Planetbeing Details How the Evasi0n Jailbreak Works

Posted February 5, 2013 at 9:18pm by iClarified | Please help us and submit a translation by clicking here | 25822 views

Planetbeing has revealed some details about how the evasi0n jailbreak works to Forbes.

Evasi0n, the jailbreak recently released by the Evad3rs, is an untethered jailbreak for iOS 6.0 through iOS 6.1. The developers used at least five distinct new bugs in iOS 6.x to make the jailbreak work. According to saurik, over 1.7 million jailbreaks were performed by Tuesday morning.

First, the hackers gain access to a file that indicates the device's time zone via a bug in the backup system, then a symbolic link is entered into the time zone file to a socket granting access to launchd.

The next part of the jailbreak uses a trick called 'shebang' that summons up code from another signed application. Notably, this is the only part of the jailbreak process that requires user interaction. When the user taps the 'Jailbreak' app icon that is placed on their SpringBoard it summons up launchd, which can be accessed thanks to the earlier exploit, and uses it to run a 'remount' command that makes the root file system writable.

Evasi0n also uses launchd to load a library of functions into the Apple Mobile File Integrity Daemon that swaps out the code signature function called each time a program launches for one that always returns 'approved'.

To bypass ASLR (Address Space Layout Randomization) and locate the kernel, evasi0n simulates a crash and checks the ARM exception vector to determine the location of the crash. This information is used to map out the location of the kernel in the device's memory.

Finally, a bug in iOS’s USB interface that passes a kernel address without checking that it's returned unchanged is used to allow evasi0n to write to any part of the kernel.

A much more detailed explanation of these steps can be found at the link below. You can find the tutorial on how to jailbreak your device here: http://www.iclarified.com/jailbreak.

Read More


Share
Add Comment
yoyo - February 6, 2013 at 12:57am
PREPARE FOR iOS 6.1.1 with lots of bullshit improvements by crAPPLE
sam - February 6, 2013 at 1:08am
i dont understand?? if apple are so crap why buy their products? when they are jailbroken yes, they are good but not great.. isnt that a sign to move to android! a country mile ahead of ios! when i bought the iphone 5 from having the galaxy s3 i felt like i went back 5 or 6 years!!
Blackapino - February 6, 2013 at 4:20am
And when I bought my First Android I was confused as to Why you needed a firewall or Spyware for a Cellphone, then I found the reason why, but i still had my iPhone of course & since iOS is The Top Dog (Don't Gotta Like it) but it's true, i sold my Android device so now i'll never buy a Android device ever again. I'd take a BB again b4 i buy another Android OS.
Joe - February 6, 2013 at 5:50pm
Yeah right and you felt that Androids stability and solid designed hardwares? Let alone the bullshittt that comes along with blot wares, Needs for appkiller, non intuitive tools and finally how easily you can lose your data when that sh*t crashes..I returned my GS3 after 2 weeks.
JoshvanHulst - February 7, 2013 at 4:55am
Apple's developers are dumb for constantly patching the exploits found! Makes me so irritated how hard it gets to find an exploit to inject the code
sam - February 5, 2013 at 11:55pm
had to unjailbreak my iphone 5 today was working fine then all of a sudden got no service sign in left corner of phone and could not make any calls or text, putback to factory settings and works fine again so i think it was definitely the jailbreak that caused it.
Dre - February 6, 2013 at 12:42am
Nice try apple genius...
sam - February 6, 2013 at 1:00am
no seriously i just wanted to know if anyone else has had this problem? i am nothing to do with apple! it is my first idevice i had always been on android with samsung galaxy s3 and when i changed was shocked tohow restricted and bog standard ios was, so when the jailbreak came out i felt back in my element! then the no service thing happened!
Blackapino - February 6, 2013 at 4:21am
No problems here, i've Never had issues like that i think it's Just your Phone, cause i've been jailbreaking since the iPhone3G.
1
thevmax - February 5, 2013 at 11:22pm
If you read about how they did the jailbreak. it truly is Genius work! Thank You Evad3rs!
Jeff - February 5, 2013 at 11:32pm
No genius involved. Just a lot of work. Anybody could do this jailbreak, but most are not sufficiently motivated. Most are satisified with simply using someone else's work, which is cool. Until, of course, one can no longer find such motivated hackers.
Easy to say after it has been done... - February 6, 2013 at 12:29am
Anybody can do a such hack ? Have you smoked buzz or what ? I agree that the hack is not that difficult for a unix / cocoa touch developer once you have seen the trick! Without knowing where to start from, you will have to read tons of articles and routines/code and learn from personal hacking experiences which takes years! @planetbeing has ported Linux to iPhone and done tons of others amazing hacks and he possesses a massive knowledge and skills that you seem not to well capture. On this planet, a few people have his knowledges, will and programming skills, I'm myself a humble developer who understand a bit what he has achieved with his mates... And IT'S BIG!
PghMike4 - February 6, 2013 at 4:28am
Ha -- yes, once the set of exploits used is described, someone who's pretty naive might think it is straightforward to come up with something like this, but believe me, its still a *lot* of work to get right, and to make robust. On top of that, coming up with that large a set of exploits is pretty amazing -- you really need some pretty decent intuition about how OSes work to find that many bugs that quickly. I've been programming since 1972, and I'm very impressed.
PeterH - February 6, 2013 at 9:21pm
The problem with brilliant people is they do amazing things look so easy that others think it is easy to do. To further explain the complexities of the task of jailbreaking is that they have no source code to ios to review and look for exploits. They reverse engineered the ios kernel binary to at most assembler and then went through the hundreds of thousands of lines of asm output to find a usable exploit. They also needed to know how to use the exploit in a way that enabled them to patch the kernel while the system is running. This is computer art at its finest even if the weather app didn't work properly afterwards. Even the Mona Lisa has a crooked smile.
hanna - February 5, 2013 at 11:11pm
how can i added the installous ?
Ironfist - February 6, 2013 at 1:55am
Where have you been? Hackulous shut down and therefore no more installous. Find somewhere else to pirate apps!
cambodia man - February 6, 2013 at 2:51am
go to cydia, add iphoneapplecake.com add in souce u can download appcake as installous, now installous was dead
Blackapino - February 5, 2013 at 10:38pm
YEAH!!!!! I've FINALLY GOT..intelliscreenX for iOS6.1!!!! WOOHOOO!!!! MY IPHONE IS COMPLETE!!! THANK YOU EVAD3RS!!!!! evasion WORKS WELL..NO ISSUES...NO APP CRASHES!!!!
Shibu - February 24, 2013 at 12:08pm
I think no. if something goes wrong just rterose the iphone. it will work again. if the screen goes blank rterose it, bring it to an apple store and they will give you a new iphone
8 More Comments
Follow iClarified
Twitpic Reaches Last Minute Deal With Twitter to Keep Its Photos Alive
Twitpic has reached a last minute deal with T...
PanguTeam Issues Update on iOS 8 Jailbreak
The PanguTeam has issued an update on the sta...
Apple Submits Refined Plans for Phase 2 of Apple Campus 2 Construction
Apple has submitted refined plans for Phase 2...
Apple is Reportedly Rebuilding Beats Music to Relaunch It Next Year as Part of iTunes
Ralph Nader Slams Tim Cook for Buying Back Stock Instead of Helping Impoverished Workers