Results 1 to 3 of 3
02-06-2013, 11:05 AM #1
Inside evasi0n, the most elaborate jailbreak yet.
On Monday the evasi0n jailbreak was released by a team of expert iOS hackers calling themselves the evad3rs. The jailbreak broke records for being the most installed; In its first six hours online, the crack had already been used at least 800,000 times, according to Jay Freeman, administrator of Cydia,, and he says that’s a conservative estimate (his count was fouled up when the tsunami of traffic knocked his server offline several times over the course of the jailbreak’s first day online). By Tuesday his (still conservative) count was up to 1.7 million.
With every release of iOS comes harder and harder security to crack, and with this ramp-up in security comes more and more complexity for the jailbreaks. Evasi0n is no exception; According to David Wang, one of team evad3rs’ four developers, the program takes advantage of at least five distinct, new bugs in iOS’s code. (For reference, that’s one more than Stuxnet, the malware built by the NSA to destroy centrifuges in Iran’s nuclear enrichment facilities).
Forbes recently sat down and had a chat with David Wang, who went into great detail about how the jailbreak functions. Even if you don't understand the technical talk, it's still a very interesting read, and shows just how ingenious the iOS hackers have to be.
Here are a few highlights from the interview:
Evasi0n begins by running libimobiledevice, a program that substitutes for iTunes to communicate with iOS devices via the same protocol as Apple’s program. Using that tool, Evasi0n exploits a bug in iOS’s mobile backup system to gain access to certain settings that it normally shouldn’t be able to access, namely a file that indicates the device’s time zone.The jailbreak program inserts a “symbolic link” in that time zone file, a shortcut from one place in an operating system to another. In this case the link leads to a certain “socket,” a restricted communications channel between different programs that Wang describes as a kind of “red telephone to Moscow.” Evasi0n alters the socket that allows programs to communicate with a program called Launch Daemon, abbreviated launchd, a master process that loads first whenever an iOS device boots up and can launch applications that require “root” privileges, a step beyond the control of the OS than users are granted by default. That means that whenever an iPhone or iPad’s mobile backup runs, it automatically grants all programs access to the time zone file and, thanks to the symbolic link trick, access to launchd.
Last edited by Josh; 02-06-2013 at 11:39 AM.
02-06-2013, 11:40 AM #2
Fixed your quote. You're slacking man
That's interesting though. When iOS 7 comes it it's gonna be hard af I assume
02-06-2013, 12:03 PM #3
It will be, but most likely Apple will never be able to stop jailbreaking completely, as long as it's legal. Since iOS is coded by humans, it's virtually impossible to avoid small glitches or bugs like the ones used in evasi0n. Humans aren't perfect, and therefore almost no complex code is perfect. No one at Apple's going to make the mistake of leaving the firmware wide open, but little bugs will occur and these little bugs can be manipulated by ingenious people to work towards the jailbreak.
Tags for this Thread