Incoming!!!
IOS 7 JAILBREAK FEATURES, SPECS, RELEASE
The team of hackers that calls themselves the Evad3rs say they
actually had a full exploit capable of removing all the security
restrictions on iOS 6.1 devices working more than a month ago, but chose
not to release it until they could replace many of the components of
the hack with less valuable exploits, reserving the more powerful
techniques for future projects.
Even if we could only find another one or two more [bugs], we’d still
have at least one more jailbreak left in us,” planetbeing. “It’s getting
harder. But there are still a lot of vulnerabilities left.”
Complete Interview With Planetbeing (Member Of Evad3rs Jailbreak Team):
1. Has Apple ever contacted you, or the evad3rs, for any
reason (outside of regular business that Apple conducts with its
customers/developers)?
Yes. I got a job offer once. As far as I know, all
jailbreaker interactions with Apple have been pretty positive,
especially in contrast with what companies like Sony apparently do.
I didn’t take it for personal and logistical reasons. At the time I was
in Canada with a complicated visa situation. It wasn’t a solid offer
anyway. I’m sure
I’d’ve had to interview, etc., first but I didn’t choose to get much into the process at all.
2. How do you feel the future of jailbreaking looks based on
how long this release took? Do you think Apple will ever just release an
open iOS?
It’s hard to say. Apple has successfully mitigated many
vectors of attack in iOS 6. In this current jailbreak, we “evaded”
Apple’s mitigations in the userland with several vulnerabilities I would
perhaps characterize as “lame”, since these mistakes are a throwback to
earlier days of iOS jailbreaking where we primarily used filesystem
tricks. We only attacked Apple’s hardened security head-on in the
kernel. “Lame” vulnerabilities tend to be hard to find, however, so it’s
likely the next jailbreak will be tougher. That said, we also retain a
few tricks that may or may not help in the future. Who knows what the
weight of each factor should be when trying to determine how long the
next jailbreak will take.
I think the ship has sailed for Apple to consider shipping an open iOS.
The furthest they might have gone was perhaps allowing you to unlock the
bootloader like the Google Nexus phones. However, I don’t think they
currently have a compelling reason to.
3. I understand that the AppleTV jailbreak are usually an
afterthought compared to iPhones/iPads/iPods, but do you ever see it
becoming a priority or a focus?
Personally, I only work on stuff that I own and use. For
example, when I was in Canada and someone sent me an American locked
iPhone 4, I worked really hard on an unlock for it. I don’t really see
the appeal of an Apple TV at all so it’s not something I’d likely work
on, particularly since the injection part would be significantly harder
anyway.
Nothing is impossible, it’s just that some things fall below the intersection of difficulty and level of interest for people.
4. What is your opinion on what future iOS versions will
bring? Mainly thinking of widgets supported natively (similar to
Android).
When I first saw the SBWeeApp interface and Notification
Center, I thought for sure they’d have some way to let AppStore apps add
to it. However, the primary issue is that all the widgets currently
reside in a single process, which means they’re very likely to be able
to interfere with each other. In something like the AppStore ecosystem,
the probability approaches 1 and there could be a lot of problems.
Compounded with this is the fact that that process is SpringBoard, which
is the entire shell for iOS, so any problems are rather catastrophic
(tweaks crashing SpringBoard is never fun!).
However, they are apparently working on compartmentalizing SpringBoard
(it used to be the window manager for the OS as well) and perhaps
there’s a way to host different views that are actually controlled by
separate processes, so it might be possible in the future. Another
possibility is some widgets that are primarily determined by property
lists or something, similar to how the Settings app works.
5. What are the plans for when iOS 7 comes out? Does the team
plan on having more people on board to find any vulnerabilities that
the new firmware may have in store?
When iOS 7 comes out, we’ll study it and see what we can
do of course. You can’t really plan on “having more people on board”.
It’s a specialized game with a steep learning curve that you can’t grab
people off the street for. Certainly anyone who actually has sufficient
ability to find and/or exploit a vulnerability can help by just sharing
their findings.
6. Where do jailbreaks usually begin? Is it methodical as in
“let’s look for a foot in the door?” Or something such as “We have these
vulnerabilities, what do we need to get something working?” Or just
fuzzing. What tools are involved in the jailbreak development process?
For someone who would like to “get into” jailbreaking because of
interest what would be a good place to start? (As far as articles and
books go)
Honestly, for me, it’s usually when someone drops a lead
in my lap or pod2g chases me down and asks me to do some work improving
something he’s already got. This recent iteration I found a lot of stuff
on accident in the process of trying to get other stuff to work.
Finding vulnerabilities is not usually fun for me though, exploitation
is.
fxr.watson.org, opensource.apple.com, IDA, vim, clang, an existing jailbreak with OpenSSH.
Start by reading about existing jailbreaks and how they work. Perhaps
try to rewrite an existing exploit another way, or improving it somehow.
(I know the kernel exploit still can be improved, I’m planning to get
to it one of these weekends). Make small achievable goals and work/study
hard to accomplish those. There’s going to a lot of stuff you won’t
understand at first, but there’s also a lot of publicly available
information, and the process of piecing that together and/or
experimenting until you get it is more helpful than if someone just told
you.
7. I heard that when you were in the process of jailbreaking
the iPhone 5, you actually had successfully jailbroken already, but you
were looking for another exploit, so you didn’t have to reveal this
‘better’ one to apple. So my questions are, have you done this before in
the past?
We always like to do this, but sometimes the bugs get
closed anyway, but it’s a lot better than having to exploit a device
blind. Exploitation is like having to shoot a bullet through a pinhole
into a room the size of a football stadium at a target inside. Except
you also have to make sure the bullet ricochets off five different other
targets before it hits your final target. That’s hard enough but
imagine doing it without knowing where the targets are in the room.
Third party software is filled with bugs, but they’re not useful unless
they’re shipped with iOS (like racoon, for example). If they are shipped
with iOS, then Apple usually vets them anyway. App Store app bugs are
not useful since Apple can always pull the app before the jailbreak gets
very far. Plus, I think it’s kind of mean to do that to some random
developer.
(gdelux.com)
By IphoneUnlock PT na sua continua ajuda á comunidade iPhone user em Portugal!
Se gostou do Post veja também a nossa página de Facebook e clique gosto!ou like!
.png "English"){kind=small}
