Skip to content

Latest commit

 

History

History
44 lines (36 loc) · 2.55 KB

README.md

File metadata and controls

44 lines (36 loc) · 2.55 KB

Serotonin
not/semi-jailbreak

Should Support iOS/iPadOS 16.0 - 16.6.1

How do I use this?

To use this app, you need to be on a supported version (mentioned above), and have TrollStore installed. You can follow this guide to install it on your device. Please note that this tool doesn't support iOS 17.0 despite of it having TrollStore.

  1. Download and install Bootstrap from RootHide
  2. Install ElleKit from Sileo
  3. Download the .tipa file from the latest release
  4. Install the downloaded file in TrollStore
  5. Open the app and press the Jelbrek button. Your device should userspace reboot, and you should be (not/semi) jailbroken!

How was this done?

  • It replaces launchd by searching through /sbin's vp_namecache, finds launchd's name cache and kwrites it with a patch to lunchd, our patched launchd (you can have a look at a better explanation from AlfieCG here)
  • Patched launchd hooks posix_spawnp of SpringBoard and execs our own SpringBoard with springboardhook.dylib
  • Springboardhook loads in tweaks, ellekit, etc.
  • CoreTrust Bug found by AlfieCG
  • KFD Exploit

TODO

  • Try adding support for lower iOS versions by overwriting NSGetExecutablePath
  • Add support for arm64
  • Add a boot splash screen (SOON)
  • Fix some Makefile jankiness
  • Fix puaf_pages picker crash in new UI

Credits

  • DuyKhanhTran - launchd and SpringBoard hooks
  • NSBedtime - initial launchdhax, helped out a ton!
  • AlfieCG - helped out a ton!
  • Nick Chan - helped out a ton!
  • Mineek - helped out a ton, kfd offsets patchfinder
  • BomberFish - Icon, new UI, lunchd name idea :trollface:
  • haxi0 - old UI log, iOS 16.0-16.1.2 support implementation
  • wh1te4ever - SwitchSysBin fix for 16.0-16.1.2
  • Evelyne for showing it was possible.