Skip to content

iOS 15.0-16.4.1 semi-tethered checkm8 jailbreak

License

Notifications You must be signed in to change notification settings

siberianspot/palera1n

 
 

Repository files navigation

palera1n logo

An iOS 15.0-16.4.1 work-in-progress,
semi-tethered checkm8 jailbreak

UsageContributorsDiscordTwitter

If you want a jailbreak, you should read the guide.

You can obtain v2.0.0 beta here.

If you need an older v2.0.0 beta, please get it here.

Warnings

  • This palera1n rewrite has noticeably different arguments compared to the shell version of palera1n.

    • Highly recommended that you take a look at how to use palera1n-c here.
  • This does NOT support tethered creation or booting. You must use the older shell version of palera1n (clone with -b legacy).

  • We are NOT responsible for any data loss, or the result of a device being bricked. The user of this program accepts responsibility should something happen to their device. While nothing should happen, jailbreaking has risks in itself.

    • If your device is stuck in recovery, please run futurerestore --exit-recovery, or use irecovery -n.
  • palera1n will never work in VirtualBox, VMware or any virtual machine that doesn't support PCI passthrough.

Requirements

  • A checkm8 vulnerable iOS device on iOS 15.x or 16.x (A8 - A11)

    • If using rootful, you will need 5-10GB of space for the fakefs. This means 16GB devices cannot use the full fakefs creation. However, you can change the arguments to -Bf to create a fakefs with bind mounts, so it uses a smaller size, at the expense having unwritable parts in rarely-written paths, and then boot it
    • On A11, you must disable your passcode while in the jailbroken state (on iOS 16, you need to reset your device before proceeding with palera1n).
  • USB-A cables are recommended to use, USB-C may have issues with palera1n and getting into DFU mode.

    Technical explanationThe BootROM will only enter DFU if it detects USB voltage, which boils down to checking whether a certain pin is asserted from the Tristar chip. The Tristar does this based on the cable's accessory ID, and apparently USB-A and USB-C cables have different accessory IDs, and the one of the USB-C cables makes the Tristar not assert the USB voltage pin.

  • A Linux or macOS computer

    • AMD CPUs (not AMD Mobile) have an issue [with (likely) their USB controllers] that causes them to have a very low success rate with checkm8. It is not recommended that you use them with palera1n.
      • If your device does not successfully jailbreak, try a computer with an Intel or other CPU
  • Apple Silicon Macs with USB-C

    • USB-C port on Apple Silicon Macs may require manual unplugging and replugging of the lightning cable after checkm8 exploit.
    • This problem may be solved by connecting via USBHub.

Need help?

Make sure you provide full details on your device, such as:

  • iDevice
  • iOS Version
  • Passcode enabled?
  • Logs, if panicked then send latest panic-full log from your iDevice.

Using -V and -v would help with debugging.

Join the Support Discord, and create a thread in #support or ask in #general.

Credits

palera1n-c Contributors and Credits


Thank you so much to our Patreons that make the future development possible! You may sub here, if you'd like to.

About

iOS 15.0-16.4.1 semi-tethered checkm8 jailbreak

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C 92.2%
  • Makefile 5.5%
  • Assembly 1.5%
  • Shell 0.8%