From e84dfc79b90ed3db4584db1f5eaaba9f8ed25b38 Mon Sep 17 00:00:00 2001
From: hrtowii <68852354+hrtowii@users.noreply.github.com>
Date: Mon, 8 Jan 2024 00:11:31 +0800
Subject: [PATCH] Create README.md

---
 README.md | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..02c9707
--- /dev/null
+++ b/README.md
@@ -0,0 +1,31 @@
+# Serotonin - not/semi-jailbreak for iOS 16.2 - 16.6.1
+
+## How do I use it?
+* Download tipa, install via TrollStore
+* Press jailbreak
+* Be happy
+
+## How is this done?
+* Replace launchd by searching through /sbin's vp_namecache, then find launchd's name cache and kwrite it with a patch to our patched launchd.
+* Better explanation from AlfieCG [here](https://www.reddit.com/r/jailbreak/comments/18zehl2/comment/kgi5ya3/)
+* patched launchd hooks posix_spawnp of SpringBoard and execs our own SpringBoard with springboardhook.dylib
+* springboardhook loads in tweaks, ellekit, etc.
+* CoreTrust bug used to bypass codesigning and allow any binary to run with arbitrary entitlements
+* KFD / Any other kernel read/write bug to write to the name cache in the first place
+
+## Todo in the future
+* Try adding support for lower iOS versions by overwriting NSGetExecutablePath
+* Add support for arm64
+* Add a boot splash screen
+* Fix `puaf_pages` picker crash in new UI
+
+## Credits
+* hrtowii / sacrosanctuary - main dev
+* DuyKhanhTran - launchd and SpringBoard hooks
+* NSBedtime - initial launchdhax, helped out a ton!
+* AlfieCG - helped out a ton!
+* Nick Chan - helped out a ton!
+* BomberFish - main UI
+* haxi0 - initial logger
+* Evelyne for showing it was possible. I wouldn't have gotten motivated without that initial tweet lol
+