Skip to content

Latest Jailbreak News

Ra1nPoc Jailbreaks – A Tool For Re-jailbreak Devices Jailbroken By CheckRa1n

Ra1nPoc Jailbreak

Ra1nPoc 14 is basically an application that apparently they have over here that allows you to jailbreak another device using CheckRa1/odysseyra1n  directly from your iPhone. The Ra1nPoc tool, developed by dora2ios, can be loaded on any iPhone that has been jailbroken and makes it simple to jailbreak other checkra1n-compatible devices. In this way, you may use another old or new iPhone to jailbreak your compatible CheckRa1n devices without a computer. Also, you can jailbreak iOS 15 devices with Cheyote jailbreak.

You need a jailbreak to install this app, but if you have stay version with CT bug (14.0-15.4.1), it will work fine even in unjailbreak state. 

With this Ra1nPoc Jailbreaks you can do – Get a dirt cheap old iPod and use it to jailbreak your main CheckRain device, No PC Or use your modern iPhone XS / iPhone 11 / iPhone 12 / iPhone 13 to jailbreak your older CheckRain compatible iPhone / iPad / iPod, No PC.

Visualize this situation. You have an iPhone 12 that you use every day, but you also have an iPhone 8 Plus that you can jailbreak using checkra1n. Without a Mac or PC for checkra1n, you may jailbreak the iPhone 8 Plus straight from your iPhone 12 using Ra1nPoc14. You can easily download Ra1nPoc with dora2-iOS/ra1npoc GitHub.

#Fugu15 #Fugu 15 jailbreak #iOS 15 jailbreak  #Fugu15 Untethered Jailbreak #iOS 15 Jailbreak status update

Unc0ver Perma-signed Released (No More PC Re-Sign) By Developer @ichitaso

 Journey to Jailbreaking iOS 15.4.1 talk by LinusHenze

The integrated permanent signing capabilities of the Unc0ver jailbreak tool offered by iOS developer ichitaso, which was made feasible by a recent PoC concept by security researcher Zhuowei Zhang.

Since the jailbreak app has been permanently signed, after it has been sideloaded and then used, the user can reboot their device as much as they like and continue using the jailbreak eternally without ever needing to sign it again via AltStore or another signing method.

With the release of @ichitaso, the unc0ver jailbreak tool was intended to catch up to the rival Taurine jailbreak for iOS & iPadOS 14.0–14.3 that has been exploiting the PoC almost since it was first made available.

In compared to Ichitaso’s initial release, which only supported devices operating iOS or iPadOS 14.0–14.3 or later, @ichitaso’s patched Unc0ver jailbreak app need to function on all hardware and firmware versions that are currently supported by Unc0ver v8.0.2. You can download the updated unc0ver v8.0.2 app by iosrouter with permanent signing capabilities from iosrouter tweak repository. using your preferred package manager app.

As Zhuowei Zhang’s Proof of Concept seems to be a better choice with Fugu14 for perma-signing due to its help for all devices and all iOS & iPadOS 14 versions, it’s indeed unclear if the unc0ver team will implement or provide its first ever means to keep the unc0ver jailbreak app signed indefinitely. One benefit of Fugu14 is that it adds compatibility for more recent versions.

#unc0ver jailbreak permasign #unc0ver perma sign #unc0ver jailbreak signed #unc0ver sign no pc #iosrouter #iosrouter tweak repository

Fugu15 Jailbreak On iOS 15.4.1 Will Be Demonstrated By Linus Henze

iosrouter-permasigned Unc0ver JAILBREAK

Given the difficulties involved in jailbreaking iOS & iPadOS 15, there has been a lot of negativity and darkness lately in the jailbreak community. Even the head of the Odyssey Team, CoolStar, has spoken publicly about how iOS & iPadOS 15.1.1 will probably be the final firmware for which they build a jailbreak due to how much more challenging Apple seems to be finding ways to make.

There is still hope for the jailbreak community according to security researcher Linus Henze, the creator of the Fugu14 untether which is being used by the Unc0ver jailbreak.

A presentation by Henze, titled “The Journey to jailbreaking iOS 15.4.1,” appears to be scheduled for 50 minutes at the Objective by the Sea Mac Security Conference in October. Henze claims that in addition to talking about how to jailbreak iOS and iPadOS 15.4.1, he will also demonstrate his Fugu15 jailbreak.

“Fugu15 – The Journey to Jailbreaking iOS 15.4.1” talk by LinusHenze at OBTS v5.0

Henze seems to have already created a jailbreak for iOS 15.4.1 named Fugu15 and wants to share some of the techniques he used to get through Apple’s most modern security measures, which are also the ones that seem to be draining the motivation of today’s jailbreak researchers. The sharing of these solutions can inspire other people.

#Fugu15 #Fugu 15 jailbreak #iOS 15 jailbreak  #Fugu15 Untethered Jailbreak #iOS 15 Jailbreak status update

Procursus Bootstrap On iPhone X Running iOS 15.1 Is Teased By CoolStar

CoolStar teases Procursus bootstrap

According to Odyssey Team lead programmer CoolStar, the team was kind of focussed on A11 chip-equipped devices when discussing the current status of the planned rootless jailbreak tool for iOS & iPadOS 15.0-iOS 15.1.1.

CoolStar seemed to hint more development after stating that the team had successfully implemented Procursus on an iPhone X running iOS 15.1. Of course, the A11 processor included in the iPhone X is the same chip with which the development team previously developed.

The community is one step on the way to a jailbreak that now Procursus is able to run with iOS/iPadOS 15 on the A11 chipset. It will take longer because there is still a lot of work needed on the jailbreak implementation and compatibility for different chipsets.

The rootless iOS & iPadOS 15.0-15.1.2 jailbreak tool from the Odyssey Team is not yet scheduled for release, but @iExmoJailbreak will continue to update users on iOS 15 jailbreak.

#CoolStar #iOS 15 jailbreak bypass #Procursus Bootstrap #Odyssey

Odyssey Team’s New Taurine-Permanent Package, Based On Zhang’s PoC

odyssey teams new taurine permanent package

The Odyssey Team has again made available a package for Taurine jailbreak users on iOS & iPadOS 14.0–14.3 following the release of a strong PoC by security specialist Zhuowei Zhang @zhuowei that enables sideloaded apps to be signed indefinitely.

The official news was announced by Procursus maintainer Adam via the Sileo / Taurine Jailbreak / Odyssey Discord channel. According to Adam, the innovative taurine-permanent package is now accessible in the Odyssey/Taurine repository which comes pre-installed throughout Sileo on devices jailbroken with the relevant tool taurine benefits. Adam claims that when the package has been utilized, the rootFS restore function of the jailbreak or removing the taurine-permanent package in a jailbroken stage are the only ways to delete the Taurine jailbreak software. 

For the user, this Taurine untethered package has the same result as the Fugu14 untether for Unc0ver Jailbreak, enabling the Taurine jailbreak app to be signed permanently without the restriction of seven days of free Apple developer accounts. The device and firmware support between this package and Fugu14, therefore, is a significant distinction. Zhang’s Proof of Concept supports all chipsets in iOS and iPadOS versions 14.0–15.4 while Fugu14 only supports a few iOS chipsets and firmware versions. As a reason, no specific device or firmware combination is singled out in favor of or against by the Odyssey Team’s new taurine-permanent package.

#Taurine-permanent #Odyssey Repo #taurine jailbreak #taurine benefits #taurine untethered #taurine iOS updates

PoC For CoreTrust And DriverKit Bugs On iOS 15.4.1 And Below Have Been Released!

The Odyssey Team has again made available a package for Taurine jailbreak users on iOS & iPadOS 14.0–14.3 following the release of a strong PoC by security specialist Zhuowei Zhang @zhuowei that enables sideloaded apps to be signed indefinitely.

For iOS 15, jailbreaking has been quite a bit slow. With the exception of some excellent and remarkable kernel exploits that can be used for a jailbreak. Zhuowei Zhang published Get Root on macOS 12.3.1: proof-of-concepts for Linus Henze’s CoreTrust and DriverKit bugs (CVE-2022-26766, CVE-2022-26763).

Zhuowei Zhang @zhuowei CoreTrust proof-of-concepts for:

CVE-2022-26766: CoreTrust allows any root certificate

CVE-2022-26763: IOPCIDevice::_MemoryAccess not checking bounds at all

Zhuowei Zhang talks about how to use these vulnerabilities on macOS rather than iOS. He is confident that Linus Henze’s upcoming Fugu15 will develop a clever solution for this. Because of this, you need to have a jailbroken iOS device in order to take use of this bug.

Your semi-untethered iOS 14 jailbreak app could be re-signed using the CoreTrust bug on its own so that it wouldn’t expire every week. Therefore:

✅ You can already bypass the weekly expiry with an enterprise certificate.

✅ Again, you need to be jailbroken to install the fakesigned app in the first place.

✅ The Taurine developers have released a Taurine build that uses the CoreTrust bug to avoid expiring every 7 days. but it only works on arm64 devices. On arm64e devices, it fails with an ERR_JAILBREAK error.

Actually, the CoreTrust bug revealed by Linus Henze represents a significant breakthrough for iOS 15 jailbreakers.

#CoreTrust  #DriverKit Bugs #kernel iOS jailbreak #CoreTrust proof-of-concepts

Untethered + Unsandboxed Code Execution Haxx As Root On iOS 14 – iOS 14.8.1. By Nick Chan

For those of you who have been waiting for an untethered jailbreak: New Untethered Jailbreak Code Released! Developers can upgrade their jailbreak tools to be totally untethered on iOS 14.0 up to iOS 14.8.1 thanks to the CoreTrust bug discovered by Linus Henze and a piece of code disclosed by developer Nick Chan @asdfugil @riscv64. So it is simple to make jailbreaks like Unc0ver untethered. Unsandboxed code execution haxx can be accessed on Nick Chan’s GitHub. Moreover, iOS 14 – iOS 14.8.1 can be customized using interesting hacks.

The CoreTrust bug found by Linus Henze would also permit applications to remain signed indefinitely, ending the need that applications be re-signed every seven days. The untether would not function on iOS 15 due to SSV, but this also permits bespoke entitlements, which we actually required for an iOS 15 jailbreak. However, it is possible to untethered jailbreak iOS 14.0 to 14.8.1.

#kernel iOS jailbreak #iOS 15.1.1 jailbreak #new iOS 15 jailbreak #iOS 15.4 jailbreak #iOS 15.5 jailbreak news #iOS 14.8 jailbreak untethered #iOS 14 untethered jailbreak

iOS Booter Ramdisk Creator For Checkm8 Based Jailbreaks Released By Tihmstar |  No More 7 Days Signing + New Jailbreak Components

Get root on macOS 12.3.1 proof-of-concepts

CoreTrust Bug: iOS 15.0 – iOS 15.4.1 Jailbreak No more App resigning. All devices! 

Multiple things are happening at the same time in the jailbreak community. That is all massive news. At first, a new core trust bug has been discovered and apparently it works below 15.5 and Jake James, @Jakeashacks a developer in the jailbreak community, said that this bug affects below 15.5, allows apps to be signed forever, and gives arbitrary entitlements. However, all versions of iOS 15 are now fully customizable.

iOS below 15.5 remains unchanged. They also mentioned that arbitrary entitlements were the important missing piece. This bug doesn’t work on iOS 14 for now. The most important distinction is that this bug over here works on all devices, not only the checkm8-based compatible devices.

Tihmstar’s Jbinit: iOS 15.0 – iOS 15.5 Jailbreak

checkm8 based jailbreaks tihmstarjbinit iOS booter

So what teamstar posted here is basically a lot of what would be a CheckRa1n, like a jailbreak for iOS 15. Tihmstar has just released their jbinit component, which is a major part of their checkm8-based jailbreak, but for iOS 15.0 to iOS 15.5. At the same time, a new bug was released that can be used to jailbreak all devices up to iOS 15.4.1.

So if you’re waiting for a jailbreak on iOS 15, these components are exactly what you need. It’s not a complete jailbreak yet, but it’s a huge chunk of one and it can be turned into one. This has been demonstrated before to be working fine on iOS 15. Also, iOS 16 has been given the opportunity to use the iPA Store by making changes to your liking.

iOS booter ramdisk creator

But at the same time, if you don’t have a checkrain compatible device, what Jake James talks about here is actually what you need. This bug posted here, which is basically a proof of concept for Linus Henze’s CoreTrust and DriverKit Bugs. This one is actually pretty nice because it would allow a jailbreak to be created on iOS 15.4, iOS 15.4.1, iOS 15.3, iOS 15.2 and so on. 

Applications will be signed forever. No more seven days resigning. That’s actually incredible, and we haven’t had that in years. It also allows arbitrary entitlements, which means that the jailbreak will have no problem being created with this. This is actually huge. It is compatible with the iPhone 13 and iPhone 12 as well as the iPhone 11 and others.

#kernel iOS jailbreak #iOS 15.5 jailbreak #iOS 15.1.1 jailbreak #new iOS 15 jailbreak #iOS 15.4 jailbreak #tihmstar/jbinit

MiniRootFileManager15 Released!

MiniRootFileManager iOS 15

Launch of the MiniRootFileManager15 file manager for iOS 15.0 up to iOS 15.1.1 on A12+ devices was announced by the developer @akusio RR. This github repository was provided together with MiniRootFileManager15.

This team appears to be intended to compete with FilzaEscaped 15, which was launched a month ago. Now a lot of people like FilzaEscaped 15, because you know it’s Filza iOS 15 from the jailbreak devices. MiniRootFileManager15 says that it’s much more stable than Filza iOS 15. This is a root file manager like FilzaEscaped and it will be if the iPad 8, which is a12, will be supported in the future, and the developer replied that yes, support for a12 and above is indeed great. So, hopefully, when MiniRootFileManager15 is completed, it will definitely be better than FilzaEscaped 15.

Now it’s currently available here, the work in progress, which works on iOS 15.0 to iOS 15.1.1 but currently only on the M1 iPadPro 11 inch iOS 15.1.1. @akusio_RR will add more support devices soon and it will work on basically iOS 15.1.1 all the way down to 15.0 because developers don’t have an exploit for 15.2. 

You can browse files, edit files, directly configure your device, edit game data, application data, and more with the MiniRootFileManager15 file manager. MiniRootFileManager15 is still under development (WIP), but when it does, it will undoubtedly be fantastic.

#MiniRootFileManager15 #new iOS 15 jailbreak #iOS 15.1.1 jailbreak #filzaescapedios15 alternative #FileManager15 #iOS15 #jailbreak