To Sleepers.net δημοσίευσε ένα post του Pumpkin (μέλος της Dev Team), σχετικά με την λάσπη που προσπαθεί να ρίξει ο Zibri στο Pwnage (βλ.Zibri’s answer to Pwnage 2.0). Πραγματικά αξίζει να το διαβάσετε καθώς θα σας λύσει αρκετές απορίες:
The following opinions are mine, and not those of the DevTeam as a whole, although many members agree with me:
Free thoughts…
There’s something that’s been on my chest for awhile, and it’s been bothering others on the team as well. The name of this particular thorn in our sides begins with the letter Z and ends with “ibri”. Yes, I’m sure all of you are rolling your eyes at the “drama” we hacker “kids” are stirring up, but I’m sure if you had your work taken without permission, you would feel the same way. It’s particularly galling that he is still spreading FUD on his blog in an attempt to save face. I’m going to try to address some of them in this post.
Zibri implies that our jailbreak is not “real”, saying instead that our release is a “software upgrade, total internat [sic] firmware modification and custom firmware”.
For him, a “real hack” works in a few minutes because it only needs to modify a few bytes here and there.
When Pwnage 1.0 was released, it was indeed the ultimate hack for the iPhone/iPod Touch. Never before had the devices been under the user’s control from the very bottom up. Prior, less sophisticated jailbreaks were still subject to the whims of the kernel, which couldn’t be modified because the bootloader checked its signature and refused to boot if it was incorrect.
Back in those days, the definition of “hack” above was still a feasible one, as the chain of trust ended at the kernel. Once you gained write access to the root filesystem, you could run arbitrary programs and make patches at will to many system components. Indeed, many such patches were needed, to make activation allow unapproved SIM cards, and to make Springboard display unauthorized apps.
Fast forward back to the present, and you’ll see the situation has changed. Solutions that using a ramdisk simply made a change or two to the filesystem now must contend with the mighty kernel’s signature checking of all installed apps and libraries. Mounting the root filesystem and modifying /etc/fstab to make it writable is quite alright, but the moment you make patches for activation or anything else, the kernel will refuse to run the modified programs, unless you can somehow steal Apple’s private signing key. Furthermore, such a jailbreak would be essentially useless because the system would refuse to run any of your custom software (such as Installer.app or Cydia), again because of the lack of signatures on it.
Given the above situation, it becomes clear that if you want to use 2.0 for anything but screenshots, you either need to get ahold of Apple’s signing key (start preparing your army now) or you need to patch the 2.0 kernel. Hard as we tried, we couldn’t find much of an army, so we took the latter approach.
We adapted our Pwnage technique to the 2.0 firmware, using a new unreleased exploit that we’d been keeping to ourselves, in the hope that Apple wouldn’t patch it. This allows us to cut the signature checks out of the device bootloaders, allowing us to remove signature checking from the kernel, and enabling you to run all the custom software and patches you please.
Please note other than my facetious army suggestions, patching the bootloaders is the _only_ way to get a functional jailbreak for 2.0. Under the aforementioned definition of “real hack”, there is no such thing as a “real hack” for 2.0. I hope you agree with me by now that Pwnage, the exploit it uses, and its subsequent obliteration of the device’s chain of trust, is a “real hack”.
More FUD is spread by this undying rumor of “Palladium” (or TPM) being used fully on Apple’s devices, making it impossible for you “to play online with legit buyers.” This is nothing but uninformed nonsense, and while there is the potential for some definition of trusted computing on iPhone and iPod Touch, Apple is not using it, and they have no way to remotely distinguish your pwned device from a legitimately activated one. This should have been obvious from our examples of running App Store applications next to our custom ones, but “obvious” is a very relative term.
On an unrelated note, I and the others take issue with Zibri’s definition of open source. No, Linux distributions are not stealing, but our work was not released as open source, with any kind of permissive license, so the open source he brings into the discussion is entirely irrelevant. He took our work, our private exploits (such as the unreleased one we were able to use for Pwning 2.0), and without our permission (trying to defame us with fake comments, no less) used them in his work, that he made significant amounts of money on. He did this not by selling “his work”, but by portraying himself as the reasonable “dev” who fought against the tyranny of the dev team and Apple, and requesting donations to his “cause” (recall his older iphone-elite.googlecode.com and his self-righteous bashing of the dev team for accepting donations; funny how principles change). Furthermore, with his millions of hits and occasionally obscene ads, he made his site into a complete money machine. So although he did not sell our work, it is more than fair to say that he made plenty of money from it.
And as to his most recent update, I’m not really sure what to say. I’d call it the swan song, but that would imply he was a swan, which is certainly not my intention. Maybe the chicken song would be more appropriate. ZiPhone was “developed” 9 months after the iPhone release, so he’s justifying his lack of releases now, okay. Once again he pushes the “real hack” idea, which we hope we’ve already pounded sufficiently into the ground above. We’re not sure how the fact that we were so popular it took down multiple unmetered gigabit servers is a point in his favor. We’ve had close to a third of his total visits since last week.
I want to dedicate a special paragraph to something that’s been bugging us for a while, too. The myth that ZiPhone never harmed a phone. Certainly, we all know that iPhones are almost impossible to brick, but flashing unmatched fls/eep pairs to the baseband is plain irresponsible on Zibri’s part. Does he not care about messing up phones, or does he simply not know better? And the laughable WiFi fix he released for issues that he called “user error” (actually a consequence of the above design choice) where he unconditionally set every ZiPhone WiFi MAC address to 0:Z:i:b:r:i? How did he expect that to work? It doesn’t take a networking genius to figure out that two such phones on the same network would cause havoc, and indeed it did.
The following few “facts” on his blog are just more FUD. Our tools can’t kill iPhones, because the only way to kill an iPhone through software (and even then just the radio) is to flash an incomplete image as the S-Gold bootloader. Apple cannot remotely kill pwned iPhones because as I mentioned earlier, it has no way to detect which iPhones are pwned.
I’m not sure why he goes on to say that you should be satisfied with Apple’s AppStore. It certainly contains many good programs, but to quote Zibri just a couple of weeks earlier:
As of today you will have 2 choices:
1) Believe in the community and don’t upgrade to 2.0
2) Say goodbye to Installer and freedom and upgrade.
So are you suggesting we say goodbye to freedom now? I guess we can’t expect much from someone who made a reputation for himself by denouncing the devteam for accepting donations (not even soliciting them) and who now has a website full of ads, exhortations to donate, and very little content? Now we have given you a nice opportunity to upgrade to 2.0, use the AppStore _and_ use community apps. If he really wanted the good of the community, why is he not recommending it?
I would normally just ignore his entries, but as many still look at Zibri as an authority in the scene, I felt the need to dispel some of the FUD he was spreading, and finally denounce his pathetic attempts to stay relevant. Posting the latest root filesystem key after we release PwnageTool? PwnageTool exposes all the keys right within its plist files. And if he knew about the DFU exploit all along, as he implies, why didn’t he take advantage of it? We would like to see him write up an article on how it all works, just to prove that Zibri knows all.
Thank you for your patience reading this. We will continue working hard on providing quality hacks and software, but please, to anyone who’s tempted, stop spreading bullshit about us and our work.
[Via Sleepers.net]
You might also like
More from Jailbreak
iPhone XS Max Jailbreak στο iOS 12.1 από την KeenLab (Proof-Of-Concept)
Η KeenLab κατάφερε να κάνει Jailbreak το iPhone XS Max στο iOS 12.1, λίγες ημέρες μόνο μετά την κυκλοφορία του νέου firmware update από την Apple. Ο Liang Chen, security researcher της ταλαντούχας ομάδας της KeenLab, μοιράστηκε τα χαρμόσυνα νέα στο Twitter δείχνοντας μία φωτογραφία …
Διαθέσιμο το Electra Jailbreak για το iOS 11.2 – iOS 11.3.1
Το Electra Jailbreak για το iOS 11.2 - iOS 11.3.1 είναι εδώ και λίγες ώρες διαθέσιμο για iPhone, iPad, και iPod touch! Σημαντικές πληροφορίες: On iOS 11.3-11.3.1, the device will reboot twice and Electra will need to be re-run after the …
iOS 12 Jailbreak demo από την Tencent Keen Lab
Ο Liang Chen της Tencent Keen Lab πραγματοποιεί Jailbreak του iOS 12 beta 1 σε ένα iPhone X. Στο βίντεο που ακολουθεί μπορείτε να παρακολουθήσετε τη σχετική διαδικασία: https://www.youtube.com/watch?v=go8IGHkT3tA Δυστυχώς, η Tencent Keen Lab δεν πρόκειται να δώσει σε κυκλοφορία κάποιο jailbreak tool ωστόσο η ύπαρξη ενός exploit αφήνει ανοιχτές τις πιθανότητες εντοπισμού και …
iOS 11.3 Jailbreak: Νέες ελπίδες μετά την αποκάλυψη Zero-Day exploit + Kernel Bug
Οι ελπίδες για την κυκλοφορία ενός Jailbeak tool για το iOS 11.3 αναπτερώνονται μετά την αποκάλυψη του Κινέζου ερευνητή ασφαλείας Min Zheng aka SparkZheng για την ύπαρξη δύο ευπαθειών στο iOS 11.3, ενός Zero-Day exploit αλλά και ενός Kernel Bug. Στις αρχές …
Electra Jailbreak tool: Νέα αναβάθμιση φέρνει το Cydia στο iOS 11.0-11.1.2
Το Electra Jailbreak tool αναβαθμίστηκε, άφησε πίσω του τις beta εκδόσεις και είναι πλέον διαθέσιμο προς όλους τους χρήστες, προσφέροντας τη δυνατότητα στους φίλους του Jailbreak να εγκαταστήσουν το Cydia στην iOS συσκευή τους (iOS 11.0-11.1.2). Πληροφορίες και οδηγός σχετικά με …
