diff --git a/AGENTS.md b/AGENTS.md
index 2a1d850..553a18c 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -33,7 +33,7 @@ For any changes applying new patches, also update research/0_binary_patch_compar
 | ------------------- | :---------: | :-------: | ---------------------------------- |
 | **Regular**         | 51 patches  | 10 phases | `fw_patch` + `cfw_install`         |
 | **Development**     | 64 patches  | 12 phases | `fw_patch_dev` + `cfw_install_dev` |
-| **Jailbreak (WIP)** | 126 patches | 14 phases | `fw_patch_jb` + `cfw_install_jb`   |
+| **Jailbreak**       | 126 patches | 14 phases | `fw_patch_jb` + `cfw_install_jb`   |
 
 See `research/` for detailed firmware pipeline, component origins, patch breakdowns, and boot flow documentation.
 
diff --git a/Makefile b/Makefile
index 183e001..fc1d818 100644
--- a/Makefile
+++ b/Makefile
@@ -42,7 +42,7 @@ help:
 	@echo ""
 	@echo "LazyCat (AIO):"
 	@echo "  make setup_machine                   Full setup through First Boot"
-	@echo "    Options: JB=1                      Jailbreak firmware/CFW path (WIP)"
+	@echo "    Options: JB=1                      Jailbreak firmware/CFW path"
 	@echo "             DEV=1                     Dev firmware/CFW path (dev TXM + cfw_install_dev)"
 	@echo "             SKIP_PROJECT_SETUP=1      Skip setup_tools/build"
 	@echo "             NONE_INTERACTIVE=1        Auto-continue prompts + boot analysis"
@@ -67,7 +67,7 @@ help:
 	@echo "             CLOUDOS_SOURCE=   URL or local path to cloudOS IPSW"
 	@echo "  make fw_patch                Patch boot chain (6 components)"
 	@echo "  make fw_patch_dev            Patch boot chain (dev mode TXM patcher)"
-	@echo "  make fw_patch_jb             Run fw_patch + JB extension patches (WIP)"
+	@echo "  make fw_patch_jb             Run fw_patch + JB extension patches"
 	@echo ""
 	@echo "Restore:"
 	@echo "  make restore_get_shsh        Fetch SHSH blob from device"
diff --git a/README.md b/README.md
index ec15b0c..da7c276 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@
 
 Boot a virtual iPhone (iOS 26) via Apple's Virtualization.framework using PCC research VM infrastructure.
 
-![poc](./docs/demo.png)
+![poc](./docs/demo.jpeg)
 
 ## Tested Environments
 
@@ -22,7 +22,7 @@ Three patch variants are available with increasing levels of security bypass:
 | ------------------- | :-------------: | :-------: | ---------------------------------- |
 | **Regular**         |   41 patches    | 10 phases | `fw_patch` + `cfw_install`         |
 | **Development**     |   52 patches    | 12 phases | `fw_patch_dev` + `cfw_install_dev` |
-| **Jailbreak (WIP)** | 66 / 78 patches | 14 phases | `fw_patch_jb` + `cfw_install_jb`   |
+| **Jailbreak**       | 66 / 78 patches | 14 phases | `fw_patch_jb` + `cfw_install_jb`   |
 
 `66` = default JB kernel method plan; `78` = default + optional kernel methods (`VPHONE_JB_ENABLE_OPTIONAL=1`).
 
@@ -97,7 +97,7 @@ make vm_new                   # create vm/ directory (ROMs, disk, SEP storage)
 make fw_prepare               # download IPSWs, extract, merge, generate manifest
 make fw_patch                 # patch boot chain (regular variant)
 # or: make fw_patch_dev       # dev variant (+ TXM entitlement/debug bypasses)
-# or: make fw_patch_jb        # jailbreak variant (+ full security bypass) (WIP)
+# or: make fw_patch_jb        # jailbreak variant (+ full security bypass)
 ```
 
 ## Restore
diff --git a/docs/README_ja.md b/docs/README_ja.md
index 22ebbcb..dd38e6e 100644
--- a/docs/README_ja.md
+++ b/docs/README_ja.md
@@ -4,7 +4,7 @@
 
 Apple の Virtualization.framework と PCC の研究用 VM インフラを使用して、仮想 iPhone (iOS 26) を起動するためのツール
 
-![poc](./demo.png)
+![poc](./demo.jpeg)
 
 ## 検証済み環境
 
@@ -22,7 +22,7 @@ Apple の Virtualization.framework と PCC の研究用 VM インフラを使用
 | ----------------- | :------------: | :---------: | ---------------------------------- |
 | **通常版**        |   41 パッチ    | 10 フェーズ | `fw_patch` + `cfw_install`         |
 | **開発版**        |   52 パッチ    | 12 フェーズ | `fw_patch_dev` + `cfw_install_dev` |
-| **脱獄版（WIP）** | 66 / 78 パッチ | 14 フェーズ | `fw_patch_jb` + `cfw_install_jb`   |
+| **脱獄版**       | 66 / 78 パッチ | 14 フェーズ | `fw_patch_jb` + `cfw_install_jb`   |
 
 `66` は JB のデフォルトカーネルパッチ計画、`78` はデフォルト + オプションカーネルパッチ（`VPHONE_JB_ENABLE_OPTIONAL=1`）です。
 
@@ -76,7 +76,7 @@ make vm_new                   # vm/ ディレクトリの作成（ROM、ディ
 make fw_prepare               # IPSW のダウンロード、抽出、マージ、マニフェスト生成
 make fw_patch                 # ブートチェーンのパッチ当て（通常バリアント）
 # または: make fw_patch_dev   # 開発バリアント（+ TXM entitlement/デバッグバイパス）
-# または: make fw_patch_jb    # 脱獄バリアント（+ 完全セキュリティバイパス）（WIP）
+# または: make fw_patch_jb    # 脱獄バリアント（+ 完全セキュリティバイパス）
 ```
 
 ## 復元
diff --git a/docs/README_ko.md b/docs/README_ko.md
index 45e039d..4432920 100644
--- a/docs/README_ko.md
+++ b/docs/README_ko.md
@@ -4,7 +4,7 @@
 
 PCC 리서치 VM 인프라와 Apple의 Virtualization.framework를 사용하여 가상 iPhone(iOS 26)을 부팅합니다.
 
-![poc](./demo.png)
+![poc](./demo.jpeg)
 
 ## 테스트된 환경
 
@@ -22,7 +22,7 @@ PCC 리서치 VM 인프라와 Apple의 Virtualization.framework를 사용하여
 | -------------- | :----------: | :-------: | ---------------------------------- |
 | **일반**       |   41 패치    | 10 페이즈 | `fw_patch` + `cfw_install`         |
 | **개발**       |   52 패치    | 12 페이즈 | `fw_patch_dev` + `cfw_install_dev` |
-| **탈옥 (WIP)** | 66 / 78 패치 | 14 페이즈 | `fw_patch_jb` + `cfw_install_jb`   |
+| **탈옥**       | 66 / 78 패치 | 14 페이즈 | `fw_patch_jb` + `cfw_install_jb`   |
 
 `66`은 JB 기본 커널 패치 플랜, `78`은 기본 + 선택 커널 패치(`VPHONE_JB_ENABLE_OPTIONAL=1`)입니다.
 
@@ -76,7 +76,7 @@ make vm_new                   # vm/ 디렉토리 생성 (ROM, 디스크, SEP 저
 make fw_prepare               # IPSW 다운로드, 추출, 병합, manifest 생성
 make fw_patch                 # 부트 체인 패치 (일반 변형)
 # 또는: make fw_patch_dev     # 개발 변형 (+ TXM 권한/디버그 우회)
-# 또는: make fw_patch_jb      # 탈옥 변형 (+ 전체 보안 우회) (WIP)
+# 또는: make fw_patch_jb      # 탈옥 변형 (+ 전체 보안 우회)
 ```
 
 ## 복원
diff --git a/docs/README_zh.md b/docs/README_zh.md
index b869839..f1c8174 100644
--- a/docs/README_zh.md
+++ b/docs/README_zh.md
@@ -4,7 +4,7 @@
 
 通过 Apple 的 Virtualization.framework 使用 PCC 研究虚拟机基础设施引导虚拟 iPhone（iOS 26）。
 
-![poc](./demo.png)
+![poc](./demo.jpeg)
 
 ## 测试环境
 
@@ -22,7 +22,7 @@
 | ----------------- | :------------: | :--------: | ---------------------------------- |
 | **常规版**        |   41 个补丁    | 10 个阶段  | `fw_patch` + `cfw_install`         |
 | **开发版**        |   52 个补丁    | 12 个阶段  | `fw_patch_dev` + `cfw_install_dev` |
-| **越狱版（WIP）** | 66 / 78 个补丁 | 14 个阶段  | `fw_patch_jb` + `cfw_install_jb`   |
+| **越狱版**       | 66 / 78 个补丁 | 14 个阶段  | `fw_patch_jb` + `cfw_install_jb`   |
 
 `66` 表示 JB 默认内核补丁计划；`78` 表示默认 + 可选内核补丁（`VPHONE_JB_ENABLE_OPTIONAL=1`）。
 
@@ -76,7 +76,7 @@ make vm_new                   # 创建 vm/ 目录（ROM、磁盘、SEP 存储）
 make fw_prepare               # 下载 IPSWs，提取、合并、生成 manifest
 make fw_patch                 # 修补启动链（常规变体）
 # 或：make fw_patch_dev       # 开发变体（+ TXM 权限/调试绕过）
-# 或：make fw_patch_jb        # 越狱变体（+ 完整安全绕过）（WIP）
+# 或：make fw_patch_jb        # 越狱变体（+ 完整安全绕过）
 ```
 
 ## 恢复过程
diff --git a/docs/demo.jpeg b/docs/demo.jpeg
new file mode 100644
index 0000000..22e9922
Binary files /dev/null and b/docs/demo.jpeg differ