mirror of https://github.com/opa334/TrollStore.git
Compare commits
No commits in common. "0759b7717a3a5a684d5a143903146ec971c01deb" and "6094bc024fe56197fbb8673faf4ec6a3a1dbcefc" have entirely different histories.
0759b7717a
...
6094bc024f
12
README.md
12
README.md
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
TrollStore is a permasigned jailed app that can permanently install any IPA you open in it.
|
TrollStore is a permasigned jailed app that can permanently install any IPA you open in it.
|
||||||
|
|
||||||
It works because of an AMFI/CoreTrust bug where iOS does not correctly verify code signatures of binaries in which there are multiple signers.
|
It works because of an AMFI/CoreTrust bug where iOS does not verify whether or not a root certificate used to sign a binary is legit.
|
||||||
|
|
||||||
Supported versions: 14.0 - 16.6.1, 17.0
|
Supported versions: 14.0 - 16.6.1, 17.0
|
||||||
|
|
||||||
|
@ -100,7 +100,7 @@ When your app is not sandboxed, you can spawn other binaries using posix_spawn,
|
||||||
|
|
||||||
You can also add your own binaries into your app bundle.
|
You can also add your own binaries into your app bundle.
|
||||||
|
|
||||||
Afterwards you can use the [spawnRoot function in TSUtil.m](./Shared/TSUtil.m#L79) to spawn the binary as root.
|
Afterwards you can use the [spawnRoot function in TSUtil.m](./Shared/TSUtil.m#L77) to spawn the binary as root.
|
||||||
|
|
||||||
### Things that are not possible using TrollStore
|
### Things that are not possible using TrollStore
|
||||||
|
|
||||||
|
@ -110,12 +110,8 @@ Afterwards you can use the [spawnRoot function in TSUtil.m](./Shared/TSUtil.m#L7
|
||||||
|
|
||||||
## Credits and Further Reading
|
## Credits and Further Reading
|
||||||
|
|
||||||
[@alfiecg_dev](https://twitter.com/alfiecg_dev/) - Found the CoreTrust bug that allows TrollStore to work through patchdiffing and worked on automating the bypass.
|
[@LinusHenze](https://twitter.com/LinusHenze/) - Found the CoreTrust bug that allows TrollStore to work.
|
||||||
|
|
||||||
Google Threat Analysis Group - Found the CoreTrust bug as part of an in-the-wild spyware chain and reported it to Apple.
|
|
||||||
|
|
||||||
[@LinusHenze](https://twitter.com/LinusHenze) - Found the installd bypass used to install TrollStore on iOS 14-15.6.1 via TrollHelperOTA, as well as the original CoreTrust bug used in TrollStore 1.0.
|
|
||||||
|
|
||||||
[Fugu15 Presentation](https://youtu.be/rPTifU1lG7Q)
|
[Fugu15 Presentation](https://youtu.be/rPTifU1lG7Q)
|
||||||
|
|
||||||
[Write-Up on the first CoreTrust bug with more information](https://worthdoingbadly.com/coretrust/).
|
[Write-Up on the CoreTrust bug with more information](https://worthdoingbadly.com/coretrust/).
|
||||||
|
|
Loading…
Reference in New Issue