Fugu15 Jailbreak for iOS 15 – iOS 15.4.1

Kuba Pawlakqbap | Jailbreak
Fugu15 Jailbreak

Since September 20th, 2021, the community was waiting for the release of iOS 15 jailbreak. Some did pretend to release one with eta soon, others like Nebula published an unannounced release of Palera1n jailbreak for iOS 15 – iOS 15.7.1 with tweak support.

Download Fugu15 Jailbreak IPA

What is Fugu15?

Fugu15 Jailbreak for iOS 15 was released as an open-source project via GitHub by Linus Hanze. As expected, it's a rootless jailbreak, so most of the tweaks will have to be updated to be compatible. It doesn't support tweaks right now, at least until libhooker will be updated.

The presentation of Fugu15 Jailbreak at the Objective by the See Conference was very inspiring for jailbreak developers. Linus explains how it is possible to jailbreak iOS 15.4.1 even with all the latest mitigations, and how some mitigations introduced in iOS 15.2 can be bypassed.

A demo of Fugu15 was shown, including an interesting and uncommon way to install the Fugu15 app on an A12+ device through Safari mobile browser. Linus uses the Apple Developer app (validly signed app) as a placeholder for Fugu15 Jailbreak and explains how it can be executed.

Screenshot of Fugu15 Jailbreak for iOS 15 demo at Objective by the See Conference.

This app injection method is already used by TrollStore IPA installer for iOS 15 to make the installation process easier on arm64e devices running iOS 14.0 up to 15.4b4. Now you can install TrollStore on A12-A15 devices directly from Safari without the need to use command line tools.

At this point of Fungu15 development, the jailbreak is installing Procursus bootstrap and Sileo as the default package manager. This is definitely something that users that are using a jailbreak would require. Unfortunately, the jailbreak doesn't support tweaks, and it's more like a demo.

Linus started hacking Apple devices at the age of 15. He is the developer of Fugu (iOS 13 checkm8 jailbreak) and Fugu14 (iOS 14 untethered jailbreak - the first publicly available untethered jailbreak since iOS 9),and Fugu15, the first public iOS 15 jailbreak for A12-A15.

When Fungu15 gets published, there is a chance that the community will deliver a full-featured iOS 15 jailbreak in the future. A jailbreak that can be used not only by developers but also by regular users. Still, this is the first public jailbreak to support A12+ devices running iOS 15.

Two iPhone screens showing the Fugu15 Jailbreak app interface running on iOS 15.

Support for older devices may be added in the future. Fugu15 Jailbreak for iOS 15 uses the CoreTrust exploit that was partially patched from Fugu14, but it is not untethered. Linus jailbreak depends on a CoreTrust bug to bypass Apple Mobile File Integrity (AMFI). It also appears to harness a PAC and PPL bypass, along with a bug that permits writing to PPL memory.

With the introduction of new mitigations in iOS 15 (and especially iOS 15.2),creating a jailbreak became more difficult. Before, a kernel vulnerability was enough for jailbreaking, but now a PAC or PPL bypass is required as well. Fugu15 is a great playground for iOS 15 jailbreak developers.

It contains a code-signing bypass, kernel exploit, kernel PAC bypass and PPL bypass. Be aware, that non-arm64e devices are not supported by the jailbreak.

Note: Fugu15 Jailbreak for iOS 15 does not support tweaks (no tweak injection library),and Linus will never add support for tweak installation. It is also designed for developers only, and it will never be updated for end users. No updates are planned in the future.

Blizzard Jailbreak is a rootless jailbreak, allowing you to jailbreak iOS 15 up to the latest iOS 16. It's based on the checkm8 exploit, therefore it will work only on older iDevices such as A9-A11. Newer iPhones starting from XS will be not supported. It is also missing the tweak injection support, and it looks like it will not get one until libhooker will be updated by CoolStar.

The only released jailbreak for iOS 15 is Palera1n. This tethered jailbreak based on checkm8 boots the device with AMFI patches. On the first run, it'll boot a ramdisk which dumps your onboard blob, and installs Sileo and Substitute. It means that you can run tweaks on iOS 15.0 up to iOS 15.7.1 (iPhone 6S to iPhone X) without the need to wait for Cheyote Jailbreak.

Installing via TrollStore

Fugu15 was released as an TIPA package that can be installed only with TrollStore on compatible iOS 15 devices. You can't install this iOS 15 jailbreak tool with regular sideloading apps because it was designed for TrollStore 1.3.4 or newer!

  1. Install TrollStore on firmware between iOS 15 up to iOS 15.4.1.
  2. Download Fugu15.tipa and save it on iCloud.
  3. Share the downloaded IPA file with the TrollStore app.
  4. TrollStore will install Fugu15 app automatically when loaded.
  5. Access the Fugu15 app from the Home Screen.

Compatibility: iOS 15.0 – iOS 15.4.1, iOS 15.4 beta 1 – iOS 15.4 beta 4. No other firmware releases are or will be supported. No support for iOS 15.5 beta 4, iOS 15.5, no support for iOS 15.6, and no support for iOS 16. This jailbreak is possible because there is a bug in iOS.

Installing via Safari

To install Fugu15 via Safari, do the following (requires you to own a domain):

  1. Make sure your device is connected to the same network as your computer.
  2. Change the DNS A record for a domain you own to the local IP-Address of your computer.
  3. Obtain a certificate for your domain (e.g., via Let's Encrypt) and copy it to Server/serverCert/fullchain.cer (the certificate itself) and Server/serverCert/server.key (private key).
  4. Make sure you have Flask installed (pip3 install Flask).
  5. Change serverUrl in Server/server.py to your domain.
  6. Run python3 server.py in the Server directory.
  7. Visit https://<your domain> on your iPhone and follow the instructions.

Installing via USB

Fugu15 Jailbreak can be installed via ideviceinstaller console tool, TrollStore or Sideloadly IPA installer. For the purpose of this guide, we will use the last tool to install Fugu15 IPA on iOS 15.

Screenshot of Sideloadly configuration to install Fugu15 IPA for iOS 15.

Step 1. Download Fugu15_Developer.ipa (link on top of this page).

Step 2. Open Sideloadly application.

Step 3. Connect your iPhone / iPad to the computer via USB.

Step 4. Click on the IPA icon to select the app to install.

Step 5. Enter your Apple ID to sign IPA file.

Step 6. Click on Advanced tab and select “Normal Install” mode.

Step 7. Click the Start button to install the IPA file on your device.

Step 8. Provide the password for your Apple ID.

Step 9. Open the Settings app and navigate to General VPN & Device Management.

Step 10. Click on the developer app with your e-mail.

Step 11. Tap on Trust to allow the application to run.

Step 12. Open the newly installed “Developer” App to install the Fugu15 app.

Two iPhone screens showing the FuguInstall app installing Fugu15 app on iOS 15.

Note: Developer app can be removed from the system after installing Fugu15 app.

Install Sileo on Fugu15

Now when you are jailbroken it's a good idea to install Sileo package manager on Fugu15 jailbreak. There is no need to use a PC. The installation can be done directly on your device. Like all Fugu jailbreaks, Fugu15 ships with iDownload. The iDownload shell can be accessed on port 1337. It is used to download and install Sileo and Procursus Bootstrap on your device.

Two iPhone screens showing the LibTerm console connecting to iDownload and installing Sileo on Fugu15 Jailbreak.

  1. Install Fugu15 through TrollStore and jailbreak.
  2. Download iSH Shell from the App Store.
  3. Open iSH Shell app to execute some commands.
  4. Type “nc 127.1 1337” command to connect with iDownload.
  5. Type “bootstrap” command to install Procursus Bootstrap and Sileo.
  6. Then type “uicache -r” to respring to force Sileo to show up on the Home Screen.

What's new

  • Remove infinite loop.
  • Support installing via TrollStore.
  • Added support for some iOS 15.5 betas.
  • Initial release.

Post a comment