Created
October 28, 2021 13:59
-
-
Save spv420/b2acba110ecc9ca0222968dc11dd427a to your computer and use it in GitHub Desktop.
untether.txt is back
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
i'll do a better release tomorrow or something, but to keep my promise, here's a gist | |
bug2: | |
platform-application bypass, | |
/usr/bin/fileproviderctl is a binary with a purpose i'm not sure of, however, it executes /usr/local/bin/fileproviderctl_internal when run | |
make /usr/local/bin/fileproviderctl_internal a symlink to your code to execute, and replace a daemon with /usr/bin/fileproviderctl | |
recommended to use wifiFirmwareLoader, and SUID fileproviderctl with mobile:mobile (if it runs as root containermanagerd has a seizure) | |
boom, BFU code exec on >11.xish -> 14.xish | |
bug3: | |
platform-application bypass, | |
custom filesystem | |
directory structure: | |
/System/Library/Filesystems/hax.fs: | |
/System/Library/Filesystems/hax.fs/Contents: | |
/System/Library/Filesystems/hax.fs/Contents/Resources: | |
/System/Library/Filesystems/hax.fs/Contents/Resources/mount_hax -> symlink to your haxxx | |
cp -p /sbin/mount to /usr/local/bin/scripter (bypass some sandbox stuff) | |
replace a daemon with an executable containing this: | |
#!/usr/local/bin/scripter -t hax fake | |
the last argument is automatically filled in with the executable path, so mount finds an existing path, and attempts to mount "fake" (taken as /fake as it runs in /) on that path, with the filesystem hax, which executes our code. | |
replace a daemon like wifiFirmwareLoaderLegacy | |
either do the same SUID trick, for untethered, sandboxed code exec as mobile (tired) | |
or use psychicpaper and get untethered, unsandboxed code exec as root (wired) | |
boom, BFU code exec on 9.xish -> 12.xish | |
in both cases, code has to be properly signed and installed. | |
as an example, make an Xcode project, and replace the main function with your code. | |
sign, and install properly, as an application. | |
if this doesn't work for you, it can be a bit of a bitch to get working sometimes, there can be some quirks. | |
license: | |
This software is licensed under the "Anyone But Some Assholes" | |
(ABSA) license, described below. No other licenses may apply. | |
------------------------------------------ | |
The "Anyone But Some Assholes" license | |
------------------------------------------ | |
Do anything you want with this program, with the exceptions listed | |
below under "EXCEPTIONS". | |
In the unlikely event that you happen to make a zillion bucks off of | |
this, then good for you; consider buying some hookers, cocaine, | |
hookers and cocaine, weed, hookers and weed, hookers; cocaine; and | |
weed, weed and cocaine, etc. | |
EXCEPTIONS | |
---------- | |
Any distributions of this program, and source code, must be licensed | |
under this same license, and source code must be provided, either | |
alongside of the program, or with a URL where the code is accessible. | |
Moderators, Owners, or anyone capable of moderating either the | |
"r/jailbreak" Discord server, "Sileo" Discord server, or both Discord | |
servers may not make use of or redistribute this program or any of | |
its derivatives. | |
iMuseum, or whatever that cocksucker goes by now, can both go fuck | |
himself, and may not make use of or redistribute this program or | |
any of its derivatives. | |
An exception is made to the Discord server rule for any members of | |
the checkra1n team, or anyone who is credited alongside checkra1n. | |
Those people include: | |
argp, axi0mx, danyl931, jaywalker, kirb, littlelailo, nitoTV, | |
never_released, nullpixel, pimskeks, qwertyoruiop, sbingner, siguza, | |
haifisch, ihackbanme, jndok, jonseals, xerub, lilstevie, psychotea, | |
sferrini, Cellebrite (ih8sn0w, cjori, ronyrus et al.) | |
Another exception is made to the Discord server rule for any members of | |
the unc0ver team, or anyone who is credited alongside unc0ver. | |
Those people include: | |
pwn20wnd, sbingner, siguza, Jake James, himynameisubik, ios_app_devex, | |
pattern-f, Brandon Azad, Ned Williamson | |
Another exception is made to the Discord server rule for any members of | |
the Manticore team, or anyone who is credited alongside Manticore. | |
Those people include: | |
@rpwnage, @pwnedc99, @fugiefire, @FCE365 / GeoSn0w | |
Besides the previous exceptions, @nonce#1119 (currently) on Discord | |
may not make use of or redistribute this program or any of | |
its derivatives. | |
Also, by using this program you agree that you will worship our lord | |
and saviour spv, and failure to do so may result in anything from | |
broken kneecaps, to death. | |
An amendment to the license is given to @cameren#0420 on Discord, | |
who is both a complete cunt, and may not make use of or | |
redistribute this program or any of its derivatives, and this will | |
not be removed depending on his moderator status. | |
An amendment to this license is also made permitting the use of this | |
software by tihmstar, regardless of moderator status. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment