Skip to content

Commit

Permalink
Merge branch 'main' of https://github.com/opa334/TrollStore
Browse files Browse the repository at this point in the history
opa334 committed Sep 22, 2022
2 parents b67e3aa + ed8a536 commit f89279b
Showing 2 changed files with 10 additions and 4 deletions.
8 changes: 6 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
@@ -8,6 +8,10 @@ It works because of a CoreTrust bug that affects iOS 14.0 - 15.4.1 (15.5b4).

## Installation Methods

N/A means: NO DEVICE / VERSION COMBINATION EXISTS

None means: No way to install TrollStore currently

| Version / Device | A8 | A9 | A10 | A11 | A12 | A13 | A14 | A15 |
| --- | --- | --- | --- | --- | --- | --- | --- | --- |
| iOS 14.0 | [TrollHelper](./install_trollhelper.md) | [TrollHelper](./install_trollhelper.md) | [TrollHelper](./install_trollhelper.md) | [TrollHelper](./install_trollhelper.md) | [TrollHelper](./install_trollhelper.md) | [TrollHelper](./install_trollhelper.md) | [TrollHelper](./install_trollhelper.md) | N/A |
@@ -63,7 +67,7 @@ The binaries inside an IPA can have arbitary entitlements, fakesign them with ld

## Banned entitlements

iOS 15 has banned the following three entitlements related to running unsigned code, these are impossible to get without a PPL or PAC bypass, apps signed with them will crash on launch.
iOS 15 on A12+ has banned the following three entitlements related to running unsigned code, these are impossible to get without a PPL or PAC bypass, apps signed with them will crash on launch.

`com.apple.private.cs.debugger`

@@ -134,4 +138,4 @@ Afterwards you can use the [spawnRoot function in TSUtil.m](./Store/TSUtil.m#L39

[@LinusHenze](https://twitter.com/LinusHenze/) - Found the CoreTrust bug that allows TrollStore to work.

[Early Write-Up on the CoreTrust bug with more information](https://worthdoingbadly.com/coretrust/).
[Early Write-Up on the CoreTrust bug with more information](https://worthdoingbadly.com/coretrust/).
6 changes: 4 additions & 2 deletions install_with_sshrd.md
Original file line number Diff line number Diff line change
@@ -2,11 +2,13 @@

**Supported devices:** A8(X) - A11, iOS 14.0 - 15.5b4

Video tutorial: https://youtu.be/SsvumuaZBT0
Video tutorial: https://youtu.be/B0MueVvJSK4

1. Run `git clone https://github.com/verygenericname/SSHRD_Script --recursive && cd SSHRD_Script`

2. Run `./sshrd.sh <latestipswlinkhere> TrollStore <uninstallablesystemapphere>` (Tips is the best choice)
2. Run `./sshrd.sh <iOS version for ramdisk> TrollStore <uninstallable system app>`
- Make sure to **not** include the `<>`
- The uninstallable system app should be an app you don't need to use (e.g. Tips)

3. Run `./sshrd.sh boot` the device should start verbosing and show a TrollFace in ascii, then reboot eventually

0 comments on commit f89279b

Please sign in to comment.