To use this app, you need to be on a supported version (mentioned above), and have TrollStore installed. You can follow this guide to install it on your device. Please note that this tool doesn't support iOS 17.0 despite of it having TrollStore.
- Download and install Bootstrap from RootHide
- Install ElleKit from Sileo
- Download the
.tipafile from the latest release - Install the downloaded file in TrollStore
- Open the app and press the Jelbrek button. Your device should userspace reboot, and you should be (not/semi) jailbroken!
- It replaces launchd by searching through /sbin's vp_namecache, finds launchd's name cache and kwrites it with a patch to
lunchd, our patchedlaunchd(you can have a look at a better explanation from AlfieCG here) - Patched launchd hooks posix_spawnp of SpringBoard and execs our own SpringBoard with springboardhook.dylib
- Springboardhook loads in tweaks, ellekit, etc.
- CoreTrust Bug found by AlfieCG
- KFD Exploit
- Try adding support for lower iOS versions by overwriting NSGetExecutablePath
- Add support for arm64
- Add a boot splash screen (SOON)
- Fix some Makefile jankiness
- Fix
puaf_pagespicker crash in new UI
- DuyKhanhTran - launchd and SpringBoard hooks
- NSBedtime - initial launchdhax, helped out a ton!
- AlfieCG - helped out a ton!
- Nick Chan - helped out a ton!
- BomberFish - Icon, new UI,
lunchdname idea
- haxi0 - old UI
- Evelyne for showing it was possible.