Skip to content

pattern-f/TQ-pre-jailbreak

Repository files navigation

TQ-pre-jailbreak

A PRE-jailbreak for iOS 14.0 ~ iOS 14.3 on all devices.

Generally speaking, jailbreak starts from an arbitrary kernel r/w vulnerability, so I name it pre-jailbreak. Actually, CVE-2021-1782(cicuta_virosa) is the pre-jailbreak thing.

Implemented an arbitrary r/w primitive based on cicuta_virosa. Useful to security researchers, and jailbreak developers.

Warranty

Use it on your own risk. I build it for security researchers only. MEAN NOTHING to normal users.

DO NOT RUN IT on you main device. I can not promise WHAT WILL HAPPEN!

Current state

  • make the exploit faster (iPhone 12: 65s -> 10s, iPhone 6s: 188s -> 68s)
  • stable kernel r/w primitives
  • amfid bypass

Tested on iPhone 12 pro (iOS 14.3).

Tested on iPhone 11 (iOS 14.0).

Tested on iPhone 6s (iOS 14.0). Maybe helpful to A11 devices. I note that checkra1n said "Limited support for A11 devices on iOS 14.x". I have upgraded the phone to iOS 15.0 beta.

For other devices/iOSs, add kernel offsets yourself in k_offsets.c

Eliminate hardcoded variable offsets from kernelcache. No need to care about the offset things. Theoretically, works on every iOS [14.0 ~ 14.3] device.

Credits

  • @ModernPwner: CVE-2021-1782, exploitation technique
  • Brandon Azad (@_bazad): Almost everything starts from oob_timestamp
  • @chenliang0817: paper "Exploiting IOSurface 0"
  • Jailbreak knowledge from unc0ver
  • #FreeTheSandbox: post-exploit tech & binpack
  • etc.

License

GPL-3.0 License

inherited from cicuta_virosa

Misc

my twitter @pattern_F_

English is hard for me... I'm learning it.

英语太难了...

About

Hello from pattern-f.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published