Planetbeing Details How the Evasi0n Jailbreak Works

Planetbeing Details How the Evasi0n Jailbreak Works

Posted by · 28643 views · Translate
Planetbeing has revealed some details about how the evasi0n jailbreak works to Forbes.

Evasi0n, the jailbreak recently released by the Evad3rs, is an untethered jailbreak for iOS 6.0 through iOS 6.1. The developers used at least five distinct new bugs in iOS 6.x to make the jailbreak work. According to saurik, over 1.7 million jailbreaks were performed by Tuesday morning.

First, the hackers gain access to a file that indicates the device's time zone via a bug in the backup system, then a symbolic link is entered into the time zone file to a socket granting access to launchd.

The next part of the jailbreak uses a trick called 'shebang' that summons up code from another signed application. Notably, this is the only part of the jailbreak process that requires user interaction. When the user taps the 'Jailbreak' app icon that is placed on their SpringBoard it summons up launchd, which can be accessed thanks to the earlier exploit, and uses it to run a 'remount' command that makes the root file system writable.

Evasi0n also uses launchd to load a library of functions into the Apple Mobile File Integrity Daemon that swaps out the code signature function called each time a program launches for one that always returns 'approved'.

To bypass ASLR (Address Space Layout Randomization) and locate the kernel, evasi0n simulates a crash and checks the ARM exception vector to determine the location of the crash. This information is used to map out the location of the kernel in the device's memory.

Finally, a bug in iOS’s USB interface that passes a kernel address without checking that it's returned unchanged is used to allow evasi0n to write to any part of the kernel.

A much more detailed explanation of these steps can be found at the link below. You can find the tutorial on how to jailbreak your device here:

Read More

Planetbeing Details How the Evasi0n Jailbreak Works
yoyo - February 6, 2013 at 12:57am
PREPARE FOR iOS 6.1.1 with lots of bullshit improvements by crAPPLE
sam - February 6, 2013 at 1:08am
i dont understand?? if apple are so crap why buy their products? when they are jailbroken yes, they are good but not great.. isnt that a sign to move to android! a country mile ahead of ios! when i bought the iphone 5 from having the galaxy s3 i felt like i went back 5 or 6 years!!
Blackapino - February 6, 2013 at 4:20am
And when I bought my First Android I was confused as to Why you needed a firewall or Spyware for a Cellphone, then I found the reason why, but i still had my iPhone of course & since iOS is The Top Dog (Don't Gotta Like it) but it's true, i sold my Android device so now i'll never buy a Android device ever again. I'd take a BB again b4 i buy another Android OS.
Joe - February 6, 2013 at 5:50pm
Yeah right and you felt that Androids stability and solid designed hardwares? Let alone the bullshittt that comes along with blot wares, Needs for appkiller, non intuitive tools and finally how easily you can lose your data when that sh*t crashes..I returned my GS3 after 2 weeks.
JoshvanHulst - February 7, 2013 at 4:55am
Apple's developers are dumb for constantly patching the exploits found! Makes me so irritated how hard it gets to find an exploit to inject the code
22 More Comments