ONE Jailbreak Ad

TrollInstall

Promotion image of TrollInstall article.

TrollInstall is a shortcut app that lets you install IPA and TIPA files with SeaShell protection. SeaShell is an open-source malware that can easily be injected into any IPA file installed through TrollStore. Downloading IPAs from untrusted sources can compromise your device. With TrollInstall, you can check if SeaShell malware is injected into the IPA before installing the app.

What is TrollInstall?

TrollInstall is a script for the Shortcut app that checks for SeaShell malware present in IPA files. It automatically unzips the IPA file, checks if the "mussel" file is inside or searches for the CFBundleBase64Hash key in all ".plist" files. This helps you automatically determine if the IPA package was altered using the SeaShell script to take control of your iPhone.

When you install IPA files, especially popular paid packages for free from third-party sources, you may unknowingly install the SeaShell backdoor on your iPhone. This malware is easy to inject into IPA files for TrollStore and can give unauthorized access to your device, allowing intruders to remotely control the device, view text messages, photos, and more.

TrollStore does not offer any protection against malware and potentially malicious apps. However, MrDjBird released a simple yet effective TrollInstall shortcut that lets you check if the default version of SeaShell malware is present in the IPA. In my opinion, this is the best available solution to protect yourself from compromising the iDevice.

Screenshot of TrollInstall Shortcut on iOS.

The latest version of TrollInstall includes rewritten OTA functionality, added beta-testing options, a menu when starting the shortcut manually, the ability to view the hacker's IP if the IPA contains malware and an additional menu after IPA checking.

Detecting SeaShell malware

For added protection, I highly recommend using the TrollInstall Shortcut to check if the IPA is free of SeaShell malware. This is the minimum step you should take to ensure your device's safety before installing apps through TrollStore.

Most developers creating TrollStore apps are transparent about their work and release the source code on GitHub. However, when you download a compiled IPA from a third-party source, you have no guarantee that the IPA hasn't been modified, which increases the risk of malware infection. Downloading IPAs from trusted sources can keep you safe.

Future releases of TrollInstall may introduce exciting new features such as Shortcut settings, support for TrollStore URL Scheme, IPA sandboxing, and an option to disable SeaShell.

TrollInstall was published on GitHub as an open-source project. The developer also released a SeaShell test IPA file packed with malware for testing purposes.

SeaShell manual protection

I've created a guide to help you stay safe from attacks through SeaShell. Here are my tips on detecting the SeaShell presence in an IPA file. TrollInstall streamlines this process with a shortcut, making it quicker to identify if an app may have been altered before installation.

  1. Unzip the IPA or TIPA file you want to install.
  2. Look out for suspicious executables in the app bundle. For example, SeaShell Framework might include an executable named "mussel," which is actually a Pwny payload.
  3. Check the Info.plist file for any suspicious entries. SeaShell might add a base64-encoded CFBundleBase64Hash entry containing a host pair (<host>:<port>).
  4. Verify the file's hash sum to ensure its integrity.
Author Photo
Written by

Kuba has over 20 years of experience in journalism, focusing on jailbreak since 2012. He has interviewed professionals from various companies. Besides journalism, Kuba specializes in video editing and drone flying. He studied IT at university before his writing career.

Post a comment

Latest Posts

Nugget

Nugget unlocks your iPhones full potential on iOS 18

LeminLimez released a new project that allows users to activate some hidden iOS features on iOS 17.0. I took a look into Nugget, an open-source software that promises to enable Dynamic Island, Always On Display, set device model name, disable region restrictions...

How to Boost Your Social Media Views

How to Boost Your Social Media Views with Effective Content Strat

Social media channels are the main tools for personal expression, brand-building, and communication in the digital age. However, one of the main difficulties people and companies face on social media is standing out amidst the vast content shared daily...

mitmproxy

mitmproxy reverse engineer toolbox for apps API on iOS

mitmproxy, developed by the Mitmproxy Project, is a powerful and interactive intercepting proxy that supports SSL/TLS and provides a console interface for handling HTTP/1, HTTP/2, and WebSocket traffic. This tool is particularly useful for capturing and...