June 30, 2022
Planetbeing Details How the Evasi0n Jailbreak Works

Planetbeing Details How the Evasi0n Jailbreak Works

Posted February 5, 2013 at 9:18pm by iClarified · 29736 views
Planetbeing has revealed some details about how the evasi0n jailbreak works to Forbes.

Evasi0n, the jailbreak recently released by the Evad3rs, is an untethered jailbreak for iOS 6.0 through iOS 6.1. The developers used at least five distinct new bugs in iOS 6.x to make the jailbreak work. According to saurik, over 1.7 million jailbreaks were performed by Tuesday morning.

First, the hackers gain access to a file that indicates the device's time zone via a bug in the backup system, then a symbolic link is entered into the time zone file to a socket granting access to launchd.

The next part of the jailbreak uses a trick called 'shebang' that summons up code from another signed application. Notably, this is the only part of the jailbreak process that requires user interaction. When the user taps the 'Jailbreak' app icon that is placed on their SpringBoard it summons up launchd, which can be accessed thanks to the earlier exploit, and uses it to run a 'remount' command that makes the root file system writable.

Evasi0n also uses launchd to load a library of functions into the Apple Mobile File Integrity Daemon that swaps out the code signature function called each time a program launches for one that always returns 'approved'.

To bypass ASLR (Address Space Layout Randomization) and locate the kernel, evasi0n simulates a crash and checks the ARM exception vector to determine the location of the crash. This information is used to map out the location of the kernel in the device's memory.

Finally, a bug in iOS’s USB interface that passes a kernel address without checking that it's returned unchanged is used to allow evasi0n to write to any part of the kernel.

A much more detailed explanation of these steps can be found at the link below. You can find the tutorial on how to jailbreak your device here: https://www.iclarified.com/jailbreak.

Read More

Planetbeing Details How the Evasi0n Jailbreak Works
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
iClarified Icon
Would you like to be notified when we post a new Apple news article or tutorial?
You must login or register to add a comment...
yoyo - February 6, 2013 at 12:57am
PREPARE FOR iOS 6.1.1 with lots of bullshit improvements by crAPPLE
sam - February 6, 2013 at 1:08am
i dont understand?? if apple are so crap why buy their products? when they are jailbroken yes, they are good but not great.. isnt that a sign to move to android! a country mile ahead of ios! when i bought the iphone 5 from having the galaxy s3 i felt like i went back 5 or 6 years!!
Blackapino - February 6, 2013 at 4:20am
And when I bought my First Android I was confused as to Why you needed a firewall or Spyware for a Cellphone, then I found the reason why, but i still had my iPhone of course & since iOS is The Top Dog (Don't Gotta Like it) but it's true, i sold my Android device so now i'll never buy a Android device ever again. I'd take a BB again b4 i buy another Android OS.
Joe - February 6, 2013 at 5:50pm
Yeah right and you felt that Androids stability and solid designed hardwares? Let alone the bullshittt that comes along with blot wares, Needs for appkiller, non intuitive tools and finally how easily you can lose your data when that sh*t crashes..I returned my GS3 after 2 weeks.
JoshvanHulst - February 7, 2013 at 4:55am
Apple's developers are dumb for constantly patching the exploits found! Makes me so irritated how hard it gets to find an exploit to inject the code
22 More Comments
Recent. Read the latest Apple News.
Tutorials. Help is here.
iPhone 13 Pro Repair Manual PDF [Download]
How to Add Widgets on iPhone [Video]
iPhone 13 Repair Manual PDF [Download]
iPhone 13 Pro Max Repair Manual PDF [Download]
Where to Download macOS Monterey
Deals. Save on Apple devices and accessories.