staturnz

iOS 9.3.6 untethered jailbreak demo

Aquila 2.1 (by @staturnzdev) has been released, with support for iOS 4.3.x and 32-bit iOS 7. This is the first ever untethered jailbreak for the iPad 2 on 4.3-4.3.2/4.3.4/4.3.5, which - as an unrelated side note - turns 15 years old in about 3 days.

Trigon-Legacy out at github.com/TheRealClarity… Supports every 64-bit device from iOS 7 to iOS 9 and is fully deterministic, using entirely different techniques from the original Trigon. Special thanks to @alfiecg_dev, @staturnzdev and @dora2ios for the development help.

👀 Thanks to @staturnzdev for help. Release ETA: unknown, don't ask.

Just booted iOS 26 simulator on my jailbroken iPhone XS Max

@alfiecg_dev @CellebriteLabs 🫡

I’m thrilled to announce that I will be joining @CellebriteLabs next month, kickstarting my career as a full-time iOS researcher. I hope to wrap up some final projects and release them in the coming weeks, but most of my public work will stop after this - it’s been a blast! 🚀💯

oob_entry: tfp0 kernel exploit supporting every armv7 iOS version (iOS 3.0-10.3.4) github.com/staturnzz/oob_…

Just released a short writeup for the A9 version of the Trigon exploit, which involves getting code execution on a coprocessor before exploiting the kernel - enjoy! alfiecg.uk/2025/07/16/Tri…

Me and @staturnzdev have been going to great lengths to try and get a truly deterministic Trigon exploit working for A9. This is one of the more complicated strategies, but it's working pretty nicely! Expect an open-source release and writeup in the future. 💯

@alfiecg_dev 🤝

🤝 @staturnzdev

iOS 10.3.4 untethered jailbreak demo

A new jailbreak for iOS 6 - Aquila (by staturnz) - has been released. Download: github.com/staturnzz/aqui… Guide: ios.cfw.guide/installing-aqu… Big thing about Aquila is that it features a new (and better) iOS 6 kernel exploit - bad_queue - also written by staturnz.

I've just published a new blog post detailing how I developed a deterministic kernel exploit for iOS. Enjoy! alfiecg.uk/2025/03/01/Tri…

@alfiecg_dev @imnotclarity 🤝

Full kernel read/write with CVE-2023-32434 using a deterministic exploit strategy (100% success rate)! arm64e is certainly not as easy, but for now all of arm64 should be doable with this strategy. Shoutout to @staturnzdev and @imnotclarity for lots of help and ideas.

My iOS 7.1.x "jailbreakme" for all 32bit devices has been released. Source code: github.com/staturnzz/lync… Website: lyncisjb.com Guide: ios.cfw.guide/using-lyncis

jailbreakme demo for ios 7

As my final project this year, I have started a "pre-jailbreak" library. It should currently provides a kernel exploit, privilege escalation and tfp0 (where applicable) on devices running iOS 12 - 14. Not tested too much, but any fixes are welcome. HNY! github.com/alfiecg24/libp…