palera1n / jbinit Goto Github PK

iOS, iPadOS, tvOS, HomePod Software and bridgeOS booter ramsdisk

License: Other

Makefile 3.77% C 88.27% Objective-C 7.72% Assembly 0.10% Shell 0.14%

jbinit's Introduction

palera1n

Jailbreak for A8 through A11, T2 devices, on iOS/iPadOS/tvOS 15.0, bridgeOS 5.0 and higher.


A screenshot of palera1n being used in a Terminal

Device Support

Note

Apple TV & iBridge support are not currently in the beta releases of palera1n, ETA s0n

iPhone(s)	iPad(s)	iPod(s)	Apple TV(s)
iPhone 6s	iPad mini 4	iPod Touch (7th generation)	Apple TV HD
iPhone 6s Plus	iPad (5th generation)		Apple TV 4K (1st generation)
iPhone SE (2016)	iPad (6th generation)
iPhone 7	iPad (7th generation)
iPhone 7 Plus	iPad Pro (9.7")
iPhone 8	iPad Pro (12.9") (1st generation)
iPhone 8 Plus	iPad Pro (10.5")
iPhone X	iPad Pro (12.9") (2nd generation)
	iPad Air 2

Note that on A11 (iPhone X, 8, 8 Plus), you must disable your passcode while in the jailbroken state (on iOS 16, you need to reset your device before proceeding with palera1n).

Apple T2 Device Support (click to expand)

Apple T2
Apple T2 iMac20,1
Apple T2 iMac20,2

Apple T2 MacBookAir8,1
Apple T2 MacBookAir8,2
Apple T2 MacBookAir9,1

Apple T2 MacBookPro15,1
Apple T2 MacBookPro15,2
Apple T2 MacBookPro15,3
Apple T2 MacBookPro15,4
Apple T2 MacBookPro16,1
Apple T2 MacBookPro16,2
Apple T2 MacBookPro16,3
Apple T2 MacBookPro16,4

Apple T2 iMacPro1,1
Apple T2 Macmini8,1
Apple T2 MacPro7,1

iBridge2,11 (Unknown Mac)
iBridge2,13 (Unknown Mac)

Computer Requirements

USB-A cables are recommended to use, USB-C to may have issues with palera1n and getting into DFU mode.

Due to USB-C cables having different accessory IDs, your device may not be able to be recognized when using USB-C due to not being able to assert to its USB voltage pin.

Linux or macOS computer

AMD CPUs (not AMD Mobile) have an issue where it causes them to have a very low success rate with checkm8 exploit. It is not recommended that you use them with palera1n.

USB-C port on Apple Silicon Macs may require manual unplugging and replugging of the lightning cable after checkm8 exploit. This problem may be solved by connecting via USB hub, though extensions can vary.

Usage

Usage: palera1n [-DEhpvVdsSLRnPI] [-e boot arguments] [-k Pongo image] [-o overlay file] [-r ramdisk file] [-K KPF file] [-i checkra1n file]

	--version				Print version
	--force-revert				Remove jailbreak
	-d, --demote				Demote
	-D, --dfuhelper				Exit after entering DFU
	-e, --boot-args <boot arguments>	XNU boot arguments
	-E, --enter-recovery			Enter recovery mode
	-h, --help				Show this help
	-i, --override-checkra1n <file>		Override checkra1n
	-k, --override-pongo <file>		Override Pongo image
	-K, --override-kpf <file>		Override kernel patchfinder
	-L, --jbinit-log-to-file		Make jbinit log to /cores/jbinit.log (can be read from sandbox while jailbroken)
	-n, --exit-recovery			Exit recovery mode
	-I, --device-info			Print info about the connected device
	-o, --override-overlay <file>		Override overlay
	-p, --pongo-shell			Boots to PongoOS shell
	-P, --pongo-full			Boots to a PongoOS shell with default images already uploaded
	-r, --override-ramdisk <file>		Override ramdisk
	-R, --reboot-device			Reboot connected device in normal mode
	-s, --safe-mode				Enter safe mode
	-S, --no-colors				Disable colors on the command line
	-v, --debug-logging			Enable debug logging
		  This option can be repeated for extra verbosity.
	-V, --verbose-boot			Verbose boot

Environmental variables:
	TMPDIR		temporary diretory (path the built-in checkra1n will be extracted to)

Installing

Visit https://palera.in

Disclaimers

We are NOT responsible for any data loss, or the result of a device being bricked. When using palera1n, the user should accept responsibility if anything happens to their device during the process.

If your device is stuck in recovery, please run futurerestore --exit-recovery, or use irecovery -n.
If you're unable to get out of recovery via these methods please restore with iTunes or Finder.
palera1n will not work in VirtualBox, VMware or any virtual machine that doesn't support PCI passthrough.

Troubleshooting

Make sure you're following the guides provided here, also when asking for support make sure you provide full details on your device, such as:

iPhone/iPad/iPod/Apple TV
iOS Version
Passcode enabled?
Verbose from palera1n (specifying -Vv within palera1n)
Panic logs, if panicked then send latest panic-full log from your device.

Create an issue here: https://github.com/palera1n/palera1n/issues/new/choose

Credits

All credits for palera1n can be found here

If proper credit isn't shown please message us or create an issue.

jbinit's People

Contributors

Stargazers

Watchers

Forkers

plooshi h0tv1t crystall1nedev 0x6ff ce1cecl verygenericname netanelc305 floofyprotobomb oleavr sassa7777 rodmono5 palera1n cacahuates11111 atoska21

jbinit's Issues

bridgeos support

Hi, I see some code around bridgeos, is it supported for the latest versions?

I can not connect via ssh (port 22 or 440 to it after all files uploaded

Dropbear SSH login fails after bootstrap

I noticed a problem with the dropbear SSH server running on port 44 on the device. I can’t log in either as mobile or root (though for root this is to be expected) with the password I set up in the bootstrapping process (which happens to be alpine, so that doesn’t work either).

To reproduce:
I used version v2.0.0-beta.7 of palera1n:

❯ palera1n --version
palera1n 2.0.0
a30e2ef32aef908e60ad25ae2e2d506b1c26cfe5 388 (HEAD)

Build date: Tue May 30 05:42:26 UTC 2023
Build style: RELEASE
Build tag: v2.0.0-beta.7
Built by: runner
USB backend: IOKit
Build options: ROOTFUL

Do a rootful jailbreak of a device (I tested an iPhone 6S with iOS 15.7.3 and an iPhone X with iOS 16.4.1): palera1n -fc
Start the jailbroken device in rootful mode: palera1n -f
Start the USB port forwarding (e.g. iproxy 44444:44, I used pymobiledevice3 usbmux forward 44444 44).
Log into the dropbear ssh with user root or mobile and password alpine (ssh mobile@localhost -p 44444). This works. Exit again.
Go into the palera1n loader app and install Sileo. When promted for a password, enter alpine.
Restart the forwarding proxy and try to login as mobile. This will not accept the password and fail:

❯ ssh mobile@localhost -p 44444 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
Warning: Permanently added '[localhost]:44444' (RSA) to the list of known hosts.
mobile@localhost's password: 
Permission denied, please try again.
mobile@localhost's password: 
Permission denied, please try again.
mobile@localhost's password: 
mobile@localhost: Permission denied (publickey,password).

The syslog:

❯ pymobiledevice3 syslog live -e dropbear # The syslog filtered for the expression "dropbear"
2023-07-04 16:40:21.217028 dropbearmulti{substitute-loader.dylib}[6953] <Info>: ExtensionLoader <private>: startup
2023-07-04 16:40:21.218012 dropbearmulti{substitute-loader.dylib}[6953] <Debug>: ExtensionLoader <private>: SafeMode path is <private>
2023-07-04 16:40:21.220332 dropbearmulti{substitute-loader.dylib}[6953] <Debug>: ExtensionLoader <private>: completed in 4 ms
2023-07-04 16:40:21.228770 dropbearmulti{dropbearmulti}[6953] <Info>: Child connection from 127.0.0.1:50503
2023-07-04 16:40:24.404290 dropbearmulti{dropbearmulti}[6953] <Notice>: Bad password attempt for 'mobile' from 127.0.0.1:50503
2023-07-04 16:40:26.697458 dropbearmulti{dropbearmulti}[6953] <Notice>: Bad password attempt for 'mobile' from 127.0.0.1:50503
2023-07-04 16:40:28.829281 dropbearmulti{dropbearmulti}[6953] <Notice>: Bad password attempt for 'mobile' from 127.0.0.1:50503
2023-07-04 16:40:29.135477 dropbearmulti{dropbearmulti}[6953] <Info>: Exit before auth from <127.0.0.1:50503>: (user 'mobile', 3 fails): Exited normally

Adding additional LaunchDaemons

I am trying to load at a custom service at startup. I have made a plist and placed it under /cores/binpack/Library/LaunchDaemons and packed everything to binpack.dmg.
I have jailbreaked the devices using overlay override and noticed that the services was not loaded.

After checking the source code i noticed that only dropbear.plist is loaded and it's path hardcoded.

I can create a PR and implement a dynamic loader which iterates over the files in LaunchDaemons and loads them, unless
there a better way to achieve this?

Crashes on startup

When trying to run the latest actions build of plooshinit (downloaded from cdn.nickchan.lol) using palera1n (built from main), it gets to the "palera1n" splash screen, but crashes around 5 seconds after displaying it. Attached is a panic log.
(github didn't let me upload .ips files so just change TXT to IPS)

Device: iPhone X (Global)
iOS Version: 16.7.5
panic-full-2024-02-29-045625.000.txt

iPad Air 2 iOS 15.7.7 partial fakefs stuck

When I run ./palera1n -Bf on iPad Air 2 iOS 15.7.7 with a fresh restore and no code entered, the process gets stuck on creating fakefs:

https://imgur.com/gO9zCmw

I got an error when building use gmake on MacOS.

gmake -j$(sysctl -n hw.ncpu)
mkdir -p apple-include/{bsm,objc,os/internal,sys,firehose,CoreFoundation,FSEvents,IOSurface,IOKit/kext,libkern,kern,arm,{mach/,}machine,CommonCrypto,Security,CoreSymbolication,Kernel/{kern,IOKit,libkern},rpc,rpcsvc,xpc/private,ktrace,mach-o,dispatch}
gmake -C /Users/thanhlapvn/Desktop/b/jbinit/tools
cp -af /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX11.1.sdk/usr/include/{arpa,bsm,hfs,net,xpc,netinet,servers,timeconv.h,launch.h} apple-include
gmake[1]: Entering directory '/Users/thanhlapvn/Desktop/b/jbinit/tools'
mkdir -p "libdmg-hfsplus/build"
cd "libdmg-hfsplus/build" && cmake
-DCMAKE_BUILD_TYPE=Release
-DCMAKE_C_COMPILER="cc"
-DCMAKE_C_FLAGS=""
-DZLIB_LIBRARY="-lz" -DZLIB_INCLUDE_DIR=" "
"/Users/thanhlapvn/Desktop/b/jbinit/tools/../tools/libdmg-hfsplus"
/bin/sh: line 1: cmake: command not found
gmake[1]: *** [Makefile:23: libdmg-hfsplus/build/Makefile] Error 127
gmake[1]: Leaving directory '/Users/thanhlapvn/Desktop/b/jbinit/tools'
cp: symlink: ../nameser.h: File exists
gmake: *** [Makefile:109: tools] Error 2
gmake: *** Waiting for unfinished jobs....
cp: symlink: ../bootstrap.h: File exists
cp: symlink: ../bootstrap.h: File exists
gmake: *** [Makefile:65: apple-include] Error 1