Fugu: An early concept open source jailbreak project based on checkm8

Checkra1n has long enjoyed its prestigious status of being the first and only jailbreak tool to take advantage of the checkm8 bootrom exploit, but could that change in the near future?

A curious new posting shared just this evening on /r/jailbreak appears to detail a new jailbreak tool dubbed Fugu that is being dubbed the “first open-source jailbreak tool based on the checkm8 exploit” by its creator Linus Henze. This eye-popping development certainly grabbed our attention, but a closer look at the project’s GitHub page reveals the fine print:

This jailbreak is currently in development and only meant to be used by developers. While it is possible to install Sileo (or Cydia), most stuff installed through them won’t work. Additionally, although the root filesystem is mounted read/write, rebooting into non-jailbroken mode will reset the root filesystem back to stock!

From what we can gather, Fugu appears to be a playground for developers who want to mess around with a read/write filesystem. Package managers like Cydia and Sileo can be installed on Fugu, as can SSH, but most jailbreak tweaks and extensions installed from these package managers won’t work. We assume this has something to do with the lack of official tweak injection on this jailbreak – A.K.A. Cydia Substrate or Substitute.

As you might’ve noticed, the text also reads that rebooting a device pwned with Fugu will reset its root filesystem back to a stock state. We haven’t tested Fugu to confirm, but this sounds particularly different than the behavior of checkra1n, which maintains your jailbreak extensions albeit in a dormant form until the handset is re-jailbroken with the tool again.

Another substantial caveat at the time of this writing is that Fugu only officially supports the 2017 iPad Pro. Henze also claims that the iPhone 7 should purportedly be supported, but that it’s entirely untested. It remains to be seen if support for other devices will be added in the future.

According to the GitHub page, Fugu incorporates four primary components, including:

– Fugu: The macOS Application that exploits your iDevice using checkm8 and uploads iStrap, iStrap loader and iDownload.
– iStrap loader: Small shellcode that patches iBoot and loads iStrap after iBoot is done.
– iStrap: The kernel bootstrapper. This is what you see on your iDevice during boot. Patches the kernel, injects boot arguments (if needed) and injects shellcode into the kernel.
– iDownload: Small application running on your iDevice. Will be installed during boot and launched instead of launchd. Forks itself and runs launchd. The forked copy will listen on Port 1337 (only on 127.0.0.1, use iproxy to connect) and provide a simple bash-like interface.

For those interested, here’s a demonstration from the developer depicting the Sileo package manager running on the Fugu jailbreak:

Fugu can be deployed on a compatible iOS device via Xcode, which apparently means that the tool is macOS-only as of now. Obviously, this jailbreak isn’t anywhere near as far along as checkra1n, so we wouldn’t recommend that everyday jailbreakers even think of using it. That said, this standpoint could change in the future should the tool mature.

As of now, those hoping to jailbreak a checkm8-compatible device for the enjoyment of installing jailbreak tweaks and extensions will want to continue using checkra1n.

Are you excited about Fugu and what it might turn into going forward? Discuss in the comments.