/Osiris-Jailbreak

An incomplete iOS 11.2 -> iOS 11.3.1 Jailbreak

Primary LanguageCOtherNOASSERTION

Osiris-Jailbreak

ONLY FOR DEVELOPERS!

An incomplete iOS 11.2 -> iOS 11.3.1 Jailbreak by GeoSn0w (@FCE365) using multi_path (CVE-2018-4241) by Ian Beer and #QiLin by Jonathan Levin.

This jailbreak is under development and in no way whatsoever intended for general public usage. Please don't run this jailbreak on your device until I finish it as it has the potential to mess stuff up. If you're an average iOS user, please stick with Electra Jailbreak. It is safer and more stable. This is my first public jailbreak and I am doing it just for learning purposes.

Curent Development (Help needed)

-> Tested on iOS 11.2.1 iPod Touch 6th Generation and iPhone 6 iOS 11.3.1

May take a few attempts for the exploit to run properly.

Update 3:

  • Swapped back to multi_path because emty_list is very unstable and this is a developer-only jailbreak anyways
  • FIXED DROPBEAR
  • FIXED UICACHE

Update 2:

  • Big improvements to the code base.
  • Swapped the exploit with the empty_list one. No more dev account.
  • Got its own website

Update 1:

  • Big improvements to the code base.
  • Can now pop a remote shell. Feel free to run commands.
### What works:
  • Properly runs the exploit and grants QiLin SEND right to the Kernel task_port (aka tfp0).
  • Nukes the Sandbox.
  • Nukes AMFI for CodeSign bypass
  • Successfully remounts the ROOTFS as R/W on iOS 11.2.6 and lower. Waiting for QiLin to be updated soon for iOS 11.3.x
  • Contains Jonathan Levin's binpack for 64-Bit and drops it. <-- Could be improved.
  • Disables iOS Updates (iOS 11.2.6 and older)
  • Gets you remote terminal to run commands using netcat. `nc your phone's IP 69`

What doesn't work:

  • Has no Cydia and I doubt I'll even bother with the current status Cydia's in.
  • No Substrate.
  • Doesn't remount the FS on iOS 11.3.x (to be fixed soon).
  • General code structure. This is just a sketch and code can be greatly improved.

Just in case it isn't clear for everyone yet:

  • THIS COMES "AS-IS". NO FURTHER SUPPORT SHOULD BE EXPECTED OR WILL BE GIVEN. USE AT YOUR OWN RISK! I AM NOT RESPONSIBLE IF IT FUCKS YOUR DEVICE!

Updates:

I'll be posting updates on the progress on my Twitter (@FCE365) and my iOS Channel: https://www.youtube.com/fce365official

New Team Members:

The following developers to whom I am thankful agreed to help me with this

Contact me

GeoSn0w (@FCE365): https://twitter.com/FCE365

Nickname etymology

GeoSn0w

Geo - Represents short for "George", my real name.

Sn0w - A common suffix used by developers in the pre-iOS 7 Jailbreak community for their utilities or their nicknames. It is almost like a magic from a header, helping someone to place you in the right category by your nickname alone (iOS Development / Jailbreaking).

Disambiguation

Some people believe I took geo from a famous iOS Hacker, George Hotz who goes by the name geohot. It is not true. As explained previously, geo is short for George. It just happens both me and Hotz have the same name.

Others believe I took Sn0w from another iOS developer, iH8Sn0w. Again, untrue. He took it from the same place I took it, where it was originally used: UltraSn0w - an iOS unlock payload from back in the days

References