Difference between revisions of "Evasi0n"

From The iPhone Wiki
Jump to: navigation, search
(External Links: kernel analysis)
(Exploits: trying to give some useful names for the pages to be created)
Line 146: Line 146:
   
 
== Exploits ==
 
== Exploits ==
evasi0n takes advantage of at least five distinct new vulnerabilities:
+
[[evasi0n]] takes advantage of several vulnerabilities:
  +
* [[Symbolic Link Vulnerability]]
* Use of symbolic links in [[:/usr/share/zoneinfo|time zone]] file to socket
 
  +
* [[Malformed PairRequest]]
* [[wikipedia:Shebang (Unix)|Unix "shebang"]] trick
 
  +
* [[Shebang Trick]]
* Change of launchd.conf for untethering
 
  +
* [[launchd.conf untether]]
* [[ASLR]] circumvention by using [[Exception Vector|ARM exception vectors]]
 
* AMFID code-signing kernel changes
+
* [[AMFID code signing evasion]]
  +
* [[IOUSBDeviceFamily Vulnerability]]
  +
* [[ARM Exception Vector Info Leak]]
  +
* [[dynamic memmove() locating]]
  +
* [[vm_map_copy_t corruption for arbitrary memory disclosure]]
  +
* [[kernel memory write via ROP gadget]]
   
 
== Code ==
 
== Code ==

Revision as of 01:18, 15 February 2013

evasi0n's icon

evasi0n is a jailbreak tool that can be used to jailbreak (untethered) iOS 6.0-6.1 on all supported devices, excluding the revisions of the Apple TV 3G. It was released on 4 February 2013 by the evad3rs, and is available for Windows, OS X, and Linux (x86 and x86_64). There is also a Cydia package called "evasi0n iOS 6.0-6.1 untether" which can untether an existing tethered jailbreak without the need to restore and use the desktop tool.

Supported Devices

As of evasi0n's release, the only unsupported devices are the Apple TV 3G revisions, since the kernels on these devices are still missing an injection vector to run unsigned code. All other devices on iOS 6.0-6.1.1 are supported (as well as iOS 5.2 for the Apple TV 2G).

Version History

Version Release Date Changes
1.0 04 Feb 2013
  • Initial Release
1.1 06 Feb 2013
  • Prevents Weather app from appearing on iPads
  • Mitigated the long reboot issue
  • Fixed freezing issue with after connecting multiple devices
  • Fixed blinking of the jailbreak instructions on OS X.
  • OS X app is now codesigned.
1.2 08 Feb 2013
  • Disables OTA updates.
  • Correct timezone issue in evasi0n binary if client fails to correct it.
1.3 11 Feb 2013
  • Adds support for iOS 6.1.1 for the iPhone 4S.

Download

Version Cydia Package Version Release Date OS SHA-1 Hash Download
1.0 0.1-1 04 Feb 2013 Linux c9e4b15a161b89f0e412721f471c5f8559b6054f Google Sites Box Mega RapidShare
OS X 23f99a0d65e71fd79ff072b227f0ecb176f0ffa8 Google Sites Box Mega RapidShare
Windows 2ff288e1798b4711020e9dd7f26480e57704d8b2 Google Sites Box Mega RapidShare
1.1 0.2-3 06 Feb 2013 Linux 6c06a6be87e003eee470eb749b42ffbaafcc9e62 Google Sites Box Mega RapidShare
OS X ae9d20bc927976a1f55089cd80afca48de0f7a2e Google Sites Box Mega RapidShare
Windows 4225b01afd4a4fd1277565954964bd3310ad8b5f Google Sites Box Mega RapidShare
1.2 0.3-1 08 Feb 2013 Linux 2e1d1f6c7e6ca775860df03298dce3b0d798658a Google Sites Box Mega RapidShare
OS X 8f91aba478ad28bda800dc5c303be1699fcfb800 Google Sites Box Mega RapidShare
Windows 9942559caf779da6526b9fd0e207d21554a8a9cf Google Sites Box Mega RapidShare
1.3 0.3-2 11 Feb 2013 Linux d93bc45653345e62a315e0a0aaa1b709aacd26c4 Google Sites Box Mega RapidShare
OS X c239da3fd4e312c8468cdca967c86962b2cbd3f9 Google Sites Box Mega RapidShare
Windows 92bbe23f125f3b0155334f1925943624e24ce130 Google Sites Box Mega RapidShare

Exploits

evasi0n takes advantage of several vulnerabilities:

Code

launchd.conf

bsexec .. /sbin/mount -u -o rw,suid,dev /
setenv DYLD_INSERT_LIBRARIES /private/var/evasi0n/amfi.dylib
load /System/Library/LaunchDaemons/com.apple.MobileFileIntegrity.plist
bsexec .. /private/var/evasi0n/evasi0n
unsetenv DYLD_INSERT_LIBRARIES
bsexec .. /bin/rm -f /private/var/evasi0n/sock
bsexec .. /bin/ln -f /var/tmp/launchd/sock /private/var/evasi0n/sock

External Links

Gp.png This jailbreaking article is a "stub", an incomplete page. Please add more content to this article and remove this tag.