dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
714
share rss forum feed


dellsweig
Extreme Aerobatics
Premium,MVM
join:2003-12-10
Campbell Hall, NY
kudos:1

[JB] How they did it - AWSOME

This should make any Unix internals person smile

»www.forbes.com/sites/andygreenbe···-iphone/
--
Nothin' left to do but smile smile smile


JohnInSJ
Premium
join:2003-09-22
Aptos, CA
This Unix internals person cringed at
"it uses a Unix trick called a shebang that can summon up code from another, signed application. "

»en.wikipedia.org/wiki/Shebang_%28Unix%29

This isn't a "Unix trick". This is how shell files indicate what shell they need to interpret themselves. If THAT is the security hole in iOS, it's time to fire the security review team. Wow.

"Wang wont say exactly how that AMFID-defeating part of the jailbreak works. Apple can figure that one out for themselves, he says." and then he goes on to explain how they defeated ASLR (which has been defeated many times) so, clearly, they're patching stuff in memory to defeat AMFID - not unlike the Surface RT hack that lets you run unsigned code on RT.

Nice hack. I'm convinced at this point Apple makes these things just hard enough to jailbreak to seem like it's an accomplishment, but not so hard as to be impossible. The exploits used here are actually fairly critical security holes in iOS, they have to have been left purposefully. If not, then as I said some people should be looking for new work.
--
My place : »www.schettino.us


dellsweig
Extreme Aerobatics
Premium,MVM
join:2003-12-10
Campbell Hall, NY
kudos:1
said by JohnInSJ:

This Unix internals person cringed at
"it uses a Unix trick called a shebang that can summon up code from another, signed application. "

»en.wikipedia.org/wiki/Shebang_%28Unix%29

This isn't a "Unix trick". This is how shell files indicate what shell they need to interpret themselves. If THAT is the security hole in iOS, it's time to fire the security review team. Wow.

"Wang wont say exactly how that AMFID-defeating part of the jailbreak works. Apple can figure that one out for themselves, he says." and then he goes on to explain how they defeated ASLR (which has been defeated many times) so, clearly, they're patching stuff in memory to defeat AMFID - not unlike the Surface RT hack that lets you run unsigned code on RT.

Nice hack. I'm convinced at this point Apple makes these things just hard enough to jailbreak to seem like it's an accomplishment, but not so hard as to be impossible. The exploits used here are actually fairly critical security holes in iOS, they have to have been left purposefully. If not, then as I said some people should be looking for new work.

This UNIX internals person smiled ear to ear......
--
Nothin' left to do but smile smile smile


HiVolt
Premium
join:2000-12-28
Toronto, ON
kudos:21
reply to dellsweig
Nice, but why post the freakin recipe? Just makes it easier for Apple to close the loopholes...
--
F**K THE NHL. Go Blue Jays 2013!!!


miataman

join:2010-10-27
Chelmsford, MA
kudos:1
Reviews:
·Verizon FiOS
reply to JohnInSJ
said by JohnInSJ:

I'm convinced at this point Apple makes these things just hard enough to jailbreak to seem like it's an accomplishment, but not so hard as to be impossible.

I think of it as "Deep Marketing"
--
"My hat, my cane, Jeeves".


loli
Premium
join:2002-08-26
South Richmond Hill, NY
reply to HiVolt
said by HiVolt:

Nice, but why post the freakin recipe? Just makes it easier for Apple to close the loopholes...

Apple will figure it out just from the evasion software anyways.


bbarrera
Premium,MVM
join:2000-10-23
Sacramento, CA
kudos:1
reply to dellsweig
I liked this 'how they did it' explanation:
»blog.accuvantlabs.com/blog/bthom···omponent


dellsweig
Extreme Aerobatics
Premium,MVM
join:2003-12-10
Campbell Hall, NY
kudos:1
said by bbarrera:

I liked this 'how they did it' explanation:
»blog.accuvantlabs.com/blog/bthom···omponent

Once again - AWSOME.........
--
Nothin' left to do but smile smile smile


J E F F
Whatta Ya Think About Dat?
Premium
join:2004-04-01
Kitchener, ON
kudos:1
reply to JohnInSJ
Those security holes shouldn't be there. Doesn't matter, as long as we can jailbreak.


RiseAbove
Premium
join:2004-01-30
reply to dellsweig
Looks like a bunch of people will be stuck on 6.1 because I have a feeling these holes should be patched up for the next build. Why people decided to post almost every detail of the jailbreak instead of letting Apple guess is beyond me.


loli
Premium
join:2002-08-26
South Richmond Hill, NY
said by RiseAbove:

Looks like a bunch of people will be stuck on 6.1 because I have a feeling these holes should be patched up for the next build. Why people decided to post almost every detail of the jailbreak instead of letting Apple guess is beyond me.

You think Apple won't analyze and debug what the jailbreak does? The same way all these other people have posted the process of the jailbreak is exactly what Apple will do with their own team who also happens to have access to the source code.


AlyrianSinba

@pnap.net
Did it myself; watched the Linux version Jailbreak two devices with strace -ff -s4096 ./evasi0n.x86_64 2>&1|tee /tmp/jailbreak.log

That's just client-side with push-pull, didn't watch iOS. When a "white-hat" exploit driven OS compromise dubbed "Jailbreak" is released it's trivial to see how they did it. The real art itself is the vulnerability discovery and packaging. I'll tip my hat to evad3rs, well done, and a very well packaged "idiot" ready solution across Windows, OS X, and Linux. I would encourage supporting these folks through PayPal.

I would be more concerned with post-Jailbreak if the security issues are address in the form of deb/Cydia patches. Through their awesomeness they've defeated ASLR, code-signing, a read-only filesystem (mount -o remount,ro / == yummy), and the illusion of walled garden security. I'd love to see a DMCA-friendly errata backport method for patching the same vulnerabilities that allowed us to free our devices.

-AS


dellsweig
Extreme Aerobatics
Premium,MVM
join:2003-12-10
Campbell Hall, NY
kudos:1
reply to dellsweig
»www.tuaw.com/2013/02/08/evasi0n-···-a-week/
--
Nothin' left to do but smile smile smile


ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
kudos:4
reply to RiseAbove
said by RiseAbove:

Looks like a bunch of people will be stuck on 6.1 because I have a feeling these holes should be patched up for the next build. Why people decided to post almost every detail of the jailbreak instead of letting Apple guess is beyond me.

6.1.1 is already being seeded.