Warning PLEASE, DO NOT ASK FOR SUPPORT REGARDING ICLOUD BYPASS IN PALERA1N DISCORD SERVER! THIS IS NOT OFFICIALLY SUPPORTED AND WON'T EVER BE.
It boots the device with multiple patches required. On first run, it'll boot a ramdisk which dumps your onboard blob, creates a fakefs (if using semi tethered), installs the loader app, and patches your kernel.
you will have to restore to ios 16 using finder or itunes and after "restoring iphone" is finished and first progress bar is done the device will reboot. it would try to by default go to a second progress bar after that first reboot, but you do not want it to get to the second progress bar. you want to put the device into recovery mode or dfu mode right after the first progress bar is finished. it should never show the second progress bar at any point in time, if it does you have to restart the entire process all over again.
then you can run palera1n script
git clone --recursive https://github.com/netsirkl64/setupapp-mobileactivationd-patch && cd setupapp-mobileactivationd-patch
then
sudo ./palera1n.sh --tweaks <your ios version> --semi-tethered
and follow on screen instructions
if you are doing this on ios 16, it will get stuck on "waiting for device in recovery mode"
this will happen and the way to get past this is to control + c out of the script to exit the script
and then force restart the device and when it gets to connect to itunes screen run the same script again
sudo ./palera1n.sh --tweaks <your ios version> --semi-tethered
it will boot into lock screen and press home or swipe up to unlock and it will show palera1n loader. you want to hit install, device will respring, press home button or swipe up to unlock and follow setup and it will not require activation to get to home screen. apps will open like normal.
- We are NOT responsible for any data loss. The user of this program accepts responsibility should something happen to their device. While nothing should happen, jailbreaking has risks in itself. If your device is stuck in recovery, please run one of the following:
- futurerestore --exit-recovery
- irecovery -n
- A checkm8 vulnerable iOS device on iOS 15 or 16 (A8-A11)
- The device must be on iOS 15.0-16.3
- Linux or macOS computer
- Python 3 must be installed.
- On A10 and A11, you must disable your passcode while in the jailbroken state.
- On iOS 16 A10+, if you EVER enabled a passcode on 16, you have to reset through the settings app/restore with a computer
- On A10, this can be fixed in the future by implementing blackbird.
- On A11, we don't have a SEP exploit yet.
- Nathan
- The ramdisk that dumps blobs, copies files, and duplicates rootfs is a slimmed down version of SSHRD_Script
- For modified restored_external
- Also helped Mineek getting the kernel up and running and with the patches
- Helping with adding multiple device support
- Fixing issues relating to camera.. etc by switching to fsboot
- iBoot64Patcher fork
- Mineek
- For the patching and booting commands
- Adding tweak support
- For patchfinders for RELEASE kernels
- Kernel15Patcher
- Kernel64Patcher
- Amy for the Pogo app
- checkra1n for the base of the kpf
- nyuszika7h for the script to help get into DFU
- the Procursus Team for the amazing bootstrap
- F121 for helping test
- m1sta for pyimg4
- tihmstar for pzb/original iBoot64Patcher/original liboffsetfinder64/img4tool
- Tom for a couple patches and bugfixes
- For maintaining Kernel64Patcher
- xerub for img4lib and restored_external in the ramdisk
- Cryptic for iBoot64Patcher fork, and liboffsetfinder64 fork
- libimobiledevice for several tools used in this project (irecovery, ideviceenterrecovery etc), and nikias for keeping it up to date
- Nick Chan general help with patches and iBoot payload stuff
- Dora for iBoot payload and iBootpatcher2
- Sam Bingner for Substitute
- Serena for helping with boot ramdisk.
Mod credits:
- @MatthewPierson: Patched mobileactivationd
- @edwin170: Some code inspired from dualboot-ios-15-with-14-script's repo
- @kitty915: Modified palera1n script to automate bypass and added instructions in the readme