dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
58

JohnInSJ
Premium Member
join:2003-09-22
Aptos, CA

JohnInSJ to dellsweig

Premium Member

to dellsweig

Re: [JB] How they did it - AWSOME

This Unix internals person cringed at
"it uses a Unix trick called a shebang that can summon up code from another, signed application. "

»en.wikipedia.org/wiki/Sh ··· 8Unix%29

This isn't a "Unix trick". This is how shell files indicate what shell they need to interpret themselves. If THAT is the security hole in iOS, it's time to fire the security review team. Wow.

"Wang wont say exactly how that AMFID-defeating part of the jailbreak works. Apple can figure that one out for themselves, he says." and then he goes on to explain how they defeated ASLR (which has been defeated many times) so, clearly, they're patching stuff in memory to defeat AMFID - not unlike the Surface RT hack that lets you run unsigned code on RT.

Nice hack. I'm convinced at this point Apple makes these things just hard enough to jailbreak to seem like it's an accomplishment, but not so hard as to be impossible. The exploits used here are actually fairly critical security holes in iOS, they have to have been left purposefully. If not, then as I said some people should be looking for new work.

dellsweig
Extreme Aerobatics
MVM
join:2003-12-10
Campbell Hall, NY

dellsweig

MVM

said by JohnInSJ:

This Unix internals person cringed at
"it uses a Unix trick called a shebang that can summon up code from another, signed application. "

»en.wikipedia.org/wiki/Sh ··· 8Unix%29

This isn't a "Unix trick". This is how shell files indicate what shell they need to interpret themselves. If THAT is the security hole in iOS, it's time to fire the security review team. Wow.

"Wang wont say exactly how that AMFID-defeating part of the jailbreak works. Apple can figure that one out for themselves, he says." and then he goes on to explain how they defeated ASLR (which has been defeated many times) so, clearly, they're patching stuff in memory to defeat AMFID - not unlike the Surface RT hack that lets you run unsigned code on RT.

Nice hack. I'm convinced at this point Apple makes these things just hard enough to jailbreak to seem like it's an accomplishment, but not so hard as to be impossible. The exploits used here are actually fairly critical security holes in iOS, they have to have been left purposefully. If not, then as I said some people should be looking for new work.

This UNIX internals person smiled ear to ear......

miataman
I've attained a PHD in DVR.
Premium Member
join:2010-10-27
Chelmsford, MA

miataman to JohnInSJ

Premium Member

to JohnInSJ
said by JohnInSJ:

I'm convinced at this point Apple makes these things just hard enough to jailbreak to seem like it's an accomplishment, but not so hard as to be impossible.

I think of it as "Deep Marketing"

J E F F4
Whatta Ya Think About Dat?
Premium Member
join:2004-04-01
Kitchener, ON

J E F F4 to JohnInSJ

Premium Member

to JohnInSJ
Those security holes shouldn't be there. Doesn't matter, as long as we can jailbreak.