A PRE-jailbreak for iOS 14.0 ~ iOS 14.3 on all devices.
Generally speaking, jailbreak starts from an arbitrary kernel r/w vulnerability, so I name it pre-jailbreak. Actually, CVE-2021-1782(cicuta_virosa) is the pre-jailbreak thing.
Implemented an arbitrary r/w primitive based on cicuta_virosa. Useful to security researchers, and jailbreak developers.
Use it on your own risk. I build it for security researchers only. MEAN NOTHING to normal users.
DO NOT RUN IT on you main device. I can not promise WHAT WILL HAPPEN!
- make the exploit faster (iPhone 12: 65s -> 10s, iPhone 6s: 188s -> 68s)
- stable kernel r/w primitives
- amfid bypass
Tested on iPhone 12 pro (iOS 14.3).
Tested on iPhone 11 (iOS 14.0).
Tested on iPhone 6s (iOS 14.0). Maybe helpful to A11 devices. I note that checkra1n said "Limited support for A11 devices on iOS 14.x". I have upgraded the phone to iOS 15.0 beta.
For other devices/iOSs, add kernel offsets yourself in k_offsets.c
Eliminate hardcoded variable offsets from kernelcache. No need to care about the offset things. Theoretically, works on every iOS [14.0 ~ 14.3] device.
- @ModernPwner: CVE-2021-1782, exploitation technique
- Brandon Azad (@_bazad): Almost everything starts from oob_timestamp
- @chenliang0817: paper "Exploiting IOSurface 0"
- Jailbreak knowledge from unc0ver
- #FreeTheSandbox: post-exploit tech & binpack
- etc.
GPL-3.0 License
inherited from cicuta_virosa
my twitter @pattern_F_
English is hard for me... I'm learning it.
英语太难了...