Free Sideloading

Any iOS! No Computer! No App Limit! No Revokes! No 7 day Resigning! Add Repos for quick install!

Guide Made by PuReEnVyUs https://www.reddit.com/u/PuReEnVyUs/s/UEAN9kowDo

Date: 05/18/2024

Introduction

I have been jailbreaking/sideloading on my iPhone for many years and I wanted to give back to the community with this new method of free sideloading.
I used to use AltStore until I found this new method and here is a quick guide.(working for 10+months so far) This is for experienced people and not a deep dive. I found all links online and do not know who made them or affiliated with anyone just wanting to help out the community.
This method uses already revoked certificates to install apps hence why they do not get revoked.
This works on iPad and iPhone and has been tested and approved by people on the r/sideloaded & r/jailbreak & r/piracy communities.

Disclaimer

This method uses a DNS to block Apple's detection check if a cert is revoked if this is disabled.
If you have used scarlet in the past there is a high likelihood that you have become blacklisted from the certs as they use the same ones meaning you will get this error even with the DNS anti revoke installed. No fix for that until new certs become available.(The only way to use this method if blacklisted is to backup then restore/reset the device this will unblacklist you.)
There is a bug with ESign while manually importing files.

This will cause all apps to STOP WORKING (not loading when opening apps) including non sideloaded apps, but there is an easy fix.
Hard reset your phone (press volume up then down then hold the power button) until the phone restarts.

Using the DNS blocks Apple specific services from working notably the ability to use the translation app and update your device. (Note:this only happens when using khomod dns)
Crashing apps

If your esign and sideloaded apps start crashing when opened this is a known bug the only fix is to delete all crashing apps and reinstall using another cert. (Best way to avoid is to turn on airplane mode before restarting the device)

Guide

Quick newb guide

Install these two shortcuts

Be sure DNS is enabled in settings
Install esign using cert
Download same cert use to install ESign
Import cert into Esign
Profit

Disclaimer! This DNS is prebuilt and all DNS can track your internet activity! Use it if you want but just know it’s possible for the person who made it to track your internet logs.

If you want to learn how to sign apps or add repos look below!

Quick repos (copy and paste into app source)

source[5GHxhb1U7Lc5jIMpumASbN2teg9dyK5EAazzwnfm1/gPKQPTWzcz/GqlPDc/7Km2PMYo6ZLWw8aBN0jFOyphsztwijHaOP/HgNtFseMyB1X3pIk160RewkryDBOO3lYEn1vYXVzQp6qN4HcSSLFlGwnKEsOOtBr35cueB03dmxMyY1Qg36zceyW94Lvj3KnjrespEdmy81mQXjZdEkfvusBgMY9tx3QGxf7wHuZb8c7S6dH+8Yiefb6/CJdnNReBWDWNJElk7pemB1AOHyGz91gf5G3LceM1YMYlu2Uz+cOVCf8xr1PhW1YCv2DOxkgO+ZtHkm/ZHWlwCgN6ihf1dor4cg8avPhru+Dizud1YPOKbty8QFMVZeEYjydTEc22Vc8z1vLY9uoSqkkC2KGLR//WJOkbUuFRGUgICFesTlR1BDRpUyu8UDfJimXMKgb3hkh6CQ5/5OS3iuDYbFPsKV+7fj1xCt0j6/ag2RjXHxdmp02l8QRl+Jnmp6JVBPww4bUZwS+PQxhca4O0mFwGzO45PMclfxi9NASGxKor/61bgHvBLz/2RbBzmbyRM8lGjtmxoFMn1xAJYPC6vATs0XKgl12eMxSAK1ZmT/ikcagjYah31EAIpGKIZXIBGus4HJrwjfejevb4D2CujEa2osjjcmAunCHfqf5mc77QIB9nzT9r6WrhFTSrdqJ1gwNdalZrxLP6o8aC5RgTllnEwmeAmJArnG2U6k0DD/A2O6U9ZeQ8hKO35qtVHFKOXQ7yQTLdQZ6CPpbZ1DcYkWhXjzVgzIkvyDW/+9abspykP6jqH2iNPOQSRFBZnnbnsEghBz/FspJmrKZem8aLs1xZbMgWWN0xjbOr5UGuh2usf6BIxI15wIWFKLPlYWsF0q5vgxPJrSkfYHJ12N7mzeoufMchEaEpSD+AiHoHKzsBVxQlCP9vb/cvTC9TjpwDjHNbGut6Knk3ycn5ZDzGBIF7KPSfMdMuPZ3DVKm2Z/Y7//veUYyDiTCL7qkARIsnH1ChDkUzdp7uEW38W02yBMn2LH/81TRLNcXQdsQQ/Jg7EtHWBrFhDvYJvrh7uKpbvKidJISIYJkV15HeK/dv7xzFnWPVi+44yzz9k1kxG9qYrEhi7oRvcFKVtavxa6sDzyTLm3COUf1ZdoYoF3ZGf0vE5Id/x8AW+oV5/FZkxC3k8tgEVGciqYCCILD0u6X7mP1Jrvjg5T0xfVO94ZHh0E2xhLja009ZmaDR3JwFbzgOEw9jlqth4+Bg3TPVp89DlbarkpUIdL0eqeOWmBfmYzt2ebQXfg3Yt9cZo6LrJgXtlvo5CWwZRr8On5yK+3Jm0D9PlRGt4dTXCXXBw+fZqtH5kkEwJJHqxIcbgDoBE8Ieb9aKWEF/vcLvN9lPLugex/pO4CFGYUOE+ZcTNYJoLr2fuctFbSFPi5Tb0aKqXxVQZlKSz7YVee4eiAub1r+f9VskvJ7jb1xOAKuSIgjKRYcJYgHekrOy/JV2WfcBE35LB4LPBZLSA3H+YwdkyenoVKv4z2UicQVoiajgvWMlRsNFi/+2aO5ck4rQeNlahyOprSIUzRH2iNoRXRXbB5Jszobe2EoZycYncQifcRXdGteoIpefasxDzRqykyB/uJcbBlSEb70cuNTIR/RWrRdUKXVi5NxDfMyzorQDjBaLBjGS7+Gda+IYqy6cxRVJNoTkiymUGRcvx/qEatvT2EqCUFFRtRIjb+SVpNzrz+hwar/tmLMTndPNJFVKqJQr5jUEKz/5xv3O95vN28PFWqEQlrmZpuupKs8YCh8FaSj1dguMGGbuxiap2T+VMUa0w8BKpb40q8AST+iFnxR/iz+oYR2o+EfVgo3DtLsLAKGmDxRhckztSqv2tpRK9f8qW1O9JTCoHtyds3nml3kTzTH77QLJZnll+3990A+6RiG/nBuGMt0PTa1wdKuHolYhSHkcvISKK874tO6plGLn4ZfK0OZmW0EtMJB16Mg5ys/X9LG+rFc=]

Best Guide

Step 1: Make your DNS. [Removed pre built DNS]

When you make your own DNS you have multiple services to choose from (or host your own server),i’d recommend NextDNS

make an account
go to “denylist”
add these links to the denylist

ocsp.apple.com
ocsp2.apple.com
valid.apple.com
crl.apple.com
certs.apple.com
appattest.apple.com
vpp.itunes.apple.com

If you would like to use Feather a new sideloading app alternative to ESign you need to do one extra step! Add the URL below to the Allow List. You need to get the P12 and mobile provision files to import into Feather as it is not compatible with the .esigncert file type these can be found on the AppleP12 telegram. (You only need to do this if you want Feather and takes a lot more time to set up) (see update 9/4 for pictures of how to get to the certs if you get lost)

app.localhost.direct

Only add the ones below if you want to block iOS updates

mesu.apple.com
guzzoni-apple-com.v.aaplimg.com
gdmf.apple.com
axm-app.apple.com
comm-cohort.ess.apple.com
comm-main.ess.apple.com
Once you have your deny list set up you need to install the DNS profile by going to the setup tab and hitting download config profile
Then enable the DNS and check that it is turned on in VPN & device management found in General in settings

If you have another DNS be sure to disable it along with turning off a VPN

Step 2

Download ESign from link below it has quite a few certs to choose from just get one that works (some will fail to install) just keep trying until you get one to install

Someone made a shortcut and made it even faster to install both ESign and feather and get the cert files!
https://www.icloud.com/shortcuts/57f03a5d4bbf4529a03e2598828b05de

https://esigncert.github.io/khoindvn/

Alt links (If none above work you are most likely blacklisted you will need to backup > erase all content and settings > restore. This is the only way to get unblacklisted)

Do not use the live (or active) cert link this certificate is currently signed. Do not use that certificate. It will work but if the certificate gets revoked your apps will get revoked. This is what some other signing services use and are subject to being revoked quickly.

Step 3:

Download the certs file zip (FILE ESign Cert) this is on the same website (this contains revoked certificates which will be used to install apps)

Step 4:

Trust ESign in settings to allow you to open the app (settings > general > VPN & device management

Step 5:

Open ESign (WARNING) I have noticed on some phones there is a bug that will cause all apps to stop working while trying to import files or apps! Just do a hard reset of your phone (quick press Up then Down then hold power button)

Step 6:

In ESign go to the far left tab(files) and at the top right corner hit that and select import. Then choose the cert .zip file to import once imported click it to unzip you can then delete the zip file

Step 7:
Open cert folder and pick one out to install. I use HDFC but any should work if one does not work just try another. Import by clicking on the cert and importing.
Step 8:
That’s it you're all set up now time to get some apps! For this you have 2 ways to install apps

First, you can import download .ipa files in the same file location as the zip folder. It will ask if you want to import App Library and click yes and it will move to the unsigned tab
Second, you can use repos which is my preferred method to install apps as you can download and install directly inside ESign.

To add a repo go to the App Store tab > app source (top left) > + (top right) you can then paste your repos

Here is a all the repos I currently use just copy this text and then hit the plus sign and it will paste them all

Repos URLs/telegrams for games found Here
Once you download an app it will pop up in your downloads tab just click on the app and hit import App Library this will move it to the unsigned in the apps tab
Step 10:

Go to the apps tab you will see the unsigned app you imported click on it and hit “SIGNATURE” (DO NOT JUST HIT INSTALL IT WILL NOT WORK!) after that hit signature again and it will load then hit install and a pop up will come up for it to install the app and you're done no revokes and install as many as you want!

If you are looking for more hacked games I suggest https://www.iosappgods.com or telegram links found @ https://rentry.org/ipa-sources2
Any questions please feel free to ask! Post a comment on the Reddit post

If you would like to use Feather a new sideloading app alternative to ESign you need to do one extra step! You need to get the P12 and mobile provision files to import into Feather as it is not compatible with the .esigncert file type these can be found on the AppleP12 telegram. (You only need to do this if you want Feather and takes a lot more time to set up)

VPN Setup

The most asked question is can you use a VPN? The answer is yes, but it takes some work to get it to work without revoking all your apps. This is because VPNs have a built in DNS they use to filter internet traffic and it’s possible to adjust the built in VPN DNS to work with NextDNS or another DNS provider.

First you will need to find your DNS address for NextDNS you can find it here (yours will be different than mine)

Next you will need to take the address and change your VPN from automatic to manual (This is different for every VPN!)

Wireguard guide thanks to u/Dropped_Angel

Connecting NextDNS with VPN.

This should be somewhat universal depending on your vpn’s configurability.

Setup a WireGuard profile. Configure WireGuard App.

(Paid) AirVPN configuration Generator

Download and setup the .conf file for WireGuard. Proceed with setting up NextDNS as WireGuard’s DNS

Use your NextDNS custom dns and copy the first one on both.

Just use the first line on both

Copy and paste the first line of

Part 1 and Part 2. Separated with a comma

Repeat the steps for every thing configuration, future and current.

SAVE.

Dylib/Deb Guide

For more advanced users you may find an app or game that does not have a tweaked version. This is a quick guide to import or remove dylib/debs from an ipa to allow for free in app purchases (IAP) or block ads or even add igamegod (a hex editor tool to modify values like gold/gems)

You can get most decrypted apps from

https://decrypt.day/

(Some may not be the most up to date)

https://armconverter.com/decryptedappstore/us

(More up to date but has a 2 app a day limit)

If you can’t find it here there are a few other websites you can search for decrypted ipas if you have a suggestion let me know and I will add it to the link.

Dylib/Deb files

Finding them can be difficult so I provided a few I’ve found throughout the subreddit below, but if you want to look at more I found this .ipa you can sideload as it has a ton.

PostBox IPA

(Recommend you go to the repos tab and add some like TheBigBoss & Julioverne)

If you do not want an app to download you can also use this website to search for them.

https://www.ios-repo-updates.com

Adblock

https://julioverne.github.io/debfiles/com.julioverne.adblock_0.2~beta1_iphoneos-arm.deb

http://apt.thebigboss.org/repofiles/cydia/debs2.0/splashadblock_1.5.deb

If the Adblock does not work try to find a deb file for your app

IAP (Free In App Purchases)

https://github.com/Paisseon/SatellaJailed/blob/emt/SatellaJailed.dylib

This is only for non-server sided IAP’s so mainly low anti-cheat games (Will not work for all apps and you can get banned from the game if they have anti cheat detection)

IGG (IGameGod Hex Editor)

https://iosgods.com/igg

Works on most games to modify game values of anything the game keeps numbers on and works with non-server values cash/gold/gems

Injecting Deb/Dylib

Import the ipa you want to modify into esign files tab and click on it to “add library” so it moves into the unsigned apps tab

Next import your Deb/Dylib files to the same file tab

Click on the app like normal but instead of hitting signature hit “more settings”

Next find the Add Library

Then add the ones you want

Hit OK and you will see them added

Then just Sign the app and you are done!

Removing Dylib/Debs

Sometimes tweaked apps come with garbage they don’t need (Looking at you iosgods) you can remove junk like for example iosgods ad popups in a similar way.

In the more settings tab you can click on Remove Existing Library to remove unwanted

This can be helpful for tweaked apps that have a bunch of unnecessary tweaks injected to them as well most notably in tweaked YouTube, Spotify or social media apps that can cause issues.

Date: 05/19/2024

Updates/News

Well it didn’t last long my post for r/sideloaded & r/jailbreak were removed by the mods but the post is still active on my Reddit so if you can still share to those that need it.
Concerns have been raised about the DNS and ESign security I have been using for months without any issues but use at your own risk I do not have the source code for them but I am looking into making my own DNS that is open source so you can be sure it’s safe to use.

Found this regarding the safety posted by a mod in the r/sideloaded but still looking into making my own DNS that’s open source but should be safe.
https://www.reddit.com/r/sideloaded/s/rLss0k1Mvg

Thanks everyone for the support!

Date: 05/21/2024

Added to the disclaimer that using scarlet in the past has a high likelihood of being blacklisted from the certs this means you will not be able to use this method until a new cert becomes available.
Don’t be this guy

Date: 06/10/2024

Tested and works on iOS 18!
Still working on DNS update
Added better wording and additional pictures to step 10 because people kept getting confused
Added guide for how to update iOS or if you are blacklisted the community has found a fix! (Restore/reset)

Date: 06/20/2024

https://www.reddit.com/r/sideloaded/s/T7zfInMGlH

Anti-revoke DNS update! ESign

Hello my fellow r/sideloaded friends!

If you have been using the guide I made a while back I hinted at a coming update for the DNS profile originally created by Khomod.

https://github.com/toasty-dev/Khomod

The DNS is open source and available for all to see the blocking used and non tracking if you would like to take a look.

Date: 07/17/2024

Added by u/Ornery_Ingenuity3178

You can now use vpns with the DNS,specifically [Link removed] (this discovery was found by @bbsdieheardfan1)

(NOTE:this has only been tested on that specific VPN)

If you want to make your own DNS you have multiple services to choose from (or host your own server),i’d recommend NextDNS

make an account
go to “denylist”
add these links to the denylist

ocsp.apple.com
ocsp2.apple.com
valid.apple.com
crl.apple.com
certs.apple.com
appattest.apple.com
vpp.itunes.apple.com

Only add the ones below if you want to block iOS updates

mesu.apple.com (Optional)
guzzoni-apple-com.v.aaplimg.com(Optional)
gdmf.apple.com (Optional)
axm-app.apple.com (Optional)
comm-cohort.ess.apple.com (Optional)
comm-main.ess.apple.com (Optional)

Download the nextDNS app and paste the configuration id into the settings

After that go to general>>vpn and device management>>DNS and choose nextDNS.

Also! If you would like to block ads using the DNS recommend using multi pro or pro++ using this Guide

Alternatively if this is too advanced you can easily add ad guard and other ad blockers in NextDNS blocklist under the privacy tab.

In other news a new NoLogs version of ESign has been made easily available through the Swaggy repo

This can be signed and setup after installing ESign for added security. Once installed you can delete the original ESign.

More updates to come soon!

Date: 07/23/2024

Common Q&A

Q: None of the ESign links working and not installing!

A: Most likely blacklisted! If you have used scarlet in the past or if you have used this and had to reinstall or if you EVER disabled the DNS. Only fix is to backup > erase all content and settings > restore from backup. Redo all steps in guide and all certs should work again.

Q: I installed ESign, but when I try to sign/install an app I am getting “integrity not verified” or “App requires verification”

A: Use the same cert you used to install ESign. This can be found in general > VPN & Device Management if you can’t remember.

Q: Can I get notifications for sideloaded apps?

A: Depending on the cert, some have added notifications for some apps, however you cannot edit the mobile provisions file of a revoked cert to add apps to the notification list. (No instagram notifications is the most common question)

Q: What cert should I use?

A: HDFC, Aldo, & Sunshine seem to be the most reliable in the US other than that just use one that works for you. (HDFC seems to have the most notifications added in mobile provisions)

Q: What is NoLogs ESign? What’s the difference?

A: NoLogs removes telemetry data. This is data sent back to the dev with logs like information about crashing, iOS version, device, and a lot more. Typically this is nothing new. Every single app has this tracking including apps on the AppStore, but this is sent to a Chinese company and many do not want them to have even more information about them.

Q: Can I update my phone with the DNS?

A: Yes, but only if you set up your own DNS

Q: Do I need to redo the steps after I update?

A: Not if you set up your own DNS, otherwise yes. (May need to reset device if disabled DNS to update to get unbalacklisted)

Q: Does this work on iPad / Apple TV / Apple Vision Pro / Apple Watch?

A: iPad yes, all others no (paid certs do support others)

Q: Can I use a VPN?

A: Yes, but you need to be able to edit the VPNs built in DNS from automatic (using the VPNs DNS) to manual (using your own built DNS) this will very from each VPN as they are all different. Here is a guide made by for those interest in a in depth look

Q: Can I inject .debs / .deylib into apps?

A: Yes, no guide yet but if enough people ask I can add it into this guide. (Gamegod or other hacks)

Q: All my sideloaded apps are crashing/instantly closing on open! Is there a fix?

A: Yes and No, seems to be a bug when the phone is restarted (not sure the cause as it is not every time) to be extra safe you can turn on airplane mode before restarting your phone. Not entirely sure if this does anything, but could avoid the crashing bug. To fix you must delete all crashing sideloaded apps and start again with a new cert. 🥲

Q: Can I use a paid cert with ESign?

A: Yes, just import your P12 & mobile provision files. (No need to use a DNS)

Q: What if I use a non revoked leaked cert?

A: It will work until it gets revoked (don’t use an active cert)

Q: Does this work on IOS 18?

A: Yes

Please feel free to ask more and I will add if anyone has another question. Trying to reduce the amount of questions I get on the daily.

Date: 09/04/2024

Feather support added to guide
New link to download ESign

How to find the revoked certs on AppleP12

Date: 09/04/2024

Added Dylib/Deb injection guide