Skip to content
This repository was archived by the owner on Nov 30, 2025. It is now read-only.

andrd3v/titanium

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
fastPathSign
fastPathSign
 
 
opainject
opainject
 
 
.gitignore
.gitignore
 
 
Info.plist
Info.plist
 
 
InjectHelper.h
InjectHelper.h
 
 
InjectHelper.m
InjectHelper.m
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
RootHelper.h
RootHelper.h
 
 
RootHelper.m
RootHelper.m
 
 
TitaniumAppDelegate.h
TitaniumAppDelegate.h
 
 
TitaniumAppDelegate.m
TitaniumAppDelegate.m
 
 
TitaniumRootViewController.h
TitaniumRootViewController.h
 
 
TitaniumRootViewController.m
TitaniumRootViewController.m
 
 
TitaniumSplashViewController.h
TitaniumSplashViewController.h
 
 
TitaniumSplashViewController.m
TitaniumSplashViewController.m
 
 
alert.dylib
alert.dylib
 
 
avatar.png
avatar.png
 
 
control
control
 
 
ent.plist
ent.plist
 
 
libcrypto.a
libcrypto.a
 
 
libproc.h
libproc.h
 
 
libssl.a
libssl.a
 
 
lol.png
lol.png
 
 
main.m
main.m
 
 
teamID.h
teamID.h
 
 
teamID.m
teamID.m
 
 

Repository files navigation

Titanium icon

Titanium

Archive Note

This project is archived. The code was originally written in February 2025
and is kept here for reference / research purposes only.

In‑app dylib injection with CoreTrust bypass and opainject.
Titanium lets you pick a target process, optionally choose a custom .dylib, re‑sign it with a CoreTrust bypass, and inject it into the process on‑device.
Expected to work on iOS versions supported by TrollStore (roughly iOS 14.0 – 17.0) when running with appropriate platform entitlements.

Build

  • Uses Theos.
  • Clone the repo and run:
make package
  • Resulting Titanium.tipa will be placed in packages/.
    PRs and improvements are welcome.

Tested

  • Device: iPhone 11 Pro (arm64e)
  • Targets: Multiple stock App Store apps
  • Notes: Injection tested on real App Store-signed binaries, running on-device via TrollStore with appropriate entitlements.

Credits

  • CoreTrust bypass and signing flow based on fastPathSign.
  • ROP‑based injection built around opainject.
  • Upstream components retain their original licenses.
  • Various ideas inspired by the iOS jailbreak / TrollStore community.
  • Special thanks to rain for the idea of moving the dylib into the Application folder.

    Also tagging this troublemaker because he insisted 😏 He cracks good jokes, so he’s here
  • nkhmelni

License

See LICENSE.

About

In-place tweak injection with opainject and FastPathSign bypass.

Topics

jailbreak dylib tweak dylib-injection sideloading-ipas sideloading trollstore

Resources

Readme

License

View license
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

Titanium 1.0.0 – Initial runtime injector Latest
Nov 30, 2025

Packages

No packages published

Languages