If DarkSword is a weapon, LightSword is the same exploit chain used for good.
DarkSword (leaked March 2026) chains six iOS vulnerabilities to steal data from 270 million iPhones. LightSword takes the same entry point — Safari's WebContent process — and uses it to give users something Apple won't: the freedom to run their own code. Visit a webpage, get a Linux terminal. No app install, no permanent modification, no data theft. Reboot and iOS is stock.
Being built through agentic coding with Claude Code. The AI researches iOS internals, writes exploit-adjacent code, cross-compiles emulators, and iterates — while the human sets direction and validates on hardware.
No exploit code is shipped in this repository. See LEGALITY.md for full legal considerations. We are not lawyers.
The iOS jailbreak scene has been effectively silent since iOS 17. Apple's layered defenses — PPL, SPTM, code signing, sandboxing — have made traditional jailbreaking nearly impossible on modern devices. But DarkSword proved that Safari's WebContent process can still be compromised, and that process has something valuable: Apple's own com.apple.developer.cs.allow-jit entitlement.
LightSword's goal:
-
Use DarkSword's exploit chain — but only up to gaining code execution inside WebContent. No kernel modification, no PPL/SPTM bypass, no persistent changes to iOS. The device stays "jailbreak-free."
-
Enable JIT for everyone on iOS <18.7.7 — any unpatched iPhone or iPad can visit a webpage, and that webpage can execute native code at full speed. Not through an app. Not through a sideload. Through Safari.
-
Run Linux in a browser tab — a full x86-64 Linux environment (BusyBox, shell, utilities) running inside Safari, powered by JIT. Close the tab, it's gone. Open it again, it's back.
This isn't a jailbreak. It's a web app that happens to run native code — inside a process that Apple themselves entitled to do exactly that.
Development uses a jailbroken iPad 6 as a test target. The jailbreak provides convenient SSH access and tweak injection — but the architecture is designed so that DarkSword's exploit chain can replace the jailbreak as the entry point when ready.
x86 Emulator — BusyBox with 365+ applets
jart/blink cross-compiled for iOS ARM64 (435KB dylib), running inside Safari's WebContent process. Executes any statically-linked x86-64 Linux binary — BusyBox, musl libc programs, anything. Three iOS-specific patches: errfd.c sandbox fallback, -m memory optimization bypass, low image base for mmap collision avoidance.
See x86-emulator/ for the tweak source and stubs.
ARM64 Native Runner — 91 MIPS native speed
Custom ARM64 Linux ELF loader using MAP_JIT. Patches SVC #0 to UDF (undefined instruction), catches SIGILL, and translates Linux ARM64 syscalls to iOS equivalents. ARM-on-ARM means near-native speed — no emulation overhead for compute, only syscalls have interception cost.
See arm64-native/ for the bridge source.
JIT-as-a-Service — sub-millisecond native code execution
HTTP API that lets any app on the device execute native ARM64 code through Safari's JIT entitlement. Named code pages, argument passing, benchmarking. 0.71ms per call batched. Any process can POST hex ARM64 code and get native execution results — Safari becomes a JIT server for the whole device.
See jit-service/ for the relay and dev server.
Web UI — tap a button, run Linux
Browser-based demo: x86 binary execution with BusyBox commands, ARM64 assembler studio, native ELF runner. Served from a dev server, executing on iPad via FIFO IPC through the WebContent tweak.
See web-ui/ for all interfaces.
This started as "what is DarkSword?" and evolved into a 14-hour autonomous AI agent session:
-
Security research — DarkSword analysis revealed it does NOT bypass PPL/SPTM — it only reads kernel memory. But it DOES gain code execution inside WebContent, which has
cs.allow-jit. That's the key insight: we don't need kernel access, we need Safari's JIT entitlement. -
Legal framing — Running code inside Safari (a signed Apple process) using its existing JIT entitlement, with no permanent OS modification, is legally distinct from jailbreaking. The DMCA jailbreak exemption applies, and the user explicitly consents.
-
JIT breakthrough — Discovered
MAP_JITworks inside WebContent via tweak injection. Then discoveredBRKtriggers uncatchable Mach exceptions butUDFtriggers catchableSIGILL— unlocking syscall interception for Linux binary execution. -
Two execution paths — ARM64 native (91 MIPS, limited to small binaries by MAP_JIT size) and x86 via blink (slower but runs anything, including BusyBox and full libc programs).
-
Infrastructure — FIFO IPC, Python relay, web UIs, ARM64 assembler, JIT-as-a-Service API. Plus a time awareness hook for autonomous agent sessions — born from needing the agent to know when to stop.
12 approaches failed along the way. All documented in journal.md.
| Discovery | Impact |
|---|---|
WebContent has cs.allow-jit |
Enables mmap(MAP_JIT) — the entire project depends on this |
| DarkSword doesn't bypass PPL/SPTM | We don't need it either — stay inside WebContent |
UDF → catchable SIGILL; BRK → uncatchable Mach exception |
Unlocked Linux syscall interception |
One MAP_JIT per process, ~64KB safe limit |
Drove the decision to use blink for larger binaries |
fcntl(F_DUPFD_CLOEXEC, 123) fails in WebContent sandbox |
Patched blink's errfd.c with dup() fallback |
| Coruna exploit kit does NOT cover iOS 17.7.10 | DarkSword (iOS 18) is the target, not Coruna |
busybox uname -a |
busybox echo Hello World |
|---|---|
|
 |
$ busybox uname -a
Linux iPad 4.5.0-blink-1.1.0 #1 NOJIT NOSOCK x86_64 GNU/Linux
- Interactive terminal — stdin piping for live shell sessions in Safari
- Multi-command without restart — blink state cleanup between runs
- DarkSword entry point — replace jailbreak with exploit chain (needs iPad 7 + iOS 18.4-18.6)
- PWA packaging — Service Worker + OPFS for offline persistence
- "Visit this page" demo — the end goal: a URL that gives you a Linux terminal on any unpatched iPhone
- jart/blink (ISC) — x86-64 emulator and syscall translation
- copy/v86 (BSD 2-Clause) — x86 PC emulator in WASM
- palera1n (MIT) — iOS jailbreak (dev scaffold)
- ellekit (MIT) — tweak injection
Full details in ATTRIBUTION.md.
MIT — see individual attribution for third-party components.