Difference between revisions of "Launchd.conf Untether"

From The iPhone Wiki
Jump to: navigation, search
(initial page)
(No difference)

Revision as of 22:39, 15 February 2013

launchd is a unified, open-source service management framework for starting, stopping and managing daemons, applications, processes and scripts. As this controls the start of programs, this is a good place to place untether code. But because code needs to be signed, the file cannot simply be patched in order to start software after reboot. But what can be done is to configure this with the launchd.conf file in order to start a program after boot. The vulnerability is that the configuration file does not need to be signed.

launchd.conf in evasi0n:

bsexec .. /sbin/mount -u -o rw,suid,dev /
setenv DYLD_INSERT_LIBRARIES /private/var/evasi0n/amfi.dylib
load /System/Library/LaunchDaemons/com.apple.MobileFileIntegrity.plist
bsexec .. /private/var/evasi0n/evasi0n
unsetenv DYLD_INSERT_LIBRARIES
bsexec .. /bin/rm -f /private/var/evasi0n/sock
bsexec .. /bin/ln -f /var/tmp/launchd/sock /private/var/evasi0n/sock

External Links