20 μηνύματα σε αυτό το θέμα

[nikosgnr]

Μετά απο αρκετό καιρό αδράνειας, μιας και η πρώτη απόπειρα πάει πίσω στο iOS 9 με Pangu, το JB για την υποστήριξη του ATV 4 με iOS 10 είναι πλέον έτοιμο. Όσοι ενδιαφέρονται λοιπόν δεν αναβαθμίζουν στη 10.1.1 όπου και είναι η τελευταία διαθέσιμη αυτή τη στιγμή.

 

 

 

 

 

 

 

• Update

 

- Κατεβάζουμε το .IPA.

 

- Κατεβάζουμε το Cydia Impactor.

 

- Tρέχουμε το LiberTV χωρίς να τικάρουμε τίποτα και πατάμε απλά "Do it".

 

 

 

Cydia Impactor

 

LiberTV .IPA

Τελευταία επεξεργασία από: nikosgnr, 03/03/2017 - 19:56

[georgeol]

Προσφέρει κάτι ουσιαστικό ή είναι σαν το προηγούμενο?

[nikosgnr]

Θα φανεί στο χειροκρότημα.

 

Επι iOS 9 κανένας Dev δεν ασχολήθηκε σοβαρά. Μακάρι να το κάνουν εδώ να πάει ένα βήμα παραπέρα (Substrate = Tweaks).

[dream21]

Δεν θελουμε τίποτα άλλο από το να συνδέουμε τα χειριστήρια του PS4 στο ATV

[nikosgnr]

Και επίσημα LiberTV εδώ και λίγες ώρες. Τα βήματα γνωστά πλέον απο τα προηγούμενα JB για iOS συσκευές.

 

- Κατεβάζουμε το .IPA απο εδώ.

 

- Κατεβάζουμε το Cydia Impactor απο εδώ.

 

- Tρέχουμε το LiberTV χωρίς να τικάρουμε τίποτα και πατάμε απλά "Do it".

 

 

Τελευταία επεξεργασία από: nikosgnr, 03/03/2017 - 19:56

[iPhoneHellas]

FAQ

 

Where do I get this? http://NewOSXBook.co...rtv/libertv.ipa

Is 10.1.1 JBable? NO. This JB, when eventually released will be for all versions of TvOS up to and including 10.1, but NOT FOR 10.1.1.

What, also version 9.1?? YES. (albeit through a different bug) BUT NOT 10.1.1

Why is 10.1.1 NOT JBable? Because the bug used, CVE-2017-2370, has been patched.

How do I install it? Using Cydia Impactor. 

What, every seven days?!?! Hell no. Only if you reboot. How often do you restart your TV STB? 'nuff said.

Is it fool proof? That depends on how foolish the fools are. Basically, it should exploit successfully every time, but KPP is presently at roughly 1/4. That means you might panic, but then all you need - if you don't succeed at first - try, try again. Once it works, it works, period, and you will not need to run it again unless you reboot.[/b]

Why is the GUI so poor? Because I'm a kernel hacker, not a GUI developer. Sorry. It's no small miracle I suffered through Xcode and objective-C long enough to create a functional GUI.

What does the JB provide? A full set of kernel patches which allows running unsigned code and injecting arbitrary libraries into any TvOS process. 

And Cydia? No Cydia.

Where's Cydia? Ask Saurik, not me. I personally don't like it much as I use my own binaries. And that's not the purpose of this JB.

So wait, if there's no Cydia, is it a jailbreak? YES. Because it gives you a full shell and you can do whatever you want - side load apps, etc. And in theory a Cydia like App (or even Cydia itself) could easily be created for TvOS. And me, all I wanted is to have an open tvOS so I can document its inner workings for Vol I of *OS Internals.

Now that you mention it, how's that coming along?? Super, thank you. Lots of details I'm adding now. Hoping for a release around May.

So back to tvOS -- Will MobileSubstrate run on TvOS? No reason why the 64-bit version won't. But I did not include it.

How is TvOS different from iOS? Many very small ways. Most important, it does not run any 32-bit code. Also normal iOS IPAs won't work here. Sorry. But CLI binaries work just fine.

So what's in the IPA? A modified 64-bit only bootstrap.tar, containing /bin/sh -> /bin/bash, Some of my tools (in /usr/local/bin), dropbear (a free standing ssh daemon, with its keys in /etc/dropbear), and a few select binaries. Dropbear has been modified to run from /tmp, and the entire tar opens up in /tmp as well, so as to negate any remote chance of bricking.[/b]

How do I add more? Two options: Either extract bootstrap.tar to some directory, add whatever you want, and repackage into .tar and into the ipa, or - once you are in the JB:

cd /tmp

and then /tmp/bin/ls your way around, followed by /tmp/bin/mv ... files to their usual locations, taking care not to overwrite any system binaries.

Why like that? Because it's an intentional PoC meant for developers and researchers, not for the general public - and provides 100% the functionality that target audience needs, with minimal disruption of the filesystem. And, because I made the mistake of overwriting a stupid binary (/usr/sbin/nvram), which effectively bricked my older TvOS. I had to fork another $149 to get another ATV box, and - once bitten, twice shy.

Why would overwriting built-in binaries be dangerous? because this is a semi-tethered JB. meaning when your ATV reboots, it's not JB anymore. And that means any binaries you introduced have no code signature, and will be slain by that despicable AMFI. So EXERCISE CAUTION WITH WHAT YOU ADD, AND DON'T OVERWRITE ANY EXISTING BINARIES (I have my tar invocation with -k for that)

Why doesn't it work every time? Because even though the bug is exploited very reliably (95% , thanks to tweaks), KPP bypassing has some.. issues which I still need to iron out (due to more RAM in TV than there is in your average phone). So expect at least three panics for every successful run. If you get a warning about "this will likely fail", try it anyway. Most of the time liberTV can detect its inevitable demise, but sometimes it's wrong..

What does the Jailbreak report if "Increment J's counter" is selected? Absolutely nothing identifying - just the Vendor UDID, and the jailbreak flow, so I can figure out the success rate, and the slides. You want to leave this on if I am to improve the KPP reliability.

What are suggested steps once I'm in?

The jailbreak will automatically do this:
- chmod 000 /var/MobileAsset/Assets/com_apple_MobileAsset_SoftwareUpdate - to shut up that $%#%$# software updated daemon so it doesn't nag you if reincarnated (i.e. when you reboot)

which in my experience has shut up autoupdates. But you might also want to make sure:
- Disable auto-updates from GUI
- launchctl unload /System/Library/LaunchDaemons/com.apple.mobile.softwareupdated.plist - to make sure the daemon is dead, dead, DEAD

- make a copy of /System/Library/Caches/apticket.der and save it somewhere SAFE.

- create a /var/root/.ssh/authorized_keys and put an SSH key from your host there. AND CHANGE THE DEFAULT PASSWORD FROM alpine.

- exercise extreme caution. I AM NOT RESPONSIBLE IF YOU BRICK YOUR TV, AND IF YOU DO, APPLE'S #@$#@$#@ DRACONIAN TYRANNICAL WHIM IS TO FORCE YOU TO UPGRADE TO 10.1.1, WHICH IS NOT JAILBREAKABLE

Wait. That was a good point. Say that again?

- exercise extreme caution. I AM NOT RESPONSIBLE IF YOU BRICK YOUR TV, AND IF YOU DO, APPLE'S #@$#@$#@ DRACONIAN TYRANNICAL WHIM IS TO FORCE YOU TO UPGRADE TO 10.1.1, WHICH IS NOT JAILBREAKABLE

Are you going to detail the steps you did in customizing Yalu? 

- You bet. The jailbreak logic is already detailed in this forum as the free chapter 24 from my book. And I'll post a walk through for the particular mods soon enough. Luca did such an amazing job with Yalu the changes were mostly straightforward.

Where can I learn this stuff?  The book http://NewOSXBook.com is a good start. So is the training http://technologeeks...jl?course=OSSec

Is there a license to this JB? Unlimited for personal use. PLEASE NO commercial and/or pirate use.

Can we donate or support you somehow? 

- Aww, shucks! Not really. I mean, you can always get the book (q.v. link from http://NewOSXBook.com/ - if you get it from AMZN get it through there, since their commission isn't as bad). But if you REALLY want to donate, send $25 to any charity of your choice, and just tweet a screenshot of the receipt with a hashtag of #libertv, please. That will make me happy that you're spreading the good karma!

[tsitadim]

Ωραία τώρα που κάναμε jailbreak πως απενεργοποιουμε το update; Μήπως τσεκάρουμε το Disable auto update;


Sent from my iPad using Tapatalk Pro

[georgeol]

Ωραία τώρα που κάναμε jailbreak πως απενεργοποιουμε το update; Μήπως τσεκάρουμε το Disable auto update;


Sent from my iPad using Tapatalk Pro

Ακριβώς!
Η σωστή ερώτηση όμως έιναι: Ωραία, και τώρα που κάναμε jb τι?


Sent from my iPad using Tapatalk

Τελευταία επεξεργασία από: georgeol, 03/03/2017 - 23:15

[nikosgnr]

Πρέπει να βρείς κάποιο Profile αλά tvOS σε iDevices να περάσεις.

[georgeol]

Πρέπει να βρείς κάποιο Profile αλά tvOS σε iDevices να περάσεις.

Δεν το κατάλαβα αυτό...


Sent from my iPad using Tapatalk

[tsitadim]

Ακριβώς!
Η σωστή ερώτηση όμως έιναι: Ωραία, και τώρα που κάναμε jb τι?


Sent from my iPad using Tapatalk

Ίσως μπορούμε να περάσουμε το kodi.


Sent from my iPad using Tapatalk Pro

[nikosgnr]

Δεν το κατάλαβα αυτό...

Στα iDevices περνάς για μπλοκάρισμα Beta Profile άλλης συσκευής (tvOS).

 

Το ίδιο πρέπει να κάνεις και εδώ λοιπόν, κάνοντας το αντίστροφο.

[cmak]

KODI περνάει τώρα ή μπα?

[nikosgnr]

Υπομονή να πάρει Update το NitoTV.

[m4r10s]

παιδια εχω στο κουτι το 9.1.1 πως μπορω να το αναβαθμισω σε 10.1 για να το κανω jailbreak 

 

ξερει κανεις;

ευχαριστω