Haxx - Untethered + Unsandboxed Code Execution Haxx As Root On iOS 14 - iOS 14.8.1

Untethered + Unsandboxed code execution haxx as root on iOS 14 - iOS 14.8.1.

Based on CoreTrustDemo, also please note that certificates are not copyrightable.

Usage

Note: requires macOS + existing jailbreak

Get up and running

On your mac import dev_certificate.p12 into the keychain, and the password is password. Modify haxx.c to include your own code (if you need it). Run make to build On the device, Copy /System/Library/PrivateFrameworks/CoreAnalytics.framework/Support/analyticsd to /System/Library/PrivateFrameworks/CoreAnalytics.framework/Support/analyticsd.back Then replace /System/Library/PrivateFrameworks/CoreAnalytics.framework/Support/analyticsd with /usr/bin/fileproviderctl Create the /private/var/haxx directory, mode should be 0777 Copy fileproviderctl_internal and haxx generated from the build to /usr/local/bin on the device, mode should be 0755. Profit.

Fixing fileproviderctl

After doing the above steps, fileproviderctl will be broken, to fix it do the following steps

Grab a copy of /usr/bin/fileproviderctl on your device to your mac Patch the binary with GNU sed: gsed -i 's|/usr/local/bin/fileproviderctl_internal|/usr/local/bin/fileproviderctl_XXXXXXXX|g' fileproviderctl Resign it: codesign -s "Worth Doing Badly iPhone OS Application Signing" --preserve-metadata=entitlements --force fileproviderctl Put the fixed binary back onto your device.

Removal

To remove the installation, do the following steps

Copy /System/Library/PrivateFrameworks/CoreAnalytics.framework/Support/analyticsd to /usr/bin/fileproviderctl Move /System/Library/PrivateFrameworks/CoreAnalytics.framework/Support/analyticsd.back to /System/Library/PrivateFrameworks/CoreAnalytics.framework/Support/analyticsd Delete /var/haxx, /usr/local/bin/fileproviderctl_internal as well as /usr/local/bin/haxx