A tool for [(semi-){un-(tethered jailbreak)}] of iOS 10.3.x 32-bit devices with checkm8 BootROM exploit.

Overview

p0insettia

A tool for [(semi-){un-(tethered jailbreak)}] of iOS 10.3.4 32-bit devices iPhone 5 with checkm8 BootROM exploit.

Note

  • All at your own risk!
  • The package used for this jailbreak can be obtained via Cydia from the following repository.
    https://dora2ios.github.io/repo

Supported devices

  • iPhone 5 (N41/N42) - iOS 10.3.4

Supported environments

  • macOS 10.13 (or later?) (intel/x86_64)

Make

./build.sh all
cd build
./dl_files
ramdisk_gen.sh

semi-tethered jailbreak

Please refer to the build/ directory.

semi-untethered jailbreak

It uses an IPA App based jailbreak. (ETA SON)

untethered jailbreak

It uses an iBoot(iOS 7 iBoot) exploit based jailbreak. (ETA SON)

Note for this jailbreak environment (iOS 10.3 or higher)

This jailbreak will not apply the nuke sandbox patch used by h3lix.
In iOS 10.3 and later, apps under /Applications will also be sandboxed. so, Apps such as Cydia will be sandboxed and will not work. For this reason, this jailbreak adds a key to Cydia's entitlements to disable sandbox.

  • Key com.apple.private.security.no-container

Some other jailbreak apps may require this entitlement.

  • entitlement key
<key>com.apple.private.security.no-container</key>
<true/>

credits

You might also like...
8.4.1 untether (for 32-bit iOS)

daibutsu 8.4.1 untether (for 32-bit iOS) exploit A dyld exploit that overrides the MISValidateSignature in libmis.dylib (CVE-2015-7079) OSUnserialize

Apple TV 2/3 Jailbreak
Apple TV 2/3 Jailbreak

Blackb0x Apple TV 2/3 Jailbreak Untethered jailbreak tool that runs on modern versions of macOS. Devices supported: Apple TV 3,2 (A1469) (iOS 8.4.x un

Fork of sm64pc/sm64ex ported to iOS devices.

sm64ex-ios Fork of sm64pc/sm64ex ported to iOS devices. Feel free to report bugs and contribute, but remember, there must be no upload of any copyrigh

A video input (V4L2) to NDI converter that works with Raspberry Pi (32-bit and 64-bit), and Intel/AMD CPUs

V4L2 to NDI V4L2 to NDI is an application that connects to attached V4L2 devices and encodes the video signal into NDI It uses the NDI library, allowi

Identify I2C devices from a database of the most popular I2C sensors and other devices

I2C Detective Identify I2C devices from a database of the most popular I2C sensors and other devices. For more information see http://www.technoblogy.

OS X command line tool to inject Frameworks and dylibs on mach-o binaries (iOS & Mac Apps).

macho-inject OS X command line tool to inject Frameworks and dylibs on mach-o binaries. It does the injection of the framework and the codesigning. It

collection of C/C++ programs that try to get compilers to exploit undefined behavior

------------------------------------------------------------------------------- UB Canaries: A collection of C/C++ programs that detect undefined beh

Demo exploit code for CVE-2020-27904, a tfp0 bug.

xattr-oob-swap CVE-2020-27904: a tfp0 bug for macOS 10.15.x and below. Demo exploit code for my talk at BlackHat ASIA 2021. The vulnerability has been

Exploit to SYSTEM for CVE-2021-21551
Exploit to SYSTEM for CVE-2021-21551

CVE-2021-21551 Exploit to SYSTEM for CVE-2021-21551 SpoolPrinter Privesc using SeImpersonatePrivileges was made thanks to

Comments
  • stuck on the install cydia step

    stuck on the install cydia step

    the phone just reboots to recovery after a while... im on big sur

    [email protected] p0insettia_v1.0.1_debug % ./tethered_boot.sh

    [main] Waiting for device in DFU mode... [io_get_serial] Found serial number! [main] CONNECTED [main] CPID: 0x8950, BDID: 0x02, STRG: [iBoot-1145.3] ** exploiting with checkm8 [checkm8_s5l8950x] reconnecting [io_reset] ResetDevice: 0 [io_reset] USBDeviceReEnumerate: 0 [checkm8_s5l8950x] running heap_spray() [heap_spray] (1/3) e000404f [heap_spray] (2/3) e0004051 [heap_spray] (3/3) e0004051 [checkm8_s5l8950x] reconnecting [io_reset] ResetDevice: 0 [io_reset] USBDeviceReEnumerate: 0 [checkm8_s5l8950x] running set_global_state() [set_global_state] (1/3) sent: 0, val: 640 [set_global_state] (2/3) e000404f [set_global_state] (3/3) 0 [checkm8_s5l8950x] reconnecting [checkm8_s5l8950x] running heap_occupation() [heap_occupation] (1/3) e000404f [heap_occupation] (2/3) 0 [heap_occupation] (3/3) e00002ed [checkm8_s5l8950x] reconnecting [checkm8_s5l8950x] USBDeviceReEnumerate: 0 [checkm8_s5l8950x] ERROR: Failed to reconnect to device [==================================================] 100.0% [==================================================] 100.0% [email protected] p0insettia_v1.0.1_debug %

    opened by szalony9szymek 6
  • [Not an issue with the JB] Coolbooter doesn't work

    [Not an issue with the JB] Coolbooter doesn't work

    CoolBooter doesn't work when the phone is jailbroken with p0insettia. Trying to install the firmware results in CB getting stuck in the "Extracting firmware" section, while trying to boot the firmware with CB after it's installed causes the phone to simply not do that, instead the phone will be stuck at the lock screen with the home button disabled. On the same iPhone, jailbreaking with H3lix makes both issues go away.

    opened by ghost 6
  • windows, iphone 5c 10.3.x support.

    windows, iphone 5c 10.3.x support.

    will it support the 5c in the future and will there possibly be a windows version?(I doubt). and if it does support the 5c will it be untethered? semi-untethered? semi- tethered?

    opened by Baggette 2
  • Problems building on macOS Monterey

    Problems building on macOS Monterey

    I'm trying to build p0insettia under macOS Monterey. However there are some problems, specially when building the payload, risk and launchd. I've manually installed arm-none-eabi-gcc and then simlinking it to /opt/gnuarm/bin. I've also tried to fix the OSTypes.h through this https://github.com/kpwn/yalu102/issues/187 but OSTypes.h could still not be found. I've found OSTypes.h in /Library/Developer/CommandLineTools/SDKs/MacOSX12.3.sdk/System/Library/Frameworks/Kernel.framework/Versions/A/Headers and then copied it to /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/usr/include/libkern although this error comes up: error: typedef redefinition with different types ('UInt64' (aka 'unsigned long long') vs 'UnsignedWide' (aka 'struct UnsignedWide')) Maybe macOS Monterey is unsupported?

    Edit: Attached screenshots Screen Shot 2022-05-01 at 02 05 35 Screen Shot 2022-05-01 at 02 05 59

    opened by JesusXD88 2
Owner
dora2ios
dora2ios
Gex is an iOS 14.7 jailbreak using CVE-2021-30807 IOMFB exploit

Gex is an iOS 14.7 jailbreak using CVE-2021-30807 IOMFB exploit rest of this readme is from jsherman212's exploit repo and probably stuff that is abou

Connor 5 Apr 19, 2022
Disable OTA Update for iOS & iPadOS for 14 - 14.3 (Non Jailbreak devices)

OTADisabler-App Disable OTA Update for iOS & iPadOS for 14 - 14.3 (Non Jailbreak devices) Support Devices iOS 14.0-14.3 (confirmed on iOS 14.1 and abo

ichitaso 27 Dec 14, 2022
Mario Kart 7 semi-primary exploit for the Nintendo 3DS.

kartdlphax kartdlphax is a semiprimary exploit for the download play mode of Mario Kart 7. It can be used to run an userland payload in an unmodified

PabloMK7 44 Jan 3, 2023
unc0ver jailbreak for iOS 11.0 - 12.4

unc0ver The most advanced jailbreak tool unc0ver jailbreak for iOS 11.0 - 12.2 by @pwn20wnd & @sbingner UI by @iOS_App_Dev & @HiMyNameIsUbik The most

Pwn20wnd 6.7k Jan 2, 2023
Some hypervisor research notes. There is also a useful exploit template that you can use to verify / falsify any assumptions you may make while auditing code, and for exploit development.

Introduction Over the past few weeks, I've been doing some hypervisor research here and there, with most of my focus being on PCI device emulation cod

Faith 130 Nov 18, 2022
A Semi Automatic Chessboard Corner Extraction Class

This program realizes semi-automatic chessboard corner extraction, the interface is simple, and the accuracy of corner extraction is guaranteed.

null 1 Oct 6, 2021
Decentralized architecture for loss tolerant semi-autonomous robotics

gestalt-arch Decentralized architecture for loss tolerant semi-autonomous robotics Objective We demonstrate a decentralized robot control architecture

null 4 Dec 18, 2021
This repo includes SVO Pro which is the newest version of Semi-direct Visual Odometry (SVO) developed over the past few years at the Robotics and Perception Group (RPG).

rpg_svo_pro This repo includes SVO Pro which is the newest version of Semi-direct Visual Odometry (SVO) developed over the past few years at the Robot

Robotics and Perception Group 1k Dec 26, 2022
desc_race exploit for iOS 15.0 - 15.1.1 (with stable kernel r/w primitives) (CVE-2021-30955)

desc_race "desc_race" (CVE-2021-30955) exploit for iOS 15.0 - 15.1.1 (with stable kernel r/w primitives) Tested to work on iPhone13,2 running iOS 15.1

Dylan Elmbark Sandström 8 Nov 15, 2022