It’s been a long time since an untethered jailbreak for iOS devices was released. Linus Henze released Fugu14, a jailbreak tool for iOS 14.3 to 14.5.1 that will install an untether on your device, allowing it to work even after 7 days or a device reboot.
- What is Fugu14?
- Supported devices
- How to install Fugu14
- Source Code
- What’s new
What is Fugu14?
Fugu14 is a (incomplete) jailbreak for iOS 14 that includes an untether (persistence), kernel exploits, kernel PAC bypass, and PPL bypass. It was created to work on all arm64e devices (iPhone XS and later) running iOS 14.3 through 14.5.1. This is an untethered jailbreak for iOS 14.
This means that your iPhone or iPad will remain jailbroken even if you shut it down or restart it. As a result, there is no need to re-jailbreak the device every time you forget to charge it or sideload the Fugu14 app on your iPhone to re-jailbreak it.
Fugu14 is an open-source project that is the successor to Fugu, the first open-source jailbreak tool for iOS 13 based on @axi0mX’s checkm8 exploit. Using checkm8, the Fugu application exploits your iDevice and uploads iStrap, iStrap loader, and iDownload to your device.
The Fugu14 jailbreak tool is insufficient, as it does not install Cydia or any other package manager that allows you to access tweaks and apps from popular repositories. Because the exploit does not work on arm64 devices, they are not supported.
Fortunately, the Fugu14 untether can be used with a variety of jailbreak tools, including unc0ver. The untether also works with arm64e devices running iOS 14.3 to 14.5.1.
Fugu14 can be built from source and installed manually on your device. Don’t worry if this is too complicated for you. AltStore 1.4.8 simplifies the installation of unc0ver’s Fugu14-based untethered jailbreak. Unc0ver will not expire or reboot after 7 days.
Everything is handled automatically by AltStore. It will recognize supported Fugu14 untether devices and firmware versions, allowing you to install the untethered jailbreak. AltStore will ask you if you want to install an untethered jailbreak on your iPhone or iPad if you have a supported device.
Following that, the unc0ver placeholder will be patched, and you will be able to jailbreak your device and install Cydia on iOS 14.3 up to iOS 14.5.1 using the app. This will make the jailbreak fully functional, giving users access to the tweaks and apps that they are looking for.
How does the Fugu14 jailbreak function?
Fugu14 installs the Fugu14App on an iOS device that supports it. When you click Setup, it will generate files for the dyld closure exploit, then for Spotlight.app, keybagd to launch other apps as root, installed, ReportCrash, and install the second app.
The second app’s executables are replaced by Spotlight executables, and the dyld closure exploit is triggered, granting code execution in Spotlight. The keybagd tool is launched via Spotlight and installed as root, after which it executes chmod +x on the exploit.
Keybagd uses RaportCrash to patch amfid and jailbreaks, which opens a copy of itself as root. Finally, jailbroken exploits the system with Driverkit exploit to gain read and write access, the kernel PAC bypass is enabled, and a custom trustcache with PPL bypass is injected.
Finally, the device is rebooted, and you can enjoy a full untethered jailbreak of iOS 14.
Supported devices
- iPhone XS and XS Max
- The iPhone XR
- iPhone 11, iPhone 11, iPhone 11 Pro, and iPhone 11 Pro Max
- SE iPhone (2nd gen)
- iPhone 12 mini, iPhone 12 Pro, and iPhone 12 Pro Max
- iPhone 13, iPhone 13 Pro, iPhone 13 Pro Max, iPhone 13 mini, and iPhone 13
- The iPad Pro (11-inch)
- 12.9-inch iPad Pro (3rd gen)
- 11-inch iPad Pro (2nd gen)
- 12.9-inch iPad Pro (4th gen)
- Mini iPad (5th gen)
- Air iPad (3rd gen)
- iPad (8th gen)
- iPad (9th gen)
- Air iPad (4th gen)
- 11-inch iPad Pro (3rd gen)
- 12.9-inch iPad Pro (5th gen)
- Mini iPad (6th gen)
Jailbreak Fugu15
The introduction of new mitigations in iOS 15 (particularly 15.2) made creating a jailbreak significantly more difficult. Previously, a kernel vulnerability was sufficient for jailbreaking, but now a PAC or PPL bypass is also required. According to some, iOS 15.1.1 will be the last version to receive a public jailbreak, such as the Cheyote Jailbreak.
Linus Hanze disproves them by demonstrating how to jailbreak iOS 15.4.1 even with all of the latest mitigations. He’ll go over the vulnerabilities exploited in the Fugu15 chain, as well as how some of the mitigations introduced in iOS 15.2 can be circumvented.
Fugu15 will also be demonstrated at the Objective-See 5.0 Conference, including an interesting (and unusual) method of installing Fugu15 on a device.
How to install Fugu14
AltStore is the simplest way to install Fugu14 on your device with Cydia and unc0ver. Using this method, unc0ver will not expire after 7 days or after a device reboot. Instead of allowing an untethered jailbreak, AltStore will permanently sign the unc0ver app.
- Install the most recent version of AltStore for Windows, macOS, or Linux.
- AltServer is used to install the AltStore app.
- Connect your device to your computer via USB.
- Download the unc0ver IPA file from AltStore and install it.
- Tap the Install Untethered Jailbreak button to begin.
- Click the Open Placeholder button.
- Tap the Setup Fugu14 button in blue.
- To patch the unc0ver placeholder, press the OK button.
- Tap the Install Untether button in blue.
- When the Reboot Now button appears, tap it.
- Select the Install unc0ver option.
- Unc0ver should be used to jailbreak your device.
Source Code
The Fugu14 jailbreak and all of its components are available as an open-source project on GitHub. The jailbreak was released under the MIT license. The code was written in a variety of languages, with Swift accounting for 67% of the total. The most recent changes were made on November 3, 2021.
To create an iOS jailbreak, run the ios install.py script and follow the instructions. If a code signing error occurs, open Fugu14App xcodeproj and modify the code signing options. Other requirements include an IPSW for your device and the installation of Xcode, iproxy, and ideviceinstaller.
