Μετάβαση στο περιεχόμενο


Φωτογραφία
* * * * * 3 ψήφοι

iOS 10.2.1 - 11.3.x JΒ: News & Rumors


  • Παρακαλούμε συνδεθείτε για να απαντήσετε
1698 μηνύματα σε αυτό το θέμα

#646   nikosgnr

nikosgnr

    iPH Legendarious

  • 113.590 μηνύματα
  • Twitter:@nikosgnr
  • Φύλο: Άντρας
  • Κινητό: iPhone 2G
  • GameCenter:nikosgnr

Δημοσίευση 07/12/2017 - 20:07

Ο,τι λέμε τόσο καιρό.

 

* Δεν έχει να κάνει με το Exploit του Ian Beer μέχρι και την 11.1.2.

 

pKiWkoC.png


| JailBreak Means System Customization |

LG8ISzO.gif

Ad

Ad

Team
iPhoneHellas
3,1416 μηνύματα
Twitter: @android
Φύλο: Όπως το δει κανείς
Κινητό: Android
Tablet: Για τα κουνούπια

Γιατί να γίνετε μέλη;

#647   nikosgnr

nikosgnr

    iPH Legendarious

  • 113.590 μηνύματα
  • Twitter:@nikosgnr
  • Φύλο: Άντρας
  • Κινητό: iPhone 2G
  • GameCenter:nikosgnr

Δημοσίευση 07/12/2017 - 22:30

 

HaCCrqQ.png

CInEAwy.png

nCRLcbw.png

 

Ο Siguza κάνει πράξη λοιπόν την υπόσχεση του, δίνοντας το v0rtex.

 

On December 5th, windknown posted about an IOSurface mach port UaF on the Pangu blog, which had been fixed in iOS 11.2 and apparent reported by Ian Beer. Now I neither speak Chinese nor really trust Google Translate with details, but the PoC on the Pangu blog was enough to illustrate the vulnerability and get me going. :P

 

There are a lot of things referenced in this write-up that I have not or only partially explored. I’ll likely come back to expand or correct these once I learn more, but I wanted to get this write-up out as a sort of documentation for other devs who might wanna chip in.

 

Also, I didn’t really proof-read this, I just wanna get the info out at the moment.

Όμορφα πράγματα έρχονται..


| JailBreak Means System Customization |

LG8ISzO.gif

#648   karless

karless

    iPH Hero

  • 5.021 μηνύματα
  • Φύλο: Άντρας
  • Κινητό: iPhone X
  • Tablet:iPad Air +4G

Δημοσίευση 08/12/2017 - 17:28

Νίκο μπορείς να μου δώσεις και το tvOS για iOS 10?στο αρχικό δεν δουλεύει.


Sent from my iPhone using Tapatalk Pro

#649   geoef

geoef

    iPH Enthousiast

  • 406 μηνύματα
  • Φύλο: Άντρας
  • Κινητό: iPhone XS Max
  • Tablet:iPad Pro 3rd gen + 4G

Δημοσίευση 08/12/2017 - 19:17

μηπως δουμε φως μετα απο πολυ καιρο.. εγω στο 7 και στο 7+ παραμενω στην 11.1 σταθερα γιατι εχω μεινει απολυτα ευχαριστημενος..



#650   nikosgnr

nikosgnr

    iPH Legendarious

  • 113.590 μηνύματα
  • Twitter:@nikosgnr
  • Φύλο: Άντρας
  • Κινητό: iPhone 2G
  • GameCenter:nikosgnr

Δημοσίευση 08/12/2017 - 23:40

Νίκο μπορείς να μου δώσεις και το tvOS για iOS 10?στο αρχικό δεν δουλεύει.

Εδώ.


| JailBreak Means System Customization |

LG8ISzO.gif

#651   pakos30

pakos30

    iPH Hero

  • 4.050 μηνύματα
  • Φύλο: Άντρας
  • Κινητό: iPhone 4
  • Tablet:iPad 2

Δημοσίευση 08/12/2017 - 23:51

Δλδ σε ένα 6αρι και 6s να κατέβω σε 11.1.2 ή 11.1.1 ποια προτεινεις;θα δώσει jb γι αυτές τις συσκευές;

Τελευταία επεξεργασία από: pakos30, 08/12/2017 - 23:54


#652   xxxxxx

xxxxxx

    iPH Guru

  • 9.340 μηνύματα
  • Φύλο: Άντρας

Δημοσίευση 08/12/2017 - 23:56

Μήπως σας έρχεται???

 

https://twitter.com/...164304896675840


Τελευταία επεξεργασία από: billytilaver, 08/12/2017 - 23:56


#653   nikosgnr

nikosgnr

    iPH Legendarious

  • 113.590 μηνύματα
  • Twitter:@nikosgnr
  • Φύλο: Άντρας
  • Κινητό: iPhone 2G
  • GameCenter:nikosgnr

Δημοσίευση 09/12/2017 - 01:06

Δλδ σε ένα 6αρι και 6s να κατέβω σε 11.1.2 ή 11.1.1 ποια προτεινεις;θα δώσει jb γι αυτές τις συσκευές;

Αν είσαι 11.2 πας στην 11.1.2.

 

Μήπως σας έρχεται :huh:

 

https://twitter.com/...164304896675840

Yep.


| JailBreak Means System Customization |

LG8ISzO.gif

#654   nikosgnr

nikosgnr

    iPH Legendarious

  • 113.590 μηνύματα
  • Twitter:@nikosgnr
  • Φύλο: Άντρας
  • Κινητό: iPhone 2G
  • GameCenter:nikosgnr

Δημοσίευση 09/12/2017 - 12:07

Ο morpheus δίνει τις βασικές πληροφορίες ξεκαθαρίζοντας τα αυτονόητα.

 

- Ian Beer has officially burned a valuable 0-day. This bug, henceforth known in the annals of history as CVE-2017-13861, was a Use-after-Free (UaF) in IOSurface. IOSurface is the kernel driver family which handles graphics, so it is accessible even from the normally tightly restricted sandboxed context of an application. This bug was described (albeit in Chinese) by Pangu's Tielei Wang (https://twitter.com/... ... 7551641600), and based on that description the super talented S1guza has already demonstrated an open source exploit in early stages of development (https://twitter.com/...534923761221632). S1guza has so far obtained root, but Ian will demonstrate a SEND right to the kernel_task - in layman's terms, unfettered access to kernel memory.

Q: I didn't read all that. Will you be releasing a JB?

A: NO

Q: Is Ian Beer releasing a JB?

A: NO

Q: Is anyone releasing a JB?

A: NO, but Ian's work will be allowing anyone with enough dedication (and desire to slave off for a long time just to get ingrates following him and nagging him on Twitter) to develop one. Or - as he intends - to do private research. Or - (and I'm sure he doesn't intend that) to create great malicious apps which can be nasty APTs below iOS 11.2.

Q: So what does it mean?

A: It means, that it is now possible to achieve control over the kernel in all versions of iOS before 11.2, and the corresponding versions of TvOS (<= 11.1), WatchOS (<= 4.1), because the bug is very likely exploitable in all of 'em.

Q: So should I update?

A: That's your call. iOS 10 will eventually be arbitrarily obsoleted by AAPL, who will decree whimsically some apps can only work as of iOS 11+. That said, by that time (iOS 12?13?) there may or may not be other exploitable bugs. iOS 11.1, 11.1.1 and 11.1.2 are identical kernel wise, so it doesn't matter. At any rate, THE BUG IS EXPLOITABLE ON ALL VERSIONS, EVEN 32-BIT, ON ALL DEVICES - It's just a matter of offsets for each device/version. And, incidentally, now that AAPL gave up on 32-bit, 10.3.3 will be forever exploitable (good news for iPhone 5 owners - @timhstar, @s1guza - time to reincarnate Phœnix icon_e_smile.gif )


Can the JB be untethered?

A: THERE IS NO JAILBREAK. And even had there been a jailbreak, there can be no untethering without blowing a major 0-day in code signing. This also likely requires mounting the root filesystem r/w , which requires patching.

Will this work on The iPhone 7? 8? X?

A: So long as it patches data only, or uses kernel based ROP, yes. On earlier devices, there's no reason why Luca Todesco's ingenious KPP bypass wouldn't work, with some changes.

Will this enable [past/present/future]Restore?

A: Not necessarily. Don't count it, since that's iBoot's responsibility, not the kernel's. The kernel could possibly help fix boot nonces, so save your blobs. And the /System/Library/Caches/apticket.der while you're at it.

So what's recommended?

A: Update to iOS 11.1.2 or TvOS 11.1.2. If you're on TvOS 11.something already (but not 11.2, obviously) you can stay. iOS 11.1-11.1.2 have the same kernel.

Are you releasing an exploit?

NO, NO and NO. Just wait and sometime next week Ian will drop the code. S1guza already has a PoC. Myself, I never have, do, or will release or disclose 0-days (I need them to write the MOXiI books..), and I only discuss bugs after they're blown by the great work of people like Ian in CVEs.

And what's the jailbreak toolkit? (i.e. https://twitter.com/... ... 4896675840)

A: I'm hoping to provide a CLOSED-SOURCE but FREE library for third party developers who want to quickly expand from the kernel_task to more capabilities (e.g. running unsigned code, abusing launchd, getting root, etc). This library will be CLOSED SOURCE (It's a heap of work, and is based on a commercial product my company, Technologeeks, is announcing) so THERE IS NO REASON WHY THIS SHOULD BE OPEN SOURCE. But I still will make it free, and this allows for a very quick and simple inclusion of the dylib in any project, and a few API calls to achieve all the common functions which are straightforward (if you know what you're doing) but still with very little room for error. That serves to build on, and extend Ian's work, and be forward or backward portable (with some maintenance for offsets) to any version of iOS FOR WHICH THERE IS ALREADY PRE-EXISTING EXPLOIT CODE WHICH GETS THE KERNEL TASK PORT.

So..... someone could use this for a jailbreak?

Sure. If s/he wanted to, and gave the right credit where due.

Why isn't it a full jailbreak now?

Because doing a full JB with Cydia and third party tweaks requires bypassing Apple's formidable (but still imperfect) code signing. One of the trivial ways of doing so is patching kernel code (specifically AMFI hooks and/or that despicable amfid) , and that's no longer trivially possible on iPhone 7 and later due to hardware protections (a.k.a AMCC or KTRR).

So WHAT is this toolkit good for?

If you're asking this, the toolkit is not useful for you.


Will I be able to use the jailbreak toolkit?

If you ever uttered, wrote , or even thought the words "wen eta jb", the answer is no.
If you're into iOS research and can handle C code, yep, and will it be to you what SuperSU (Greet: Chainfire - you rock, man!) is to Android. Incidentally, it's basically just applying stuff that I explain in Volume III of MOXiI.. icon_e_wink.gif

What about LiberTV?

Might be updated, might not. I specifically asked people to A) NOT MIRROR the download links B) Not Beg C) Not complain D) Maybe contribute to charity. They did all of A-C and virtually none of D. I've lost hope and grew tired of catering to ingrates.

| JailBreak Means System Customization |

LG8ISzO.gif

#655   pakos30

pakos30

    iPH Hero

  • 4.050 μηνύματα
  • Φύλο: Άντρας
  • Κινητό: iPhone 4
  • Tablet:iPad 2

Δημοσίευση 09/12/2017 - 14:31

Αν βγει jb μιλάμε για untethered ;;

#656   nikosgnr

nikosgnr

    iPH Legendarious

  • 113.590 μηνύματα
  • Twitter:@nikosgnr
  • Φύλο: Άντρας
  • Κινητό: iPhone 2G
  • GameCenter:nikosgnr

Δημοσίευση 09/12/2017 - 14:34

Όχι. Πάνε αυτά.


| JailBreak Means System Customization |

LG8ISzO.gif

#657   pakos30

pakos30

    iPH Hero

  • 4.050 μηνύματα
  • Φύλο: Άντρας
  • Κινητό: iPhone 4
  • Tablet:iPad 2

Δημοσίευση 09/12/2017 - 15:04

Δλδ θα είναι με κάποιο προφίλ που θα περάσουμε φαντάζομαι όχι semi?

#658   pakos30

pakos30

    iPH Hero

  • 4.050 μηνύματα
  • Φύλο: Άντρας
  • Κινητό: iPhone 4
  • Tablet:iPad 2

Δημοσίευση 09/12/2017 - 15:08

Νίκο να σε ρωτήσω και κάτι άλλο όταν με το καλό βγει το jb για όλους εμάς που χρησιμοποιούμε το κινητό για τις συναλλαγές μας με το jb θα έχουμε θέματα ασφαλείας με τους λογαριασμούς μας η δεν υπάρχει πρόβλημα;

Τελευταία επεξεργασία από: pakos30, 09/12/2017 - 15:09


#659   MeRo

MeRo

    iPH Enthousiast

  • 442 μηνύματα
  • Φύλο: Άντρας
  • Κινητό: iPhone 7 Plus

Δημοσίευση 09/12/2017 - 16:59

εγω που ειμαι 10,3,3 εχω καμια ελπιδα η να κανω update ?



#660   nikosgnr

nikosgnr

    iPH Legendarious

  • 113.590 μηνύματα
  • Twitter:@nikosgnr
  • Φύλο: Άντρας
  • Κινητό: iPhone 2G
  • GameCenter:nikosgnr

Δημοσίευση 09/12/2017 - 17:03

Δλδ θα είναι με κάποιο προφίλ που θα περάσουμε φαντάζομαι όχι semi?

Νίκο να σε ρωτήσω και κάτι άλλο όταν με το καλό βγει το jb για όλους εμάς που χρησιμοποιούμε το κινητό για τις συναλλαγές μας με το jb θα έχουμε θέματα ασφαλείας με τους λογαριασμούς μας η δεν υπάρχει πρόβλημα;

Θα είναι Semi Untethered όπως γίνεται τα 2 τελευταία χρόνια.

 

Για θέματα ασφαλείας πάλι, ισχύει οτι ίσχυε ανέκαθεν..

 

Εφόσον ξέρεις τι περνάς και δε κάνεις πειραματισμούς, έχωντας επιπλέον αλλάξει και το κωδικό του SSH, δε θα έχεις κανένα θέμα.

 

εγω που ειμαι 10,3,3 εχω καμια ελπιδα η να κανω update ?

Προφανώς και συμπεριλαμβάνονται οι 10.2+.

 

Το αν θες να πας σε 11.1.2 είναι μια άλλη ιστορία.


| JailBreak Means System Customization |

LG8ISzO.gif

Ad

Ad

Team
iPhoneHellas
3,1416 μηνύματα
Twitter: @android
Φύλο: Όπως το δει κανείς
Κινητό: Android
Tablet: Για τα κουνούπια

Γιατί να γίνετε μέλη;



Χρήστες που διαβάζουν αυτό το θέμα: 11

0 μέλη, 11 επισκέπτες, 0 ανώνυμοι χρήστες