Preface and System Requirements This jailbreak is for iOS 10.0.1-10.2 only. It is still considered a beta and may be unstable. Use at your own risk. 64 bit devices only. You will need: A Mac or PC (or Linux, if you like playing games on hard mode) Latest version of iTunes The Yalu .ipa file Cydia Impactor A compatible device Device Compatibility List The Yalu jailbreak is compatible with the following 64-bit devices: iPad iPad Air iPad Air 2 iPad Pro iPad mini 2 iPad mini 3 iPad mini 4 iPhone iPhone 5s iPhone 6 iPhone 6 Plus iPhone 6s iPhone 6s Plus iPhone SE iPhone 7 (iOS 10.1.x only) iPhone 7 Plus (iOS 10.1.x only) iPod touch iPod touch 6 Words of Caution 1. This is a Semi-Untethered Jailbreak The jailbreak must be reactivated every time the device is rebooted or turned off. The device will function normally, but none of your tweaks will work. Keep in mind that Cydia and any other jailbroken apps are still visible on the home screen, but they will crash on launch. To re-jailbreak your device, just open the yalu102 app, press "go," and wait for it to close to the home screen. However, if you reboot your device after 7 days of signing, you will need to re-sign the app because the temporary certificate only lasts 7 days. Paid Apple developers will get a certificate that lasts one year. Your tweaks will not be affected by this issue, and you will not have to "restore" the phone if more than 7 days goes by. 2. Change your root password ASAP The jailbreak installs an SSH daemon (dropbear) by default. An SSH daemon is both a useful and dangerous tool: it turns the phone into a server with remote login access and a functional "root" account. This allows anyone to take control of the device without the owner's knowledge if they have the password. The default password for the "root" account on Apple devices is very widely known and often exploited against jailbroken devices, so you are strongly encouraged to change the root password immediately. See FAQ below to learn how. UPDATE -- the latest version of Yalu disables SSH over WiFi. 3. Do not install AppSync Installing AppSync causes the device to go into a boot loop. Do not install it! If you accidentally install AppSync, you can recover the device safely through SSH (Guides here: and here) . You'll need to use a terminal to access the device. Otherwise the only way will be restoring via DFU mode. Apple has stopped signing iOS 10.2, so this will be the end of your jailbreak. Official Download Sources Yalu Jailbreak .ipa: yalu.qwertyoruiop.com Cydia Impactor: http://www.cydiaimpactor.com/ Do not download the above from any other untrusted, 3rd-party sources, as they may infect your device with malware. Jailbreaking instructions Notes: This is a "sideload" procedure. Cydia Impactor requires your Apple ID credentials to sign the yalu102 app. Cydia Impactor is a trustworthy app written by Saurik, but you can use 2-factor authentication with an app-specific password if this makes you feel uncomfortable. Always back up your device via iTunes before jailbreaking. 1. Download the Yalu .ipa 2. Download and unpack Cydia Impactor. 3. Connect your iDevice to your computer. If the device asks you to trust the computer, click the "Trust" button. 4. Launch Cydia Impactor and verify that your device ID and model are displayed in the main window. 5. Drag the .ipa file into the Cydia Impactor. Enter your Apple ID and your password on the dialog boxes that follow. 6. If you have a paid developer account, skip this step. On the iDevice, go to Settings -> General -> Device Management. Select the Apple ID you used in step 3. Select Trust. 7. On your iDevice, launch the "yalu102" app, press "go," and wait a few moments. 8. Your device will reboot on its own. Unlock it and verify that Cydia has been added to your homescreen. If not, reopen the app and keep trying. Updating Yalu to the latest version 1. Reboot your device to revert back to an "unjailbroken" state. 2. Delete the old Yalu app from your device. 3. Follow the jailbreaking steps above to sideload the Yalu .ipa with Cydia Impactor. Your tweaks and settings will be restored upon re-jailbreaking. If you saved your shsh2 Blobs If you saved your device's .shsh2 blobs for 10.2 during the signing window, you may want to add your nonce to your NVRAM so you can restore back to 10.2 in case of a boot loop. 1. Open your .shsh2 blob using a text editor. Scroll to the bottom and look for the word "generator." Your nonce generator is the string of numbers and letters that follows. Copy that string or write it down. 2. SSH to your phone or use MTerminal to enter the following commands: su alpine (or your changed password) nvram com.apple.System.boot-nonce=<your nonce generator> nvram -p 3. After this is done, ensure that the top line is com.apple.System.boot-nonce=<your nonce generator> 4. Every time your phone reboots, you must re-execute these commands. Remember that you must execute these two commands every time you reboot your device!