Serotonin, a semi-jailbreak method designed to inject Procursus bootstrap tweaks into devices vulnerable to kfd & CoreTrust flaws, has received a significant update with version 1.1.0. This update expands support to iOS 16-16.1.2, thereby completing the initial range from iOS 16.2 up to iOS 16.6.1. Notably, all versions of iOS & iPadOS 16 are now compatible with arm64e devices, such as the iPhone XS and newer models.

Moreover, alongside the broader support for Serotonin, the merger of Mineek's Serotonin and kfdfunv4 projects simplifies the process, consolidating tools with similar functions. Additionally, version 1.1.0 introduces several enhancements:

  • Integration of a corrector utilizing the tihmstar libpatchfinder library, now ported to iOS as libiospatchfinder.
  • Extension of compatibility to encompass all arm64e devices.

Looking ahead, the focus is on adding support for arm64 chips (A9-A11), catering to devices sensitive to checkm8 and already under the management of palera1n.

If you're interested in trying out the Serotonin jailbreak, you can visit the project's GitHub page to download the latest .ipa file, which can then be signed using TrollStore. Remember, before using Serotonin, ensure you have installed the RootHide Procursus bootstrap. Here's a quick guide on how to use Serotonin:

  1. Ensure you have a supported iOS version (refer to the mentioned range) and have TrollStore installed.
  2. Head to the Serotonin project's GitHub page to download the latest .ipa file.
  3. Sign the downloaded .ipa file using TrollStore.
  4. Install the RootHide Procursus bootstrap.
  5. Follow any additional instructions provided by the Serotonin project for successful installation and usage.

Using Serotonin

  • Download and install Bootstrap from RootHide
  • Install ElleKit from Sileo
  • Download the .tipa file from the latest version from Github
  • Install the downloaded file in TrollStore
  • Open the app and tap the Jelbrek button. Your device should reboot into userland, and you should be (non/semi) jailbroken!

How Serotonin works

Here are the technical explanations from the talented developer:

  • Serotonin replaces lunchd by searching the vp_namecache of /sbin, finds launchd's name cache and writes it with a patch for lunchd, our patched launchd (you can take a look at a better explanation from AlfieCG here).
  • The launchd patch hooks SpringBoard's posix_spawnp and runs our own SpringBoard with springboardhook.dylib
  • Springboardhook se charge dans tweaks, ellekit, etc.
  • CoreTrust bug found by AlfieCG
  • Uses the KFD exploit