Fugu14 Jailbreak

Kuba Pawlakqbap | Jailbreak
Fugu14 Jailbreak

It's been a long time without a release of untethered jailbreak for iOS devices. Linus Henze delivered Fugu14, the jailbreak tool for iOS 14.3 up to iOS 14.5.1 that will install an untether on your device making it work even after 7-days or reboot of the device.

What is Fugu14?

Fugu14 is an (incomplete) iOS 14 Jailbreak, including an untether (persistence),kernel exploits, kernel PAC bypass, and PPL bypass. It was designed to work on all arm64e devices (iPhone XS and later) running on iOS 14.3 up to iOS 14.5.1. This is an untethered iOS 14 Jailbreak.

It means that even after a shutdown or restart of your iPhone / iPad the device will be still jailbroken. Therefore there is no need to re-jailbreak the device each time you forget to charge your device or sideload the Fugu14 app again on your iPhone to re-jailbreak.

Fugu14 is an open-source project and the successor of Fugu, the first open-source jailbreak tool for iOS 13 based on the checkm8 exploit created by @axi0mX. Fugu application exploits your iDevice using checkm8 and uploads iStrap, iStrap loader, and iDownload on your device.

Fugu14 Jailbreak screenshot

Fugu14 jailbreak tool is incomplete and it will not install Cydia or any other package manager allowing you to access tweaks and apps from popular repositories. arm64 devices are not supported because the exploit does not work on these devices.

Fortunately the Fugu14 untether can be used with different jailbreak tools like unc0ver. The untether also supports arm64e devices with installed iOS 14.3 up to iOS 14.5.1.

Fugu14 can be compiled from sources and manually installed on your device. If this is too complicated for you, no worries. AltStore 1.4.8 offers a much easier approach to install unc0ver’s Fugu14-based untethered jailbreak. unc0ver will not expire after 7-days or reboot.

AltStore does everything automatically. It will recognize Fugu14 untether supported devices and firmware versions allowing you to install the untethered jailbreak. When you have a supported device AltStore will ask you if you like to install an untethered jailbreak on your iPhone or iPad.

Next, the unc0ver placeholder will be patched, and you will be able to jailbreak your device with the app and install Cydia on iOS 14.3 up to iOS 14.5.1. This will make the jailbreak full-featured with access to tweaks and apps that most jailbreak users are looking for.

Fugu14 untether

How does Fugu14 jailbreak work?

Fugu14 installs the Fugu14App on a supported iDevice. When you will tap on Setup it will generate files for the dyld closure exploit, next it will generate closure for Spotlight.app, keybagd to lunch other apps as root, installed, ReportCrash, and install the 2-nd app.

The second app has its executables replaced by the one of Spotlight and dyld closure exploit will be triggered granting code execution in Spotlight. keybagd tool is executed through Spotlight to install installed as root witch then executes chmod +x to the exploit.

keybagd lunches RaportCrash to patch amfid and lunches jailbreakd, that will open a copy of itself as a root. In the end, jailbreakd exploits the system with Driverkit exploit to gain read and write, the kernel PAC bypass is set up, and a custom trustcache is injected with PPL bypass.

Finally, the device is rebooted and you can enjoy a full untethered iOS 14 jailbreak.

Supported devices

  • iPhone XS, iPhone XS Max
  • iPhone XR
  • iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max
  • iPhone SE (2nd gen)
  • iPhone 12 mini, iPhone 12, iPhone 12 Pro, iPhone 12 Pro Max
  • iPhone 13 Pro, iPhone 13 Pro Max, iPhone 13 mini, iPhone 13
  • iPad Pro (11-inch)
  • iPad Pro (12.9-inch) (3rd gen)
  • iPad Pro (11-inch) (2nd gen)
  • iPad Pro (12.9-inch) (4th gen)
  • iPad mini (5th gen)
  • iPad Air (3rd gen)
  • iPad (8th gen)
  • iPad (9th gen)
  • iPad Air (4th gen)
  • iPad Pro (11-inch) (3rd gen)
  • iPad Pro (12.9-inch) (5th gen)
  • iPad mini (6th gen)

Fugu15 Jailbreak

With the introduction of new mitigations in iOS 15 (and especially 15.2),creating a jailbreak became significantly more difficult. Before a kernel vulnerability was enough for jailbreaking but now a PAC or PPL bypass is required as well. Some people even said that iOS 15.1.1 will be the last version to receive a public jailbreak such as Cheyote Jailbreak.

Linus Hanze proves them wrong and shows how it is possible to jailbreak iOS 15.4.1 even with all the latest mitigations. He will describe the vulnerabilities exploited in the Fugu15 chain and how some of the mitigations introduced in iOS 15.2 can be bypassed.

A demo of Fugu15 will also be shown at Objective-See 5.0 Conference, including an interesting (and uncommon) way to install Fugu15 on a device.

How to install Fugu14

The easiest way to install Fugu14 on your device with Cydia and unc0ver is through AltStore. Using this method unc0ver will not expire after 7-days or after a reboot of your device. AltStore will not allow for an untethered jailbreak instead it will permanently sign the unc0ver app.

  1. Download the latest version of AltStore for Windows, macOS, or Linux.
  2. Install the AltStore app through AltServer.
  3. Connect your device via USB to your computer.
  4. Download and install unc0ver IPA file through AltStore.
  5. Tap on the Install Untethered Jailbreak button.
  6. Tap on Open Placeholder button.
  7. Tap on the blue Setup Fugu14 button.
  8. Tap on the OK button to patch unc0ver placeholder.
  9. Tap on the blue Install Untether button.
  10. Tap on the Reboot Now button when appears.
  11. Tap on the Install unc0ver button.
  12. Open unc0ver and jailbreak your device.

Source Code

Fugu14 jailbreak and all its components are released as an open-source project through the GitHub Repository. The jailbreak itself was released under MIT license. The code was written in various languages, mostly 67% in Swift. The latest changes were committed on 3 Nov 2021.

To build the iOS Jailbreak, you have to run the ios_install.py script and follow the instructions. If you get a code signing error, open Fugu14App xcodeproj and edit the code signing options. Other requirements: IPSW for your device, and installed Xcode, iproxy, and ideviceinstaller.

What's new

  • Fix that sleep/wake bug.
  • Added support for more iPads.
  • Increased PAC bypass reliability.
  • Added support for A12-A14 devices.
  • Auto-installer for Sileo, SSH, and Substitute.
  • Adds experimental MobileSubstrate support.

Post a comment