README.md

unc0ver

The most advanced jailbreak tool

unc0ver jailbreak for iOS 11.0 - 11.4b3
by @pwn20wnd & @sbingner
UI by @DennisBednarz & Samg_is_a_Ninja

The most outstanding changes over the other jailbreaks

• All exploits in same app
• Detailed error messages
• Faster patches
• More stable patches
• No extra battery drain
• No random freezes
• No random slow downs
• No data is logged or shared
• No malware
• Proper jailbreak state detection
• Proper bootstrap extraction to fix issues such as Cydia not appearing after jailbreak
• Native build of Cydia for iOS 11
• Telesphoreo port for ARM64
• Much faster Cydia
• Much more stable Cydia
• Much more modern looking and acting Cydia
• Cydia skips uicache when not needed
• Cydia supports iPhone X screen size
• Cydia Substrate for tweak injection
• Much faster ldrestart
• Much more stable ldrestart
• Changes to Cydia were made with permission from Saurik
• Option to skip loading daemons
• Option to dump APTicket
• Option to refresh icon cache
• Option to disable auto updates
• Option to block app revokes
• Option to restore RootFS
• Button to restart device
• Button to open Cydia in case it doesn't appear on the Home Screen
• Label to show the days left till the application expires
• Working debugserver
• An awesome UI

The technical side

• Exploit kernel_task
• Get kernel base
• Find offsets
• Get root
• Escape sandbox
• Get entitlements
• Dump APTicket
• Unlock nvram
• Set boot-nonce
• Lock nvram
• Allow double mount
• Remount RootFS
• Prepare resources
• Inject to trust cache
• Log slide
• Set HSP4
• Patch amfid
• Spawn jailbreakd
• Patch launchd
• Update version string
• Extract bootstrap
• Disable stashing
• Disable app revokes
• Allow SpringBoard to show non-default system apps
• Disable Auto Updates
• Load Daemons
• Run uicache
• Load Tweaks

Switching from the other jailbreaks

• The RootFS will automatically be restored

Getting support

• Use the built-in diagnostics tool
• Get technical support on the r/Jailbreak Discord Server
• Tweet @pwn20wnd

Best practices

• Perform a full restore with Rollectra before switching from the other jailbreaks
• Turn on the AirPlane Mode before starting the jailbreak
• Turn off Siri before starting the jailbreak

Source code

• This project is completely open source and it will be kept like it in the future
• Any kind of contribution is welcome
• The source code can be found on pwn20wndstuff's GitHub account

Video tutorial

• Coming soon

To Do List

• Contact @saurik to enable the Cydia Store purchases on iOS 11 and remove the empty front page ads in Cydia
• Completely switch to Cydia Substrate and ditch Substitute
• Make switching from other jailbreaks without wiping the device possible
• Fix a kernel panic that's triggered by a kernel data abort which is caused by a UaF bug in jailbreakd
• Chain @_bazad's blanket to bypass the developer certificate requirement for multi_path
• Enable the on-fly entitlement patching on iOS 11
• WebKit Port with @_niklasb's WebKit Exploit

Screenshots

Changelog

• RC1: Initial release: Download (IPA)
• RC2: Add the dynastic repo by default and fix the unsupported error on some devices running the iOS 11.4 Beta: Download (IPA)

Special Thanks

• @i41nbeer for triple_fetch, async_wake, empty_list & multi_path
• @Morpheus______ for the QiLin Toolkit
• @xerub for libjb and the original patchfinder64
• @iBSparkes for the original amfid_payload, jailbreakd and pspawn_hook
• @stek29 for the patchfinder64 additions, unlocknvram and hsp4
• @theninjaprawn for the patchfinder64 additions
• @Cryptiiiic for testing
• @xanDesign_ for testing
• @AppleDry05 for testing
• @Rob_Coleman123 for testing
• @MidnightChip for testing
• @FCE365 for testing
• @Swag_iOS for testing
• @jailbreakbuster for testing
• @Jakeashacks for testing