently, I reported some vulnerabilities to KISA for the first time. (but, NOT iOS/macOS)
It takes some time to get result, hopefully there will be good results..
3
1
33
@MasterMike88
Any poc or exploit code (except Taurine, kfd) has NOT been released yet, so don't be expect would be better...
There's NO 100% guarantee that release.
High expectations can lead to high disappointments.
1
0
32
nvm, I've just fixed it, will release in ~1hours.
I don't really have idea why it crashing if sideload ipa.
When install app by Xcode, it works like charm.
3
0
20
1
2
31
Starting with iOS 16+, there's Launch Constraints mitigation, replacing method not works to inject some system process...
3
0
30
#MakeEdictusGreatAgain
Edictus developed by
@soongyu_kwon
&
@aboutzeph
z has been updated for iOS15/rootless on new repo.
Source Code:
3
9
30
This will be real last update.
Fixed kwritebuf in libjbdrw (libkrw)
you can manually install deb from here.
1
2
29
0
0
26
그러나 v_data 필드를 건드려서 다른 폴더로 이동시키는게 만드는 것은 서로 마운트 지점이 같을때만 가능합니다. (이를 테면 /var은 /dev/disk1s2에 있고, root file system은 /dev/disk1s1에 있음)
2
0
27
My life will be JAILBROKEN at April 30th!
7
1
26
만약에 누군가가 마운트 지점이 달라도 이동시키는것을 가능하게 만든다면, MacDirtyCow 취약점을 이용하여 tccd를 패치시켰던 것처럼 샌드박스를 더 완벽하게 우회시킬 수 있다고 봅니다.
1
2
25