The Serotonin semi-jailbreak, one of the methods of injecting tweaks for the Procursus bootstrap for devices vulnerable to kfd & CoreTrust flaws, has received a major update. Numbered 1.1.0, this version supports iOS 16-16.1.2, completing the initial support which was iOS 16.2 up to iOS 16.6.1. All versions of iOS & iPadOS 16 are now supported on arm64e devices, i.e. iPhone XS and above.
Serotonin Update
Besides the wider support for Serotonin, it’s also worth noting that Mineek’s Serotonin and kfdfunv4 projects have merged into one, making it easier for both tools to do the same thing.
But that’s not all, because version 1.1.0 of Serotonin also includes:
- Added a patcher using the tihmstar libpatchfinder library ported to iOS, libiospatchfinder.
- Extended compatibility to all arm64e devices.
The next step is to add support for arm64 chips (A9-A11, or devices sensitive to checkm8 and therefore already managed by palera1n).
New Update!?
Serotonin semi-jailbreak v1.1.0 for #TrollStore2 Users!
Download: https://t.co/evWluWoeio
SpringBoard tweak injection support iOS/iPadOS 16.0 – 16.6.1
?#Follow for ongoing #TrollStore2 updates!#Serotonin #jailbreak #iOS15 #iOS16 #iPhone #tweaks pic.twitter.com/Vp3UQE5w87
— TrollStore 2 (@TrollStore2App) January 9, 2024
If you want to try the Serotonin jailbreak, you can head over to the project’s GitHub page where the latest .tipa file can be downloaded and signed with TrollStore. Remember that you need to install the RootHide Procursus bootstrap first. Everything is listed below.
How to use Serotonin?
To use Serotonin you must have a supported version (mentioned above) and have TrollStore installed.
Please note that this tool does not support iOS 17.0, although it is equipped with TrollStore.
- Download and install Bootstrap from RootHide
- Install ElleKit from Sileo
- Download the .tipa file of the latest version of Github
- Install the downloaded file in TrollStore
- Open the app and tap the Jelbrek button. Your device should reboot into userspace, and you should be (non/semi)jailbroken!
How does Serotonin work?
Here are the technical explanations from the talented developer:
- Serotonin replaces launchd by searching the vp_namecache of /sbin, finds the launchd name cache and writes it with a patch for lunchd, our patched launchd (you can take a look at a better explanation from AlfieCG here).
- The launchd patch hooks SpringBoard’s posix_spawnp and runs our own SpringBoard with springboardhook.dylib
- Springboardhook loads in tweaks, ellekit, etc.
- CoreTrust bug found by AlfieCG
- Use the exploit KFD