Jailbreak
iPad Air 2 / iPad mini mit Aktivierungsumgehung mit palera1n 2
Partial FakeFS (BindFS) erstellen und booten
palera1n -B -f
Wenn wieder in recovery FakeFS booten
palera1n -f
Wenn beim reboot der palera1n-Splashscreen auftaucht hat es funktioniert.
Aktivierungs-Bypass:
#!/bin/bash
remote_cmd() {
sshpass -p 'alpine' ssh -o StrictHostKeyChecking=no -p4444 root@localhost "$@"
}
remote_cp() {
sshpass -p 'alpine' scp -o StrictHostKeyChecking=no -O -P4444 "$@"
}
bypass_gold() {
remote_cmd "mount -o rw,union,update /"
remote_cmd "mv -v /usr/libexec/mobileactivationd /usr/libexec/mobileactivationdBackup"
remote_cmd "ldid -e /usr/libexec/mobileactivationdBackup > /usr/libexec/mob.plist"
remote_cp gold root@localhost:/usr/libexec/mobileactivationd
remote_cmd "chmod 755 /usr/libexec/mobileactivationd"
remote_cmd "ldid -S /usr/libexec/mob.plist usr/libexec/mobileactivationd"
remote_cmd "rm -v /usr/libexec/mob.plist"
}
bypass_new() {
remote_cmd 'mount -o rw,union,update /'
remote_cmd 'mv -v /usr/libexec/mobileactivationd /usr/libexec/mobileactivationdBackup'
remote_cmd 'ldid -e /usr/libexec/mobileactivationdBackup > /usr/libexec/mobileactivationd.plist'
remote_cp patch3 root@localhost:/usr/libexec/mobileactivationd
remote_cmd 'chmod 755 /usr/libexec/mobileactivationd'
remote_cmd 'ldid -S/usr/libexec/mobileactivationd.plist /usr/libexec/mobileactivationd'
remote_cmd 'rm -v /usr/libexec/mobileactivationd.plist'
remote_cp com.bypass.mobileactivationd.plist root@localhost:/Library/LaunchDaemons/com.bypass.mobileactivationd.plist
remote_cmd 'launchctl load /Library/LaunchDaemons/com.bypass.mobileactivationd.plist'
remote_cmd 'launchctl reboot userspace'
}
bypass_new