Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/pattern-f/TQ-pre-jailbreak

Hello from pattern-f.
https://github.com/pattern-f/TQ-pre-jailbreak

Last synced: about 2 months ago
JSON representation

Hello from pattern-f.

Host: GitHub
URL: https://github.com/pattern-f/TQ-pre-jailbreak
Owner: pattern-f
License: gpl-3.0
Created: 2021-02-19T02:00:43.000Z (almost 4 years ago)
Default Branch: main
Last Pushed: 2021-08-05T11:15:50.000Z (over 3 years ago)
Last Synced: 2024-08-05T17:25:17.335Z (5 months ago)
Language: C
Homepage:
Size: 106 KB
Stars: 286
Watchers: 38
Forks: 59
Open Issues: 7
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - pattern-f/TQ-pre-jailbreak - Hello from pattern-f. (C)

README

# TQ-pre-jailbreak

A **PRE**-jailbreak for iOS 14.0 ~ iOS 14.3 on all devices.

Generally speaking, jailbreak starts from an arbitrary kernel r/w vulnerability, so I name it pre-jailbreak. Actually, CVE-2021-1782(cicuta\_virosa) is the pre-jailbreak thing.

Implemented an arbitrary r/w primitive based on [cicuta\_virosa](https://github.com/ModernPwner/cicuta_virosa). Useful to security researchers, and jailbreak developers.

# Warranty

**Use it on your own risk**. I build it for security researchers only. **MEAN NOTHING** to normal users.

**DO NOT RUN IT** on you main device. I can not promise **WHAT WILL HAPPEN!**

# Current state

- [x] make the exploit faster (iPhone 12: 65s -> 10s, iPhone 6s: 188s -> 68s)
- [x] stable kernel r/w primitives
- [x] amfid bypass

Tested on iPhone 12 pro (**iOS 14.3**).

Tested on iPhone 11 (**iOS 14.0**).

~~Tested on iPhone 6s (**iOS 14.0**). Maybe helpful to A11 devices. I note that checkra1n said "Limited support for A11 devices on iOS 14.x".~~ I have upgraded the phone to iOS 15.0 beta.

~~For other devices/iOSs, add kernel offsets yourself in k\_offsets.c~~

Eliminate hardcoded variable offsets from kernelcache. No need to care about the offset things. Theoretically, works on every iOS \[14.0 ~ 14.3\] device.

# Credits

- @ModernPwner: CVE-2021-1782, exploitation technique
- Brandon Azad (@\_bazad): Almost everything starts from oob\_timestamp
- @chenliang0817: paper "Exploiting IOSurface 0"
- Jailbreak knowledge from unc0ver
- [#FreeTheSandbox](https://github.com/ZecOps/FreeTheSandbox_LPE_POC_13.7): post-exploit tech & binpack
- etc.

# License

GPL-3.0 License

inherited from cicuta\_virosa

# Misc

my twitter [@pattern\_F\_](https://twitter.com/pattern_F_)

English is hard for me... I'm learning it.

英语太难了...