Planetbeing Details How the Evasi0n Jailbreak Works
LIKE
TWEET
SHARE
PIN
SHARE
POST
MAIL
MORE
Posted February 5, 2013 at 9:18pm by iClarified
Planetbeing has revealed some details about how the evasi0n jailbreak works to Forbes.
Evasi0n, the jailbreak recently released by the Evad3rs, is an untethered jailbreak for iOS 6.0 through iOS 6.1. The developers used at least five distinct new bugs in iOS 6.x to make the jailbreak work. According to saurik, over 1.7 million jailbreaks were performed by Tuesday morning.
First, the hackers gain access to a file that indicates the device's time zone via a bug in the backup system, then a symbolic link is entered into the time zone file to a socket granting access to launchd.
The next part of the jailbreak uses a trick called 'shebang' that summons up code from another signed application. Notably, this is the only part of the jailbreak process that requires user interaction. When the user taps the 'Jailbreak' app icon that is placed on their SpringBoard it summons up launchd, which can be accessed thanks to the earlier exploit, and uses it to run a 'remount' command that makes the root file system writable.
Evasi0n also uses launchd to load a library of functions into the Apple Mobile File Integrity Daemon that swaps out the code signature function called each time a program launches for one that always returns 'approved'.
To bypass ASLR (Address Space Layout Randomization) and locate the kernel, evasi0n simulates a crash and checks the ARM exception vector to determine the location of the crash. This information is used to map out the location of the kernel in the device's memory.
Finally, a bug in iOS’s USB interface that passes a kernel address without checking that it's returned unchanged is used to allow evasi0n to write to any part of the kernel.
A much more detailed explanation of these steps can be found at the link below. You can find the tutorial on how to jailbreak your device here: https://www.iclarified.com/jailbreak.
i dont understand?? if apple are so crap why buy their products? when they are jailbroken yes, they are good but not great.. isnt that a sign to move to android! a country mile ahead of ios! when i bought the iphone 5 from having the galaxy s3 i felt like i went back 5 or 6 years!!
And when I bought my First Android I was confused as to Why you needed a firewall or Spyware for a Cellphone, then I found the reason why, but i still had my iPhone of course & since iOS is The Top Dog (Don't Gotta Like it) but it's true, i sold my Android device so now i'll never buy a Android device ever again. I'd take a BB again b4 i buy another Android OS.
Yeah right and you felt that Androids stability and solid designed hardwares? Let alone the bullshittt that comes along with blot wares, Needs for appkiller, non intuitive tools and finally how easily you can lose your data when that sh*t crashes..I returned my GS3 after 2 weeks.
had to unjailbreak my iphone 5 today was working fine then all of a sudden got no service sign in left corner of phone and could not make any calls or text, putback to factory settings and works fine again so i think it was definitely the jailbreak that caused it.
no seriously i just wanted to know if anyone else has had this problem? i am nothing to do with apple! it is my first idevice i had always been on android with samsung galaxy s3 and when i changed was shocked tohow restricted and bog standard ios was, so when the jailbreak came out i felt back in my element! then the no service thing happened!
No genius involved. Just a lot of work. Anybody could do this jailbreak, but most are not sufficiently motivated. Most are satisified with simply using someone else's work, which is cool. Until, of course, one can no longer find such motivated hackers.
Easy to say after it has been done... - February 6, 2013 at 12:29am
Anybody can do a such hack ? Have you smoked buzz or what ? I agree that the hack is not that difficult for a unix / cocoa touch developer once you have seen the trick!
Without knowing where to start from, you will have to read tons of articles and routines/code and learn from personal hacking experiences which takes years!
@planetbeing has ported Linux to iPhone and done tons of others amazing hacks and he possesses a massive knowledge and skills that you seem not to well capture. On this planet, a few people have his knowledges, will and programming skills, I'm myself a humble developer who understand a bit what he has achieved with his mates... And IT'S BIG!
Ha -- yes, once the set of exploits used is described, someone who's pretty naive might think it is straightforward to come up with something like this, but believe me, its still a *lot* of work to get right, and to make robust.
On top of that, coming up with that large a set of exploits is pretty amazing -- you really need some pretty decent intuition about how OSes work to find that many bugs that quickly.
I've been programming since 1972, and I'm very impressed.
The problem with brilliant people is they do amazing things look so easy that others think it is easy to do. To further explain the complexities of the task of jailbreaking is that they have no source code to ios to review and look for exploits. They reverse engineered the ios kernel binary to at most assembler and then went through the hundreds of thousands of lines of asm output to find a usable exploit. They also needed to know how to use the exploit in a way that enabled them to patch the kernel while the system is running.
This is computer art at its finest even if the weather app didn't work properly afterwards. Even the Mona Lisa has a crooked smile.
YEAH!!!!! I've FINALLY GOT..intelliscreenX for iOS6.1!!!! WOOHOOO!!!! MY IPHONE IS COMPLETE!!!
THANK YOU EVAD3RS!!!!! evasion WORKS WELL..NO ISSUES...NO APP CRASHES!!!!
I think no. if something goes wrong just rterose the iphone. it will work again. if the screen goes blank rterose it, bring it to an apple store and they will give you a new iphone
Not sure why they would publish how they did it...If Apple gets wind then they will be hot on the trails to get it patched meaning fewer future jailbreaks?
Apple can and will easily reverse engineer the jailbreak and fix the holes. This is why jailbreaking is a cat and mouse game. the ball is now in Apples court.
![iPhone's Share of New Smartphone Activations Declines to 33% in the U.S. [Chart]](/images/news/93409/93409/93409-160.jpg "iPhone's Share of New Smartphone Activations Declines to 33% in the U.S. [Chart]")
![New 15-inch M3 MacBook Air On Sale for $149.01 Off! [Lowest Price Ever]](/images/news/93314/93314/93314-160.jpg "New 15-inch M3 MacBook Air On Sale for $149.01 Off! [Lowest Price Ever]")
![Apple 96W USB-C Power Adapter On Sale for 49% Off [Deal]](/images/news/93302/93302/93302-160.jpg "Apple 96W USB-C Power Adapter On Sale for 49% Off [Deal]")
![AirPods Pro 2 With USB-C On Sale for $189! [Deal]](/images/news/92932/92932/92932-160.jpg "AirPods Pro 2 With USB-C On Sale for $189! [Deal]")
