# Performing a Jailbreak with Palera1n

**Original article:** [medium.com/@justmobilesec](https://medium.com/@justmobilesec/performing-a-jailbreak-with-palera1n-in-six-steps-65f943e5d777)

**Device example:** iPhone X\
**iOS versions:** 15.x – 17.x

***

#### ✅ Pre-requisites

* Supported device for Palera1n\
  Check here → ios.cfw\.guide
* iOS version between 15.x – 17.x
* macOS (Steps conducted on Mac OSX)

{% file src="/files/o3EaHg5YSdx1oi4Chvk9" %}

***

#### 🛠 Jailbreak Steps with Palera1n

**Step 1: Check iOS Version**

* Go to **Settings → General → About → iOS Version**

**Step 2: Install Palera1n**

* Visit palera.in
* Download and install via terminal:

  ```bash
  sudo mkdir -p /usr/local/bin
  sudo mv ./palera1n-macos-universal /usr/local/bin/palera1n
  sudo xattr -c /usr/local/bin/palera1n
  sudo chmod +x /usr/local/bin/palera1n
  ```
* **Note for iPhone X (A11 chip):**\
  You **must disable the passcode** before jailbreaking.

**Step 3: Trigger Jailbreak via DFU Mode**

* Plug device into Mac
* Run `sudo palera1n` in terminal
* Press buttons to enter **DFU Mode**

**Step 4: Wait for Installation**

* Wait up to 2 minutes
* Palera1n app appears on device
* Open and set a **custom root password**

**Step 5: Install Sileo Repository**

* Open **Sileo app** post-JB
* Ready to install tools like **Frida**

**Step 6: SSH Connection Setup**

* Palera1n uses **OpenSSH on port 44**
* Run `iproxy 22 44` for USB SSH tunneling
* Default SSH credentials: `root:alpine`
* Change using `passwd` post-connection

***

#### 🚧 Common Jailbreak Issues

* Missing Sileo app → Re-jailbreak required
* Device unsupported → “Ignoring non-arm64” error
* DFU mode not detected → Retry buttons or cable
* Better success with USB-A cable over USB-C

***

#### 🛡 Frida Setup

* Once jailbroken, add Frida tooling via Sileo
* Frida is instrumental in conducting **dynamic analysis** on iOS apps


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/ios-jailbreaking-1/performing-a-jailbreak-with-palera1n.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.