With the rise of open source PoC exploits like Ian Beer's past exploits in 10.1.1, 10.2 and 11.1.2, it's become a simple enough matter to built on existing code obtaining kernel memory read/write access (via the SEND right to the kernel_task port, commonly referred to as "TFP0"). But the kernel_task alone does not a jailbreak make*.
Many developers have already built on Beer's code, adding in elements from various PatchFinders like @Xerub's and others - but the resulting code is often messy, prone to fragmentation, relies on multiple magic values and is insufficiently commented, and - most importantly - unmaintainable in the face of shifting symbol offsets and structure offsets. Further, not all code provided in such jailbreaks passes the tests of stability, as kernel memory overwriting needs to be done with extreme care, so as to avoid locks, data aborts, and other potential causes of panics.
The QiLin Jailbreak ToolKit is a simple code base, which standardizes all the common tasks required for jailbreaking - from breaking out of the sandbox and assuming root capabilities, remounting the root file system, unpacking binaries, and more - in a way that is stable, safe, and reduces the amount of code to about 10 lines. It is aimed at researchers and jailbreak enthusiasts, who wish to learn more about the intricacies of kernel tinkering without being bogged down by the nooks and crannies of setting up a stable work environment.
In other words, the toolkit handles the complicated tasks, and you can build whatever UI/customization/tweaking/modding of the jailbreak you want.
By the way, for those people wondering what a QiLin (in Japanese and western languages, "Kirin") is - it's an auspicious, unique, highly magical and extremely powerful creature which takes the form of a cross between a dragon and lion (and sometimes, horse). Wikipedia gets the gist of it, though I'm more a fan of the AD&D interpretation.
All you have to do in order to build on QiLin is to call:
int initQiLin (mach_port_t TFP0, uint64_t KernelBase);
with the kernel send right (TFP0) and the kernelbase (i.e address of kernel Mach-O + slide). And now you don't even have to do that anymore since QiLin can figure out the slide with just your own task address (which exploits use anyway). The rest is provided by numerous functions - Let the .h file speak for itself:
I'm working on stabilizing a few things and bullet-proofing them, and as soon as I do QiLin will be fully open source and NOT BE OPEN SOURCE because of nasty folk (see LICENSE below) but will forever be FREE, and - for the time being - maintained by me . In the meanwhile, Here's the object file you can drop into your project to start using it! And the above .h file is here as well
For iOS 12, you need this file, since structures have changed. THIS FILE IS HIGHLY EXPERIMENTAL AT THE MOMENT (Feb 1st, 2019). I'm working on making a universal 10-12 one. See forum post for details.
To compile: Drop qilin.o and sha256.o in same directory. Then gcc -arch arm64 ...c qilin.o sha256.o -o .... and that's it (assuming you fix the broken iOS headers by copying them over from MacOS first!).
Updated API with exported KMR/KMW functions for true kernel_task-less operation! (Although @jaakerblom's hacks work really well!)
integrated sha1/sha256 so that you now have one .o