AntiDarkSword ⛨
An iOS jailbreak tweak and TrollStore dylib that hardens vulnerable iOS devices against WebKit RCE (DarkSword / Coruna) and iMessage zero-click (BLASTPASS) exploits. Selectively blocks JIT, spoofs user agents, blocks remote content, suppresses risky attachment previews, intercepts Notification Service Extensions, isolates system daemons, and deploys a Corellium honeypot to cause advanced payloads to self abort.
Exploit kits: DarkSword, Coruna, Predator, PWNYOURHOME, Chaos, Operation Triangulation, Hermit
Zero-clicks: BLASTPASS (PassKit iMessage attachment)
CVEs: CVE-2025-43529, CVE-2024-44308, CVE-2022-42856
Jailbreak Tweak
- Download the latest release (see guide below).
- If roothide, convert rootless with patcher before installing.
iOS 15+ use
arm.debfor rootful,arm64.debfor rootless.
iOS 13–14 usearm_legacy.deb.
TrollFools Dylib
- Install TrollStore and TrollFools.
- Download
AntiDarkSword.dylibfrom the latest release. - Open TrollFools → select an app → inject the
.dylib. - Three-finger double-tap inside an app to open the settings overlay.
| File | Jailbreak | iOS | Chip |
|---|---|---|---|
*_iphoneos-arm64.deb |
Dopamine, meowbrek2, palera1n rootless | 15.0 – 17.0 | A12+ · A9–A11 |
*_iphoneos-arm.deb |
unc0ver, Taurine, checkra1n, palera1n rootful | 15.0 – 17.0 | A9+ |
*_iphoneos-arm_legacy.deb |
unc0ver, checkra1n, Taurine rootful | 13.0 – 14.8 | A9–A11 (arm64) |
*_TrollFools.dylib |
TrollStore + TrollFools (no jailbreak needed) | 15.0 – 17.0 | A9+ |
| Jailbreak (tweak) | iOS 13–14 | iOS 15 | iOS 16+ |
|---|---|---|---|
| Disable JIT | ✅ | ✅ | ✅ |
| Disable JavaScript | ✅ | ✅ | ✅ |
| UA Spoofing | ✅ | ✅ | ✅ |
| UA Client Hints | ❌ | ❌ | ✅ |
| Disable WebRTC / WebGL | ✅ | ✅ | ✅ |
| Disable media autoplay | ✅ | ✅ | ✅ |
| Disable local file access | ✅ | ✅ | ✅ |
| Mail auto-download block | ✅ | ✅ | ✅ |
| iMessage auto-download block | ✅ | ✅ | ✅ |
| Block remote content | ✅ | ✅ | ✅ |
| Block risky attachments | ✅ | ✅ | ✅ |
| NSE interception | ✅ | ✅ | ✅ |
| Daemon protection | ✅ | ✅ | ✅ |
| Corellium decoy | ✅ | ✅ | ✅ |
| TrollStore (dylib) | iOS 15 | iOS 16+ |
|---|---|---|
| Disable JIT | ✅ | ✅ |
| Disable JavaScript | 🟡 | 🟡 |
| UA Spoofing | ✅ | ✅ |
| UA Client Hints | ❌ | ✅ |
| Disable WebRTC / WebGL | ✅ | ✅ |
| Disable media autoplay | ✅ | ✅ |
| Disable local file access | ✅ | ✅ |
| Mail auto-download block | ✅ | ✅ |
| iMessage auto-download block | ❌ | ❌ |
| Block remote content | ✅ | ✅ |
| Block risky attachments¹ | ✅ | ✅ |
| Daemon protection | ❌ | ❌ |
| Corellium decoy | ❌ | ❌ |
| Mitigation Shortcut¹ | ✅ | ✅ |
¹ Mitigation Shortcut: Three-finger double-tap on open app to trigger the settings overlay (biometric-gated).
Level 1
├── 🌐 Safari & Safari View Services
│ ├── OS Baseline (JIT/JS Lockdown)
│ └── Spoof User Agent: ON
│
├── 💬 Apple Messages (MobileSMS, ActivityMessages, iMessageAppsViewService)
│ ├── OS Baseline (JIT/JS Lockdown)
│ ├── Disable Media Auto-Play: ON
│ ├── Disable WebGL & WebRTC: ON
│ ├── Disable Local File Access: ON
│ ├── Disable Msg Auto-Download: ON
│ └── Spoof User Agent: OFF
│
└── ✉️ Apple Mail & Other Native Apps
├── OS Baseline (JIT/JS Lockdown)
├── Disable Media Auto-Play: ON (Mail)
├── Disable WebGL & WebRTC: ON (Mail)
├── Disable Local File Access: ON (Mail)
└── Spoof User Agent: OFF
(Block Remote Content is added to Apple Messages & Mail at Level 2+)
Level 2
├── 📱 All Level 1 Apps & Rules
│ └── 💬 Apple Messages & Mail: Block Remote Content: ON (added at this level)
│
├── 🌐 3rd-Party Browsers (Chrome, Firefox, Brave, DuckDuckGo)
│ ├── OS Baseline (JIT/JS Lockdown)
│ └── Spoof User Agent: ON
│
├── 💬 3rd-Party Messaging & Email (WhatsApp, Discord, Signal, Telegram, Gmail, Outlook)
│ ├── OS Baseline (JIT/JS Lockdown)
│ ├── Disable Media Auto-Play: ON
│ ├── Disable WebGL & WebRTC: ON
│ ├── Disable Local File Access: ON
│ ├── Block Remote Content: ON
│ └── Spoof User Agent: ON
│
└── 🏦 Social, Finance & JB Apps (TikTok, Facebook, PayPal, CashApp, Sileo, Zebra, Filza)
├── OS Baseline (JIT/JS Lockdown)
└── Spoof User Agent: ON
Level 3
├── 📱 All Level 1 & Level 2 Apps & Rules
│
├── 🌐 Browsers (Safari, Chrome, Firefox, Brave, DuckDuckGo)
│ ├── Disable WebGL & WebRTC: ON
│ └── Disable Media Auto-Play: ON
│
└── ⚙️ System Daemons (imagent, apsd, identityservicesd, IMDPersistenceAgent)
├── System Hooking: ON (blocks zero-click payload parsing)
├── Individual daemon switches: Settings > Restrict System Daemons
└── Corellium Honeypot: ON
Created by EolnMsuk → AntiDarkSword
Thanks to ghh-jb → CorelliumDecoy
Support me BTC → Venmo