November 14, 2024
Planetbeing Details How the Evasi0n Jailbreak Works

Planetbeing Details How the Evasi0n Jailbreak Works

Posted February 5, 2013 at 9:18pm by iClarified
Planetbeing has revealed some details about how the evasi0n jailbreak works to Forbes.

Evasi0n, the jailbreak recently released by the Evad3rs, is an untethered jailbreak for iOS 6.0 through iOS 6.1. The developers used at least five distinct new bugs in iOS 6.x to make the jailbreak work. According to saurik, over 1.7 million jailbreaks were performed by Tuesday morning.

First, the hackers gain access to a file that indicates the device's time zone via a bug in the backup system, then a symbolic link is entered into the time zone file to a socket granting access to launchd.


The next part of the jailbreak uses a trick called 'shebang' that summons up code from another signed application. Notably, this is the only part of the jailbreak process that requires user interaction. When the user taps the 'Jailbreak' app icon that is placed on their SpringBoard it summons up launchd, which can be accessed thanks to the earlier exploit, and uses it to run a 'remount' command that makes the root file system writable.

Evasi0n also uses launchd to load a library of functions into the Apple Mobile File Integrity Daemon that swaps out the code signature function called each time a program launches for one that always returns 'approved'.

To bypass ASLR (Address Space Layout Randomization) and locate the kernel, evasi0n simulates a crash and checks the ARM exception vector to determine the location of the crash. This information is used to map out the location of the kernel in the device's memory.

Finally, a bug in iOS’s USB interface that passes a kernel address without checking that it's returned unchanged is used to allow evasi0n to write to any part of the kernel.


A much more detailed explanation of these steps can be found at the link below. You can find the tutorial on how to jailbreak your device here: https://www.iclarified.com/jailbreak.

Read More


Planetbeing Details How the Evasi0n Jailbreak Works
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (26)
You must login or register to add a comment...
yoyo
yoyo - February 6, 2013 at 12:57am
PREPARE FOR iOS 6.1.1 with lots of bullshit improvements by crAPPLE
sam
sam - February 6, 2013 at 1:08am
i dont understand?? if apple are so crap why buy their products? when they are jailbroken yes, they are good but not great.. isnt that a sign to move to android! a country mile ahead of ios! when i bought the iphone 5 from having the galaxy s3 i felt like i went back 5 or 6 years!!
Blackapino
Blackapino - February 6, 2013 at 4:20am
And when I bought my First Android I was confused as to Why you needed a firewall or Spyware for a Cellphone, then I found the reason why, but i still had my iPhone of course & since iOS is The Top Dog (Don't Gotta Like it) but it's true, i sold my Android device so now i'll never buy a Android device ever again. I'd take a BB again b4 i buy another Android OS.
Joe
Joe - February 6, 2013 at 5:50pm
Yeah right and you felt that Androids stability and solid designed hardwares? Let alone the bullshittt that comes along with blot wares, Needs for appkiller, non intuitive tools and finally how easily you can lose your data when that sh*t crashes..I returned my GS3 after 2 weeks.
JoshvanHulst
JoshvanHulst - February 7, 2013 at 4:55am
Apple's developers are dumb for constantly patching the exploits found! Makes me so irritated how hard it gets to find an exploit to inject the code
sam
sam - February 5, 2013 at 11:55pm
had to unjailbreak my iphone 5 today was working fine then all of a sudden got no service sign in left corner of phone and could not make any calls or text, putback to factory settings and works fine again so i think it was definitely the jailbreak that caused it.
Dre
Dre - February 6, 2013 at 12:42am
Nice try apple genius...
sam
sam - February 6, 2013 at 1:00am
no seriously i just wanted to know if anyone else has had this problem? i am nothing to do with apple! it is my first idevice i had always been on android with samsung galaxy s3 and when i changed was shocked tohow restricted and bog standard ios was, so when the jailbreak came out i felt back in my element! then the no service thing happened!
Blackapino
Blackapino - February 6, 2013 at 4:21am
No problems here, i've Never had issues like that i think it's Just your Phone, cause i've been jailbreaking since the iPhone3G.
1
thevmax
thevmax - February 5, 2013 at 11:22pm
If you read about how they did the jailbreak. it truly is Genius work! Thank You Evad3rs!
Jeff
Jeff - February 5, 2013 at 11:32pm
No genius involved. Just a lot of work. Anybody could do this jailbreak, but most are not sufficiently motivated. Most are satisified with simply using someone else's work, which is cool. Until, of course, one can no longer find such motivated hackers.
Easy to say after it has been done...
Easy to say after it has been done... - February 6, 2013 at 12:29am
Anybody can do a such hack ? Have you smoked buzz or what ? I agree that the hack is not that difficult for a unix / cocoa touch developer once you have seen the trick! Without knowing where to start from, you will have to read tons of articles and routines/code and learn from personal hacking experiences which takes years! @planetbeing has ported Linux to iPhone and done tons of others amazing hacks and he possesses a massive knowledge and skills that you seem not to well capture. On this planet, a few people have his knowledges, will and programming skills, I'm myself a humble developer who understand a bit what he has achieved with his mates... And IT'S BIG!
PghMike4
PghMike4 - February 6, 2013 at 4:28am
Ha -- yes, once the set of exploits used is described, someone who's pretty naive might think it is straightforward to come up with something like this, but believe me, its still a *lot* of work to get right, and to make robust. On top of that, coming up with that large a set of exploits is pretty amazing -- you really need some pretty decent intuition about how OSes work to find that many bugs that quickly. I've been programming since 1972, and I'm very impressed.
PeterH
PeterH - February 6, 2013 at 9:21pm
The problem with brilliant people is they do amazing things look so easy that others think it is easy to do. To further explain the complexities of the task of jailbreaking is that they have no source code to ios to review and look for exploits. They reverse engineered the ios kernel binary to at most assembler and then went through the hundreds of thousands of lines of asm output to find a usable exploit. They also needed to know how to use the exploit in a way that enabled them to patch the kernel while the system is running. This is computer art at its finest even if the weather app didn't work properly afterwards. Even the Mona Lisa has a crooked smile.
hanna
hanna - February 5, 2013 at 11:11pm
how can i added the installous ?
Ironfist
Ironfist - February 6, 2013 at 1:55am
Where have you been? Hackulous shut down and therefore no more installous. Find somewhere else to pirate apps!
cambodia man
cambodia man - February 6, 2013 at 2:51am
go to cydia, add iphoneapplecake.com add in souce u can download appcake as installous, now installous was dead
Blackapino
Blackapino - February 5, 2013 at 10:38pm
YEAH!!!!! I've FINALLY GOT..intelliscreenX for iOS6.1!!!! WOOHOOO!!!! MY IPHONE IS COMPLETE!!! THANK YOU EVAD3RS!!!!! evasion WORKS WELL..NO ISSUES...NO APP CRASHES!!!!
Shibu
Shibu - February 24, 2013 at 12:08pm
I think no. if something goes wrong just rterose the iphone. it will work again. if the screen goes blank rterose it, bring it to an apple store and they will give you a new iphone
Timmy O-Toole
Timmy O-Toole - February 5, 2013 at 10:25pm
the evad3rs have done an amazing job with this jailbreak. it's by far the most sophisticated iOS jailbreak yet. Thank you evad3rs.
iceblu121
iceblu121 - February 5, 2013 at 10:23pm
Really pathetic all these years apple knows we just jailbreak for the cool tweaks mostly!! That they won't give us !
luisdk
luisdk - February 5, 2013 at 10:10pm
So, The hack resides in the lighting cable code. They made his own bug I guess...
JMA
JMA - February 5, 2013 at 9:56pm
Apple already knows how they did it, that is why they always patch the bugs with future jailbreaks. (Reverse Engineering)
farpthor
farpthor - February 5, 2013 at 10:08pm
Wouldn't be illegal for Apple to apply reverse engineering? Isn't that against their policies?
Coopsy
Coopsy - February 5, 2013 at 9:52pm
Not sure why they would publish how they did it...If Apple gets wind then they will be hot on the trails to get it patched meaning fewer future jailbreaks?
Kit
Kit - February 5, 2013 at 9:58pm
Apple can and will easily reverse engineer the jailbreak and fix the holes. This is why jailbreaking is a cat and mouse game. the ball is now in Apples court.
Recent. Read the latest Apple News.
RECENT
Tutorials. Help is here.
TUTORIALS
Where to Download macOS Sonoma
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.
DEALS