Fugu15 Jailbreak for iOS 15 – iOS 15.4.1

Since September 20th, 2021, the community was waiting for the release of iOS 15 jailbreak. Some did pretend to release one with eta soon, others like Nebula published an unannounced release of Palera1n jailbreak for iOS 15 – iOS 15.7.1 with tweak support. Linus Hanze recently introduced Fugu15 Rootful, a new release with tweaks support. However, it comes with an announcement – no further jailbreaks development.

Download Fugu15 Jailbreak IPA

What is Fugu15?

Fugu15 Jailbreak for iOS 15 was released as an open-source project via GitHub by Linus Hanze. As expected, it's a rootless jailbreak, so most of the tweaks will have to be updated to be compatible. It doesn't support tweaks right now, at least until libhooker will be updated. Fugu15 Rootful comes with full tweak support (including arm64 tweaks), for arm64e devices on iOS 15.0 – iOS 15.4.1. This is the latest release of this open source jailbreak.

The presentation of Fugu15 Jailbreak at the Objective by the See Conference was very inspiring for jailbreak developers. Linus explains how it is possible to jailbreak iOS 15.4.1 even with all the latest mitigations, and how some mitigations introduced in iOS 15.2 can be bypassed.

A demo of Fugu15 was shown, including an interesting and uncommon way to install the Fugu15 app on an A12+ device through Safari mobile browser. Linus uses the Apple Developer app (validly signed app) as a placeholder for Fugu15 Jailbreak and explains how it can be executed.

This app injection method is already used by TrollStore IPA installer for iOS 15 to make the installation process easier on arm64e devices running iOS 14.0 up to 15.4b4. Now you can install TrollStore on A12-A15 devices directly from Safari without the need to use command line tools.

At this point of Fungu15 development, the jailbreak is installing Procursus bootstrap and Sileo as the default package manager. This is definitely something that users that are using a jailbreak would require. Unfortunately, the jailbreak doesn't support tweaks, and it's more like a demo.

Linus started hacking Apple devices at the age of 15. He is the developer of Fugu (iOS 13 checkm8 jailbreak) and Fugu14 (iOS 14 untethered jailbreak - the first publicly available untethered jailbreak since iOS 9), and Fugu15, the first public iOS 15 jailbreak for A12-A15.

When Fungu15 gets published, there is a chance that the community will deliver a full-featured iOS 15 jailbreak in the future. A jailbreak that can be used not only by developers but also by regular users. Still, this is the first public jailbreak to support A12+ devices running iOS 15.

Support for older devices may be added in the future. Fugu15 Jailbreak for iOS 15 uses the CoreTrust exploit that was partially patched from Fugu14, but it is not untethered. Linus jailbreak depends on a CoreTrust bug to bypass Apple Mobile File Integrity (AMFI). It also appears to harness a PAC and PPL bypass, along with a bug that permits writing to PPL memory.

With the introduction of new mitigations in iOS 15 (and especially iOS 15.2), creating a jailbreak became more difficult. Before, a kernel vulnerability was enough for jailbreaking, but now a PAC or PPL bypass is required as well. Fugu15 is a great playground for iOS 15 jailbreak developers.

It contains a code-signing bypass, kernel exploit, kernel PAC bypass and PPL bypass. Be aware, that non-arm64e devices are not supported by the jailbreak.

Note: Fugu15 Jailbreak for iOS 15 does not support tweaks (no tweak injection library), and Linus will never add support for tweak installation. It is also designed for developers only, and it will never be updated for end users. No updates are planned in the future.

The only released jailbreak for iOS 15 is Palera1n. This tethered jailbreak based on checkm8 boots the device with AMFI patches. On the first run, it'll boot a ramdisk which dumps your onboard blob, and installs Sileo and Substitute. It means that you can run tweaks on iOS 15.0 up to iOS 15.7.1 (iPhone 6S to iPhone X) without the need to wait for Cheyote Jailbreak.

Thanks to Fugu15's open source code, Lars Fröder was able to create the Fugu15 Max Jailbreak, which now includes support for tweaks. This jailbreak, which is available for iOS 15 to iOS 15.4.1, uses the ellekit tweak injection library and offers a comprehensive set of features. While Fugu15 Max is stable, it's currently recommended only for tweak developers.

Installing via TrollStore

Fugu15 was released as an TIPA package that can be installed only with TrollStore on compatible iOS 15 devices. You can't install this iOS 15 jailbreak tool with regular sideloading apps because it was designed for TrollStore 1.3.4 or newer!

1. Install TrollStore on firmware between iOS 15 up to iOS 15.4.1.
2. Download Fugu15.tipa and save it on iCloud.
3. Share the downloaded IPA file with the TrollStore app.
4. TrollStore will install Fugu15 app automatically when loaded.
5. Access the Fugu15 app from the Home Screen.

Compatibility: iOS 15.0 – iOS 15.4.1, iOS 15.4 beta 1 – iOS 15.4 beta 4. No other firmware releases are or will be supported. No support for iOS 15.5 beta 4, iOS 15.5, no support for iOS 15.6, and no support for iOS 16. This jailbreak is possible because there is a bug in iOS.

Installing via Safari

To install Fugu15 via Safari, do the following (requires you to own a domain):

1. Make sure your device is connected to the same network as your computer.
2. Change the DNS A record for a domain you own to the local IP-Address of your computer.
3. Obtain a certificate for your domain (e.g., via Let's Encrypt) and copy it to Server/serverCert/fullchain.cer (the certificate itself) and Server/serverCert/server.key (private key).
4. Make sure you have Flask installed (pip3 install Flask).
5. Change serverUrl in Server/server.py to your domain.
6. Run python3 server.py in the Server directory.
7. Visit https://<your domain> on your iPhone and follow the instructions.

Installing via USB

Fugu15 Jailbreak can be installed via ideviceinstaller console tool, TrollStore or Sideloadly IPA installer. For the purpose of this guide, we will use the last tool to install Fugu15 IPA on iOS 15.

Step 1. Download Fugu15_Developer.ipa (link on top of this page).

Step 2. Open Sideloadly application.

Step 3. Connect your iPhone / iPad to the computer via USB.

Step 4. Click on the IPA icon to select the app to install.

Step 5. Enter your Apple ID to sign IPA file.

Step 6. Click on Advanced tab and select “Normal Install” mode.

Step 7. Click the Start button to install the IPA file on your device.

Step 8. Provide the password for your Apple ID.

Step 9. Open the Settings app and navigate to General → VPN & Device Management.

Step 10. Click on the developer app with your e-mail.

Step 11. Tap on Trust to allow the application to run.

Step 12. Open the newly installed “Developer” App to install the Fugu15 app.

Note: Developer app can be removed from the system after installing Fugu15 app.

Install Sileo on Fugu15

Now when you are jailbroken it's a good idea to install Sileo package manager on Fugu15 jailbreak. There is no need to use a PC. The installation can be done directly on your device. Like all Fugu jailbreaks, Fugu15 ships with iDownload. The iDownload shell can be accessed on port 1337. It is used to download and install Sileo and Procursus Bootstrap on your device.

1. Install Fugu15 through TrollStore and jailbreak.
2. Download iSH Shell from the App Store.
3. Open iSH Shell app to execute some commands.
4. Type “nc 127.1 1337” command to connect with iDownload.
5. Type “bootstrap” command to install Procursus Bootstrap and Sileo.
6. Then type “uicache -r” to respring to force Sileo to show up on the Home Screen.

What's new

• Released Fugu15 Rootful Edition.
• Remove infinite loop.
• Support installing via TrollStore.
• Added support for some iOS 15.5 betas.
• Initial release.

Post a comment