Difference between revisions of "Talk:Evasi0n"

From The iPhone Wiki
Jump to: navigation, search
(Vulnerability Names)
m
 
(7 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
== Downloads. ==
 
== Downloads. ==
Can we delete the downloads and make a version table? Download table is not needed really. --[[User:Adaminsull|adaminsull]] ([[User talk:Adaminsull|talk]]) 23:22, 8 February 2013 (UTC)
+
Can we delete the downloads and make a version table? Download table is not needed really. --[[User:IAdam1n|iAdam1n]] ([[User talk:IAdam1n|talk]]) 23:22, 8 February 2013 (UTC)
 
:I had the same idea earlier and thought we don't need the links, because they are all on their homepage. But now, the old links are nowhere else visible. Not sure if they are important though. --[[User:Http|http]] ([[User talk:Http|talk]]) 23:48, 8 February 2013 (UTC)
 
:I had the same idea earlier and thought we don't need the links, because they are all on their homepage. But now, the old links are nowhere else visible. Not sure if they are important though. --[[User:Http|http]] ([[User talk:Http|talk]]) 23:48, 8 February 2013 (UTC)
:: Is it ok for me to delete them and I'll do the table for versions too? --[[User:Adaminsull|adaminsull]] ([[User talk:Adaminsull|talk]]) 23:55, 8 February 2013 (UTC)
+
:: Is it ok for me to delete them and I'll do the table for versions too? --[[User:IAdam1n|iAdam1n]] ([[User talk:IAdam1n|talk]]) 23:55, 8 February 2013 (UTC)
 
::: I think it'd be better just to add a 'changelog' column to the current downloads table. --[[User:Srb21103|Srb21103]] ([[User talk:Srb21103|talk]]) 00:02, 9 February 2013 (UTC)
 
::: I think it'd be better just to add a 'changelog' column to the current downloads table. --[[User:Srb21103|Srb21103]] ([[User talk:Srb21103|talk]]) 00:02, 9 February 2013 (UTC)
:::: There is totally no point in downloads here. We don't have it for [[redsn0w]] etc. --[[User:Adaminsull|adaminsull]] ([[User talk:Adaminsull|talk]]) 00:08, 9 February 2013 (UTC)
+
:::: There is totally no point in downloads here. We don't have it for [[redsn0w]] etc. --[[User:IAdam1n|iAdam1n]] ([[User talk:IAdam1n|talk]]) 00:08, 9 February 2013 (UTC)
 
:::::We don't have them for redsn0w because they are saved to the team's Google Drive, but are deleted when a newer version comes out. --[[User:5urd|5urd]] ([[User talk:5urd|talk]]) 00:32, 9 February 2013 (UTC)
 
:::::We don't have them for redsn0w because they are saved to the team's Google Drive, but are deleted when a newer version comes out. --[[User:5urd|5urd]] ([[User talk:5urd|talk]]) 00:32, 9 February 2013 (UTC)
 
:::Wait until we get some more response. --[[User:5urd|5urd]] ([[User talk:5urd|talk]]) 00:32, 9 February 2013 (UTC)
 
:::Wait until we get some more response. --[[User:5urd|5urd]] ([[User talk:5urd|talk]]) 00:32, 9 February 2013 (UTC)
 
::The Mega links still work... --[[User:5urd|5urd]] ([[User talk:5urd|talk]]) 00:32, 9 February 2013 (UTC)
 
::The Mega links still work... --[[User:5urd|5urd]] ([[User talk:5urd|talk]]) 00:32, 9 February 2013 (UTC)
:::::: There is still no point in it. For now I will do the changelog table and see what others think. --[[User:Adaminsull|adaminsull]] ([[User talk:Adaminsull|talk]]) 00:37, 9 February 2013 (UTC)
+
:::::: There is still no point in it. For now I will do the changelog table and see what others think. --[[User:IAdam1n|iAdam1n]] ([[User talk:IAdam1n|talk]]) 00:37, 9 February 2013 (UTC)
::::::: I will just delete all because like we say, they are all useless. You could always google the link if ever needed. --[[User:Adaminsull|adaminsull]] ([[User talk:Adaminsull|talk]]) 12:36, 9 February 2013 (UTC)
+
::::::: I will just delete all because like we say, they are all useless. You could always google the link if ever needed. --[[User:IAdam1n|iAdam1n]] ([[User talk:IAdam1n|talk]]) 12:36, 9 February 2013 (UTC)
 
:::::::: Plus we have the link to their site --[[User:Haifisch|C20H25N3O]] ([[User talk:Haifisch|talk]]) 19:36, 9 February 2013 (UTC)
 
:::::::: Plus we have the link to their site --[[User:Haifisch|C20H25N3O]] ([[User talk:Haifisch|talk]]) 19:36, 9 February 2013 (UTC)
 
:::::::: Do not jump to conclusions. A consensus hasn't been reached yet. --[[User:5urd|5urd]] ([[User talk:5urd|talk]]) 00:45, 11 February 2013 (UTC)
 
:::::::: Do not jump to conclusions. A consensus hasn't been reached yet. --[[User:5urd|5urd]] ([[User talk:5urd|talk]]) 00:45, 11 February 2013 (UTC)
Line 20: Line 20:
 
: Looks good! --[[User:Haifisch|Haifisch]] ([[User talk:Haifisch|talk]]) 04:19, 15 February 2013 (UTC)
 
: Looks good! --[[User:Haifisch|Haifisch]] ([[User talk:Haifisch|talk]]) 04:19, 15 February 2013 (UTC)
   
: Now I've listed eleven vulnerabilities/exploits/techniques, but [http://www.forbes.com/sites/andygreenberg/2013/02/25/apple-is-beta-testing-a-fix-for-evasi0n-jailbreak/ Forbes citing planetbeing talk about "five distinct bugs in iOS"] and [http://news.softpedia.com/news/Softpedia-Exclusive-Interview-Dhillon-Kannabhiran-CEO-and-Founder-of-HITB-331914.shtml Softpedia interview with Dhillon talking about evasi0n] talk about 8 vulnerabilities. Additionally [[i0n1c]] mentions a [[Timezone Flaw]], so I'm not sure if that is the [[Malformed PairRequest]] or another one. He also mentioned the [[Overlapping Segment Attack]] and later confirmed it's an additional one (added now). Quite confusing, especially as I'm far away from fully understanding the [[evasi0n]] code. --[[User:Http|http]] ([[User talk:Http|talk]]) 22:50, 25 February 2013 (UTC)
+
: Now I've listed eleven vulnerabilities/exploits/techniques, but [http://www.forbes.com/sites/andygreenberg/2013/02/25/apple-is-beta-testing-a-fix-for-evasi0n-jailbreak/ Forbes citing planetbeing talk about "five distinct bugs in iOS"] and [http://news.softpedia.com/news/Softpedia-Exclusive-Interview-Dhillon-Kannabhiran-CEO-and-Founder-of-HITB-331914.shtml Softpedia interview with Dhillon talking about evasi0n] talk about 8 vulnerabilities. Additionally [[i0n1c]] mentions a [[Timezone Vulnerability|Timezone Flaw]], so I'm not sure if that is the [[Timezone Vulnerability|Malformed PairRequest]] or another one. He also mentioned the [[Overlapping Segment Attack]] and later confirmed it's an additional one (added now). Quite confusing, especially as I'm far away from fully understanding the [[evasi0n]] code. --[[User:Http|http]] ([[User talk:Http|talk]]) 22:50, 25 February 2013 (UTC)
:: On the post that was confirming one is patched it said one of five. If this is the case how come we have about 10 listed? --[[User:Adaminsull|adaminsull]] ([[User talk:Adaminsull|talk]]) 00:38, 26 February 2013 (UTC)
+
:: On the post that was confirming one is patched it said one of five. If this is the case how come we have about 10 listed? --[[User:IAdam1n|iAdam1n]] ([[User talk:IAdam1n|talk]]) 00:38, 26 February 2013 (UTC)
  +
::: Because, doesnt Evasi0n use 10 vulnerabilities? There may be less in the Cydia package one then there is with the computer sided one --[[User:Haifisch|Haifisch]] ([[User talk:Haifisch|talk]]) 00:40, 26 February 2013 (UTC)
  +
  +
Update: From the HITB talk, I now seem to understand that the permission change comes from the timezone vulnerability. I've changed the name. --[[User:Http|http]] ([[User talk:Http|talk]]) 08:46, 15 April 2013 (UTC)
   
 
== Cydia package ==
 
== Cydia package ==
Line 28: Line 31:
 
:Well, I don't know a lot about Cydia packages, but I don't see anything changing the config file. The .deb file just contains these three files I mentioned. So, no, don't add the config file until you know how it gets changed. --[[User:Http|http]] ([[User talk:Http|talk]]) 22:03, 25 February 2013 (UTC)
 
:Well, I don't know a lot about Cydia packages, but I don't see anything changing the config file. The .deb file just contains these three files I mentioned. So, no, don't add the config file until you know how it gets changed. --[[User:Http|http]] ([[User talk:Http|talk]]) 22:03, 25 February 2013 (UTC)
 
:: looking at the control folder there is two files that intrest me extrainst_ and postrm, both executables. I'd say that the postrm edits the config. That or dirhelper. --[[User:Haifisch|Haifisch]] ([[User talk:Haifisch|talk]]) 00:21, 26 February 2013 (UTC)
 
:: looking at the control folder there is two files that intrest me extrainst_ and postrm, both executables. I'd say that the postrm edits the config. That or dirhelper. --[[User:Haifisch|Haifisch]] ([[User talk:Haifisch|talk]]) 00:21, 26 February 2013 (UTC)
  +
  +
== Exploit statuses ==
  +
  +
Anyone mind if I added my list of patched, and not patched exploits link at [http://securitywestern.com/iOS-exploit-stats SecWest List] --[[User:Haifisch|Haifisch]] ([[User talk:Haifisch|talk]]) 02:27, 3 May 2013 (UTC)
  +
: Are you asking if you may copy the exploit list there? Sure, just cite source. Or are you asking if you should add patch status here? Patch status is already listed on the respective page. But if you want to add it in some nice way on the overview page, you may too. Althought I think it's not necessary, as long as it's clearly stated on the detail page. I prefer to cleanup this exploit list. That's much more important. --[[User:Http|http]] ([[User talk:Http|talk]]) 05:30, 3 May 2013 (UTC)
  +
:: I want to add a green "YES" for vulnerable that are still exploitable and a red "NO" for those that are not. In the Exploits and Vulnerabilities section --[[User:Haifisch|Haifisch]] ([[User talk:Haifisch|talk]]) 20:09, 5 May 2013 (UTC)

Latest revision as of 10:40, 24 August 2013

Downloads.

Can we delete the downloads and make a version table? Download table is not needed really. --iAdam1n (talk) 23:22, 8 February 2013 (UTC)

I had the same idea earlier and thought we don't need the links, because they are all on their homepage. But now, the old links are nowhere else visible. Not sure if they are important though. --http (talk) 23:48, 8 February 2013 (UTC)
Is it ok for me to delete them and I'll do the table for versions too? --iAdam1n (talk) 23:55, 8 February 2013 (UTC)
I think it'd be better just to add a 'changelog' column to the current downloads table. --Srb21103 (talk) 00:02, 9 February 2013 (UTC)
There is totally no point in downloads here. We don't have it for redsn0w etc. --iAdam1n (talk) 00:08, 9 February 2013 (UTC)
We don't have them for redsn0w because they are saved to the team's Google Drive, but are deleted when a newer version comes out. --5urd (talk) 00:32, 9 February 2013 (UTC)
Wait until we get some more response. --5urd (talk) 00:32, 9 February 2013 (UTC)
The Mega links still work... --5urd (talk) 00:32, 9 February 2013 (UTC)
There is still no point in it. For now I will do the changelog table and see what others think. --iAdam1n (talk) 00:37, 9 February 2013 (UTC)
I will just delete all because like we say, they are all useless. You could always google the link if ever needed. --iAdam1n (talk) 12:36, 9 February 2013 (UTC)
Plus we have the link to their site --C20H25N3O (talk) 19:36, 9 February 2013 (UTC)
Do not jump to conclusions. A consensus hasn't been reached yet. --5urd (talk) 00:45, 11 February 2013 (UTC)
For archiving purposes, I usually like having access to older versions of everything. (I probably wouldn't use it though…) However, their usefulness is questionable at best, so it wouldn't really be problematic to remove them. We could purge all of the links for old versions except the Mega links, and move those Mega links below the table or something. --Dialexio (talk) 02:39, 9 February 2013 (UTC)
This is my reasoning... It's good for archival purposes. If we weren't going to keep download links for old versions of software, why do we keep download links for firmware files? It's worth noting that all but the RapidShare links still work. --5urd (talk) 00:47, 11 February 2013 (UTC)

Vulnerability Names

Now that we have full analysis, I've tried to give some names to the used vulnerabilities, exploits, techniques. Would you agree with the names before we start creating the pages? Anything missing? Something wrong? --http (talk) 01:24, 15 February 2013 (UTC)

Looks good! --Haifisch (talk) 04:19, 15 February 2013 (UTC)
Now I've listed eleven vulnerabilities/exploits/techniques, but Forbes citing planetbeing talk about "five distinct bugs in iOS" and Softpedia interview with Dhillon talking about evasi0n talk about 8 vulnerabilities. Additionally i0n1c mentions a Timezone Flaw, so I'm not sure if that is the Malformed PairRequest or another one. He also mentioned the Overlapping Segment Attack and later confirmed it's an additional one (added now). Quite confusing, especially as I'm far away from fully understanding the evasi0n code. --http (talk) 22:50, 25 February 2013 (UTC)
On the post that was confirming one is patched it said one of five. If this is the case how come we have about 10 listed? --iAdam1n (talk) 00:38, 26 February 2013 (UTC)
Because, doesnt Evasi0n use 10 vulnerabilities? There may be less in the Cydia package one then there is with the computer sided one --Haifisch (talk) 00:40, 26 February 2013 (UTC)

Update: From the HITB talk, I now seem to understand that the permission change comes from the timezone vulnerability. I've changed the name. --http (talk) 08:46, 15 April 2013 (UTC)

Cydia package

I assume it also edit the launchd config file too, anyone agree so i may add it? --Haifisch (talk) 02:50, 25 February 2013 (UTC)

Well, I don't know a lot about Cydia packages, but I don't see anything changing the config file. The .deb file just contains these three files I mentioned. So, no, don't add the config file until you know how it gets changed. --http (talk) 22:03, 25 February 2013 (UTC)
looking at the control folder there is two files that intrest me extrainst_ and postrm, both executables. I'd say that the postrm edits the config. That or dirhelper. --Haifisch (talk) 00:21, 26 February 2013 (UTC)

Exploit statuses

Anyone mind if I added my list of patched, and not patched exploits link at SecWest List --Haifisch (talk) 02:27, 3 May 2013 (UTC)

Are you asking if you may copy the exploit list there? Sure, just cite source. Or are you asking if you should add patch status here? Patch status is already listed on the respective page. But if you want to add it in some nice way on the overview page, you may too. Althought I think it's not necessary, as long as it's clearly stated on the detail page. I prefer to cleanup this exploit list. That's much more important. --http (talk) 05:30, 3 May 2013 (UTC)
I want to add a green "YES" for vulnerable that are still exploitable and a red "NO" for those that are not. In the Exploits and Vulnerabilities section --Haifisch (talk) 20:09, 5 May 2013 (UTC)