Is iOS Jailbreak Dying?
Even with the release of iOS 16 Developer Beta 1, the iOS 15 jailbreak development is going strong. It’s true that many developers have left the scene in the past years, but that has always been true.
During the years, we have had teams like The iPhone Dev Team, TaiG, Pangu Team, and many others. They’ve eventually grown interested in other areas and left jailbreaking behind. This has always been the case. Yes, developers like Pwn20wnd from Unc0ver may no longer be interested in the jailbreak scene either because it’s way past their skillset now, or because they simply don’t care anymore, but that’s nothing new.
Old developers leave, and new developers come. It’s always been like this in the iOS Jailbreak community. Today’s news is coming exactly from a new developer in our community who seems to have taken it upon themselves to figure out a jailbreak for iOS 15.
New developers are tackling iOS 15 Jailbreak
Developer @xina520 has been hard at work for the past couple of weeks trying to figure out a way to jailbreak iOS 15, and all that’s required for that to happen. Back in December 2021, xina520 announced a rootless jailbreak for iOS 15. They’ve even posted a video demonstrating the jailbreak on their device. Of course, the jailbreak was nowhere near complete and ready for the masses, but it meant progress.
A few months later in April 2022, xina520 achieved a new method to get AMFID task port control. AMFID stands for Apple Mobile File Integrity Daemon and it represents the userland counterpart of AMFI (Apple Mobile File Integrity) which is a kernel extension that handles CodeSign, Entitlements, and other permission-related stuff. This is one of the biggest enemies to jailbreak developers.
Bypassing AMFI and AMFID is a crucial part of developing a jailbreak. It always has been. iOS 15, of course, made things much harder by patching well-known techniques that were used in previous jailbreaks. New methods had to be devised.
This is where xina520 came out of the blue and released publicly their method to get the task port of AMFID.
iOS 15 get amfid task -control
分享我获取 task control的方法.
iOS 15中端口权限拆分https://t.co/bwS6VLwMaM.system-task-ports.control(完整权限)https://t.co/dis0cPeHnH https://t.co/bwS6VLwMaM.system-task-ports.inspecthttps://t.co/ajnKvTGCuT pic.twitter.com/JJIxHu7Pyh
— 朱心浪 (@xina520) April 17, 2022
As you can imagine, a lot more was needed for a jailbreak on iOS 15, so xina520 continued their work. Shortly after their AMFID achievement, they managed to get ROOT and replace their process’ credentials with any other process’ credentials, including kernel’s.
To explain this in simple terms, a normal application developed by me and you will automatically have very few credentials and therefore very little access to the device’s resources. System processes and applications that are part of the iOS proper, will always have more credentials and access because they need those extra credentials.
Historically, jailbreak developers have always swapped or borrowed credentials from other, more powerful applications to allow their jailbreak application to access prohibited resources on the device.
This is exactly what xina520 managed to achieve but on iOS 15! Another win for the jailbreak community.
iOS 15.0 – 15.4 Jailbreak News: Latest Progress & New Techniques
This brings us to today. Developer xina520 demonstrated a new way to hook launched and do code injection, one of the most crucial components of a jailbreak. Jailbreak tweaks work by injecting themselves into other processes.
Let’s say you install a tweak that adds a custom widget on the home screen (Springboard). To be able to add that widget, the jailbreak injects the tweak code into the Springboard (home screen) process. This is done automatically in the background using Substrate or Substitute / LibHooker to handle the code injection.
Of course, for code injection to be possible, multiple security features need to be defeated by the jailbreak developer. This is exactly what xina520 is doing. They managed to hook launchd and inject code. This brings us even closer to a jailbreak.
Essentially, xina520 managed to achieve TWEAKS on iOS 15, in a primitive and probably unpolished way, but still, they are the first EVER to publicly achieve a tweak on iOS 15’s home screen. The fight is far from over, but it goes to show that new developers are interested in making the iOS 15 jailbreak a reality.
It’s incredible how many security features had to be defeated by xina520 to achieve what you’ve just seen in that video. I congratulate them on their MAJOR achievement and I wish them good luck!
Other guides from iDevice Central
- Unpatchable Apple M1 Chip Vulnerability discovered by MIT
- How to change Carrier name with FilzaEscaped on iOS 15.0 – 15.1.1
- How to Play Windows Games on macOS / OSX Without Emulators
- How to create a bootable Windows 10 USB Flash Drive on Mac
- iOS Downgrades: Blobs, SEP, And Baseband Explained (FutureRestore)
- iOS Jailbreak Downloads – Download Jailbreak Tools for All iOS Versions