Difference between revisions of "Evasi0n"

evasi0n's icon

evasi0n is a jailbreak tool that can be used to jailbreak (untethered) iOS 6.0-6.1 on all supported devices, excluding the revisions of the Apple TV 3G. It was released on 4 February 2013 by the evad3rs, and is available for Windows, OS X, and Linux (x86 and x86_64). There is also a Cydia package called "evasi0n iOS 6.0-6.1 untether" which can untether an existing tethered jailbreak without the need to restore and use the desktop tool.

Supported Devices

As of evasi0n's release, the only unsupported devices are the Apple TV 3G revisions, since the kernels on these devices are still missing an injection vector to run unsigned code. All other devices on iOS 6.0-6.1.1 are supported (as well as iOS 5.2 for the Apple TV 2G).

Version History

Download

Exploits

evasi0n takes advantage of several vulnerabilities:

• Symbolic Link Vulnerability
• Malformed PairRequest
• Shebang Trick
• AMFID code signing evasion
• launchd.conf untether
• IOUSBDeviceFamily Vulnerability
• ARM Exception Vector Info Leak
• dynamic memmove() locating
• vm_map_copy_t corruption for arbitrary memory disclosure
• kernel memory write via ROP gadget

Code

launchd.conf

bsexec .. /sbin/mount -u -o rw,suid,dev /
setenv DYLD_INSERT_LIBRARIES /private/var/evasi0n/amfi.dylib
load /System/Library/LaunchDaemons/com.apple.MobileFileIntegrity.plist
bsexec .. /private/var/evasi0n/evasi0n
unsetenv DYLD_INSERT_LIBRARIES
bsexec .. /bin/rm -f /private/var/evasi0n/sock
bsexec .. /bin/ln -f /var/tmp/launchd/sock /private/var/evasi0n/sock

External Links

• Official Website
• Accuvant Labs analysis
• Analysis by kernelpool
• Forbes news with an explanation by planetbeing

This jailbreaking article is a "stub", an incomplete page. Please add more content to this article and remove this tag.