Skip to content

TrollResigner: A tool using SparseRestore (CVE-2024-44252) + PerfectCheater for iOS 16.7.x / 17.0.1 #25

Description

@Sha0huaZhang

Hi @opa334 ,

I'm Sha0huaZhang, a junior security researcher from China.

First, thank you for your work on TrollRestore and SparseRestore (CVE-2024-44252). Your tools inspired me to dig deeper into backup restoration and CoreTrust.

Recently, I discovered a CoreTrust bypass that works on:

  • iOS 16.7 (20H19) – 16.7.x
  • iOS 17.0.1

I named it PerfectCheater. The method is simple: unify the Team ID. CoreTrust doesn't check Team ID — only another component does. By unifying it, both are satisfied.

Based on this, I built two tools:

  • MachOX – a command-line signer that applies the bypass to any binary
  • TrollResigner – a tool that uses MachOX + SparseRestore (CVE-2024-44252) to install TrollStore on the above versions

Both are open-source under MIT, completely free, no donations.

GitHub:

I would love to hear your thoughts, feedback, or any advice. Thank you again for your incredible work.

Best regards,
Sha0huaZhang (@Sha0huaZhang)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions