search

Odyssey-Team / Taurine

iOS 14 semi-untethered jailbreak
BSD 4-Clause "Original" or "Old" License
537 stars 86 forks source link

[A10 exploit bug - probably no offsets] iPhone 7 is not compatible with Taurine #48

Closed joeyoropesa-dev closed 11 months ago

joeyoropesa-dev commented 11 months ago

Tested version: latest from jailbreaks.app Tested iOS version: iOS 14.8 Behavior: Crashing while clicking jailbreak button no matter what choice I made about kfd exploit method

Can we get some support for this iOS version and our device? - the app is not yet finished as you can see about incompatibility with devices due to the fact how kfd exploit works

It’s more optimized and worked for newer devices rather than older ones so we need also an support just like newer devices is getting it by jailbreak community

FreQRiDeR commented 11 months ago

Working fine on my iPhone 7 on 14.8. Both exploits. Previously installed Oddesseyra1n. Only sudo seems to be broken (with unique password)

FreQRiDeR commented 11 months ago

Maybe download from github, reputable source... You want Version 1.1.7-3.

joeyoropesa-dev commented 11 months ago

Working fine on my iPhone 7 on 14.8. Both exploits. Previously installed Oddesseyra1n. Only sudo seems to be broken (with unique password)

So... for you both exploit works? And no bugs except sudo? You're so lucky bro..

FreQRiDeR commented 11 months ago

No, not lucky. I just downloaded latest version from here and not from third party. Jb.app is sus.

joeyoropesa-dev commented 11 months ago

No, not lucky. I just downloaded latest version from here and not from third party. Jb.app is sus.

Did you know can CoreTrust bug be applied to xpc launchd.plist to generate the same type of signature for .plist file (launchd.plist.sig) to accept modified configurations and not to bootloop

If we can do that only using jailbroken device, we can basically run jailbreak on boot and never gets unjailbroken again 👍

(Just write full paths to the /taurine plist services - write their configuration in launchd.plist too and of course sign all binaries with coretrust bug and amfid too - the one of taurine plist services is executing)

Signing that modified version of launchd.plist in correct way can lead to converted semi-untethered to untethered jailbreak for arm64 devices on all iOS 14.x devices

Or we just need to replace one of binaries that launchd.plist is running as root on boot and instead of running that binary, we can run exploit and that binary we replaced after exploit finish it's job.

Anyway the second option requires an power user or developer to have and use MacOS somehow (no matter is it via VM or Hackintosh or real MacBook) but MacOS needs to be used for this task if we don't want to brick our devices.