April 25, 2024
Como funciona el PurpleRa1n Jailbreak

Como funciona el PurpleRa1n Jailbreak

Posted July 13, 2009 at 9:22pm by iClarified
EnglishSpanish
La gente de Geohot publicó en WIKI como funciona su PurpleRa1n Jailbreak:

-----
* Purplera1n envía los comandos de recuperación de entrada utilizando iTunesMobileDevice
* Una vez en la recuperación (iBoot), envía la variable Exploit de entorno IBoot
* El Exploit adiciona un comando GeoHot que corre entonces el payload
* La comando "geohot" se ejecuta, el control es transferido de iboot ahora a la payload
* Se realiza entonces el cliente PurpleRa1n

Dentro del payload:
* El payload por defecto restaura el entorno y lo preserva para la nvram (fija el auto-arranque a true)
* Le coloca parches a la iBoot para cargar img3s sin firmar sin importar los tags
* Carga la imagen purplera1n (enviado con payload)
* Empieza la función de no parches
* IIb se descifra, parcheado, y el aumentado de tamaño a 0x24200. este es el segmento residente 0x24000 en la variable Exploit
* Un pequeño código de carga es colocado en 0x20000 para fijar la carga
* Iboot se descifra, parcheado
* Todo lo demás es como se lee
* Ni se escribe de vuelta, ni se hace patcher
* Kernel está cargado, descifrado, y parcheado
* Ramdisk está cargado (enviado con payload) y se trasladó a la región del Kernel 0x44000000.
* El Kernel parcheado es arrancado (booted)
* El Control de la carga está ahora transferido a ramdisk


Dentro de ramdisk
* Launchd se ejecuta, todo sucede aquí
* / Dev/disk0s1 está montado
* Fstab y servicios son sustituidos aquí para permitir que disk0s1 y afc2 escriban respectivamente
* Freeze.app se transfiere y el cargador de aplicaciones Freeze.app tiene bit SUID
* El Kernel parcheado se lee a partir del final de la RAM del dispositivo y escrito al sistema de ficheros
* Ramdisk está hecho, procede el reiniciado...
-----

Read More


Como funciona el PurpleRa1n Jailbreak
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (17)
You must login or register to add a comment...
RRR
RRR - August 4, 2009 at 6:25am
i got an iphone 3gs w/c wont turned on. it got stuck on purplera1n's entering recovery mode.. the iphone wont turn on now.. can you help? i tried to connect to itunes sa i can do a recovery but it doesnt seem to see the iphone
Edge777
Edge777 - July 15, 2009 at 2:36pm
Well, lol, at least I know how to write a sentence. It was painful to read your post! I do have to say, I don't think I trust a "hacker" (cough... ya... right...) who doesn't even know how to turn on his spell check (although, to be honest, most of your mistakes were at a 4th grade grammar level). That being said, I should be fair, you don't get a lot of opportunity to socialize and talk like a normal person when you play video games in your parents basement all day... just sayin'
yasha
yasha - July 15, 2009 at 8:48am
Real hax0rs not afraid to show code cuz they know there's always another bug waiting... much respect to geohot!
ayyywa
ayyywa - July 14, 2009 at 11:26am
What is somewhat frustrating is that Apple is taking North America for a ride. many other countries banned the sale of locked iPhones ande I don't see a reason why we can't lobby for that in US and Canada. I know that JB is different but an unlocked phone is a right since we are entering in a contract for service. Price with no contract should include an officially unlocked phone too. Unless we all go for this, it won't happen. cheers
MOCHA
MOCHA - July 13, 2009 at 11:07pm
I just think he released this information knowing that there is another way to jailbreak. And even without him releasing this information Apple probably only knows how to fix this bug.He seems like pretty smart guy and totally not like an idiot. What I know for sure that he really likes public attention,so he feels like a rock star or something lol
ernstlustig
ernstlustig - July 14, 2009 at 3:34am
1st thought: It is impossible to write flawless software once it has reached a certain level of complexity. So there will always be a way to break in. 2nd thought: The only thing that counts for Apple is profit. They have no other mission. Many customers (me included) wouldn't pay for an iPhone without the ability to bypass Apple's censorship. Jailbreaking is fun and attracts customers == $$$ for Apple. This is why I'm persuaded that Apple will always and deliberately leave a hole open for jailbreaking. Just follow the money.
ernstlustig
ernstlustig - July 16, 2009 at 4:30am
Oh fredrik! Compared to what people pay for their overpriced contracts AppStore is peanuts. Jailbreak is not Crackul0us. All jailbreakers I know pay deliberately for the apps. I want to support the independent developers.
Jeff
Jeff - July 13, 2009 at 10:27pm
Guess you Bought it Hook-Lin-Sinker also?.. YEP your Boys are still Behind the game!.. BET: George will beat them to the NEXT Jailbreak, BUT the Dev-Team will "SAY" there doing the Right thing! George will let it out, Then the Dev-Team "AGAIN" will say they HAD the SAME Break!.. NOBODY will convince you of this, but that is JUST what happened this time and will happen again.. YOUR boys are behind George and they KNOW it! But it's for the BEST!....
mr.sudoku
mr.sudoku - July 13, 2009 at 10:29pm
You're wrong. GeoHotz is a good man. If he didn't release the ra1n Dev-Team wouldn't release the sn0w. What are you scare of, it's the cat & mouse game. Let's play & enjoy.
Edge777
Edge777 - July 13, 2009 at 10:32pm
Oh ya Jeff, not sure if you're quite smart enough to know all this stuff, but.... RedSn0w is not a reworked version of purplerain. It works differently (and in this case, works better, without the bugs). I know more than a few people who used purplerain, and then decided to do a full restore and re-jailbreak with RedSn0w just so that their phones weren't screwed up. This I know - the Dev Team always acts professionally, and humbly, being very good at communicating and keeping people in the loop. Georgie has always come across as arrogant, conceited, and a know-it-all. I don't know about you, but I don't tend to trust those kind of people.
Edge777
Edge777 - July 13, 2009 at 10:00pm
Um, noooooooo, they were doing the responsible thing, for the good of the most people, rather than just wanting to be self promoting. It's quite evident from Georgie's comments that he could care less about the people and is only in this for his own fame. He rushed out a faulty product, so that Apple could close the holes before the iPhone arrived in the rest of the world (yes, there are actually real countries with real people, outside of the USA). And, tell me this, why, now after the Dev Team has releases RedSn0w, does Georgie feel the need to once again have his name out there, explaining exactly everything? Methinks he wants Apple to plug the hole, so that he can get the great savior... however, what happens if he can't find another hole. Think about it, Apple has been getting better and better at making jailbreaking harder and harder.
Jeff
Jeff - July 13, 2009 at 10:23pm
Guess you Bought the "Responsible" Thing Huh? They didn't have it, it was released as Purplera1n . THEN the Dev-Team said "Oh We had the Same Break".. With out George they had Nada!.. But NOBODY will convince you of this, You Bought it, Hook-Line-Sinker!
Jeff
Jeff - July 13, 2009 at 10:32pm
But he did it First!.. Even following Twitter Posts of ALL of them!.. Again, YOU will Never be convinced. I ran Purplera1n, & Redsn0w.. I had ZERO problem with Either, and after the original Package for Windows of PR a Mac Version came out, I ran this also. THEY all do the SAME IDENTICAL thing, So WHY hold it back (If you have it) when 3.01 has been announced and 3.1 in the Works? I Don't think they Had it till George Released it, then there Reply was "WE HAD the SAME BREAK"?.... Either way, Spilled Milk Now!
Edge777
Edge777 - July 13, 2009 at 11:01pm
NOT spilled milk now. This is NOT about purplerain being released first. This is about Georgie releasing all the how's and what's. You have yet to answer why one would do that???
Edge777
Edge777 - July 14, 2009 at 12:02am
Hmm, you don't seem know much, lol. And um, Apple DOES care. It's why they've made jailbreaking harder on the 3GS (having to be registered and all).
Awayze
Awayze - July 14, 2009 at 7:27am
GeoHot knows more than one exploit, Dev Team don't. Even if Apple close it, GeoHot can use one of the other exploits he found. 3GS will always be unlockable according to GeoHot and he knows more about the iPhone than Dev Team put together.
Aaron Wright
Aaron Wright - July 13, 2009 at 9:32pm
Good job guys! Now apple can fix everything you just described in detail!
Recent. Read the latest Apple News.
RECENT
Tutorials. Help is here.
TUTORIALS
Where to Download macOS Monterey
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.
DEALS