Skip to content

/ A12-iOS-Jailbreak

Working (not yet! But will work at the end) Version of RootlessJB for A12 devices
C Objective-C Logos C++ Other
  1. C 68.7%
  2. Objective-C 27.0%
  3. Logos 1.8%
  4. C++ 1.4%
  5. Other 1.1%
Branch: master
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Open in Desktop Download ZIP

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio

If nothing happens, download the GitHub extension for Visual Studio and try again.

Cannot retrieve the latest commit at this time.
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
ipad proxy
iphonex proxy
rootlessJB.xcodeproj
rootlessJB Update Makefile Oct 1, 2019
rootlessJBTests
rootlessJBUITests Initial Commit Feb 22, 2019
.gitignore Initial Commit Feb 22, 2019
LICENSE
README.md
patcher
writeup.pdf

README.md

Description

Blah blah, read this: How to make a jailbreak without a filesystem remount as r/w

  • Powered by jelbrekLib64e

Supported

  • A12 devices

Future Support

  • All A7-A11 devices

Usage notes

Currently, it will get root, unsandbox, and inject binaries in the trustcache. However, jailrbeakd is not working, and running binaries(i.e. dropbear and uicache) and not working

  • voucher_swap is used for 16K devices
  • Binaries are located in: /var/containers/Bundle/iosbinpack64
  • Launch daemons are located in /var/containers/Bundle/iosbinpack64/LaunchDaemons
  • /var/containers/Bundle/tweaksupport contains a filesystem simulation where tweaks and stuff get installed
  • Symlinks include: /var/LIB, /var/ulb, /var/bin, /var/sbin, /var/Apps, /var/libexec

All executables must have at least these two entitlements:

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>platform-application</key>
    <true/>
    <key>com.apple.private.security.container-required</key>
    <false/>
</dict>
</plist>
  • Tweaks and stuff get installed in: /var/containers/Bundle/tweaksupport the same way you did with Electra betas.
  • Tweaks must be patched using the patcher script provided. (Mac/Linux/iOS only) or manually with a hex editor
  • Apps get installed in /var/Apps and later you need to run /var/containers/Bundle/iosbinpack64/usr/bin/uicache (other uicache binaries won't work)

iOS 12

  • amfid is patched, however it'll require you to resign everything with a cert. Use codesign -s 'IDENTITY' --entitlements /path/to/entitlements.xml --force /path/to/binary or inject everything as usual. However note that soon I won't be injecting stuff automatically on jailbreak anymore!
  • You can tweak App Store apps, but you'll either have to call jailbreakd's fixMmap() yourself or resign things with a real cert and amfid will handle that for you. Second option is preferred. See previous point on how to.
  • This is not dangerous and cannot screw you up.
  • Tweaks pre-patched for rootlessJB 1.0 and 2.0 will not work. Use new patcher script. (ldid was replaced with ldid2!)

patcher usage: ./patcher /path/to/deb /path/to/output_folder

TODO (iOS 12-12.1.2, A12 Devices)

  • create pmap bypass to enable executable mappings for binaries
  • fix patchfinder with trustcache
  • testing testing testing

Thanks to: Ian Beer, Brandon Azad, Jonathan Levin, Electra Team, IBSparkes, Sammy Guichelaar, Sam Bingner, xSpiral Team

You can’t perform that action at this time.