[email protected]

I am done with this platform! Mastodon: @opa334" target="_blank" rel="nofollow noopener">infosec.exchange/@opa334 Bluesky: bsky.app/profile/opa334… Threads / Instagram: opa334

@gabrimar92 @Muirey03 @opa334/116252961788296480" target="_blank" rel="nofollow noopener">infosec.exchange/@opa334/116252…

@Muirey03 @opa334dev Would this work for a jailbreak?

My analysis of CVE-2025-43520, the kernel vulnerability exploited by DarkSword (patched in 26.1): gist.github.com/Muirey03/8c837…

@jjay2185 @thejailbreakhub You do not need to "make an infosec account", you can make an account in any Mastodon instance you want. That's the upside of it, there is no central instance.

@opa334dev @thejailbreakhub I’m sorry if you have answered this or not , or shouldn’t be asking here… *making an infosec account * but is there any specific or good iOS version to be on for this ?

With the recent discovery of the #coruna exploits, I want to reiterate that all future Dopamine Jailbreak development updates will not be shared on X.

@Avieshek I may mirror major updates to BlueSky, but in general I don't think it is worth my time. It is a centralized platform and therefore can go the same way as Twitter at any point.

@opa334dev BlueSky? Mastodon is too weird.

@JcMotorsbmw Crane already supports up to iOS 18.7.6 on the iPad 7.

@opa334dev Crane on iOS 17? 👀

@thejailbreakhub It is definitely a possibility, I'm not sure if I would implement something like that however.

@opa334dev I saw earlier, I’m also really curious to know if any of those WebKit bugs may allow for a dopamine jailbreakme WebKit type thing.. seems like maybe an outside possibility? Glad to see you’re still here though btw

@Allukardh There are definitely versions of the Mastodon app that work on iOS 15. That's what I was using when I was still jailbroken. Nevertheless, nothing forces you to use the official client.

@opa334dev It’s pretty ironic for you to move to Mastodon when the official app requires iOS 18.6, while your jailbreak keeps us stuck on 16.5. Not even the Coruna crowd can install it. I respect your decision, of course, but I can’t help finding that pretty funny. 🤡

@thejailbreakhub An answer to your question is available on the platform linked in the original tweet.

@opa334dev Do you have any desire to work on an update to Dopamine for 17.x once you look into reverse engineering? Should we look for updates on mastodon?

@thejailbreakhub @MasterMike88 Where was I ever gone though? Any other jailbreak using the coruna exploits would probably be 90% Dopamine's code anyways, so I may as well just do it myself.

@MasterMike88 @opa334dev Oh yeah I know, opa being back is a curveball that I did not expect to see lol.

@perctronaut From a fundamental perspective, I understand there is nothing else I can do than nicely ask. But it seems the users that remain here rather decide to be rude. Well there is a reason I don't want to be involved here anymore.

@opa334dev why would anyone do that 😭😭😭 who cares what you want

@costinel I have used Mastodon just fine on 15.1.1 when I was still jailbroken. Also it is an open platform and anybody can make their own clients and instances, unlike X.

@opa334dev X allows iOS down to 15.0 Mastodon forces minimum 18.6 How can your very own users follow you if they are not even able to install the app of the network you're on?

@TuqTon It will definitely not be jailbroken any time soon. The coruna exploit chain only supports up to 17.2.1.

@opa334dev Hey sir, I have an iPhone SE 2022 iOS 18.3.1, how many years does it usually take until a jailbreak arrives?

@roddux Thanks for making a point I guess

@roddux Politics aside, the main reason I ditched Twitter is because it is simply not interesting anymore. Anything posted here is usually low quality / slop and I simply do not enjoy using it. It's just an uneccessary time waste. This also seems to be the way Elon wants it to be.

Lastly, I will come back one last time under this tweet in 24 hours to answer any good faith questions about the situation / my abandonment of this platform. #ama

Additionally, I understand I can't prevent it, but I would at least nicely ask people to not mirror any of my posts to X.

Coruna's seedbell PAC bypass abused the fact that dyld didn't protect certain __DATA_CONST regions in the dyld shared cache as read only after populating GOT entries etc (I think to support certain objc method list types), (1/4)

So, let's talk about that Coruna exploit kit stuff now, shall we? Let's first establish a few basic grounding points, though, before people over-hype this too much: 1. There is zero guarantees that anything comes from this. Everything here requires stuff to be deobfuscated before it could ever be beneficial for anything. This process inherently requires effort, and it's the type of thing that isn't guaranteed to go anywhere. Additionally, while everything in this post is as accurate as current information tells us, there are things here that are subject to change or subject to validation. 2. Even if anything of note comes from the Coruna exploit kit, this is not a major major advancement. The bugs that this chain kit uses were all patched by 16.7.6/17.5. Additionally though, the last kernel exploit was patched in 16.7.5/17.2.1, which means that the highest possible advancement for jailbreaking is: - EoL (16.x): iOS/iPadOS 16.7.5 - 17.x: iOS 17.2.1/iPadOS 17.2 Which, to be clear, is not nothing - it would allow for the first proper jailbreak for arm64e 16.6-17.2.1, and it would also end the 2+ year streak of no arm64e advance or no jailbreak-relevant exploits. But it isn't going to take us to 18.x or even late-17.x. Now that we've gotten that all out of the way, let's lay some groundwork here. The Coruna exploit kit is a Chinese/Russian spyware kit, involving 23 different bugs designed to target devices running iOS versions 13.0 - 17.2.1. You can read more about this spyware kit as spyware at the following two links: Google Cloud Article: cloud.google.com/blog/topics/th… iVerify Article: iverify.io/blog/coruna-in… Now, Google and iVerify didn't directly publish any samples themselves about this (whether this will change in the future or not, I wouldn't know). But, some of the links that it was mentioned that the spyware was on are still operating and are still actively able to infect devices. This is how various individuals have been able to get samples and begin to look into them. Now, again, there are still a lot of things that need to be figured out before anything truly comes from this, but for now, let's focus on a few of the interesting things about this exploit kit: 1. The "PPL Bypass" bugs (for 17.x) appear to also work on SPTM devices. Some additional context: iOS/iPadOS 17 replaced PPL with SPTM and TXM on some devices. On the relevant versions here (M4 was introduced in 17.4 and iOS/iPadOS 18 shift M2 to SPTM), this encompasses out to: - PPL Devices: A12-A14/M2 - SPTM Devices: A15-A17 This change doesn't affect necessarily the flow of bugs (they usually will require PAC Bypasses) but it can potentially break certain bugs that would work for a PPL Bypass. Based on what we have seen, however, it appears these bugs do work on SPTM devices, which does mean - if anything comes from this - this will likely work on all devices for 17.0-17.2.1. 2. There's enough bugs here for a WebKit jailbreak (and TrollStore installation method for relevant versions). The entire goal of every chain that can be exploited with this kit is that it is designed to be a one-click exploit - you go to a malicious website and immediately have your crypto logins, location, camera roll, and other stuff siphoned off to China or Russia (depending on which type you get exploited by). Now, as we've established, this is a full kit of exploits for a variety of versions starting with 13.0, and the kit is ultimately able to accomplish a one-click up to/including 16.7.4 (EoL) and 17.2.1 for all devices. Because of that, all the bugs that would be needed for a WebKit-based jailbreak for 13.0-16.7.4/17.0-17.2.1 are present. Now, of course, that would require someone to put in the effort to exploit all of these bugs in a WebKit environment, but the option for someone to do that still exists. Additionally, for those on TrollStore versions (14.0b2-16.6.1/16.7 RC (20H18)/17.0): As it would be possible to achieve a WebKit-based jailbreak, that also inherently means a WebKit-based TrollStore installer would also be viable. (Note: If one did happen, it would obsolete almost every other method except for TrollHelperOTA (as that doesn't exploit a WebKit bug or kernel bug at all)).