building p0sixspwn on Catalina

Finally got around to the writeup I promised on my Reddit post.

steps

This should work on any modern macOS with Xcode installed.

downloads

I was successful using these particular releases. Newer versions may work as well.

• Autoconf
• Automake
• libtool
• pkg-config
• OpenSSL
• libplist
• libusbmuxd
• libimobiledevice
• CMake
• libzip
• wxWidgets
• p0sixspwn

setup

Make a temporary prefix:
mkdir Root root=$PWD/Root PATH+=:$root/bin

Make the final output folder:
mkdir Final final=$PWD/Final

build dependencies

For Autoconf, Automake, libtool, and CMake, unzip the archives and run these commands in the resulting folder.
./configure --prefix=$root make make install

For pkg-config:
./configure --with-internal-glib --prefix=$root make make install

OpenSSL:
./configure darwin64-x86_64-cc --prefix=$root make make install

libplist, libusbmuxd, and libimobiledevice:
./autogen.sh --prefix=$root make make install

libzip:
cmake -DCMAKE_INSTALL_PREFIX=$root . make make install

wxWidgets:
./configure --enable-monolithic --with-cocoa --enable-compat28 --prefix=$root make make install mv $root/include/wx-3.1/wx $root/include mv $root/lib/wx/include/osx_cocoa-unicode-3.1/wx/setup.h $root/include/wx

patch p0sixspwn build files

Unzip and cd to the p0sixspwn folder.
Delete the outdated include and staticlibs folders.

Open configure.ac in a text editor.
Remove all -arch i386 compiler flags.
Remove all hardcoded references to libraries in LIBDIR and LIBSDIR.
Remove -framework QuickTime.

fix missing symbols

Edit src/jailbreak.c.

Remove the AMDAddLogFileDescriptor() call.

Find the send_message() declaration and implement it with the following:
CFDataRef data=CFPropertyListCreateXMLData(NULL,plist); uint32_t size=CFDataGetLength(data); uint32_t sizeSwapped=swap32(size); send(socket,&sizeSwapped,4,0); send(socket,CFDataGetBytePtr(data),size,0);

Implement receive_message():
uint32_t sizeSwapped; int sizeMessageSize=recv(socket,&sizeSwapped,4,0); if(sizeMessageSize==4) { uint32_t size=swap32(sizeSwapped); void* buffer=malloc(size); recv(socket,buffer,size,0); CFDataRef data=CFDataCreateWithBytesNoCopy(NULL,buffer,size,NULL); return CFPropertyListCreateFromXMLData(NULL,data,0,0); }

(The above two functions are based on a reverse-engineered MobileDevice.framework from OS X Lion.)

Edit gui/JailbreakWorker.cpp.
Remove the userpref_remove_device_public_key() call.

fix window refresh

Edit gui/JailbreakMainWindow.cpp.

Add at the top:
void JailbreakMainWindow::windowRefreshHack(wxIdleEvent& event) { Refresh(); }

Add to the end of JailbreakMainWindow::JailbreakMainWindow():
Connect(wxID_ANY,wxEVT_IDLE,wxIdleEventHandler(JailbreakMainWindow::windowRefreshHack));

Edit gui/JailbreakMainWindow.h.
Add void windowRefreshHack(wxIdleEvent& event); at the end of the public section.

build p0sixspwn

chmod +x autogen.sh CFLAGS="-Wno-return-type" LDFLAGS="-F/Library/Apple/System/Library/PrivateFrameworks -L$root/lib -lwx_osx_cocoau-3.1 -limobiledevice -lplist" ./autogen.sh make

make the standalone package

cp gui/pris0nbarake $final cp -R payload $final cp $root/lib/libwx_osx_cocoau-3.1.dylib $final cp $root/lib/libimobiledevice.6.dylib $final cp $root/lib/libssl.1.0.0.dylib $final cp $root/lib/libcrypto.1.0.0.dylib $final cp $root/lib/libusbmuxd.6.dylib $final cp $root/lib/libplist.3.dylib $final

Create a launcher script in Final:
#!/bin/bash cd "$(dirname "$0")" export DYLD_LIBRARY_PATH="$PWD" ./pris0nbarake

The Root folder can now be safely deleted.

iOS 6.1.6 support

Unlike official builds, the repository was never updated to support iOS 6.1.6, but I found a workaround with the help of /u/DonRedditor and /u/D34DBre4kr. Use at your own risk.

disable version check

Change the verify_product() function in src/jailbreak.c to always return 0.

update untether payload

Fetch the latest deb from Saurik's Cydia repository. This supports iOS 6.1.6 and fixes 3G/iMessage issues.

Replace payload/common/install.deb and rebuild p0sixspwn.

update untether payload (old method)

Copy payload/common/install.deb from the p0sixspwn source. Download winocm's p0sixspwn_lite and copy the contents of p0sixspwn.tproj/Root/Library/Helpers/.

Run the following commands to swap new files into the package.
dpkg-deb -R install.deb Extracted cp dirhelper Extracted/usr/libexec/ cp _.dylib untether Extracted/var/untether/ dpkg-deb -b Extracted/ Fixed.deb