This commit is contained in:
opa334 2022-10-07 01:26:30 +02:00
commit 340b74b263
4 changed files with 26 additions and 18 deletions

View File

@ -1,14 +1,14 @@
# TrollStore # TrollStore
TrollStore in a permasigned jailed app that can permanently install any IPA you open in it. TrollStore is a permasigned jailed app that can permanently install any IPA you open in it.
It works because of a CoreTrust bug that affects iOS 14.0 - 15.4.1 (15.5b4). It works because of the CoreTrust bug that **_ONLY_** affects iOS 14.0 - 15.4.1 (15.5b4).
**NOTE: TrollStore will _NEVER_ work on anything higher than iOS 15.5 beta 4 (No not on iOS 15.5, not on iOS 15.6 and certainly not on iOS 16.x), please stop asking!** **NOTE: TrollStore will _NEVER_ work on anything higher than iOS 15.5 beta 4 (No not on iOS 15.5, not on iOS 15.6 and certainly not on iOS 16.x), please stop asking!**
## Installation Methods ## Installation Methods
N/A means: NO DEVICE / VERSION COMBINATION EXISTS N/A means: No device / version combination exists
| Version / Device | A8 | A9 | A10 | A11 | A12 | A13 | A14 | A15 | | Version / Device | A8 | A9 | A10 | A11 | A12 | A13 | A14 | A15 |
| --- | --- | --- | --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- | --- | --- | --- |
@ -43,23 +43,23 @@ N/A means: NO DEVICE / VERSION COMBINATION EXISTS
# Updating TrollStore # Updating TrollStore
After having installed TrollStore, you can update it to newer versions by opening the .tar file in releases in TrollStore. It will install the update and respring afterwards. After installing TrollStore, you can update it to newer versions by opening the .tar file in releases in TrollStore. It will install the update and respring afterwards.
# Uninstalling an app # Uninstalling an app
TrollStore installed apps can only be uninstalled from TrollStore itself, tap an app or swipe it to the right in the 'Apps' tab to delete it. Apps installed from TrollStore can only be uninstalled from TrollStore itself, tap an app or swipe it to the right in the 'Apps' tab to delete it.
# Persistence Helper # Persistence Helper
The CoreTrust bug used in TrollStore is only enough to install "System" apps, this is because FrontBoard has an additional security check (it calls libmis) every time before a user app is launched. Unfortunately it is not possible to install new "System" apps that stay through an icon cache reload. Therefore when iOS reloads the icon cache, all TrollStore installed apps including TrollStore itself will revert back to "User" state and will no longer launch. The CoreTrust bug used in TrollStore is only enough to install "System" apps, this is because FrontBoard has an additional security check (it calls libmis) every time before a user app is launched. Unfortunately it is not possible to install new "System" apps that stay through an icon cache reload. Therefore, when iOS reloads the icon cache, all TrollStore installed apps including TrollStore itself will revert back to "User" state and will no longer launch.
The only way to work around this is to install a persistence helper into a system app, this helper can then be used to reregister TrollStore and it's installed apps as "System" so they become launchable again, an option for this is available in TrollStore settings. The only way to work around this is to install a persistence helper into a system app, this helper can then be used to reregister TrollStore and its installed apps as "System" so that they become launchable again, an option for this is available in TrollStore settings.
On jailbroken iOS 14 when TrollHelper is used for installation, it is located in /Applications and will persist as a "System" app through icon cache reloads, therefore TrollHelper is used as the persistence helper on iOS 14. On jailbroken iOS 14 when TrollHelper is used for installation, it is located in /Applications and will persist as a "System" app through icon cache reloads, therefore TrollHelper is used as the persistence helper on iOS 14.
# Features # Features
The binaries inside an IPA can have arbitary entitlements, fakesign them with ldid and the entitlements you want (`ldid -S<path/to/entitlements.plist> <path/to/binary>`) and TrollStore will preverse the entitlements when resigning them with the fake root cert on installation. This gives you a lot of possibilities, some of which are explained below. The binaries inside an IPA can have arbitary entitlements, fakesign them with ldid and the entitlements you want (`ldid -S<path/to/entitlements.plist> <path/to/binary>`) and TrollStore will preverse the entitlements when resigning them with the fake root certificate on installation. This gives you a lot of possibilities, some of which are explained below.
## Banned entitlements ## Banned entitlements

View File

@ -1,11 +1,13 @@
# Installation through TrollStore Helper # Installation through TrollStore Helper
**Supported devices:** All jailbroken devices between iOS 14.0 and 15.5b4 **Supported devices:** All **jailbroken** devices on iOS versions **14.0 to 15.5b4**
1. Download TrollStore Helper from Havoc repo (https://havoc.app), alternatively you can also download the deb from releases and install it yourself. 1. Download TrollStore Helper from Havoc repo (https://havoc.app).
2. Open TrollStore Helper on the home screen Alternative: Directly download the .deb from GitHub releases and install it manually in your preferred package manager.
3. Press "Install TrollStore", make sure you're connected to internet 2. Open TrollStore Helper on the home screen.
4. Done, your device will respring and TrollStore should appear on your home screen 3. Make sure you're connected to the internet, and press "Install TrollStore."
4. Done, your device will respring and TrollStore should appear on your home screen.

View File

@ -14,4 +14,4 @@
6. If TrollStore is on home screen, start it, if not then reboot and it should appear afterwards, then start it 6. If TrollStore is on home screen, start it, if not then reboot and it should appear afterwards, then start it
7. **(Optional)** Tap "Install Persistence Helper" and choose a system app you don't need to use (e.g. Tips) in the list that appears, this app can later be used to refresh TrollStore registrations when iOS reloads the icon cache and the TrollStore apps no longer launch 7. **(Recommended)** Tap "Install Persistence Helper" in TrollStore and choose a system app you don't need to use (e.g. Tips) in the list that appears, this app can later be used to refresh TrollStore registrations when iOS reloads the icon cache and the TrollStore apps no longer launch

View File

@ -1,5 +1,7 @@
# Installation through an SSH Ramdisk (Linux and macOS only) # Installation through an SSH Ramdisk (Linux and macOS only)
**_**If you do not have a Mac or a Linux PC, make an Ubuntu live USB and boot from it on your computer. **_**
**Supported devices:** A8(X) - A11, iOS 14.0 - 15.5b4 **Supported devices:** A8(X) - A11, iOS 14.0 - 15.5b4
Video tutorial: https://youtu.be/B0MueVvJSK4 Video tutorial: https://youtu.be/B0MueVvJSK4
@ -9,11 +11,15 @@ Video tutorial: https://youtu.be/B0MueVvJSK4
2. Run `./sshrd.sh <iOS version for ramdisk> TrollStore <uninstallable system app>` 2. Run `./sshrd.sh <iOS version for ramdisk> TrollStore <uninstallable system app>`
- Make sure to **not** include the `<>` - Make sure to **not** include the `<>`
- The uninstallable system app should be an app you don't need to use (e.g. Tips) - The uninstallable system app should be an app you don't need to use (e.g. Tips)
- i.e. `./sshrd.sh 15.0 TrollStore Tips`
3. Run `./sshrd.sh boot` the device should start verbosing and show a TrollFace in ascii, then reboot eventually 3. Put your device into DFU mode. Instructions for this can be found [here](https://www.theiphonewiki.com/wiki/DFU_Mode#iPhone.2C_iPad.2C_iPod_touch).
- If you are on an A11 device, entire recovery mode first by pressing and quickly releasing the volume up and volume down button, one at a time. Then, press and hold the side button until you see the recovery mode screen. Finally, put your device into DFU mode as said above.
4. Open up the app you replaced, it should be TrollStore Helper now 4. Run `./sshrd.sh boot` the device should start verbosing and show a TrollFace in ascii, then reboot eventually
5. Press "Install TrollStore", make sure you're connected to the internet 5. Open up the app you replaced (Tips in this example), it should be TrollStore Helper now.
6. Done, your device will respring and TrollStore should appear on your home screen 6. Make sure you're connected to the internet, and press "Install TrollStore."
7. Done, your device will respring and TrollStore should appear on your home screen.