Releases: UInt2048/Spice
v1.0.172 — iPhone 6S and iPod touch 6 11.4.1 offsets
The following devices are currently present in offsets.m (and the binaries in /docs) and have been verified on a real device:
- iPhone SE (1st gen) (iPhone8,4), iOS 11.3
- iPad mini 4 (Wi-Fi) (iPad5,1) on iOS 11.3.1
- iPhone 6S Plus (iPhone8,2) on 11.3.1
- iPhone SE (1st gen) (iPhone8,4), iOS 11.4
The following devices are also present in offsets.m (and the binaries in /docs) but have not been verified on a real device:
- iPad mini 4 (Wi-Fi) (iPad5,1) on iOS 11.1.2
- iPad mini 4 (Wi-Fi) (iPad5,1) on iOS 11.2.1
- iPhone 5S (GSM) (iPhone6,1), iOS 11.2.6
- iPhone 6 Plus (iPhone7,1), iOS 11.2.6
- iPhone 6 (iPhone7,2), iOS 11.4
- iPhone 6S (iPhone8,1), iOS 11.4.1
- iPhone SE (1st gen) (iPhone8,4), iOS 11.4.1
- iPod touch 6 (iPod7,1), iOS 11.4.1
The IPA (semi-untether) should be used first to jailbreak, at which point the DEB (untether upgrade payload) may be used. While theoretically these could have been combined, there is little benefit to doing so, especially considering the runtime-determined file descriptor.
(Note: The intermediate commits between 1.0.167 and 1.0.171 do have compiled binaries, located in the /docs folder of the tree at that commit, but specific releases for them were not considered to be necessary.)
Changes since 1.0.171 (offset overhaul):
- Add offsets for 6S and iPod touch 6 on 11.4.1, increasing total supported device + OS combinations to 12
Changes since 1.0.165 (first successful untether boot):
- Automatic code formatting to enforce a consistent style guide and other internal refactoring
- Implement restore RootFS functionality, as adapted from public Odyssey source code
- Makefile improvements — incorporate compile script, auto-version IPA
- Logging improvements — show post-exploitation log in app
- Solve error 85 — inject trust into killall and uicache binaries
v1.0.171 — Offset overhaul
The following devices are currently present in offsets.m (and the binaries in /docs) and have been verified on a real device:
- iPhone SE (1st gen) (iPhone8,4), iOS 11.3
- iPad mini 4 (Wi-Fi) (iPad5,1) on iOS 11.3.1
- iPhone 6S Plus (iPhone8,2) on 11.3.1
- iPhone SE (1st gen) (iPhone8,4), iOS 11.4
The following devices are also present in offsets.m (and the binaries in /docs) but have not been verified on a real device:
- iPad mini 4 (Wi-Fi) (iPad5,1) on iOS 11.1.2
- iPad mini 4 (Wi-Fi) (iPad5,1) on iOS 11.2.1
- iPhone 5S (GSM) (iPhone6,1), iOS 11.2.6
- iPhone 6 Plus (iPhone7,1), iOS 11.2.6
- iPhone 6 (iPhone7,2), iOS 11.4
- iPhone SE (1st gen) (iPhone8,4), iOS 11.4.1
The IPA (semi-untether) should be used first to jailbreak, at which point the DEB (untether upgrade payload) may be used. While theoretically these could have been combined, there is little benefit to doing so, especially considering the runtime-determined file descriptor.
(Note: The intermediate commits between 1.0.167 and 1.0.171 do have compiled binaries, located in the /docs folder of the tree at that commit, but specific releases for them were not considered to be necessary.)
Changes since 1.0.167 (post-exploitation logging):
- Automatic code formatting to enforce a consistent style guide and other internal refactoring
- Add more offsets, increasing total supported device + OS combinations to 10
Changes since 1.0.165 (first successful untether boot):
- Implement restore RootFS functionality, as adapted from public Odyssey source code
- Makefile improvements — incorporate compile script, auto-version IPA
- Logging improvements — show post-exploitation log in app
- Solve error 85 — inject trust into killall and uicache binaries
v1.0.167 — Implement restore root FS
The binaries only support the iPhone 6S Plus (iPhone8,2) on 11.3.1.
The IPA (semi-untether) should be used first to jailbreak, at which point the DEB (untether upgrade payload) may be used. While theoretically these could have been combined, there is little benefit to doing so.
Changes since 1.0.166 (post-exploitation logging):
- Implement restore RootFS functionality, as adapted from public Odyssey source code
Changes since 1.0.165 (first successful untether boot):
- Makefile improvements — incorporate compile script, auto-version IPA
- Logging improvements — show post-exploitation log in app
- Solve error 85 — inject trust into killall and uicache binaries
v1.0.166 — Post-exploitation logging
The binaries only support the iPhone 6S Plus (iPhone8,2) on 11.3.1.
The IPA (semi-untether) should be used first to jailbreak, at which point the DEB (untether upgrade payload) may be used. While theoretically these could have been combined, there is little benefit to doing so.
Changes since 1.0.165 (first successful untether boot):
- Makefile improvements — incorporate compile script, auto-version IPA
- Logging improvements — show post-exploitation log in app
- Solve error 85 — inject trust into killall and uicache binaries
v1.0.165 — First successful untether boot
This is the first release of the Spice untether. The binaries only support the iPhone 6S Plus (iPhone8,2) on 11.3.1.
The IPA (semi-untether) should be used first to jailbreak, at which point the DEB (untether upgrade payload) may be used. While theoretically these could have been combined, there is little benefit to doing so.
Warning: You will have an issue with essential packages, but OpenSSH is preinstalled.
Run the following over an SSH connection:
apt updatedpkg --configure -aapt --fix-broken install file libplist3 libssl1.1.1apt install -f dpkg ldid -o APT::Immediate-Configure=0
Changes since 1.0.147 (upstream JakeBlair420/Spice):
- UI improvements — add Spice colors and log showing progress to app
- Compiling improvements — automatically generate hashes, create stage 3 compile script, and run all this from the Makefile
- More offsets — add all known offsets and use them to find offsets for the iPhone 6S Plus (iPhone8,2) on 11.3.1
- Create scream test to handle process of finding correct stage 1 file descriptor
- Fix stage 3 logging crash by doing syscall directly in assembly
- Create instructions on how to install untether correctly