From 6a4c67c430335fe7b9ba4fe569245b32b848cf7e Mon Sep 17 00:00:00 2001 From: Alfie CG <63724031+alfiecg24@users.noreply.github.com> Date: Fri, 1 Dec 2023 19:55:01 +0000 Subject: [PATCH] Update README.md to reflect version 2.0 --- README.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 45f6f10..d176668 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ TrollStore is a permasigned jailed app that can permanently install any IPA you open in it. -It works because of an AMFI/CoreTrust bug where iOS does not verify whether or not a root certificate used to sign a binary is legit. +It works because of an AMFI/CoreTrust bug where iOS does not correctly verify code signatures of binaries in which there are multiple signers. Supported versions: 14.0 - 16.6.1, 17.0 @@ -100,7 +100,7 @@ When your app is not sandboxed, you can spawn other binaries using posix_spawn, You can also add your own binaries into your app bundle. -Afterwards you can use the [spawnRoot function in TSUtil.m](./Shared/TSUtil.m#L77) to spawn the binary as root. +Afterwards you can use the [spawnRoot function in TSUtil.m](./Shared/TSUtil.m#L79) to spawn the binary as root. ### Things that are not possible using TrollStore @@ -110,8 +110,12 @@ Afterwards you can use the [spawnRoot function in TSUtil.m](./Shared/TSUtil.m#L7 ## Credits and Further Reading -[@LinusHenze](https://twitter.com/LinusHenze/) - Found the CoreTrust bug that allows TrollStore to work. +[@alfiecg_dev](https://twitter.com/alfiecg_dev/) - Found the CoreTrust bug that allows TrollStore to work through patchdiffing and worked on automating the bypass. + +Google Threat Analysis Group - Found the CoreTrust bug as part of an in-the-wild spyware chain and reported it to Apple. + +[@LinusHenze](https://twitter.com/LinusHenze) - Found the installd bypass used to install TrollStore on iOS 14-15.4.1 via TrollHelperOTA, as well as the original CoreTrust bug used in TrollStore 1.0. [Fugu15 Presentation](https://youtu.be/rPTifU1lG7Q) -[Write-Up on the CoreTrust bug with more information](https://worthdoingbadly.com/coretrust/). +[Write-Up on the first CoreTrust bug with more information](https://worthdoingbadly.com/coretrust/).