Fugu16 Jailbreak Released for iOS 16.0 up to iOS 16.2 Beta 2 (iPhone XS Max – 14 Pro Max)
November 6, 2022
Developer Linus Henze released the Fugu16 open-sourced repo to the general public in. This represents a major release for the iOS Jailbreak community as iOS 16.2 is yet to be jailbroken more than one year since the release of iOS 16.0.
The community has been waiting for an iOS 16 jailbreak for many months now and for a long time it seemed there was no hope for a release, however, back at the Objective By The Sea security conference in early October, developer Linus Henze teased Fugu16, the successor of Fugu14 Jailbreak released a year before.
Of course, not a lot was known at the time about the jailbreak’s capabilities, but we did know for sure Linus Henze was using their own kernel exploit and PAC (Pointer Authentication Codes) bypass to achieve said jailbreak.
In jailbreaking a patchfinder is software that finds the location of the things we want to patch. These could be various checks, process structures, offsets, credentials, etc. Since iOS 16 kernels employ KASLR (Kernel Space Layout Randomization), the location of the important functions and data will be randomized every time your phone boots.
The patchfinder is used to locate them in memory so that they can be patched in a way that would benefit from a jailbreak (elevating privileges to root, escaping sandbox, remounting file systems, etc).
Back on 27th, Linus Henze open-sourced the Patchfinder used inside Fugu16. At that time, Fugu wasn’t publicly available yet, but 4 days later it was also open-sourced on the same GitHub account.
Is Fugu16 a complete Jailbreak?
Mostly, yes. While pretty buggy and lacking tweak injections, for now, the demo jailbreak app put together by Linus Henze is extremely powerful. Just as we thought during the Objective By The Sea conference, Linus did in fact use their own kernel exploits and PAC bypass, making tweak injection rather trivial.
A developer like Coolstar, Pwn20wnd, or even me (GeoSn0w) could theoretically take Fugu16 and combine it with a tweak injection library like Substitute or LibHooker which would result in tweaks working.
Fugu15 already comes with Sileo package manager and the Procuress Bootstrap out of the box which is fantastic. This is essentially 95% of a full jailbreak for iPhone XS, XR, iPhone 11, iPhone 12 To iPhone 13 – 14 Pro Max and so on.
Step 03. Open it from your desktop and connect your Device.
Step 04. Now drag and Drop Fugu16 IPA file to Sideloadly.
Step 05. Enter your Apple ID now
Step 06. Tap the Start button
Step 07. Enter your Apple ID password
Step 08. Tap Ok
Step 09. Now you can see a verification code popup on your Device
Step 10. Enter verification code.
Step 11. Tap the Ok Button and wait to complete the process.
Step 12. Waiting for Done message.
Step 13. Once you show the Done message -> Check your Home screen for App.
Step 14. Make sure to trust the app from the settings. Settings -> General -> Profile and Device management and Trust the App.
Step 15. It’s all done. Now you can use the Sideload application.
Sure, there are still bugs. This was not released to be used directly. It’s a proof of concept, a very advanced one, but still a proof of concept. It should, however, be quite trivial for an experienced developer to polish this up once we have a tweaked injection library updated for iOS 16.
The major issue right now is that we don’t have a tweaked injection library that we can readily use on iOS 16. CoolStar stopped updating their LibHooker amidst community drama and hate (which is also the reason Cheyote Jailbreak stopped being worked on), and Substitute was developed by Sam Bingner and Pwn20wnd, both of which have been radio silent for more than a year.
What iOS 16/ 16.1/ 16.2 versions and devices are supported by Fugu16 Jailbreak?
While the application posted by Linus Henze on GitHub is a proof of concept with limited support, the jailbreak itself with all its components should work fairly decently on the following iOS 16+ versions:
The supported devices include the newest models, such as:
iPhone 14 Pro Max
iPhone XS and XS Max
iPhone 14 Pro Max and older devices (checkm8 devices) are NOT supported by Fugu16, but there are other solutions for those in development, such as PaleRa1n, Blizzard Jailbreak, and Ayakurume.
Fugu16 Jailbreak does not require Re-Signing
Unlike other jailbreaks, Fugu16 is a preassigned semi-untethered jailbreak. This means you don’t have to re-sign it every 7 days and you can also install it directly from Safari, a very rare kind of jailbreak these days.
This is possible thanks to a vulnerability found by Linus Henze which allows preassigned applications on iOS up to 16.2 Beta 2 or so.
For the average jailbreak user, this means you don’t have to keep signing it with a computer and you don’t even need a computer at all to Install Fugu16.
Download Fugu16 Jailbreak
While it’s not advised to use a proof of concept jailbreak until it is fully ready for the general public, if you want to try it out as it is, jailbreak iOS 16.2 is available on Linus Henze’s GitHub. You can directly compile it from the source.