dora2-iOS/ayakurume dora2-iOS/ayakurume

  • This repository has been archived on 28/Dec/2022
  • Stars
    star
    141
  • Rank 259,971 (Top 6 %)
  • Language
    Objective-C
  • License
    GNU General Publi...
  • Created about 2 years ago
  • Updated about 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
dora2-iOS/ayakurume
github

dora2-iOS

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

for checkm8 devices

ayakurume

WIP developer only iOS 15 jailbreak for checkm8 devices (Apple A8-A11)
full rootfs r/w (fakefs), tweak injection etc...

Attention

It's very likely that there are mistakes in the code, so it's recommended to debug in serial (because the device-side verbose boot is not able to follow SpringBoard's startup).

Supported Environment

  • iPhone 6s (iPhone8,1/N71AP) 15.7.1
    It is necessary that your device's storage is 32 GB or more. When duplicating rootfs, 5GB of storage will be used up.

Dependencies

Procedure

setting up the necessary components to sshrd

  • macos side
cd SSHRD_Script/
./sshrd.sh 15.7.1
./sshrd.sh boot
./sshrd.sh ssh
  • ios side
newfs_apfs -A -D -o role=r -v System /dev/disk0s1
mount_apfs /dev/disk0s1s1 /mnt1
mount_apfs /dev/disk0s1s8 /mnt2
mount_apfs /dev/disk0s1s6 /mnt6
cp -a /mnt1/. /mnt2/
umount /mnt1
mkdir /mnt6/{UUID}/binpack
mkdir /mnt2/jbin
  • macos side
cd ayakurume/
scp -P 2222 ios/lightstrap.tar root@localhost:/mnt6/
scp -P 2222 ios/jb.dylib ios/jbloader ios/launchd root@localhost:/mnt2/jbin/
  • ios side
tar -xvf /mnt6/lightstrap.tar -C /mnt6/{UUID}/binpack/
rm /mnt6/lightstrap.tar

Copy apticket.der to the mac side.

  • macos side
scp -P 2222 root@localhost:/mnt6/{UUID}/System/Library/Caches/apticket.der ./
  • ios side
reboot

First-run preparations

  • macos side
./gaster pwn
./gaster decrypt iBSS.n71.RELEASE.im4p iBSS.n71.RELEASE.dec
bspatch iBSS.n71.RELEASE.dec pwniBSS.dec n71_19H117/jboot/iBSS.patch
./img4 -i pwniBSS.dec -o iBSS.img4 -M apticket.der -A -T ibss

First run

  • macos side
./gaster pwn
irecovery -f iBSS.img4

After confirming the startup of dropbear

  • macos side
iproxy {port} 44

ssh root@localhost -p {port}
scp -P {port} bootstrap-ssh.tar root@localhost:/var/root 
scp -P {port} org.swift.libswift_5.0-electra2_iphoneos-arm.deb root@localhost:/var/root 
scp -P {port} com.ex.substitute_2.3.1_iphoneos-arm.deb root@localhost:/var/root 
scp -P {port} com.saurik.substrate.safemode_0.9.6005_iphoneos-arm.deb root@localhost:/var/root
  • ios side
mount -uw /
cd /var/root
tar --preserve-permissions --no-overwrite-dir -xvf bootstrap-ssh.tar -C /
/prep_bootstrap.sh
apt update
apt upgrade -y
apt install org.coolstar.sileo
dpkg -i *.deb
rm *.deb
rm bootstrap-ssh.tar
touch /.installed_ayakurume
reboot

Running

  • macos side
./gaster pwn
irecovery -f iBSS.img4

credit

More Repositories

1

CPBypass2

C
123
star
2

bakera1n

Objective-C
93
star
3

ipwnder_lite

lightweight ipwnder
C
77
star
4

iPwnder32

limera1n/A6/A7 devices pwnder
C
64
star
5

ch3rryflower

32-bit up/downgrade
40
star
6

t8015_bootkit

C
34
star
7

p0insettia

A tool for [(semi-){un-(tethered jailbreak)}] of iOS 10.3.x 32-bit devices with checkm8 BootROM exploit.
C
33
star
8

powdersn0w_pub

powdersn0w pub
C
19
star
9

CPBypass-public

File detection bypass for iOS
C
19
star
10

t8015_fakerootfs_homebutton

C
16
star
11

daibutsuCFW

C
16
star
12

kok3shiLib

for jailbreak aarch32/aarch64 iOS 9.3.x
C
14
star
13

ramdiskF_maker

for 32-bit iboot bug on ios 7
C
14
star
14

Nudaoaddu

A simple shsh get script
Shell
13
star
15

magicalcatnyan

nya~
C
10
star
16

sakurajb

32bit ios 10.3.4 untether with untethered bootrom/iboot exploit
C
10
star
17

B3nto

iBoot Payload
Assembly
9
star
18

tetherbootX32_public

C
7
star
19

odysseusOTA2Plus

5
star
20

sbpwn6

sandbox patcher for ios 6
C
4
star
21

dora2-iOS

4
star
22

libjbinit

C
3
star
23

powdersn0w_FWBundles

powdersn0w_FWBundles
3
star
24

KOKESHIDOLL_PUBLIC

2
star