Saurik Working With Devs From Past Jailbreaks On New iOS 11 Jailbreak With Fully Working Cydia And Substrate

Jay Freeman, also-known-as saurik, the founder of Cydia and so-called “godfather of jailbreaking,” has posted a number of lengthy replies in his own defense in light of recent criticism about Cydia and himself, and also confirmed that he is working with developers from previous jailbreak releases (all whom he loved) in order to “make stuff work” on iOS 11.

Given the current excitement and enthusiasm in the jailbreak community thanks to the release of the h3lix jailbreak for 32-bit devices running iOS 10.3.3, and the LiberiOS for iOS 11.1.2 as well as to.panga, you could be forgiven that everyone would be in a jubilant mood.

However, saurik, as the general maintainer of Cydia, has come in for a fair bit of criticism by some individuals in the community for the lack of Cydia support on the modern firmware. People have also complained of their belief that Cydia isn’t open-source, which makes it very difficult for anyone other than saurik himself to implement fixes. Freeman has hit back suggesting that there is a lot of “trolling” going on:

So, a few people have asked “wouldn’t it be cool if Cydia were open source, so people could just fix things?”. Cydia Installer (which is what this pissy readme file is about, not Substrate) is open source, so any time you see someone complaining about Cydia who isn’t also providing patches to fix the the things they don’t like, they are probably just enjoying trolling.

I mean, these aren’t even real complaints… “too big, complex, and old for what it does” due to cydo? This doesn’t even make sense. Cydia clearly should run as mobile (for numerous security reasons; it having used to be running as root was a problem) and it also clearly needs to install things as root; that’s why you have to have an indirection like cydo to escalate from mobile to root.

The alternative would be a daemon, and that’s likely going to work even more poorly with this not-really pseudo-jailbreak due to random sandbox issues in getting everything communicating and bootstrapped correctly, and in any case having two communicating systems like that is more moving parts than what Cydia currently has and so would be bigger and more complex.

Jay Freeman saurik has also expressed concerns at the sheer idea of an iOS 11 “jailbreak” built on top of “an off-the-shelf exploit.” Which, of course, references the iOS 11.1.2 tfp0 exploit released by Google’s Ian Beer:

What is going on right now is simply that the entire concept of an iOS 11 “jailbreak” is an incredibly sketchy house of cards, and the people who are assembling it (using an off-the-shelf exploit from Ian Beer, so like… I have no reliance on them: I can release my own jailbreak) all hate me and hate Cydia and are just taking every single opportunity to poke at me and make my life more annoying.

After getting those issues off his chest, Freeman then continues to confirm that he has actually been working with a number of individuals who have been involved in the creation and release of historical jailbreaks in order to make stuff work where iOS is concerned. He stopped before naming those individuals but has clarified that he wants everything to be robust and solid before a release, suggesting that he wants it “to work every single time in every single situation.”

FWIW, I’ve been working with some of the people from past jailbreaks (the people who actually exploit things and like me) on the more interesting parts of making stuff work on iOS 11 (though need to verify with them whether they want to be called out by name), and am trying to make sure that everything is 100% solid: I want it to work every single time in every single situation.

To make this all work the way I need, I’ve built up some pretty cool stuff, such as MSHookRemote: a reasonably generalized version of “I am in one process and I need to modify the behavior of another process”. The new version of Substrate even has some “super powers”, such as being able to easily inject extensions into binaries marked as setuid or setgid (a classic limitation).

However, maintaining this stuff also isn’t my full-time gig anymore. To pay for everything, I had to take a job working on something that I’ve found really draining (due to the crazy internal people dynamics that are involved), and so I no longer can just randomly pull magic rabbits out of my ass on a moments notice; I also haven’t had time to “prepare” much for dropping 32-bit.

That said, essentially no one ever used the iOS 10 jailbreak until we had had multiple windows for people to install it, and way way way fewer people are going to be using whatever this weird solution we have is for iOS 11 due to numerous reasons. I thereby do not feel like I’m in some incredible rush here that requires me to compromise on anything, even “work with these people at all”.

The fact that Freeman now actually has a paying job rather than working full-time on Cydia and its underlying architecture suggests that the jailbreak landscape has changed substantially in last few years. With that said, it’s still extremely positive to know that he is still involved and looking for robust solutions for the betterment of the community.

He also touched on personal attacks that he has had to go through, and these were not just by some random jailbreak users, but rather by some of the prominent jailbreak developers of recent times themselves, and all of this is kind of a shocker, but still well worth a read:

The iOS 10 jailbreak was unstable as all hell, but it was a complete jailbreak in the way that we have classically appreciated the term. As it stands, this is not, and it isn’t clear that being a complete jailbreak is or even can be a target at this time. What we have is a single exploit to get us read/write access to data in the kernel, which was weaponized and provided as open source by an engineer at Google. We are thereby in the land of increasingly unfortunate compromises. I have been surprised at how far some of the jailbreakers I’ve been working with have managed to take this, but the people assembling this in the community have actively said they are not going to go to those lengths to make things work. We will see where things end up.

He continues:

I’m actually allocating a bunch of time towards Substrate updates (which may or may not have anything to do with what people keep calling “KPPless”, as that’s really a spectrum; some of the jailbreaks I’ve been testing Substrate on go much further than these ones do).

I also essentially have a guarantee out to the old jailbreakers (all of whom I loved) “if you need me to port Substrate to iOS 11, give me SSH access to a device and I’ll do it”, and I’ve had two requests for that in the past month or two (though in one case no jailbreak was involved ;P).

What really makes me lackluster about spending too much time on all of this is 1) seeing stuff about normal binaries not really working (there’s a 2-3 second delay to “inject” cydo”), 2) that these solutions are being put together by people who hate me, and 3) that I am pretty sure that the result isn’t really going to get used by anyone anyway.

I kind of wish I had declared publicly during the iOS 10 jailbreak cycle that I was done with this (as that was just too much: it pushed me well past my breaking point and shifting my life back towards doing this jailbreak stuff in January of 2016 was one of the worst mistakes I’ve ever made), but given that I could see the cracks forming in the major repositories and saw that the developer community was falling apart, I figured that everything would just naturally die around now… but now there’s all this broken hope surrounding an iOS 11 jailbreak. sigh

There is actually a possibility that I will be providing some kind of compromise solution (such as “here is the new Substrate for iOS 11 and an updated build of Eraser, but I’m retiring everything else”) instead of bothering with a complete port of everything, but that would feel a lot better if I was handing this off to different people, and it turns out that the public tools people are using are even worse compromises than the ones I’ve been testing my stuff against (which makes me feel like I should spend some time to fix those parts).

And then this:

Here is my goto example of how much working on this stuff really really sucks:

This was seriously a song about how they wanted to kill me and r*pe Britta, and no matter how many times I complained about it, Luca simply found the whole damned thing hilarious (even as recently as July at DEFCON, when I finally decided to just write off a bunch of the people in the jailbreak community who were perfectly willing to sit around at lunch and hang out with jk as if he was totally normal).

(This was also part of the backstory on how deranged it was for them to make the jailbreak into a “mixtape”, as it was the same people who worked on this totally not-OK jailbreak song.)

God. I had forgotten how annoying and demotivating this all is. Like, if this was just some random users, it would be one thing, but that it is the same damned people that everyone is like “saurik would you please work with X and Y to improve the jailbreak” just makes it so horribly broken.

Like, coolstar claims (in private, just to me) that his voice was used without permission in that track, but coolstar also has never publicly condemned it, nor has he ever asked for it to be removed or made an issue about it with any of the people who did it; and he continued to work with them on various projects (many of which explicitly had a goal of “stick it to saurik”, so it is clear where his interests lie).

…and then I ask someone a couple days ago what I need to download to get the best version of what people are using in the public to do stuff on iOS 11, and it is from and I’m just like “nope. what is my next option”. There is this clique of people who hate me and take enjoyment out of trolling me, and I just don’t want to work with them.

I am so sick of people saying “dude, get over your pride, stop calling people out for their bullshit, and just work with people already”, as if my only priority in life should be to get them their damned jailbreak ASAP, no matter what moral boundaries I have to personally cross or how much trauma I and the people I care about have to accept to make it happen.

In addition to the BS that gets posted publicly, people have thought it was funny to prank call Britta and I, to creepily talk about how they are stalking Britta or have figured out where she lives, or to perpetuate lame “in jokes” at our expense. (edit: This was various people. Some read this to mean “this is all Luca”, due to the next paragraph, but I am talking about this entire class of people in this position. That said, many of these people hang out together, work together, and even have coordinated these actions with each other. But I am definitely not attributing everything to one person, and especially not all to Luca.)

As one example, when I complained about the “BRITTA ROLL UP” meme last year, which Luca chose to include in a demo video for his jailbreak, Luca seriously responded:

“griefed her until she figured out something less stressful to do with her life” -> the whole britta roll up thing happened years before she resigned, and was used for the 1st time since then on that video’s description on request from someone who contributed in my jailbreak. i could also argue that “britta roll up” and “instilling fear and griefed her” are on two completely different levels.
People just don’t realize that once you get to the point where someone is being abusive, that it is all of the little things that become the really troubling part of the abuse: all of the stuff that they can claim don’t matter because “how can you claim this is a problem; this is like, three words attached to a video”, because only you and the person perpetuating the abuse know the full context, or even simply the sheer weight of accumulated horrible things.

The idea that “someone who contributed to my jailbreak requested that I put this in the video’s description, so clearly I’m going to do it no matter how it affects other people” is just such a shitty position for someone to take… it is the kind of thing that makes me want to just say “I’m not going to work with or even talk to this person ever again”… but then I’m essentially forced to by how this community is structured, with a ton of people demanding that I put aside my differences and tolerate it, as clearly I’m the person in the wrong for using harsh words about it… sigh.

Jonathan Levin, the creator of LiberiOS, has supposedly contacted saurik a number of times regarding Cydia and Substrate support on iOS 11, saurik though has chosen not to respond. While I don’t know for sure why saurik hasn’t replied yet, it could be that since Levin isn’t a fan of Cydia in general, and saurik being pissed off due to aforementioned events, it’s likely that all of this has prompted him to start work on Cydia for iOS 11 with his friends from jailbreak scene of yesteryears.

Jailbreak scene has seen a lot of dramas over the last ten years, but this one seems to be on another level. Lets just hope saurik is able to work with his favorite bunch again and bring us Cydia and Substrate on iOS 11 sooner rather than later.

Update: After this post was published, Jonathan Levin was kind enough to provide us the following statement to clarify his take on Cydia, and the effort he has put in to reach out to saurik in order to include working Cydia in LiberiOS jailbreak:

The issue I (and others) have with Cydia is that it entirely dominates the i-Device filesystem, making some changes which are hard – if not impossible to reverse. The “stashing” for example, which originally moved built-in applications from the low space system partition to the data partition, had a nasty side effect of bricking the devices as soon as the devices were reset to factory defaults (owing to formatting of the data partition and thus the sudden disappearance of built-in apps). Although this behavior was partially rectified in later versions, the default behavior was never changed. Additionally, the packaging system of Cydia makes it possible to override built-in binaries, which – again – would result in bricking the device.

Despite said observations, I reached out to saurik, as getting Cydia running is the easy part – but providing the injection capabilities requires tight collaboration between the user mode components (which saurik would provide) to those in kernel (which any jailbreak has to enable). Any “hatred” aside, the greater good for the jailbreaking enthusiasts merits that such an injection framework – whether saurik’s or otherwise – should exists, to promote the tweaking and modding of iOS.

You may also like to check out:

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the Web.