Fugu Jailbreak

Linus Henze aka @LinusHenze  from Koblenz, Germany has started a new era of iOS jailbreak history by releasing Fugu Jailbreak. Fugu Jailbreak is the second jailbreak tool based on the checkm8 exploit. Checkm8 is an unpatchable bootrom exploit discovered last year which was affecting a number of iOS devices starting from iPhone 4s to iPhone X. These kinds of exploits are very rare and can not be fixed issuing a software update. As a matter of fact, this kind of exploits paves the way to develop new jailbreak tools. And also gives chances for the users to downgrade their iOS or iPad even after Apple stops signing the firmware.

Bootrom Exploit Explained

International Council of E-Commerce Consultants aka EC Council explains that bootrom exploit is able to gain both user-level access and iboot-level access.  bootrom exploits are more advantageous as it could help users to access greater system-level and signature checks are neglected while bootrom is occupied. As mentioned above, checkm8 exploit is an unpatchable bootrom exploit that was discovered by  @axi0mX in 2019. He did not himself create a public jailbreak but release the exploit publicly for talented developers to create jailbreak tools. Linus Henze has taken advantage of public release and that is why today we are talking about Fugu Jailbreak after Checkra1n jailbreak release. Also, Checkra1n was the first jailbreak tool based on checkm8 exploit.

What is Fugu Jailbreak

Fugu Jailbreak is the first open-source jailbreak tool based on the checkm8 exploit for iOS 13 and it is still in the development stage. Currently, only developers are recommended to use the tool as it is still not stable for the public. As of now, the tool has been successful on the 2017 iPad Pro (iOS 13 - iOS 13.3.1) and suppose compatible with iPhone 7 but not tested yet. According to the developer, after jailbreaking using Fugu, the device would be compatible with Sileo or Cydia. But most of the jailbreak tweaks expected to be incompatible as of now. Also, though the tool mounts the root file system to read/write, it is restored to the stock file system while rebooting into the non-jailbroken mode.

As same as checkra1n semi-tethered jailbreak, Fugu also requires users to connect the device to the Mac computer to be jailbroken.

Fugu Jailbreak For macOS & Windows

Currently, Fugu jailbreak is only compatible with macOS and there is no clue about releasing Windows application yet.

Fugu Building

If you are interested in Fugu building, now you can download Fugu with following steps

  • Download Fugu
  • Install  Xcode and Homebrew on your macOS
  • Install LLVM and Binutils using Homebrew
  • Open the Fugu Xcode Project
  • select Fugu as target &  and build it
  • Then, you will find Fugu and a shellcode folder in the build folder
  • Simply, Type Fugu iStrap to execute all the Fugu  components (Try several times running this command and  enter DFU mode again if not multiple attempts are not successful)

Fugu components

The Fugu application exploits your iOS or iPad using checkm8 exploit and uploads,

  • iStrap (The Kernel bootstarpper): You see this when your iDevice boots and it patches the kernel which is the key function of the jailbreak process. Also, injects boot arguments when needed while injecting shellcode into the kernel.
  • iStrap loader- This small shellcode patches the iBoot and loads the iStrap after iboot

iDownload - iDownload is a small application and it will be installed during boot and launched instead of launchd

Download Cydia Cloud for iOS 13.3.1

How To Install Sileo, SSH and MobileSubstrate

  • Install libusbmuxd using Homebrew
  • Run Fugu iStrap command and enable jailbroken status on your device and unlock it (Keep the device connected to MacOS)
  • Run python install_sileo.py to download all the essential files to install Sileo, SSH, and MobileSubstrate

What is Semi-Tethered Jailbreak

There are several jailbreak types as untethered jailbreak, tethered jailbreak, semi-tethered and semi-untethered. Once an iDevice is jailbroken using untethered jailbreak solution, it remains a lifetime and works without any help from PC or application. Tethered jailbreak solutions work against untethered jailbreak.

Once, you jailbreak your device with the help of a Tethered jailbreak solution, you have to use a PC every time you need to reboot your device. Such a device cannot reboot itself until you run the jailbreak application on the PC after connecting the device to a computer. semi-tethered jailbreak solutions are a combination of an untethered jailbreak and tethered jailbreak and also show both tethered & untethered features.

Once, you have jailbroken your device using semi-tethered jailbreak, you can reboot your device without any problem. But, you cannot use any jailbreak apps or tweaks until you enable the jailbreak status through a computer by running the respective jailbreak application.

Semi-untethered works as the same as the semi-tethered method but does not require a PC. It allows users to get back to jailbreak status after rebooting just running the jailbreak application on the device itself. Though this method is not as convenient as the untethered method, more convenient than all the other methods.

Final Word

All these things are still in the development stage and do not try to proceed if you are an iOS regular user. Using an application that is being developed is complicated and too risky for regular users. So, the best is to stay with checkra1n jailbreak which stable and safe as of now.