Difference between revisions of "P0sixspwn"

From The iPhone Wiki
Jump to: navigation, search
(now supports 6.1.6)
m
 
(13 intermediate revisions by 6 users not shown)
Line 1: Line 1:
 
{{lowercase}}
 
{{lowercase}}
'''p0sixspwn''' is an [[untethered jailbreak]] for iOS 6.1.3-6.1.6 by [[User:winocm|winocm]], [[User:Ih8sn0w|iH8sn0w]] and [https://twitter.com/SquiffyPwn SquiffyPwn]. It was initially made available as an Cydia package on [[Saurik]]'s repo to untether already jailbroken devices. It works with all devices that support iOS 6.1.3-6.1.6 and 5.2.1 - 5.3 on [[k66ap|Apple TV 2G]]. On 30 December 2013, a Mac OS X program was released to perform a jailbreak. A Windows program was released on 3 January 2014.
+
'''p0sixspwn''' is an [[untethered jailbreak]] for iOS 6.1.3-6.1.6 by [[User:winocm|winocm]], [[User:Ih8sn0w|iH8sn0w]] and [https://twitter.com/SquiffyPwn SquiffyPwn]. It was initially made available as an Cydia package on [[Saurik]]'s repo to untether already jailbroken devices. It works with all devices that support iOS 6.1.3-6.1.6 and 5.2.1 - 5.3 on [[K66AP|Apple TV (2nd generation)]]. On {{date|2013|12|30}}, a Mac OS X program was released to perform a jailbreak. A Windows program was released on {{date|2014|01|03}}.
   
 
== Cydia Package Changelog ==
 
== Cydia Package Changelog ==
 
* '''1.0-5''' the initial release of the untether
 
* '''1.0-5''' the initial release of the untether
* '''1.0-9''' [[n90ap|iPhone 4 (iPhone3,1)]] boot loop fix
+
* '''1.0-9''' [[N90AP|iPhone 4 (iPhone3,1)]] boot loop fix
 
* '''1.1-1''' Automatically reboot after 30 seconds if device did not boot. (iH8sn0w's repo only)
 
* '''1.1-1''' Automatically reboot after 30 seconds if device did not boot. (iH8sn0w's repo only)
 
* '''1.1-2''' Automatically reboot after one minute if device did not boot due to 30 seconds was too quick. (iH8sn0w's repo only)
 
* '''1.1-2''' Automatically reboot after one minute if device did not boot due to 30 seconds was too quick. (iH8sn0w's repo only)
 
* '''1.1-3''' Automatically reboot after two minutes if device did not boot due to 60 seconds was too quick. (iH8sn0w's repo only)
 
* '''1.1-3''' Automatically reboot after two minutes if device did not boot due to 60 seconds was too quick. (iH8sn0w's repo only)
 
* '''1.2-1''' Various bug fixes.
 
* '''1.2-1''' Various bug fixes.
* '''1.3-2''' Fixes iMessage, LTE issues and Apple TV 2G support.
+
* '''1.3-2''' Fixes iMessage, LTE issues and Apple TV (2nd generation) support.
 
* '''1.4-1''' Support iOS 6.1.6.
 
* '''1.4-1''' Support iOS 6.1.6.
   
Line 31: Line 31:
 
| style="text-decoration: line-through;" | [https://MEGA.co.nz/#!l8lniKxL!ODQrFDGbOUpm2hvU-mQggm25IgNk3_TmSO1r7tlU178 MEGA]
 
| style="text-decoration: line-through;" | [https://MEGA.co.nz/#!l8lniKxL!ODQrFDGbOUpm2hvU-mQggm25IgNk3_TmSO1r7tlU178 MEGA]
 
|
 
|
* Resolves issues with [[iPod touch 5G]] not being detected.
+
* Resolves issues with [[iPod touch (5th generation)]] not being detected.
 
|-
 
|-
 
! 1.0.2
 
! 1.0.2
 
| <code>259e95fd16468260c8831ca17186f50b7d14ba41</code>
 
| <code>259e95fd16468260c8831ca17186f50b7d14ba41</code>
| [https://MEGA.co.nz/#!DVtmGLqa!BX2-OQUliBcfdlenMLa93mKxk244KpD9Z71p_DAeil8 MEGA]
+
| style="text-decoration: line-through;" |[https://MEGA.co.nz/#!DVtmGLqa!BX2-OQUliBcfdlenMLa93mKxk244KpD9Z71p_DAeil8 MEGA]
 
|
 
|
 
* Resolves issues with LTE/data.
 
* Resolves issues with LTE/data.
Line 67: Line 67:
 
| [[wikipedia:OS X|OS X]]
 
| [[wikipedia:OS X|OS X]]
 
| <code>7f4f867a2e3739e8ee70f7bc7e47afe9871c69b6</code>
 
| <code>7f4f867a2e3739e8ee70f7bc7e47afe9871c69b6</code>
| [https://MEGA.co.nz/#!Y8M2VAiS!Bq4NRjrlZXE754uNqSJT90mUzwsSGMPVa2PWsp78344 MEGA]
+
| style="text-decoration: line-through;" |[https://MEGA.co.nz/#!Y8M2VAiS!Bq4NRjrlZXE754uNqSJT90mUzwsSGMPVa2PWsp78344 MEGA]
 
| rowspan="2" |
 
| rowspan="2" |
 
* Fixes Cydia sometimes not showing up
 
* Fixes Cydia sometimes not showing up
Line 73: Line 73:
 
| [[wikipedia:Microsoft Windows|Windows]]
 
| [[wikipedia:Microsoft Windows|Windows]]
 
| <code>868a05ba26fd679a28c3eac0c4dc2c0cbb5e9529</code>
 
| <code>868a05ba26fd679a28c3eac0c4dc2c0cbb5e9529</code>
| class="rborderplz" | [https://MEGA.co.nz/#!E0sESCiC!c-ulVmjoa9qtPDe0MBIQgz9D2H03NgCxjBKZmAUPKRc MEGA]
+
| class="rborderplz" style="text-decoration: line-through;" | [https://MEGA.co.nz/#!E0sESCiC!c-ulVmjoa9qtPDe0MBIQgz9D2H03NgCxjBKZmAUPKRc MEGA]
 
|-
 
|-
 
! rowspan="2" | 1.0.8
 
! rowspan="2" | 1.0.8
 
| [[wikipedia:OS X|OS X]]
 
| [[wikipedia:OS X|OS X]]
 
| <code>aa20c28c2e052c08893fdbf49d16f084df2f46e6</code>
 
| <code>aa20c28c2e052c08893fdbf49d16f084df2f46e6</code>
| [https://MEGA.co.nz/#!hptDFbzb!Dfa8Th7Ngw6PyDSnWDyMmzHbGYDrMqk64kRMB4MCv0c MEGA]
+
| [https://mega.nz/#!a81h3LgL!Mn1twcB1bGCeqYgDdb_6X4WeKzjznuYm0rMtuzoemZw MEGA]
 
| rowspan="2" |
 
| rowspan="2" |
 
* Supports iOS 6.1.6
 
* Supports iOS 6.1.6
Line 85: Line 85:
 
| [[wikipedia:Microsoft Windows|Windows]]
 
| [[wikipedia:Microsoft Windows|Windows]]
 
| <code>5d2711a99433daa1800d1327207bfc870cd16698 </code>
 
| <code>5d2711a99433daa1800d1327207bfc870cd16698 </code>
| class="rborderplz nobrradiusplz" | [https://MEGA.co.nz/#!Rp12yZrK!EhZjmllrpQ4JDC7VvHbcUEautLNBSSFUgBzKFzB20js MEGA]
+
| class="rborderplz nobrradiusplz" | [https://mega.nz/#!y4VlQCqI!41nvHR6x99HZuj8hcBTVFYdBpKJ-hdlHKKIyc9cN6xc MEGA]
 
|}
 
|}
  +
  +
== Installed Packages ==
  +
* APR (/usr/lib) (1.3.3-2; <code>apr-lib</code>)
  +
* APT 0.7 (apt-key) (0.7.25.3-3; <code>apt7-key</code>)
  +
* APT 0.7 Strict (lib) (0.7.25.3-11; <code>apt7-lib</code>)
  +
* Base Structure (1-4; <code>base</code>)
  +
* BigBoss Icon Set (1.0; <code>org.thebigboss.repo.icons</code>)
  +
* Bourne-Again SHell (4.0.17-13; <code>bash</code>)
  +
* bzip2 (1.0.5-7; <code>bzip2</code>)
  +
* Core Utilities (/bin) (8.12-7p; <code>coreutils-bin</code>)
  +
* Cydia Installer (1.1.9; <code>cydia</code>)
  +
* Cydia Translations (1.1.8.1; <code>cydia-lproj</code>)
  +
* Darwin Tools (1-4; <code>darwintools</code>)
  +
* Debian Packager (1.14.25-9; <code>dpkg</code>)
  +
* Debian Utilities (3.3ubuntu1-1p; <code>debianutils</code>)
  +
* Diff Utilities (2.8.1-6; <code>diffutils</code>)
  +
* Find Utilities (4.2.33-6; <code>findutils</code>)
  +
* GNU Privacy Guard (1.4.8-4; <code>gnupg</code>)
  +
* grep (2.5.4-3; <code>grep</code>)
  +
* gzip (1.6-7; <code>gzip</code>)
  +
* iPhone Firmware (/sbin) (0-1; <code>firmware-sbin</code>)
  +
* LZMA Utils (4.32.7-4; <code>lzma</code>)
  +
* New Curses (5.7-12; <code>ncurses</code>)
  +
* PAM (Apple) (32.1-3; <code>pam</code>)
  +
* PAM Modules (36.1-4; <code>pam-modules</code>)
  +
* pcre (8.30-5p; <code>pcre</code>)
  +
* p0sixspwn (1.4-1; <code>com.ih8sn0w-squiffy-winocm.p0sixspwn</code>)
  +
* Profile Directory (0-2; <code>profile.d</code>)
  +
* readline (6.0-7; <code>readline</code>)
  +
* sed (4.1.5-7; <code>sed</code>)
  +
* shell-cmds (118-6; <code>shell-cmds</code>)
  +
* system-cmds (433.4-12; <code>system-cmds</code>)
  +
* Tape Archive (1.19-8; <code>tar</code>)
  +
* UIKit Tools (1.1.8; <code>uikittools</code>)
   
 
== Exploits ==
 
== Exploits ==
* [[posix_spawn kernel information leak]] (by [[i0n1c]]) (proof? what is it used for?)
+
* [[posix_spawn kernel information leak]] (by [[i0n1c]])
  +
* [[posix_spawn kernel exploit]] (CVE-2013-3954) (by [[i0n1c]])
* [[mach_msg_ool_descriptor_ts for heap shaping]] (proof/quotes? no information found)
 
  +
* [[mach_msg_ool_descriptor_ts for heap shaping]]
* [[AMFID_code_signing_evasion]]
 
  +
* [[AMFID_code_signing_evasi0n7]]
* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1273 CVE-2014-1273] (by [[planetbeing]]) (proof/quotes? no information found)
 
* [[DeveloperDiskImage race condition]] (by [[comex]]) (proof/quotes? no information found)
+
* [[DeveloperDiskImage race condition]] (by [[comex]])
* [[Symbolic Link Vulnerability]]
 
 
* [[launchd.conf untether]]
 
* [[launchd.conf untether]]
  +
==Interesting strings==
* [[IOPlatfromArgs leak]] (by [[iH8sn0w]])
 
  +
These strings were found on the jailbroken device in /var/untether/untether: <br>
  +
<code>"@iH8sn0w, @SquiffyPwn & @winocm have launched!"</code><br><code>"This untether was made with love and care in North America."</code><br><code>Lotsa love to @planetbeing for the smexy dyld bug & patches :-)</code><br>
  +
This suggests that there was plans to jailbreak Apple TVs:<br>
  +
<code>This is an AppleTV. Special sandbox patches go here?</code>
   
 
== External Links ==
 
== External Links ==
 
* [http://blog.ih8sn0w.com/2013/12/613-615-3gsa4-untether-cydia-package.html iH8sn0w's blog post on the release.]
 
* [http://blog.ih8sn0w.com/2013/12/613-615-3gsa4-untether-cydia-package.html iH8sn0w's blog post on the release.]
* [http://p0sixspwn.com/ p0sixspwn]
+
* <s>[http://p0sixspwn.com/ p0sixspwn.com]</s> (dead)
  +
** [https://ih8sn0w.com/p0sixspwn.html Page now at ih8sn0w.com]
 
* [https://github.com/p0sixspwn/p0sixspwn Source Code on GitHub]
 
* [https://github.com/p0sixspwn/p0sixspwn Source Code on GitHub]
   
 
[[Category:Hacking Software]]
 
[[Category:Hacking Software]]
 
[[Category:Jailbreaks]]
 
[[Category:Jailbreaks]]
  +
[[Category:Jailbreaking]]
  +
[[Category:Cydia Packages]]

Latest revision as of 20:42, 16 September 2021

p0sixspwn is an untethered jailbreak for iOS 6.1.3-6.1.6 by winocm, iH8sn0w and SquiffyPwn. It was initially made available as an Cydia package on Saurik's repo to untether already jailbroken devices. It works with all devices that support iOS 6.1.3-6.1.6 and 5.2.1 - 5.3 on Apple TV (2nd generation). On 30 December 2013, a Mac OS X program was released to perform a jailbreak. A Windows program was released on 3 January 2014.

Cydia Package Changelog

  • 1.0-5 the initial release of the untether
  • 1.0-9 iPhone 4 (iPhone3,1) boot loop fix
  • 1.1-1 Automatically reboot after 30 seconds if device did not boot. (iH8sn0w's repo only)
  • 1.1-2 Automatically reboot after one minute if device did not boot due to 30 seconds was too quick. (iH8sn0w's repo only)
  • 1.1-3 Automatically reboot after two minutes if device did not boot due to 60 seconds was too quick. (iH8sn0w's repo only)
  • 1.2-1 Various bug fixes.
  • 1.3-2 Fixes iMessage, LTE issues and Apple TV (2nd generation) support.
  • 1.4-1 Support iOS 6.1.6.

Download

Version OS SHA-1 Hash Download Changes
1.0.0 OS X b5a66f4e58ab4c813fc851d479b28188eb5115ec MEGA
  • Initial release.
1.0.1 ae5b3907660b161b2ff94a2e2cfef97195404a89 MEGA
1.0.2 259e95fd16468260c8831ca17186f50b7d14ba41 MEGA
  • Resolves issues with LTE/data.
1.0.3 Windows 060c95cda0e5ad861bd225ca19324e6ebd3c0a5d MEGA
  • Initial release for Windows.
1.0.4 0a40a9780ba0dd9f0476d12950b4fb0026c8559a MEGA
  • Added README and time adjustments for slow PC's.
1.0.5 OS X b99fb1de846c406a15bbd710b623ddd78e139e5e MEGA
  • Fixes some issues.
  • Support for Mac OS X Snow Leopard.
Windows 7c782a39ed123f70594e2438eaacc95340e363e3 MEGA
1.0.7 OS X 7f4f867a2e3739e8ee70f7bc7e47afe9871c69b6 MEGA
  • Fixes Cydia sometimes not showing up
Windows 868a05ba26fd679a28c3eac0c4dc2c0cbb5e9529 MEGA
1.0.8 OS X aa20c28c2e052c08893fdbf49d16f084df2f46e6 MEGA
  • Supports iOS 6.1.6
  • Fixes iTunes 11.1+ crashes
Windows 5d2711a99433daa1800d1327207bfc870cd16698 MEGA

Installed Packages

  • APR (/usr/lib) (1.3.3-2; apr-lib)
  • APT 0.7 (apt-key) (0.7.25.3-3; apt7-key)
  • APT 0.7 Strict (lib) (0.7.25.3-11; apt7-lib)
  • Base Structure (1-4; base)
  • BigBoss Icon Set (1.0; org.thebigboss.repo.icons)
  • Bourne-Again SHell (4.0.17-13; bash)
  • bzip2 (1.0.5-7; bzip2)
  • Core Utilities (/bin) (8.12-7p; coreutils-bin)
  • Cydia Installer (1.1.9; cydia)
  • Cydia Translations (1.1.8.1; cydia-lproj)
  • Darwin Tools (1-4; darwintools)
  • Debian Packager (1.14.25-9; dpkg)
  • Debian Utilities (3.3ubuntu1-1p; debianutils)
  • Diff Utilities (2.8.1-6; diffutils)
  • Find Utilities (4.2.33-6; findutils)
  • GNU Privacy Guard (1.4.8-4; gnupg)
  • grep (2.5.4-3; grep)
  • gzip (1.6-7; gzip)
  • iPhone Firmware (/sbin) (0-1; firmware-sbin)
  • LZMA Utils (4.32.7-4; lzma)
  • New Curses (5.7-12; ncurses)
  • PAM (Apple) (32.1-3; pam)
  • PAM Modules (36.1-4; pam-modules)
  • pcre (8.30-5p; pcre)
  • p0sixspwn (1.4-1; com.ih8sn0w-squiffy-winocm.p0sixspwn)
  • Profile Directory (0-2; profile.d)
  • readline (6.0-7; readline)
  • sed (4.1.5-7; sed)
  • shell-cmds (118-6; shell-cmds)
  • system-cmds (433.4-12; system-cmds)
  • Tape Archive (1.19-8; tar)
  • UIKit Tools (1.1.8; uikittools)

Exploits

Interesting strings

These strings were found on the jailbroken device in /var/untether/untether:
"@iH8sn0w, @SquiffyPwn & @winocm have launched!"
"This untether was made with love and care in North America."
Lotsa love to @planetbeing for the smexy dyld bug & patches :-)
This suggests that there was plans to jailbreak Apple TVs:
This is an AppleTV. Special sandbox patches go here?

External Links