spv420/untether.txt

## untether.txt
i'll do a better release tomorrow or something, but to keep my promise, here's a gist
bug2:
platform-application bypass,
/usr/bin/fileproviderctl is a binary with a purpose i'm not sure of, however, it executes /usr/local/bin/fileproviderctl_internal when run
make /usr/local/bin/fileproviderctl_internal a symlink to your code to execute, and replace a daemon with /usr/bin/fileproviderctl
recommended to use wifiFirmwareLoader, and SUID fileproviderctl with mobile:mobile (if it runs as root containermanagerd has a seizure)
boom, BFU code exec on >11.xish -> 14.xish

bug3:
platform-application bypass,
custom filesystem
directory structure:
/System/Library/Filesystems/hax.fs:
/System/Library/Filesystems/hax.fs/Contents:
/System/Library/Filesystems/hax.fs/Contents/Resources:
/System/Library/Filesystems/hax.fs/Contents/Resources/mount_hax -> symlink to your haxxx

cp -p /sbin/mount to /usr/local/bin/scripter (bypass some sandbox stuff)
replace a daemon with an executable containing this:
#!/usr/local/bin/scripter -t hax fake


the last argument is automatically filled in with the executable path, so mount finds an existing path, and attempts to mount "fake" (taken as /fake as it runs in /) on that path, with the filesystem hax, which executes our code.
replace a daemon like wifiFirmwareLoaderLegacy
either do the same SUID trick, for untethered, sandboxed code exec as mobile (tired)
or use psychicpaper and get untethered, unsandboxed code exec as root (wired)
boom, BFU code exec on 9.xish -> 12.xish

in both cases, code has to be properly signed and installed.
as an example, make an Xcode project, and replace the main function with your code.
sign, and install properly, as an application.

if this doesn't work for you, it can be a bit of a bitch to get working sometimes, there can be some quirks.

license:
This software is licensed under the "Anyone But Some Assholes"
(ABSA) license, described below. No other licenses may apply.


------------------------------------------
The "Anyone But Some Assholes" license
------------------------------------------

Do anything you want with this program, with the exceptions listed
below under "EXCEPTIONS".

In the unlikely event that you happen to make a zillion bucks off of
this, then good for you; consider buying some hookers, cocaine,
hookers and cocaine, weed, hookers and weed, hookers; cocaine; and
weed, weed and cocaine, etc.

EXCEPTIONS
----------

Any distributions of this program, and source code, must be licensed
under this same license, and source code must be provided, either
alongside of the program, or with a URL where the code is accessible.

Moderators, Owners, or anyone capable of moderating either the
"r/jailbreak" Discord server, "Sileo" Discord server, or both Discord
servers may not make use of or redistribute this program or any of
its derivatives.

iMuseum, or whatever that cocksucker goes by now, can both go fuck
himself, and may not make use of or redistribute this program or
any of its derivatives.

An exception is made to the Discord server rule for any members of
the checkra1n team, or anyone who is credited alongside checkra1n.

Those people include:
argp, axi0mx, danyl931, jaywalker, kirb, littlelailo, nitoTV,
never_released, nullpixel, pimskeks, qwertyoruiop, sbingner, siguza,
haifisch, ihackbanme, jndok, jonseals, xerub, lilstevie, psychotea,
sferrini, Cellebrite (ih8sn0w, cjori, ronyrus et al.)

Another exception is made to the Discord server rule for any members of
the unc0ver team, or anyone who is credited alongside unc0ver.

Those people include:
pwn20wnd, sbingner, siguza, Jake James, himynameisubik, ios_app_devex,
pattern-f, Brandon Azad, Ned Williamson

Another exception is made to the Discord server rule for any members of
the Manticore team, or anyone who is credited alongside Manticore.

Those people include:
@rpwnage, @pwnedc99, @fugiefire, @FCE365 / GeoSn0w

Besides the previous exceptions, @nonce#1119 (currently) on Discord
may not make use of or redistribute this program or any of
its derivatives.

Also, by using this program you agree that you will worship our lord
and saviour spv, and failure to do so may result in anything from
broken kneecaps, to death.

An amendment to the license is given to @cameren#0420 on Discord,
who is both a complete cunt, and may not make use of or
redistribute this program or any of its derivatives, and this will
not be removed depending on his moderator status.

An amendment to this license is also made permitting the use of this
software by tihmstar, regardless of moderator status.
	i'll do a better release tomorrow or something, but to keep my promise, here's a gist
	bug2:
	platform-application bypass,
	/usr/bin/fileproviderctl is a binary with a purpose i'm not sure of, however, it executes /usr/local/bin/fileproviderctl_internal when run
	make /usr/local/bin/fileproviderctl_internal a symlink to your code to execute, and replace a daemon with /usr/bin/fileproviderctl
	recommended to use wifiFirmwareLoader, and SUID fileproviderctl with mobile:mobile (if it runs as root containermanagerd has a seizure)
	boom, BFU code exec on >11.xish -> 14.xish

	bug3:
	platform-application bypass,
	custom filesystem
	directory structure:
	/System/Library/Filesystems/hax.fs:
	/System/Library/Filesystems/hax.fs/Contents:
	/System/Library/Filesystems/hax.fs/Contents/Resources:
	/System/Library/Filesystems/hax.fs/Contents/Resources/mount_hax -> symlink to your haxxx

	cp -p /sbin/mount to /usr/local/bin/scripter (bypass some sandbox stuff)
	replace a daemon with an executable containing this:
	#!/usr/local/bin/scripter -t hax fake



	the last argument is automatically filled in with the executable path, so mount finds an existing path, and attempts to mount "fake" (taken as /fake as it runs in /) on that path, with the filesystem hax, which executes our code.
	replace a daemon like wifiFirmwareLoaderLegacy
	either do the same SUID trick, for untethered, sandboxed code exec as mobile (tired)
	or use psychicpaper and get untethered, unsandboxed code exec as root (wired)
	boom, BFU code exec on 9.xish -> 12.xish

	in both cases, code has to be properly signed and installed.
	as an example, make an Xcode project, and replace the main function with your code.
	sign, and install properly, as an application.

	if this doesn't work for you, it can be a bit of a bitch to get working sometimes, there can be some quirks.

	license:
	This software is licensed under the "Anyone But Some Assholes"
	(ABSA) license, described below. No other licenses may apply.


	------------------------------------------
	The "Anyone But Some Assholes" license
	------------------------------------------

	Do anything you want with this program, with the exceptions listed
	below under "EXCEPTIONS".

	In the unlikely event that you happen to make a zillion bucks off of
	this, then good for you; consider buying some hookers, cocaine,
	hookers and cocaine, weed, hookers and weed, hookers; cocaine; and
	weed, weed and cocaine, etc.

	EXCEPTIONS
	----------

	Any distributions of this program, and source code, must be licensed
	under this same license, and source code must be provided, either
	alongside of the program, or with a URL where the code is accessible.

	Moderators, Owners, or anyone capable of moderating either the
	"r/jailbreak" Discord server, "Sileo" Discord server, or both Discord
	servers may not make use of or redistribute this program or any of
	its derivatives.

	iMuseum, or whatever that cocksucker goes by now, can both go fuck
	himself, and may not make use of or redistribute this program or
	any of its derivatives.

	An exception is made to the Discord server rule for any members of
	the checkra1n team, or anyone who is credited alongside checkra1n.

	Those people include:
	argp, axi0mx, danyl931, jaywalker, kirb, littlelailo, nitoTV,
	never_released, nullpixel, pimskeks, qwertyoruiop, sbingner, siguza,
	haifisch, ihackbanme, jndok, jonseals, xerub, lilstevie, psychotea,
	sferrini, Cellebrite (ih8sn0w, cjori, ronyrus et al.)

	Another exception is made to the Discord server rule for any members of
	the unc0ver team, or anyone who is credited alongside unc0ver.

	Those people include:
	pwn20wnd, sbingner, siguza, Jake James, himynameisubik, ios_app_devex,
	pattern-f, Brandon Azad, Ned Williamson

	Another exception is made to the Discord server rule for any members of
	the Manticore team, or anyone who is credited alongside Manticore.

	Those people include:
	@rpwnage, @pwnedc99, @fugiefire, @FCE365 / GeoSn0w

	Besides the previous exceptions, @nonce#1119 (currently) on Discord
	may not make use of or redistribute this program or any of
	its derivatives.

	Also, by using this program you agree that you will worship our lord
	and saviour spv, and failure to do so may result in anything from
	broken kneecaps, to death.

	An amendment to the license is given to @cameren#0420 on Discord,
	who is both a complete cunt, and may not make use of or
	redistribute this program or any of its derivatives, and this will
	not be removed depending on his moderator status.

	An amendment to this license is also made permitting the use of this
	software by tihmstar, regardless of moderator status.