There’s been a lot of talk recently about trying to bring tweak injection to non-jailbroken devices with nothing more than TrollStore, and thus far, all tweak injection has been limited to apps and very little else.
But some good news came today by way of iOS developer @eveiyneee, the lead developer of the ElleKit tweak injection method used by the Dopamine jailbreak, who shared an interesting demo via X (formerly Twitter) on Thursday.
The demo video appears to show ElleKit being used for tweak injection on SpringBoard, well outside the bounds of ordinary apps, on a non-jailbroken device using only the kfd and CoreTrust exploits.
This effectively means it’s possible for kfd-supported devices running iOS & iPadOS 16.0-16.5 & 16.6 beta 1 that have TrollStore 2 installed on them to use tweak injection systemwide.
According to @eveiynee, the technique used to get this working was provided by security researcher Zhuowei Zang.
Follow-up Tweets suggest that @eveiyneee is interested in continuing development on this, and perhaps even releasing publicly. However, it would require a bootstrap for the iOS & iPadOS versions that it would run on:
What’s more is @eveiyneee doesn’t plan to work very seriously on this project until after the iOS & iPadOS 17.0 kernel exploit drops from Google Project Zero, so it’ll be a while longer before anything hardcore comes to fruition.
So why is all this exciting? The primary reason is that there isn’t a jailbreak on iOS or iPadOS 16 or 17 yet, which makes the experience somewhat dull compared to a jailbroken device. When you add tweak injection to the mix, a TrollStore device can feel more like a jailbroken device, even without a jailbreak.
With all the recent developments, it will be interesting to see what materializes from this work. After all, it would be nice to install tweaks that modify system behavior on a modern version of iOS again.