I think my test device was on 12.1 and it worked fine. Not sure about 12.0.1 but I don't have time to find a fix... Good luck!

Just jailbroken on iOS 12.0.1 but when activated, all applications [apart from settings] crash. Would really like for this to work as I've followed all the instructions and am not sure as to why this is happening.

• iPhone XS Max [iOS 12.0.1]

Hi, left me ask some question about this, i dont try yet because this version is very unstabill, Settings App is working fine for your version per example you can see the traffic of Apple Services i mean from Settings App is only that i need to know, thank you

Also not working on 12.1.1 using Chimera + Sileo + Substitute + Substrate Compatibility Layer.

Crashes into Safe Mode until uninstalled. Syslog not super helpful...

default	19:55:54.635558 +0200	SpringBoard	Injecting /Library/TweakInject/SSLKillSwitch2.dylib
default	19:55:54.637374 +0200	SpringBoard	=== SSL Kill Switch 2: Preference set to 1.
default	19:55:54.637469 +0200	SpringBoard	=== SSL Kill Switch 2: Substrate hook enabled.
default	19:55:54.637646 +0200	SpringBoard	=== SSL Kill Switch 2: iOS 12 detected; hooking SSL_CTX_set_custom_verify() and SSL_get_psk_identity()...
default	19:55:54.657543 +0200	ReportCrash	TweakInject: Loading for binary ReportCrash
default	19:55:54.662192 +0200	ReportCrash	Injecting /Library/TweakInject/RocketBootstrap.dylib
default	19:55:54.662976 +0200	ReportCrash	Trying to create CR directory structure as root
default	19:55:54.668126 +0200	ReportCrash	cr_update: Parsing corpse data for pid 519
default	19:55:54.668181 +0200	ReportCrash	cr_update: Parsing corpse data for process SpringBoard [pid 519]
default	19:55:54.711263 +0200	ReportCrash	__crash_info: [libsystem_c.dylib] 'abort() called'
default	19:55:54.793957 +0200	ReportCrash	Formulating report for corpse[519] SpringBoard
default	19:55:54.796226 +0200	ReportCrash	notify_register_check() failed with error 1000000
default	19:55:54.811379 +0200	ReportCrash	CCMonitor created
default	19:55:54.811603 +0200	CommCenter	#I New CTServerConnection from pid 520 (conn=0x10f0249c0)
default	19:55:54.811694 +0200	CommCenter	#I  -- connection has entitlements: supported=[spi]
default	19:55:54.811871 +0200	CommCenter	#I CTServerConnection from pid 520[ReportCrash] is named 'com.apple.mobilegestalt'.
default	19:55:54.811984 +0200	ReportCrash	libMobileGestalt MGBasebandSupport.c:54: _CTServerConnectionCopyFirmwareVersion: CommCenter error: 1:45 (Operation not supported)
default	19:55:54.812030 +0200	ReportCrash	_CTServerConnectionCopyFirmwareVersion: CommCenter error: 1:45 (Operation not supported)
default	19:55:54.812183 +0200	CommCenter	#I CTServerConnection from pid 520 has closed (conn=0x10f0249c0)
default	19:55:54.825664 +0200	ReportCrash	Saved type '109(109_SpringBoard)' report (5 of max 25) at /var/mobile/Library/Logs/CrashReporter/SpringBoard-2019-07-16-195554.ips
default	19:55:55.318122 +0200	backboardd	             EventStatistics.m:48  :     232.08950:  Info: 3 Digitizer since     230.41501 (Tue Jul 16 19:55:53 2019)
default	19:55:55.420031 +0200	imagent	Client token: IMDaemonWiFiAssertion being removed from WiFi association clients ((null))
default	19:55:57.623958 +0200	wifid	WiFi:[584992557.623693]: __WiFiDeviceManagerLQMEventCallback: null snrNumRef
default	19:55:57.626028 +0200	symptomsd	L2 Metrics on ifname en0: rssi: -61 (txFrames/txReTx/txFail) 0/0/0 -> (was/is) 0/0
default	19:55:58.099040 +0200	UserEventAgent	determinePoSMThreshold, enabled:0 0 1 1
default	19:55:58.099228 +0200	UserEventAgent	determinePoSMThreshold, changed:0 0 0 0
default	19:55:58.099496 +0200	UserEventAgent	determinePoSMThreshold, cmp:4>0 5351>0 963>10000 18>65
default	19:55:58.099696 +0200	UserEventAgent	determinePoSMThreshold,minThreshold=-1 threshold:0 0 -1 -1
default	19:55:58.099855 +0200	UserEventAgent	 POSM running- en=0, th=65535 65535
default	19:55:58.102659 +0200	locationd	{"msg":"adapter details", "adapterDescription":"usb host", "batteryChargerType":"kChargerTypeUsb"}
default	19:55:59.729118 +0200	SpringBoard	TweakInject: Loading for binary SpringBoard
default	19:55:59.729495 +0200	SpringBoard	Entering Safe Mode!
default	19:55:59.730579 +0200	SpringBoard	TweakInject: Entering Safe Mode!

Doesn't work for me either on iPhone 5s iOS 12.1.4. Puts springboard into safe mode

I just checked and I actually used an iPhone 7 running iOS 12.0 with uncover to implement and test the current version.

I haven’t done anything with other versions of iOS...

Works fine for me on both an iPhone 5S running iOS 12.1 and an iPhone 6s running iOS 12.2, both using the unc0ver jailbreak. Sounds like it could be an issue with the use of Substitue (used by Chimera and Electra) instead of Substrate (used by unc0ver and anything pre-Electra).

Electra's TweakInject was always a bit finicky for me and could end up breaking this tweak back in iOS 11.x days for me depending on install order etc.

Just jailbroken on iOS 12.0.1 but when activated, all applications [apart from settings] crash. Would really like for this to work as I've followed all the instructions and am not sure as to why this is happening.

• iPhone XS Max [iOS 12.0.1]

me too.
use Chimera
iPhone XR iOS 12.1.1

@Hwatu Try using unc0ver instead if this is important to you.

@Hwatu Try using unc0ver instead if this is important to you.

A12 devices not Cydia store, so use Chimera Silleo only.

That's true. I forgot about that. Substrate doesn't support A12 devices either, which is the bigger issue.

So is working fine for unc0ver jailbreak in ios 12.2 i want to test in my SE?

@frankl1m Well, it works fine on both of my iOS 12 devices, including the iPhone 6s on iOS12.2. I would assume it would work fine on the iPhone SE too.

@frankl1m Well, it works fine on both of my iOS 12 devices, including the iPhone 6s on iOS12.2. I would assume it would work fine on the iPhone SE too.

Last question bro, excuse my insistence the problem is that I use RSIM and a few days ago Apple patched them, so I would not want to jailbreak without taking advantage of it, because I lost the unlock by RSIM, you have successfully tried to check the iPhone traffic to setup.icloud.com. thank you

Some quick googling suggests that RSIM is a hardware shim for bypassing the SIM lock. I don't have any experience with those devices as all iPhones over here are either sold unlocked or easily unlocked the official way.

What did Apple patch? They prevented the RSIM device from successfully bypassing the SIM lock?

I have not checked if traffic to setup.icloud.com is visible, if that's what you're asking. Note that I'm not the developer, just a user.

Some quick googling suggests that RSIM is a hardware shim for bypassing the SIM lock. I don't have any experience with those devices as all iPhones over here are either sold unlocked or easily unlocked the official way.

What did Apple patch? They prevented the RSIM device from successfully bypassing the SIM lock?

I have not checked if traffic to setup.icloud.com is visible, if that's what you're asking. Note that I'm not the developer, just a user.

Exactly the RSIM is patched at the moment, I mean is that I run the risk that my software will die and when I restore it I will only have an iPod, but my interest is not in that. If someone could check if with Charles or Fiddler or Burp or others, they can get the plain text traffic from setup.icloud.com and confirm. I would be grateful and i will take the risk, not need being a developer

@frankl1m I can now confirm that traffic to setup.icloud.com seems to be visible in Burp. I have modified the .plist file on my main testing device so that it only injects this tweak in a few particular apps, which is why I couldn't verify it for you before. Earlier today I had to use a second device and before I reconfigured that one too, I noticed some traffic to that domain flowing through Burp successfully.

@nabla-c0d3 When you have a moment, would you mind reading the email I sent you? :)

@BluDen Thank so much for the help

@blunden I finally replied :)

The crash people are seeing is due to Substitute (the library that Chimera uses for hooking C functions) not supporting functions that are very short. I think if there's less than ~60 bytes of stack space available after the function prologue, Substitute will cause a crash.

Alternatives:

• Wait for Chimera to switch to a better hooking solution.
• Make Chimera use the hacky version of MobileSubstrate that unc0ver uses.
• Use an in-house function interposing technique that supports short functions. This technique works on functions as long as they're 5+ bytes: https://github.com/thomasfinch/CRuntimeFunctionHooker/blob/master/inject.c#L52