After a long wait, the jailbreak community saw the release of the Yalu + Mach_Portal tool that jailbreaks select 64-bit devices running iOS 10.0.x to iOS 10.1.1. However, the Yalu jailbreak is pretty much in beta stage, so it is recommended only for developers and advanced users at this stage. Fortunately, the iOS 10.2 jailbreak could be here soon, Luca Todesco has signaled.
Expect an iOS 10.2 jailbreak soon
Apple is expected to release the iOS 10.2.1 soon, fixing some bugs. The first beta of iOS 10.3 is rumored to be pushed out to developers on January 10th. Amid these developments, Luca Todesco has said in a series of tweets that those interested in jailbreaking their devices should save the SHSH2 blobs for iOS 10.2 at the earliest, just in case the jailbreak shows up in the near future.
Suggestion: keep 10.1/10.2 blobs real close on pre7 64 bit.
— @[email protected] (@qwertyoruiopz) December 30, 2016
The Italian developer and security researcher said a jailbreak for the iOS 10.2 is not planned at this point, but the OS is exploitable. His comments indicate that the KPP technique he used in the Yalu + Mach_Portal jailbreak is still usable on the iOS 10.2. However, it won’t be enough to achieve the full jailbreak. The KPP technique could be combined with another technique, probably from the likes of the Pangu Team, to achieve the full public jailbreak.
Reason for that is that my KPP technique thing should in fact be usable to chain load a new kernel.
— @[email protected] (@qwertyoruiopz) December 30, 2016
A jailbreak for 10.2 is not planned, but it is still vuln to the underlying technique used, so it's the second best fw.
— @[email protected] (@qwertyoruiopz) December 30, 2016
10.2 is vuln to my KPP thing. Not blowing 0days for it ;)
— @[email protected] (@qwertyoruiopz) December 31, 2016
By that I imply that KPP alone is not enough: I am not supplying any other missing part.
— @[email protected] (@qwertyoruiopz) December 31, 2016
That’s why Todesco recommends users to save their SHSH2 blobs for iOS 10.2 while Apple is still signing it. Saving the blobs will allow you to upgrade or downgrade to the firmware whenever the jailbreak is available.
How to save the SHSH2 blobs
Tihmstar offers a tsschecker tool to save the SHSH2 blobs, but it is a little complicated. Reddit user 1Conan has released an auto-tsschecker that makes the process a lot easier. You’ll need your device’s ECID number and Identifier to save the blobs. Here’s a step-by-step guide to getting these details:
Step-1: Connect your iOS device to a computer via a USB cable and launch iTunes
Step-2: Select your iOS device from the left-hand pane and locate the Serial Number field
Step-3: Click on the Serial Number until you see the ECID
Step-4: Right-click on the ECID and copy it to the clipboard. The ECID you just copied is in decimal, but the auto-tsschecker requires it to be in a hexadecimal format. You can convert it easily using any online conversion tool
Step-5: Now you have to find the device’s Identifier by clicking on Serial Number until it shows Model Identifier. For the iPhone 7 and 7 Plus, it looks like: iPhone 9,1 and iPhone 9,2. You can also find your iPhone model’s Identifier here.
Step-6: Head over to tsssaver.1conan.com in your browser
Step-7: Paste in the hexadecimal ECID, select your device type, and Model Identifier.
Step-8: Tick the I’m not a robot check and proceed
Step-9: Hit the Submit button and the tool will do the rest. You’ll then be taken to a results page that gives you access to the saved SHSH2 blobs for downloading.
If you ever lose the link or downloaded blobs, just go to TSS Saver‘s website and enter the hexadecimal ECID in the Lost your link? area to get your SHSH2 blobs.