Open coniman opened 6 years ago
Yes it is, but it seems someone more skilled is working on it and I will wait until he / she finishes it then add his into my unified jailbreakme, why? because I care about stability!
You could help by providing the emptylist log as then i know what goes wrong
Did you prepare the directory by uploading the required files firstly?
I don't know how to upload the required files. I run an Apache server on my Mac serving this folder. I'm also a little bit lost, in the old times I used to jailbreak my devices over USB using tools like redsn0w an evasi0n, so this is new to me. I'm really interested in this project because I got scammed on eBay with an iCloud locked iPhone 8, so jailbreaking it is the only way to bypass the lock. I'm accessing to your tool through the captive portal modifying DNS on the device.
After a few tries and reboots the exploit seems to work but no SSH, this is what I see in the Xcode Console Untitled.pdf
It seems to work, I get a blank page after the exploit load. It's that what I should get? Yes, my plan is to delete Setup.app to reach the SpringBoard and use it as an iPod Touch at least.
Also, I want to thank you for your interest .
Sometimes the exploits fail, like in this video https://drive.google.com/open?id=1Pgra9YTEfE5CD_Mk3rAETsDZcmtGBYhe , I think it's because the DNS server has ads and they load every time changing the memory address.
Here it's the white screen that I get when the exploit loads: https://drive.google.com/open?id=1P5dRAitjtdppr5YidgHoHjvnTClZY0lK
Well, maybe not delete the app but kill the process might be easy.
Hahahaha that would be great! :P. So now the question is how to get SSH access to try that.
I’ve tried every emoji in the world and it’s imposible to crash setup.app. empty_list starts running as com.apple.WebKit and Setup.app as com.apple.setupd (I think), so they are separated processes. When empty_list crashes the hole device reboots itself and not only the app. I don’t know if it’s possible to just crash the app.
I think they’ve patched every emoji crash in 11.3.1 cause I,ve tried everything
3:26.369381 +0200 com.apple.WebKit.WebContent XXX Qilin initialized 05:23:26.369546 +0200 com.apple.WebKit.WebContent XXX User ID now: 0 0
@coniman You got as far as letting QiLin gain root :)
I'll add the binary pack soon to the release tap and add documentation on how to prepare it in DOCS
Great!
Thanks
UFOFinder 2 has now been release with arm64 iOS 10 - iOS 11.4.1 support! It's way more stable and can find the link code gadget as wel
Where I can find bootstrap.zip?
I read the documentation but I can't find the file
Its because I didn’t add it yet, i’ll do that today ;)
Ok ;)
Any progress?
You know bypassing and deleting tfp0 aka Lucas exploit I already have something stable enough to tfp0 on Dsn portal stuff and atm I'm trying to delete the setup.app on 32bit devices and I need a tester but yer I can't do much testing I don't have those devices
Even if you get tfp0 I was hoping to right another exploit to be able show root file through the browser even tho it's a portal that what exploits are for but if people wanna help that would be great
Also the only reason no ssh because it's not installed on your device
I don’t have any 32bit device. But if you have something to delete Setup.app in 64bit please share it ;)
Hi, I've been testing your jailbreakme solution on an iPhone 8. Everything works fine, empty_list payload works fine and loads (seen on the console of Xcode connecting over USB). I'm trying to connect to my iPhone via SSH but I always get the refused connection message. I don't know if it's because of the limitations of the exploit or if I'm doing something wrong.
Also I'm wondering if it's possible to create a WebKit exploit based on Electra 11.3.1 Jailbreak now that is out.
Thanks in advance.