Giter VIP home page Giter VIP logo

multi_path's Introduction

multi_path

Latest update includes:

  • working "clear" command
  • working "entitle" command for jailbreakd
  • working launchctl (no need to platformize manually! The real launchctl binary is moved and on its place another binary uses jailbreakd to launch it platformized)
  • working "inject_criticald" binary (uses jailbreakd!)

iOS 11.0-11.3.1 jailbreak. Gets root, escapes sandbox, patches codesign (userland only), bind shell, nvram unlock (from Electra), host_get_special_port 4 (from Electra), code injection (from Electra; injects its amfid patch after using QiLin's since it's way better), SSH (dropbear), a small jailbreakd (inlcudes an example called "rootme", run it and if you get "uid: 0" it worked; check the README on the jailbreakd directory for more info :D)

I think at this point this can be called a jailbreak, a developer-only one but with a small little feature: everything is done inside the app's bundle (except /var/dropbear, /var/profile & /var/motd) and nothing outside is touched. This makes it safe to use, without the requirement of full root read and write (although it is enabled on 11.0-11.2.6) and at the same time makes it not conflict with other jailbreaks in any way.

Includes TWO root shells :)

First is via dropbear (aka SSH) and the other via netcat if dropbear for some reason doesn't work or you prefer it?. You can drop any binaries in the iosbinpack64 directory. All binaries must have at least these two entitlements:

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>platform-application</key>
    <true/>
    <key>com.apple.private.security.container-required</key>
    <false/>
</dict>
</plist>

LaunchDaemons are also supported, you can drop their plists in the iosbinpack64/LaunchDaemons directory and they'll get loaded on each run of the app. Type REPLACE_ME when you want to put the absolute path of iosbinpack64, like in the example provided.

Future plans include: getting rid of QiLin and implementing everything i need open-source, (already made progress!), fix remounting for 11.3.x (I guess I have no other choice rather than wait for QiLin/LiberiOS/Electra)

Credits to: Ian Beer for multi_path and mach_portal, Jonathan Levin for amfid patch, Jonathan Seals for find_kernel_base, Electra Team (especially stek29) and PsychoTea (@iBSparkes)

multi_path's People

Contributors

jakeajames avatar geosn0w avatar

Watchers

AmesianX avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.