Ra1ncloud Fugu15 Jailbreak Tool – A Comprehensive Guide
Ra1ncloud is a permasigned jailbreak for iOS 15 that includes a code-signing bypass, kernel exploit, and more. It can be installed without a computer via Safari but does not support tweaks. Learn more about ra1ncloud today.
Jailbreaking is a process that allows users to bypass restrictions and access the full potential of their devices. Fugu15 is a jailbreak tool that allows users to jailbreak their iOS devices running on iOS 14.0-14.3. In this article, we will explore what the Ra1ncloud Fugu15 Jailbreak Tool is, how it works, and its benefits.
What is Ra1ncloud Fugu15 Jailbreak Tool?
Ra1ncloud Fugu15 Jailbreak Tool is a software tool that enables users to jailbreak their iOS devices running on iOS 14.0-14.3 & 15.0-15.4.1. It is designed to unlock the full potential of iOS devices and provide users with more control and flexibility over their devices.
How does Ra1ncloud Fugu15 Jailbreak Tool work?
Ra1ncloud Fugu15 Jailbreak Tool works by exploiting vulnerabilities in the iOS system, which allows it to bypass restrictions imposed by Apple. Once the jailbreak process is complete, users can access a range of features and applications that are not available on non-jailbroken devices.
Yesterday, it was reported that a jailbreak tool named ra1ncloud was in development, using Fugu15, and capable of jailbreaking arm64e devices that run on iOS 15.0-15.4.1. However, the tool was not yet released at the time. It seems that the situation has changed overnight, and the tool may now be available for use.
Tested Devices and iOS Versions
- iPhone Xs Max: iOS 15.4.1
- iPhone 11 (SRD): iOS 15.4.1
- iPhone 12 (SRD): iOS 15.4.1
- iPhone 12 Pro Max: iOS 15.4.1
- iPhone 13: iOS 15.1 (offline edition – see bugs below [WiFi bug])
Additional devices are likely to be supported as well. Several device and iOS combinations are currently incompatible. Devices that are not arm64e are not supported.
- Make sure you have Xcode
- Import the fastPath arm certificate (
Exploits/fastPath/arm.pfx) into your Keychain (double click on the file). The password is “password” (without quotes)
- You need a validly signed copy of Apple’s Developer App from the AppStore (with DRM!). Copy the IPA to
Server/orig.ipa. Note that if you would like to use a different AppStore App you will need to get it’s Team ID and add
TEAMID=<the App's Team ID>to all
Now you can simply run
make to build ra1ncloud (internet connection required to download dependencies).
Please note that you will be asked to grant “fastPathSign” access to the Keychain item “privateKey” (the private key of the fastPath certificate). Enter your password and select “Always allow”.
Building ra1ncloud requires multiple Tools which can be found in the
Tools directory. Building them is entirely optional because I’ve already compiled them.
If you want to build them yourself, simply run
make in the
There are two ways to install ra1ncloud on your device: Via Safari or via USB
To install ra1ncloud via Safari, do the following (requires you to own a domain):
- Make sure your device is connected to the same network as your computer
- Change the DNS A record for a domain you own to the local IP-Address of your computer
- Obtain a certificate for your domain (e.g. via Let’s Encrypt) and copy it to
Server/serverCert/fullchain.cer(the certificate itself) and
- Make sure you have Flask installed (
pip3 install Flask)
Server/server.pyto your domain
python3 server.pyin the
https://<your domain>on your iPhone and follow the instructions
ra1ncloud_Developer.ipa, e.g. via
ideviceinstaller -i ra1ncloud_Developer.ipa. Alternatively, install ra1ncloud/ra1ncloud.ipa via TrollStore.
- Open the newly installed “Developer” App (or whatever AppStore App you used) on your iPhone
Like all Fugu jailbreaks, ra1ncloud ships with iDownload. The iDownload shell can be accessed on port 1337 (run
iproxy 1337 1337 & and then
nc 127.1 1337 to connect to iDownload).
help to see a list of supported commands.
The following commands are especially useful:
r64/r32/r16/r8 <address>: Read a 64/32/16/8 bit integer at the given kernel address. Add the
@Ssuffix to slide the given address or
@Pto read from a physical address.
w64/w32/w16/w8 <address> <value>: Write the given 64/32/16/8 bit integer to the given kernel address. Also supports the suffixes described above and additionally
@PPLto write to a PPL protected address (see
kcall <address> <up to 8 arguments>: Call the kernel function at the given address, passing up to 8 64-Bit integer arguments.
tc: Load a TrustCache
tcload: Load a TrustCache and exit
ra1ncloud also ships with the procursus bootstrap and Sileo. Run the
bootstrap command in iDownload to install both. Afterwards, you might have to respring to force Sileo to show up on the Home Screen (
Procursus is installed into the
/private/preboot/<uuid>/jb directory and
/var/jb is a symlink to it.
- If oobPCI (the process exploiting the kernel) exits, the system might be left in an inconsistent state and panic at some point. This usually occurs about 5 seconds after running the
exit_fullcommand in iDownload.
Workaround: Don’t quit oobPCI or make sure to do it as fast as possible to reduce the chance of a kernel panic. The reason for this panic is currently unknown.
- When not connected to power, entering deep sleep will cause a kernel panic due to a bug in DriverKit (also happened with Fugu14). Unfortunately, the fix from Fugu14 does not work on iOS 15.
Workaround: This bug will not occur when quitting oobPCI. However, the bug described above may occur when oobPCI exits.
- Some iOS versions (at least iOS 15.1 and below, maybe 15.2 and 15.3 too) have a DriverKit bug which causes bus mastering to be disabled for the WiFi chip when running oobPCI, causing a kernel panic when WiFi is used. This bug can be fixed but a fix is not included in ra1ncloud at the moment.
Workaround: Disable WiFi.
Q: I’m an end user. Is ra1ncloud useful to me?
A: Maybe, if running getting an easy to use terminal environment and some apps on your device is what you’re looking for.
Q: My iOS version/device is not supported by ra1ncloud, will you add support for it?
Q: Will you ever add support for tweak injection?
A: Hopefully. No guarantees on this.
Q: I installed/updated something through dpkg/apt but it won’t launch. How can I fix that?
A: ra1ncloud uses TrustCache injection to bypass code signing. Therefore, if you install or update something, it’s code signature must be in the TrustCache. You can regenerate the TrustCache from your favorite shell via the
The following open-source software is used by ra1ncloud:
- Procursus Bootstrap: The bootstrap used by ra1ncloud. License: BSD 0-Clause. The tools included in the bootstrap are released under many different licenses, please see the procursus repo for more information
- Sileo: The package manager included in ra1ncloud. License: BSD 4-Clause
- ZIPFoundation: Swift library for working with ZIP archives. Used in installer to install the ra1ncloud App. License: MIT
- opa334 Fugu15 fork: PoC tweak injection code used in this fork of Fugu15. License: MIT
Benefits of Ra1ncloud Fugu15 Jailbreak Tool: Ra1ncloud Fugu15 Jailbreak Tool offers a range of benefits to users, including:
- Customization: With Ra1ncloud Fugu15 Jailbreak Tool, users can customize their devices by installing custom themes, icons, and wallpapers.
- Enhanced Functionality: Jailbreaking allows users to access third-party applications and features that are not available on non-jailbroken devices. This enables users to enhance the functionality of their devices and improve their overall user experience.
- Improved Performance: Jailbreaking can improve the performance of iOS devices by allowing users to remove unnecessary system files and processes that slow down the device.
- Increased Security: Contrary to popular belief, jailbreaking can actually improve the security of iOS devices. Users can install security-related applications and tweaks that can enhance the security of their devices.
Conclusion: Ra1ncloud Fugu15 Jailbreak Tool is a powerful tool that allows users to jailbreak their iOS devices and access a range of features and applications that are not available on non-jailbroken devices. With its range of benefits, including customization, enhanced functionality, improved performance, and increased security, Ra1ncloud Fugu15 Jailbreak Tool is a valuable tool for iOS users who want more control over their devices. However, it is important to note that jailbreaking can void the warranty of the device and may expose the device to potential security risks. Therefore, users should be cautious when jailbreaking their devices and only do so after thorough research and consideration.