In early October, Linus Henze took to the stage at the Objective by the Sea conference to showcase his Fugu15 jailbreak on an iPhone running iOS 15.4.1 with a user-friendly new installation method that reminded many of us of the JailbreakMe days. And as of this Monday, it’s officially released as open source on Henze’s GitHub page.
Henze announced the release of Fugu15 via Twitter this afternoon, but before we get too excited, we should mention right away that Fugu15 is a jailbreak primarily aimed at developers as there are currently no jailbreak tweaks that support iOS or iPadOS 15 to the missing tweak injection library (the same issue is currently delaying the Odyssey team’s Cheyote jailbreak).
What is Fugu15?
Fugu15 is a permanently signed, semi-untethered jailbreak app that supports certain arm64e devices running iOS and iPadOS 15.0-15.4.1 and runs the Procursus bootloader with the Sileo package manager. Because it is semi-untethered, you don’t need a computer to re-jailbreak, but you will need to re-jailbreak every time you reboot your device. Additionally, a CoreTrust bug allows Fugu15 to remain subscribed indefinitely, so it doesn’t need to be re-subscribed every seven days.
If this sounds familiar, it’s because TrollStore uses the same CoreTrust bug. TrollStore allows users to upload and sign any file. ipa on your device.
Fugu15 release includes code signing bypass, kernel exploit, PAC kernel bypass, and PPL bypass. It’s worth noting that Fugu15 can be installed either via Safari if you have a domain, or via a USB connection and Xcode on a Mac.
What you need to know about Fugu15
But as we noted earlier, Fugu15 is a developer-focused jailbreak, so it’s not that useful for the average person. This is because there are currently no compatible jailbreak tweaks, and also because some early firmware versions have bugs and have not been extensively tested on all devices.
In fact, Henze notes on the GitHub page that Fugu15 has only been extensively tested on the following device settings:
- iPhone XS Max running iOS 15.4.1
- iPhone 11 (security research device) running iOS 15.4.1
- iPhone 12 (security research device) running iOS 15.4.1
- iPhone 12 Pro Max running iOS 15.4.1
- Standalone version of iPhone 13 running iOS 15.1
Fugu15 may be compatible with other combinations of devices and firmware, however, it has not been rigorously tested on these. Only arm64e devices are currently supported (iPhone XS and later, or devices with an A12 chip or later).
While Henze is aware of the following bugs, there may be others:
1) If oobPCI (the process running the kernel) terminates, the system may be left in an inconsistent state and panic at some point. This usually happens about 5 seconds after startup
exit_full
command in iDownload. Workaround: Do not close oobPCI or do it as soon as possible to reduce the chance of a kernel panic. The reason for this panic is currently unknown. 2) If there is no power connection, going into deep sleep will cause a kernel panic due to a bug in DriverKit (also happened with Fugu14). Unfortunately, Fugu14’s fix does not work on iOS 15. Workaround: This error does not occur when exiting oobPCI. However, the error described above may occur when exiting oobPCI. 3) Some versions of iOS (at least iOS 15.1 and below, maybe 15.2 and 15.3 too) have a DriverKit bug that disables bus control for the WiFi chip when oobPCI starts, causing a kernel panic when using WiFi. This bug can be fixed, but at the moment the fix is not included in Fugu15. Workaround:
Brief FAQ from Linus Henze about Fugu15
In the FAQ section of the GitHub page, Henze answers some pertinent questions, which we’ll outline below:
Q: I am an end user. Is Fugu15 good for me? Oh no.
Q: My iOS version/device is not supported by Fugu15, will you add support for it? A: No. (I ended up with iOS 15)
Q: Will you ever add support for tweaks? Oh no.
Q: Do you provide official support for Fugu15? Are updates planned? Oh no.
Q: I installed/updated something through Sileo, but it won’t start. How can I fix this? A: Fugu15 uses TrustCache injection to bypass code signing. Therefore, if you install or update something, the code signature must be in TrustCache. You can download additional TrustCaches from the iDownload shell using tcload
the command.
Q: Wen eta Fugu16?????? A: …
What will happen to Fugu15?
Apparently, Henze has no intention of further developing Fugu15 as he shifts his focus from iOS and iPadOS 15 to iOS and iPadOS 16 in the future. On the other hand, the open source release of Fugu15 may prove beneficial to the jailbreak community as it can provide relief to struggling jailbreak developers who need more ideas to attack iOS and iPadOS 15 for those who have been waiting patiently for so long.
However, while this is a useful jailbreak for developers who need to test something, it’s basically a proof of concept at this stage.
Conclusion
While the release of Fugu15 is indeed good and welcome news, the Fugu15 project itself is not a jailbreak that everyone should rush to download and install. Instead, users should stay on the lowest possible firmware and wait for a public jailbreak of iOS and iPadOS 15 with a working tweak injection – since that’s what most of us jailbreak for anyway.
You can learn more about Fugu15 and what it is all about by visiting Linus Henze’s GitHub page.
Are you excited that Fugu15 is finally out? Be sure to discuss your thoughts on this in the comments section below.