This is a work in progress. by pwnd2e@Twitter for this forked version of palera1n

palera1n Click to download

Read this throughly, feel free to ask questions, know the risks.

• 1. open Ask in r/jailbreak Discord #palera1n channel
• 2. open Ask in palera1n Discord
• 3. open Ask in 2escustomservices Discord #palera1n channel
• 4. Or open a GitHub issue

Please, please, please, provide necessary info:

• iOS version and device (eg. iPhone 7+ 15.1, iPhone 6s 16.4)
• Computer's OS and version (eg. Ubuntu 22.04, macOS 12.0 and up)
• The command you ran
• Debug logs with --debug

palera1n

iOS 15.0-16.4 **work in progress, semi-tethered ** checkm8 "jailbreak"

What does this do?

It boots the device with AMFI patches. On first run, it'll boot a ramdisk which dumps your onboard blob, and installs Sileo and Substitute.

WARNING 1: I am NOT responsible for any data loss. The user of this program accepts responsibility should something happen to their device. While nothing should happen, jailbreaking has risks in itself. If your device is stuck in recovery, please run futurerestore --exit-recovery, or use irecovery -n. Using this on iOS 16 has a higher chance of bootlooping you.

On A10 and A11, you must disable your passcode while in the jailbroken state. On A10, this can be fixed in the future by implementing blackbird. On A11, we don't have a SEP exploit yet.

Linux issues

Linux has some weird usbmuxd issues. We have tried our best to fix them, but there stil are issues. We highly recommend to compile and install usbmuxd2.

Stop making issues about Linux not being able to connect, we are aware. This includes being stuck on waiting for ramdisk to finish booting.

Prerequisites

• 1. checkm8 vulnerable iOS device on iOS 15-16.4 (A8X-A11)
• 2. Linux or macOS computer
  • Python 3 is required
• 3. iOS 15.0-16.2
• 4. A brain
  • Remember, this is mainly for developers.

How to use

• 1. Command to run is ./palera1n.sh --tweaks (Your iOS) --semi-tethered
  • [A10+] Before running, you must disable your passcode
  • i0S 16 users make sure before you jailbreak turn on dev mode.
  • i0S 16 users make sure you never had passcode enabled if did you need to reset in settings or restore.
• 2. For restore-rootfs run ./palera1n.sh --restorerootfs (Your iOS) --tweaks --semi-tethered
  • With semi-tether after first install and re-jailbreaking just hit activate tweaks then respring

Repos

All repos work because it uses normal Procursus and not rootless.

• add You can add this repo for tweaks that wont bork your idevice

Credits

• pwnd2e for this modified fork

• Nathan

  • The ramdisk that dumps blobs, copies files, and duplicates rootfs is a slimmed down version of SSHRD_Script
  • For modified restored_external
  • Also helped Mineek getting the kernel up and running and with the patches
  • Helping with adding multiple device support
  • Fixing issues relating to camera.. etc by switching to fsboot
  • iBoot64Patcher fork

• Mineek

  • For the patching and booting commands
  • Adding tweak support
  • For patchfinders for RELEASE kernels
  • Kernel15Patcher
  • Kernel64Patcher

• Amy for the Pogo app

• checkra1n for the base of the kpf

• nyuszika7h for the script to help get into DFU

• the Procursus Team for the amazing bootstrap

• F121 for helping test

• m1sta for pyimg4

• tihmstar for pzb/original iBoot64Patcher/original liboffsetfinder64/img4tool

• Tom for a couple patches and bugfixes

• xerub for img4lib and restored_external in the ramdisk

• Cryptic for iBoot64Patcher fork, and liboffsetfinder64 fork

• libimobiledevice for several tools used in this project (irecovery, ideviceenterrecovery etc), and nikias for keeping it up to date

• Nick Chan general help with patches and iBoot payload stuff

• Dora for iBoot payload and iBootpatcher2

• Sam Bingner for Substitute

• Serena for helping with boot ramdisk.