iOS 15 has been one of the hardest iOS versions to jailbreak. A combination of new security techniques from Apple and a lack of interest from the developer community has made iOS 15 the first iOS version to not have a public jailbreak at all during its life cycle. As such, iOS 15 remained un-jailbroken up until the end when iOS 16 came and iOS 15 became obsolete.
Even now, the only devices that can currently benefit from an iOS 15 jailbreak are the checkm8-compatible ones (iPhone X and older). For the newer devices, the wait is still very much ongoing.
What is PaleRa1n Jailbreak?
PaleRa1n is one of the many iOS 15 checkm8-based jailbreaks developed by developers in the community. It is developed by @itsnebulalol and a few other people who’ve contributed either directly or indirectly.
The jailbreak is based on the checkm8 bootrom exploit developed by @axi0mx back in 2019 which was also used in CheckRa1n. Unfortunately, compared to checkra1n, the version of PaleRa1n Jailbreak that supports tweaks is fully tethered.
What does Tethered Jailbreak mean?
Tethered jailbreaks like the tweaks fork of the PaleRa1n modify the iOS installation on the device in a way that completely breaks the boot chain. This has the benefit that all security features can be disabled (such as the sealed ROOT FS, AMFI, etc.), but at the same time, it means that your phone will no longer boot anymore without a PC.
If you install PaleRa1n with tweaks, you will only be able to boot the device with PaleRa1n on a computer. If you reboot the phone and are away from a PC, the device will bootloop and you will not be able to boot it at all, not even to the stock iOS as you could with CheckRa1n.
CheckRa1n jailbreak is semi-tethered which means that if you reboot it without a PC, the jailbreak will not work but stock iOS would. PaleRa1n with tweaks is fully tethered which means the device requires a PC to boot every time and there’s no way to boot to stock iOS anymore.
Why is PaleRa1n jailbreak fully tethered?
The way PaleRa1n achieves tweaks is by using Substitute, the old and antiquated tweak injection system kept alive with band-aids by Sam Bingner. Unfortunately, Substitute does not work under rootless conditions because it wasn’t updated for that.
The paths expected by Substitute are essentially on the now-sealed ROOT FS, and changing those paths by reverse engineering Substitute is close to impossible because of the large amount of obfuscation Sam and Pwn20wnd added to Substitute.
So in this case, the only viable option left to PaleRa1n was to do the ROOT FS remount which has been dead since iOS 15 was released because of SSV / sealed FS. To do that, they made use of some development boot chain and kernel files left over by Apple accidentally in their OTA bundles, but those won’t work beyond iOS 15.3.1, even on checkm8-devices.
At the same time, this had the effect of breaking the trusted boot chain completely, which means the phone will now boot ONLY in PWNED mode via PC. Ugh…
The other option, which I believe would have been much better, was waiting for libhooker to be updated for rootless jailbreaks. This would have had the added benefit of not forcing the jailbreak to go fully tethered and would have supported iOS 15.4+ as well, and it would have helped the tweak developers much more as right now they’re essentially developing their iOS 15 tweaks under Substitute with remounted ROOT FS, which will not be a real setup for consumers in the end.
In other words, this is a nice developer jailbreak, but it relies on leftover developer boot chain files forgotten by Apple in some OTAs, which won’t work on iOS 15.4+, and uses the old Substitute tweak injection which doesn’t support the rootless model. It’s just not scalable to the masses.
Unless Substitute gets updated by Sam Bingner to support rootless paths, PaleRa1n will be stuck fully tethered and relying on Apple’s mistake from iOS 15.0 – 15.3.1 which is pretty bad because it makes the jailbreak mostly unusable for the average user.
The jailbreak is intended for developers only, so it was never marketed as a stable and user-ready jailbreak, but even for developers, the benefits are small. You can’t really use this to prepare your tweaks for iOS 15 rootless jailbreaks because this jailbreak behaves like the older ones which have a remounted ROOT FS, which rootless jailbreaks won’t. Tweak injection still expects you to place your tweaks on the right folders in the ROOT FS, which is no longer the case on rootless jailbreaks.
Should I use PaleRa1n Jailbreak?
I am sad to say that the tweaks fork of PaleRa1n is very nice as an achievement, good for show and tell, but quite useless for users and developers alike. On the other hand, PaleRa1n has a rootless branch that supports as far as iOS 15.7, but no tweaks are supported at all.
That version is so much better because it doesn’t rely on dead tweak injection mechanisms or forgotten Apple development files. This also means that the non-tweaks fork of PaleRa1n is semi-tethered like CheckRa1n. That already makes it 10 times better, even if tweaks do not work yet because if you reboot your phone it at least boots back to stock iOS!
For the rootless version of PaleRa1n, they just need a working tweak injector that supports rootless. I’d assume LibHooker will be eventually updated for rootless and that might be used. Once that is done, yes, PaleRa1n would be a great and usable semi-tethered rootless jailbreak.
Important mentions
Just like the rest of checkm8-based iOS 15 jailbreaks, PaleRa1n requires you to not have a passcode / FaceID / Touch ID on A10 and A11 devices. This might be fixable for A10 with the blackbird SEP exploit, but there’s no such exploit for A11 so if you use this jailbreak on iPhone 8, 8 Plus, or X, you will never be able to have a passcode or Touch / Face ID.
It’s a limitation that all jailbreaks based on checkm8 have. This limitation does not apply to jailbreaks based on kernel exploits, like Cheyote.
Where to download PaleRa1n jailbreak?
If you have a secondary device collecting dust and you don’t mind having it fully tethered, you can DOWNLOAD PaleRa1n from GitHub. Make sure you get the one from the TWEAKS branch.
PaleRa1n with tweaks currently supports iOS 15.0 – 15.3.1 ONLY, and it works on iPhone SE, 6s, 6s+, 7, 7+, 8, 8+, and it comes with Amy’s Pogo which installs Sileo.
If you are looking for the rootless version, it does not support tweaks at the moment but it works on iOS 15.0 – 15.7. You can find that version on GitHub as well.
DOWNLOAD PaleRa1n JAILBREAK With TWEAKS
Currently, only macOS is fully supported. Linux support is present but quite flaky.
Other guides from iDevice Central
- iOS SEP and Baseband Compatibility Chart
- Why CheckRa1n Jailbreak Doesn’t Work on iOS 15 and Will it Ever Work Again?
- How To Run Linux on iPhone / iPad & How They Achieved This
- How to actually extend your iPhone’s Battery Life (Tips and Tricks)
- Unpatchable Apple M1 Chip Vulnerability discovered by MIT
- How to create a bootable Windows 10 USB Flash Drive on Mac
- iOS Jailbreak Downloads – Download Jailbreak Tools for All iOS Versions
Leave a Reply
You must be logged in to post a comment.