LiberTV - Now liberating TvOS 11.0 and 11.1 on the ATV 4 and 4K

0. Before you get started:

MAKE SURE TO GET ONLY THE IPA AT THIS LINK! Though various "YaluJailbreak" websites, "JailbreakTV" and other middle men will surely try to mirror this - DO NOT USE MIRRORS. It is fine if they want to link to here, but this link here is the only official link. Though various "YaluJailbreak" websites, "JailbreakTV" and other middle men will surely try to mirror this -. It is fine if they want to link to here, but this link here is the onlylink. Me, I don't care where you download from , but Mirrors are bound to become obsolete as I still have to maintain this release from time to time

Mirrors may have unexpected bonuses - in the form of Malware. You have been WARNED .

. This jailbreak was free, is free, and will remain free. DO NOT PAY ANYONE ANY MONEY FOR IT

Also: Also: IF YOUR TvOS Version is NOT 11.0 or 11.1 - sorry.

If you're 10.x, there's hope yet - I may backport at some point.

If you're 11.2 - I can't help you at the moment.

1. Sideloading

The LiberTV.ipa is an unsigned binary. This means you have to sign it yourself. You have two options at the moment:

Apple's codesign(1)

Cydia Impactor

The latter is actually easier to use. Grab the IPA , and then sign it with your AppleID. You are now ready to sideload. Doing so requires XCode, and is performed thus:

XCode "Window" → Devices & Simulators (also accessible by ⇧ ⌘ 2) gets you to here:

You select the LiberTV.ipa like so:

And let it load. Congratulations. You're ready to run

2. Running

This is foolproof. Believe me. One button, No options

If it runs correctly, you will get a note saying you can exit the app. So you can exit the app. (If you experience weird behavior, just background the app rather than exiting - it won't take any CPU anyway but will keep the process lineage intact)

3. SSH



Give LiberTV a couple of seconds AFTER the note to complete and set up the code signing bypass, and you can ssh to yourself - either over USB-C or (in the case of the 4k) over TCP/IP. YOU HAVE A DIFFERENT IP ADDRESS THAN SHOWN HERE:

As the screenshot shows, merely setting the path automatically gets you all the binpack (and some fresh binaries at that).

To enable scp , you have to cp /jb/usr/bin/scp /usr/bin because that's done using a server side binary which must be in dropbear's path

because that's done using a server side binary which must be in dropbear's path You can run any self signed binary you want, provided you sign it with the latest jtool - jtool --sign platform --ent plat.ent --inplace binary , with plat.ent being the same entitlements you get from jtool --ent on any of the binpack binaries - i.e. <platform-application> set to true

- , with being the same entitlements you get from on any of the binpack binaries - i.e. set to REMEMBER: WITH GREAT POWER COMES GREAT RESPONSIBILITY And (well, almost) no power is greater than root

4. In case this worked for you...

You're welcome. Some people have been asking to donate. Please do - but not to me. Pick any charity of YOUR choice, and donate them any sum of YOUR choice. If you want to spread the good karma, post a screenshot (details redacted, whatever) with a #LiberTV.

4b. If it doesn't...

Then tell me about it through The NewOSXBook.com forum. It won't help to bitch on Reddit since I won't know. And it certainly won't help on Twitter where I can't follow dozens of notifications! This JB should be rock solid though, since it is not only kernel-patch-protected region free, it also does only the bare minimum to get task ports, and continues in user mode from there.

5. Future work

Remains, most notably to allow arbitrary injection. I intend to put that out for LiberiOS (a universal JB coming up as well), and then put it into LiberTV as well. Hence, use only the official link and please watch this page.

Disclaimer

I do this for fun. Not profit.

I do not owe you anything. I don't expect thanks, but I don't expect to be slammed, either (that means you , the people of reddit.com/r/jailbreak)

, the people of reddit.com/r/jailbreak) LiberTV gives you UNFETTERED ROOT ACCESS to your file system, which is remounted read-write. If you mess anything up because you don't know what power, pleasure, and peril root brings - sorry, it's on you.

to your file system, which is remounted read-write. If you mess anything up because you don't know what power, pleasure, and peril brings - sorry, it's on you. I collect statistics if this worked. No unique identifiers - only the IP and the advertising ID, along with the TvOS version. I do absolutely nothing with this save statistics for myself, I cannot identify you, I will not identify you, and I don't have any vested interest in knowing who you are. If this still peeves you, block access to 192.99.39.176 and "counter" in your FW/router. But seriously, it's just to see how many people actually use this..

ChangeLog

Enjoy! Happy Holidays, everyone!

And - if you actually read till here, thank you :-) So here's The download link for 11.0.0

For the brave: 11.0.3 - with bug fixes, immortal amfidebilitate, HSP4 settable as an option, and fixes AppleTV 4k offsets.. and restores topshelf image



[root@Qilin libertv]# openssl sha1 LiberTV11.0.3.ipa SHA1(LiberTV11.0.3.ipa)= 1b0f469c1e4f9c859a9109a9700163b99dbfffea [root@Qilin libertv]# md5sum !$ acfdb2a0f3907b3afd5a94d8d0ea9b19 LiberTV11.0.3.ipa