Description

Blah blah, read this: How to make a jailbreak without a filesystem remount as r/w

• Powered by jelbrekLib

Usage notes

• empty_list used by default. You can change that in sploit.c
• Cydia Impactor will BREAK the binaries and the only solution would be compressing files or saurik releasing an update. I will not bother with an ipa for now.
• Binaries are located in: /var/containers/Bundle/iosbinpack64
• Launch daemons are located in /var/containers/Bundle/iosbinpack64/LaunchDaemons
• /var/containers/Bundle/tweaksupport contains a filesystem simulation where tweaks and stuff get installed
• Symlinks include: /var/LIB, /var/ulb, /var/bin, /var/sbin, /var/Apps

All executables must have at least these two entitlements:

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>platform-application</key>
    <true/>
    <key>com.apple.private.security.container-required</key>
    <false/>
</dict>
</plist>

• Tweaks and stuff get installed in: /var/containers/Bundle/tweaksupport the same way you did with Electra betas.
• Tweaks must be patched using the patcher script provided. (Mac/Linux/iOS only) or manually with a hex editor
• Apps get installed in /var/Apps and later you need to run /var/containers/Bundle/iosbinpack64/usr/bin/uicache (other uicache binaries won't work)

iOS 12

• No tweaks and code injection yet
• No amfid patch yet. Must run "inject /path/to/binary" before adding a new binary
• No jailbreakd yet
• No remount (heh?)

patcher usage: ./patcher /path/to/deb /path/to/output_folder

Thanks to: Ian Beer, Brandon Azad, Jonathan Levin, Electra Team, IBSparkes, Sam Bingner, Sammy Guichelaar