• Stars
    star
    102
  • Rank 335,584 (Top 7 %)
  • Language
    C
  • Created over 6 years ago
  • Updated over 6 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

multi_path with root and sandbox escape

multi_path

Latest update includes:

  • working "clear" command
  • working "entitle" command for jailbreakd
  • working launchctl (no need to platformize manually! The real launchctl binary is moved and on its place another binary uses jailbreakd to launch it platformized)
  • working "inject_criticald" binary (uses jailbreakd!)

iOS 11.0-11.3.1 jailbreak. Gets root, escapes sandbox, patches codesign (userland only), bind shell, nvram unlock (from Electra), host_get_special_port 4 (from Electra), code injection (from Electra; injects its amfid patch after using QiLin's since it's way better), SSH (dropbear), a small jailbreakd (inlcudes an example called "rootme", run it and if you get "uid: 0" it worked; check the README on the jailbreakd directory for more info :D)

I think at this point this can be called a jailbreak, a developer-only one but with a small little feature: everything is done inside the app's bundle (except /var/dropbear, /var/profile & /var/motd) and nothing outside is touched. This makes it safe to use, without the requirement of full root read and write (although it is enabled on 11.0-11.2.6) and at the same time makes it not conflict with other jailbreaks in any way.

Includes TWO root shells :)

First is via dropbear (aka SSH) and the other via netcat if dropbear for some reason doesn't work or you prefer it?. You can drop any binaries in the iosbinpack64 directory. All binaries must have at least these two entitlements:

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>platform-application</key>
    <true/>
    <key>com.apple.private.security.container-required</key>
    <false/>
</dict>
</plist>

LaunchDaemons are also supported, you can drop their plists in the iosbinpack64/LaunchDaemons directory and they'll get loaded on each run of the app. Type REPLACE_ME when you want to put the absolute path of iosbinpack64, like in the example provided.

Future plans include: getting rid of QiLin and implementing everything i need open-source, (already made progress!), fix remounting for 11.3.x (I guess I have no other choice rather than wait for QiLin/LiberiOS/Electra)

Credits to: Ian Beer for multi_path and mach_portal, Jonathan Levin for amfid patch, Jonathan Seals for find_kernel_base, Electra Team (especially stek29) and PsychoTea (@iBSparkes)

More Repositories

1

rootlessJB3

hahh
C
361
star
2

rootlessJB

C
301
star
3

jelbrekLib

Give me tfp0, I give you jelbrek
C
260
star
4

time_waste

iOS 12.0-13.3 tfp0
C
149
star
5

sock_port

iOS 10.0-12.2 tfp0
C
128
star
6

rootlessJB_EL

A rootless jailbreak concept with tweak support and SSH
C
82
star
7

dylibify

Transform any ARM macho executable to a dynamic library
Objective-C
74
star
8

SneakyShot

Kernel-based method to take screenshots on iOS, works with encrypted videos.
Objective-C
60
star
9

RealCC

Actually disable wifi from CC in iOS 11
Logos
54
star
10

Prometheus

futurerestore for noobs and lazy people
Objective-C
53
star
11

iSuperSU

An SuperSU-style app to privilege other processes on the go
Objective-C
51
star
12

yalu102-space

My fork of yalu102! iOS 10-10.2 jailbreak by @qwertyoruiopz and improved by me!
Objective-C
30
star
13

kernelSymbolFinder

Get kernel symbols on device. No jailbreak required (note: unslid addresses)
C++
26
star
14

noNotch

Remove notches from iPhone X
Logos
22
star
15

say

Make Siri say anything from command line
Logos
22
star
16

jakeajames.github.io

HTML
19
star
17

TimeToUnlock

Set the current time as your passcode.
Logos
17
star
18

rootme-tutorial

How to run Xcode apps as root and unsandboxed while still debugging them easiliy.
17
star
19

ActivatorFix

Activator support library for iOS 11
Logos
16
star
20

RepoGen

πŸ”₯ Generate a Cydia repo straight from your jailbroken device!! πŸ”₯ - BETA - πŸ”₯ sideloaded version coming soon πŸ”₯
15
star
21

CatchaThief

Catch a picture of whoever inputs a wrong passcode.
Objective-C
13
star
22

empty_list

empty_list jelbrek
C
12
star
23

trustbin

Trustcache injector for iOS 11.3-11.4
Objective-C
9
star
24

IcyInstaller3

Icy is a lightweight DPKG-based installer for iOS.
Objective-C
9
star
25

AutoEntitle

Automatically entitle, sign, fix permissions & unstash binaries and apps installed via Cydia on iOS 11
C
8
star
26

OneHandWizardFix

Fix OneHandWizard on iOS 11
Logos
8
star
27

empty_list_tester

C
5
star
28

jakezone

Shell
4
star
29

jake.github.io

Swift
3
star
30

repo

1
star
31

NoJBStore

1
star
32

NCXI

Source Code and Issue Tracker for NCXI
Objective-C
1
star
33

cydiashqip

1
star