Pangu

From The iPhone Wiki
Jump to: navigation, search

This page is about the untethered jailbreak for iOS 7.1.x. For the semi-tethered jailbreak for iOS 7.1.x, see Geeksn0w. For the untethered jailbreak for iOS 8.x, see Pangu8.

Pangu
Pangu-v1.1.0-interface.png
Pangu v1.1.0 on Windows
Original author(s) Pangu Team
Developer(s) Pangu Team
Initial release 23 Jun 2014 (2014-06-23)
Stable release Windows: 1.2.1 / 9 Aug 2014 (2014-08-09)
OS X: 1.2.0 / 11 Aug 2014 (2014-08-11)
Development status Deprecated
Written in C
Operating system Windows / OS X
Size Windows: 34.14 MiB [EXE]
OS X: 31.14 MiB [DMG]
Available in English / Chinese
Type Jailbreaking
License Freeware
Website en.7.pangu.io (English)

Pangu is an untethered jailbreak for all devices on iOS 7.1.x, except the Apple TV. It was initially released on 23 June 2014, and became subject to controversy and criticism.

Controversy

Pangu used to install 25PP, a Chinese cracked app store, if the user ticked the checkbox to install it. As of version 1.1.0, the 25PP checkbox is not included unless the device language is set to Chinese. iH8sn0w confirmed that Pangu does not install anything else on the device apart from Cydia.

Pangu also uses a revoked enterprise certificate in order to inject the jailbreak, which is removed after the jailbreak is complete. (See misuse of developer certificates for other uses of similar techniques.)

Originally (in v1.0.0), Pangu used code taken from i0n1c's jailbreak training sessions, as well as an info leak vulnerability from said sessions. Version 1.1.0 kept most of the code, but swapped i0n1c's info leak with another one, which disclosed another vulnerability to Apple.

Supported Devices

The only unsupported devices are those of the Apple TV family. All other devices capable of running iOS 7.1.x are supported.

Download

Version OS SHA-1 Hash Download Changes
1.0.0 Windows 7d66f1f939cbf877f1e90480571f92b238245fab 25PP N/A Initial release
1.1.0 Windows 732e5fca772e6fd6f29ab56d2e39df21bf1cbe5f 25PP MEGA
  • Reduce application size
  • English translation
  • Improved user interface and networking
  • Replaces i0n1c's infoleak exploit with a different one
  • Chinese piracy store is only installed if device language is set to Chinese
  • First OS X release
OS X a0158e29a4b064913e976c869e49c54c8a53fa75 25PP MEGA
1.2.0 Windows d2143ad652da7cc0e356f19c4a9dc59335a14b0b 25PP MEGA
  • Fix boot loop bug for some iPhone 4 and 4S devices.
  • Fix sandbox log issue.
  • afc2 is included now.
  • Add patch for task_for_pid.
  • Added a notification if the jailbreak fails.
OS X b523f0e4d8e96e224685a8934acc225ce3cf70fd 25PP MEGA
1.2.1 Windows 77e964304aea897ee9226d7f0521638d29ec8bbf 25PP MEGA
  • Fixes a crash in the Windows version.

Analysis

Members of the Pangu team presented about their work at the SyScan360 conference in July 2014, although notes about this don't appear to be available on the web.

Installed Packages

  • APR (/usr/lib) (apr-lib)
  • APT 0.7 (apt-key) (apt7-key)
  • APT 0.7 Strict (lib) (apt7-lib)
  • Base Structure (base)
  • Big Boss Icon Set (org.thebigboss.repo.icons)
  • Bourne-Again SHell (bash)
  • bzip2 (bzip2)
  • Core Utilities (/bin) (coreutils-bin)
  • Cydia Installer (cydia)
  • Cydia Translations (cydia-lproj)
  • Darwin Tools (darwintools)
  • Debian Packager (dpkg)
  • Debian Utilities (debianutils)
  • Diff Utilities (diffutils)
  • Find Utilities (findutils)
  • GNU Privacy Guard (gnupg)
  • grep (grep)
  • gzip (gzip)
  • LZMA Utils (lzma)
  • New Curses (ncurses)
  • PAM (Apple) (pam)
  • PAM Modules (pam-modules)
  • Pangu 7.1-7.1.x Untether (io.pangu.axe7)
  • pcre (pcre)
  • Profile Directory (profile.d)
  • readline (readline)
  • sed (sed)
  • shell-cmds (shell-cmds)
  • system-cmds (system-cmds)
  • Tape Archive (tar)
  • UIKit Tools (uikittools)