iOS Jailbreak (iPhone, iPad, iPod Touch, Apple TV)

46 readers
1 users here now

We stand in solidarity with numerous people who need access to the API including bot developers, people with accessibility needs (r/blind) and 3rd...

founded 1 year ago
MODERATORS
26
 
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/jailbreak by /u/brkr1 on 2024-11-06 11:38:10+00:00.

27
 
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/jailbreak by /u/nami_san7 on 2024-11-05 12:07:50+00:00.


For example, you can export any file by just typing the path.

Go to the Notes or Settings app and type in the search bar:

file://a/var/containers/Shared/SystemGroup/systemgroup.com.apple.mobilegestaltcache/Library/Caches/com.apple.MobileGestalt.plist

Select all the text and choose 'Share.'

Credit:

More information:

28
 
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/jailbreak by /u/StopInternational541 on 2024-11-05 08:43:00+00:00.


After Apple unsigned all iOS 17 versions, but 17.6b1/2/3 Apple does not unsign it for no reason, you can downgrade to version 17.6b1/2/3 before apple closes the window, ALSO YOU'LL GET BETA POP UP, here is link to install IPSW file

If you're on iOS 17.7+ or 18 & don't mind with beta pop up, you can downgrade it now.

29
 
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/jailbreak by /u/Professional_Gur2469 on 2024-11-04 16:05:04+00:00.

30
 
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/jailbreak by /u/Vast-Finger-7915 on 2024-11-03 20:57:20+00:00.

31
 
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/jailbreak by /u/IntelStellarTech on 2024-11-03 14:34:23+00:00.

32
 
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/jailbreak by /u/dk865409 on 2024-11-03 16:54:23+00:00.

33
 
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/jailbreak by /u/Altruistic_Hope831 on 2024-11-03 03:53:25+00:00.

34
 
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/jailbreak by /u/Adikesh_techie on 2024-11-02 16:43:47+00:00.

Original Title: Want Apple Intelligence on unsupported iPhones? Here’s a complete guide on how you can get Apple Intelligence on older iPhones, from iOS 17 to 18.1 Beta 5+, for both jailbroken and non-jailbroken devices.


First, turn off the “Stolen Device Protection” feature, then go to this GitHub release page:

Download the Nugget application for either Windows or Mac. After that, download and install iTunes. Connect your phone to your PC using a cable, and open iTunes to make sure the device is recognized. If you don’t have a cable, connect both your phone and PC to the same network and enable Wi-Fi sync from iTunes. Then, go to this link on your phone:

Install the shortcut and run it. It will generate a file that you need to save in any folder and send to your PC.

Next, extract and open the Nugget application. In the app, you’ll see several tabs on the left. The first one, “Gestalt,” contains many tweaks like Always On Display, Dynamic Island, etc. Go to the “Eligibility” tab, enable “Apple Intelligence,” and select any iPhone model with Apple Intelligence. For example, I used I have iPhone 12 So I spoofed to iPhone 16 Plus, If you have iPhone 12 Mini or iPhone 14 Pro you can spoof to iPhone 15 Pro.

After that, go to the “Apply” tab, select your Gestalt file, and click “Apply” again. Your phone will reboot. Once it restarts, go to Settings and turn off Apple Intelligence. This will download using Wi-Fi, which takes about 2.5 GB. After the download completes, restart your phone and toggle Apple Intelligence off and on again.

Once you’ve tested it, go back to the Nugget application, enable Apple Intelligence, and select “None” for the phone version then apply. Then Turn on the stolen device protection!

That’s all!

35
 
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/jailbreak by /u/khalybaba on 2024-11-01 14:47:10+00:00.

36
 
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/jailbreak by /u/Uzairexy on 2024-10-31 16:29:36+00:00.

37
 
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/jailbreak by /u/ichitaso on 2024-10-31 08:44:29+00:00.


No inline Ads/Background Play back for YouTube & YouTube Music

v0.6

  • Remove new ads (I don't know the details because it's not reproducible)

YouTube Ver. 19.43.2 / YouTube Music Ver. 7.25.4 (2024/10/31)

Also temporarily place iCleaner Pro v7.10.0 (rootful & rootless)

38
 
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/jailbreak by /u/VintageMobile on 2024-10-31 07:26:03+00:00.

39
 
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/jailbreak by /u/EolnMsuk4334 on 2024-10-31 04:44:23+00:00.

40
 
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/jailbreak by /u/Traditional_Pea8532 on 2024-10-31 02:36:36+00:00.


Firstly shout out to the developers for Semaphorin, there is no too much experience I can found for this tool. And considering the 16.7.10 maybe the last firmware for A11 devices, I hope I can write this down to contribute for the community.

I have tried these two scripts:

The first one is working for me. My environment is Intel Hackintosh with 10.15.7. I tried 13 Ventura but it seems didn't work well.

When I jump to the new Macos, the dependency should be done first so that we may not meet too many failed when exectuting the script.

What have I done (something was included in the script, but we can do it at first to prevent the failure):

  1. Xcode Command line tools: xcode-select install
  2. Homebrew install (optional): /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
  3. Install python: recommand install latest pkg from
  4. Python 3.14 working on this script.
  5. Install pyimg4: python -m pip install pyimg4
  6. Install Java 8 
  7. Prepare a Apple A to C cable (avoid to use third-party cable)
  8. Restore to 16.7.10 by DFU mode,activate the phone and get to the home screen.

And then run the script: ./semaphorin.sh 11.3 --restore

If everything ok, this won't use too much time to complete the whole process(half an hour).

Issue may happen when restore:

  • checkra1n or pa1erain keep looping: This happened when I use the No.2 script above. I changed to No.1 script and solved.
  • Script said Press enter when fully booting the ramdisk but the screen is nothing show up : Restart the process
  • Once we finish the process but it still cannot boot to 11.3, it's better to restore to latest firmware and restart the whole process. It sound not smart but works.
  • Apple logo looping: Press up down once and keep pressing the side button, it will go to the recovery mode.(The restore was finished but we need the tool to boot in to system)

After all I am not the expert for the script and this research, just want to share my journey when run this script, I hope something above may help you. (Actually the phone is looping now at the booting stage after I got success LoL) Good Luck!

Screenshot:

41
 
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/jailbreak by /u/Hshshshhf on 2024-10-31 04:04:12+00:00.

42
 
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/jailbreak by /u/KujmanX on 2024-10-30 21:31:40+00:00.


Hi community,

I’ve recently discovered a really cool feature introduced in iOS 18.1: a notification badge that shows the exact count of grouped notifications. It’s subtle yet super useful, especially if you’re like me and often misclick when trying to expand a notification stack because the brightness makes it hard to see the stack...

While trying to find a similar solution for my jailbroken device, I tested Velvet but ran into some UI issues. I kept seeing posts on X about this feature and thought, “Why can’t we have this elegant notification badge too?” so, I created my own tweak that does exactly that—and even adds a bit more customization for us.

So NotificationsGroupCount - Here’s what my tweak can do:

  • Adds a badge to notification stacks, showing the count of notifications within the group.
  • Lets you control the badge’s shadow effect for better visibility.
  • Offers three different coloring schemes:
    1. Custom colors: Choose your own background and text color.
    2. Wallpaper-based color: Automatically matches the average color of your lock screen wallpaper.
    3. Icon-based color (default): Adapts to the color of the app icon beneath the badge for a clean look.

Compatibility

Supports iOS 15-16, works with both rootful and rootless setups, and includes RTL and LTR language support.

Pricing & Availability

This tweak is available for $1.50. Despite the time and effort I’ve put into refining the visuals (icon, images, etc.), I’ve decided to release it as an open-source project. This way, you have the choice to either support my work or compile it yourself and install the .deb package.

Get it from my repo:

Project Source Code:

Need help? reach out at X:

I’m excited to share this tweak with the community and would love to hear your feedback. enjoy your more organized notification stacks! 🎉

43
 
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/jailbreak by /u/Vast-Finger-7915 on 2024-10-30 17:41:26+00:00.

44
 
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/jailbreak by /u/StormieFN on 2024-10-30 13:35:57+00:00.


TA I saw on twitter Alfie showed the downgrade thing so we could downgrade to ios16 for dopamine but what else is there?

My iOS iPhone 13 is stuck 17.6.1 and was curious if there was any availability of EU marketplace to install Fortnite but no and I updated further up and I'm lost now. Is there any information about a future release or the potential for one in iOS 17.0+

I haven’t JB for around a few months since I was granted an upgrade after I had 3 JB TOOLS on my iPhone 7 15.8.2. Now so I haven’t been able to keep track of the latest releases but i’m hoping to get back into it, I'm mainly side loading and I had to get a paid cert to get entitlements I needed.

Thanks for any feedback and have a good day!

45
 
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/jailbreak by /u/sauce2011 on 2024-10-30 04:34:48+00:00.

46
 
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/jailbreak by /u/dayanch96 on 2024-10-29 19:38:15+00:00.


If you're tired of accidental taps on contacts leading to calls, this tweak is for you

Main features:

  • Recent calls confirmation
  • Favorite contact call confirmation
  • Remove unnecessary tabs
  • Rootful, Rootless and Roothide support

Long press tab bar to open Call Me Maybe settings

Source code, screenshots and tweak files are available on my Github. Leave a star if you like it❤️

47
 
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/jailbreak by /u/AwesomeBros132 on 2024-10-28 20:00:20+00:00.


So I was watching the DEF CON 32 - From getting JTAG on the iPhone 15 to hacking Apple’s USB-C controller and it was demonstrated that you can gain read-write privileges by changing a single bit on the ACE2 microcontroller (correct me if I’m wrong but to my knowledge this chip is on the iPhone 14 and lower).

The speaker told Apple about the vulnerability he found and they dismissed it giving him the ability to publish the vulnerability on GitHub.

The ACE2 chip receives patches externally but the speaker found a way to disable the signature verification if obtaining code-exec. This means that you can load your own firmware onto the chip. He also found that any modifications survive a full system restore.

I might just be blabbering about something useless but can someone explain to me if this can be used in the development of a jailbreak?

The iPhone 15 and above have the ACE3 chip (the ACE2’s successor) but and it is talked about in the video.

48
 
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/jailbreak by /u/Sufficient-Spell-230 on 2024-10-28 15:14:24+00:00.

49
 
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/jailbreak by /u/JapanStar49 on 2024-10-28 02:19:22+00:00.


CyberKit has been in many ways been a proof-of-concept, so it's only fitting that it would eventually get a write-up explaining how it works. I'll be doing this write-up with respect to the current development branch, currently at . The purpose of this is to explain what CyberKit commits do, because I think the knowledge of how to make a browser with a third-party browser engine for jailbroken iOS should be documented somewhere other than by reading CyberKit commit history (which includes unhelpful generated commits in the hundreds of thousands of lines that I've never read either).

For those of you unfamiliar, CyberKit is a fork of WebKit, which is the open-source browser engine used, and mandated, by iOS before 17.4. (Since CyberKit came out before 17.4, the ability to use alternative browser engines than the system WebKit is arguably yet another feature stolen by Apple from jailbreakers.)

CyberKit is not a browser, although like WebKit, releases are provided with browsers in order to use it effectively. It's actually a collection of frameworks that provide an alternative newer implementation of the system frameworks with the same names. Conveniently, this property means that (virtually) any app that has a dependency on a WebKit framework (such as WebKit.framework) can be made to depend on CyberKit instead, because dynamic libraries store their dependencies in load commands that can easily be edited without even having the source code of the app. Even MobileMiniBrowser releases are now generated this way.

While it is a jailbreak application, a lot of CyberKit development is just taking previously removed code from WebKit history, and finding ways around the various obstacles iOS put in our way, intentionally or not.

If you're compiling yourself, open the workspace, set the build and intermediates directory to "WebKitBuild" relative to the workspace, and run the targets "Everything up to WebKit" and then "MobileMiniBrowser".


The first thing we need to do is configure jetsam. We actually only have ever needed this so far for the XPC services that actually do the work (for proof, see the legacy jetsam configuration wiki page), because iOS assigns abysmally low jetsam limits by default to XPC services (think 6-8MB of memory allowed, which is why iOS 17.4+ had to switch over to extensions when it applied the newly introduced BrowserKit to WebKit as well).

The jetsam configuration commit handles this by inserting some memorystatus_control syscalls (this requires an entitlement, more on those later) in the XPC service entry point file. The special __attribute__ ((constructor)) syntax (for tweak devs reading, this is what the preprocessor %ctor Logos directive stands for) causes the jetsamConfigurator function to run at load time, before even the main function (entry point), so we can easily raise our jetsam limits to a more manageable 840 MB.

Next, we set some configurations to globally set the deployment target of CyberKit (because WebKit doesn't set one, so it defaults to the Xcode SDK version, which is obviously bad for us).

The fakesign script is there to automatically build DEB and TrollStore IPA releases from an app — such as the example barebones WebKit browser known as MobileMiniBrowser, which by itself is actually only 202 KB decompressed excluding any app icon (not a typo, it really isn't even a single megabyte) — and build folder, and put everything together (because WebKit doesn't provide on-device iOS build scripts for obvious reasons). We fakesign WebKit because we need to be jailbroken anyways to get enough entitlements. This is where CyberKit's entitlements (the list is not perfect, but gets the job done — it was obtained experimentally from logs and through lists of entitlements) are appended to the existing entitlements, if any, of each framework and the app itself, and the app's dependencies are corrected. Because we obviously can't just use the system WebKit which is stored in the dyld shared cache, this step is costly in terms of storage space — for instance, MobileMiniBrowser is now as high as 1.65 GB decompressed after doing this.

Skipping ahead momentarily, we have two other new scripts. The ICU compile script (mostly thanks to ) allows us to bundle the latest version of the open-source ICU library as well, because the system framework version gets outdated with the release of new Unicode versions, and although not a part of WebKit itself, it is a required dependency. The semi-rename script fixes bundle identifiers, because they must be unique for things to work properly and there's no reason we shouldn't correct this.

The next commit fixes more configuration issues, such as forcing WebKit to base the decision of XPC services vs. 17.4+ extensions on the deployment target instead of the SDK version. We also need to add WebKitSwiftOverlay to the target because it wasn't actually integrated into WebKit.framework until just hours ago on the main branch (!) — see — and browsers written in Swift (e.g. Firefox) depend on these Swift implementations being there.

Anything else (this part probably is actually the majority of CyberKit effort, although technically less challenging) is effectively debugging — just finding fixes (usually implemented by using conditional compilation, often by setting values in PlatformHave.h to their historical values (WebKit removes/simplifies these conditions that become redundant to them after they stop supporting an iOS version), to exclude code that depends on new APIs) as needed to make it compile, link, and run. If you're able to read code in Objective-C (and hopefully write some too), this stuff is actually something you could do (assuming you had the time to devote to it).

50
 
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/jailbreak by /u/Mysterious-Bend-901 on 2024-10-27 06:18:27+00:00.

view more: ‹ prev next ›