Compare commits

..

No commits in common. "0759b7717a3a5a684d5a143903146ec971c01deb" and "6094bc024fe56197fbb8673faf4ec6a3a1dbcefc" have entirely different histories.

1 changed files with 4 additions and 8 deletions

View File

@ -2,7 +2,7 @@
TrollStore is a permasigned jailed app that can permanently install any IPA you open in it. TrollStore is a permasigned jailed app that can permanently install any IPA you open in it.
It works because of an AMFI/CoreTrust bug where iOS does not correctly verify code signatures of binaries in which there are multiple signers. It works because of an AMFI/CoreTrust bug where iOS does not verify whether or not a root certificate used to sign a binary is legit.
Supported versions: 14.0 - 16.6.1, 17.0 Supported versions: 14.0 - 16.6.1, 17.0
@ -100,7 +100,7 @@ When your app is not sandboxed, you can spawn other binaries using posix_spawn,
You can also add your own binaries into your app bundle. You can also add your own binaries into your app bundle.
Afterwards you can use the [spawnRoot function in TSUtil.m](./Shared/TSUtil.m#L79) to spawn the binary as root. Afterwards you can use the [spawnRoot function in TSUtil.m](./Shared/TSUtil.m#L77) to spawn the binary as root.
### Things that are not possible using TrollStore ### Things that are not possible using TrollStore
@ -110,12 +110,8 @@ Afterwards you can use the [spawnRoot function in TSUtil.m](./Shared/TSUtil.m#L7
## Credits and Further Reading ## Credits and Further Reading
[@alfiecg_dev](https://twitter.com/alfiecg_dev/) - Found the CoreTrust bug that allows TrollStore to work through patchdiffing and worked on automating the bypass. [@LinusHenze](https://twitter.com/LinusHenze/) - Found the CoreTrust bug that allows TrollStore to work.
Google Threat Analysis Group - Found the CoreTrust bug as part of an in-the-wild spyware chain and reported it to Apple.
[@LinusHenze](https://twitter.com/LinusHenze) - Found the installd bypass used to install TrollStore on iOS 14-15.6.1 via TrollHelperOTA, as well as the original CoreTrust bug used in TrollStore 1.0.
[Fugu15 Presentation](https://youtu.be/rPTifU1lG7Q) [Fugu15 Presentation](https://youtu.be/rPTifU1lG7Q)
[Write-Up on the first CoreTrust bug with more information](https://worthdoingbadly.com/coretrust/). [Write-Up on the CoreTrust bug with more information](https://worthdoingbadly.com/coretrust/).