- In iOS13.3.1, Apple added a new mechanism. Unless launchd_missing_exec_no_panic = 1 is added to boot-args, if you try to control launchd to load a launchdaemon file that does not exist in the corresponding executable, it will cause panic.
- So, I wrote two exploit demo app here: halo-michael.github.io/appstore/en_US/ if anyone wants test it :P flow_divert support <= 15.4.1 ipc_kmsgs support <= 15.3.1 enjoy!
- Successfully futurerestored from iOS 13.5 -> iOS 14.3 using iOS 14.4’s SEP/Baseband on my iPhoneSE2 (A13)! Thanks to @marijuanARM @Cryptiiiic everyone who took the risk to test futurerestore before me... and anyone else I missed!
- Untethered jailbreak, which is very valuable! so there is a high probability that it will not be released within ten years. But still excited me!Demo of CVE-2021-30740, CVE-2021-30768, CVE-2021-30769, CVE-2021-30770 and CVE-2021-30773 on iOS 14.5.1, iPhone 12 Pro Max
00:00 - [Release]: Generator Auto Setter Auto set your generator when jailbreaking! Only Support Checkra1n. (Because other jailbreak tool doesn't need that.) It's on my repo NOW: halo-michael.github.io/repo
- Apple removed -(BOOL)setUsagePoliciesForBundle:(id)arg1 cellular:(BOOL)arg2 wifi:(BOOL)arg3 ; in PSAppDataUsagePolicyCache, that's why TrollStore installed apps can't access network in Chinese models.
- If anyone wanna set resolution: github.com/Halo-Michael/i… *TrollStore request⚠️ *Resolution value verify✅ *Reboot revert resolution✅ So it’s 100% safe Have fun!😈
- So, that's how I made palera1n semi-tethered: 1. Create a partition: newfs_apfs -A -v System -e /dev/disk0s1 that will be disk0s1s8 2. Copy root file system to disk0s1s8 3. add rd=disk0s1s8 to boot-args (1/2)
