• Breaking News

    Sunday, July 1, 2018

    iOS Jailbreak [Discussion] Clarifying the 11.3.1 jailbreak scene, and an ELI5 of the problem that's causing all the delays

    iOS Jailbreak [Discussion] Clarifying the 11.3.1 jailbreak scene, and an ELI5 of the problem that's causing all the delays


    [Discussion] Clarifying the 11.3.1 jailbreak scene, and an ELI5 of the problem that's causing all the delays

    Posted: 30 Jun 2018 02:37 PM PDT

    It's now been two weeks since Ian released the empty_list exploit, and there's quite a lot of misinformation going around here, and based on that misinformation, people are making assumptions that the Electra team may not be releasing. I'm going to (hopefully) try to clear some of that up.

    Where we are

    Ian Beer released 2 exploits: multi_path (which I'll call "mp" from here on out) and empty_list (which I'll call "el"). mp was released first, and has a greater success rate, but must be codesigned by an Apple Developer certificate, which costs $99/year and is available for purchase on https://developer.apple.com. el was released later, as Ian needed more time to work on it. It does not require a dev cert, and initially had a low success rate, but has since been improved by pwn20wnd, and in my experience, works about 1/3 of the time, as long as you let the kernel chill for about 5 minutes after failing/rebooting.

    Explanation of the remount problem, and why the jailbreak isn't out now

    Everyone assumed that it would be fairly easy to recycle the old code from Electra 11.1.X and simply swap out the kernel exploits, replace the async_wake exploit with mp or el. However, after running the new kernel exploits, it was discovered that Apple has added a new security feature: using an APFS snapshot over a typical root partition.

    One of the main features of a jailbreak is being able to access the entire filesystem of the device. Think of your device's filesystem as two toy boxes. One of the boxes is labeled "disk0s1s1" and the other is labeled "disk0s1s2". disk0s1s2 is the bigger box that contains everything under /var, and is divided into sections, one for each app you have installed (the sandbox), plus some extra space for photos, iBooks, etc. disk0s1s1 is the smaller box, and it contains everything under all the other folders (/Applications, /System, /Library, etc) system apps and files needed by the system. Stock iOS has disk0s1s2 mounted as read-write, and lets each app write only to it's own sandbox, and all other parts of disk0s1s2 are only writable by the system. disk0s1s1 is only writable during software updates/restores.

    On 11.2.6 and older, once you have task_for_pid(0) (which is given by mp and el), it's relatively easy to mount both disk0s1s1 and disk0s1s2 as read-write. However, on 11.3, Apple introduced a new feature: when you set up your device, the system takes a picture of all the objects inside the disk0s1s1 box. From there on, every time you boot your device, the system looks at the picture, and then looks inside the box, and basically plays a game of spot the difference, meticulously going through the entire disk0s1s1, and if it notices any of the objects in that box have been moved or changed, it moves them back. Any new objects are thrown out, and any missing objects are magically replaced. This is a problem, because that means, for example, /Applications/Cydia.app/ would get removed after every reboot. This led to coolstar releasing a series of alarming tweets about needing larger storage, A10+ not working, etc, but this won't be a problem because...

    Thankfully, this system is very new, and is therefore littered with exploits. Here's a list of all the ones I'm aware of, and their respective abilities and downsides to using them.

    *@umanghere aka ur0 found a vulnerability that allows both the initial remounting of / (disk0s1s1) and allows for persistent changes. pwn20wnd wrote an exploit for it, and the persistence portion of it will likely be used in Electra1131's final release, but the initial remount causes serious problems when used, including breaking WiFi and Bluetooth, and so the initial remount part will not be used in the final public release.

    *Coolstar found a vulnerability that allows initial remounting of /, but at the moment, Apple doesn't know about it. If Coolstar were to release, this would mean we have nothing for iOS 12/the future. It's in everyone's best interest to save that one, for now.

    *@SparkZheng found and released a vulnerability that allows initial remount of /. To make this even better, Johnathan Levin @Morpheus______ announced that he would be writing an exploit for it, and using it in the QiLin. This vulnerability has none of the problems of ur0's, and Apple has already patched it, so there's no consequences down the road.

    So then all we as a community had to do was wait patiently. Unfortunately, that's not what happened. Levin got spammed on twitter, and it appears he has now lowered the priority of finishing the exploit because of the spam. So now, Coolstar is fixing SparkZheng's bug himself.

    Possibilities for the future

    A WebKit version of el was also released, PsychoTea has been playing with it, and coolstar publicly requested access to it (but for the life of me I can't find the source). This has the potential to allow jailbreaking via safari rather than a sideloaded app.

    A launchd bug was also announced, which could allow untethering. This is very exciting, but we don't know much about the exploit yet.

    Debunking criticisms of the electra team's actions

    "If apple added so many new security features, why did the electra team tell everyone to update from 11.2.X?"

    A: Because no one knew that those features had been added, and when Ian originally announced he had a tfp0 exploit, he said it was for 11.3.1, and didn't mention backwards compatibility

    "I donated so that Coolstar could get an iPhone X, and now he's not releasing, I want a refund."

    A: I've seen several people say this, and it really irritates me. It's a DONATION, not a PURCHASE. When you purchase something, that's when you pay a vendor, and they give you a product in return. If you buy a $200,000 Telsa or a $2 slush from Sonic, you pay them, and if they don't give you what you asked for, you are entitled to a refund. If you make a donation, that's different. That's you saying, "I like you, and I think you should have this money", and you (should) have no expectations in return. So, if you donated, you should feel good about yourself, you helped a young, aspiring developer through life, but you did not purchase an 11.3.1 jailbreak.

    "They said update to 11.3.1, and now there's still no jailbreak, so it'll never happen, 'hashtag biggest troll of 2016 amirite???????"

    A: It's been two weeks, and iOS is the most secure mobile operating system (and arguably, one of the most secure operating systems, period). If you seriously can't wait two weeks for a free tool to destroy one of the most secure OSes, you need to take a chill pill.

    submitted by /u/Samg_is_a_Ninja
    [link] [comments]

    [Question] 11.3.1 JB - Where are we now?

    Posted: 30 Jun 2018 11:56 AM PDT

    I know no one wants to read this question again...and I'm ready to get downvoted...but I'm absolutely no wen eta kid...I just don't know if there's a jb coming up anymore. I follow every post but there are so many things I don't know what's happening anymore...

    Everyone was so hyped as the first waterproof mention about a possible 11.3.1 jailbreak came up. The mood was great, everybody was hugging each other and day by day it seems like we're getting closer and closer. Donations have been done and if you listened closely you were able to hear the countdown.

    But one day I just get lost in so many threads and tweets about geek stuff I don't understand. And suddenly the hype was gone and all the "yeah...jb soon" lines went to zero.

    So please take care of my dumb brain and tell me where we are on the road to the 11.3.1 jb. I don't need long explanations, I just want to know what's up.

    Fancy myself as your little kid waking up on the backseat of your car on the holiday trip.

    Thanks everyone! Have a great weekend!

    submitted by /u/Raschmann
    [link] [comments]

    [Request] Same screen time overview as in IOS 12

    Posted: 30 Jun 2018 10:33 AM PDT

    [discussion] beginners jailbreak FAQ

    Posted: 30 Jun 2018 01:33 PM PDT

    [News] noncereboot1131UI updated for better reliability

    Posted: 30 Jun 2018 10:20 AM PDT

    [Request] ask for password when touch id recognize a specific fingerprint

    Posted: 30 Jun 2018 06:26 AM PDT

    i mean if iphone owner use a specific finger, iphone ask for password and dont open with correct fingerprint (only open with pw)

    sry for bad english. please help me to edit this text

    submitted by /u/persp0lis
    [link] [comments]

    [Discussion] My 10.2 jailbreak survived 2 near death experiences in 24 hours

    Posted: 01 Jul 2018 12:02 AM PDT

    Last night as I was getting out of the car, I dropped my phone. I heard the sound we all dread, and I picked my phone up to find a glitched screen with a massive crack in it. I was devastated, because I didn't want to lose my jailbreak by taking it to Apple. It was my only choice though, because I don't know where to get genuine parts and suck at repairs. With some Quicktime and SSH wizardry, I managed to output the screen onto my Mac and control it with SimulateTouch via SSH. I managed to get it backed up to iCloud, but Cydia Eraser wouldn't work. It got stuck on the read only error. I couldn't reboot to fix it because I'd lose SSH access. I thought I was pretty much doomed to fail Apple's diagnostic check.

    Got an appointment for today. Made no mention of being jailbroken, but I did say that I was on an older iOS and would prefer not to update. To my amazement they replaced the screen and never even touched the software. I was thrilled!

    I was not out of the woods though. I got home and tried running Cydia Eraser again to avoid possible issues due to some hasty remount commands I used to try and fix the read only error. It resprang during the process and I got stuck in a setup loop. Half my data was gone. I took a monumental risk and rebooted. To my relief it booted back up! I was able to Impact doubleH3lix, run it, and successfully run Cydia Eraser!!!

    I sit here typing this on my 10.2 6s that I no longer take for granted. So relieved.

    submitted by /u/jailbre4ker
    [link] [comments]

    [Question] Does the ‘Nine’ tweak work on IPX?

    Posted: 30 Jun 2018 07:35 PM PDT

    [Question] Apple watch says password failed every 24 hours? Makes me enter my apple id password on iPhone

    Posted: 30 Jun 2018 08:40 PM PDT

    Anyone else had this problem and found a fix?

    submitted by /u/NewWonderer
    [link] [comments]

    [help] iPhone X getting really hot

    Posted: 30 Jun 2018 07:12 PM PDT

    I haven't installed any new tweaks to make it happen but lately my phone gets ridiculously hot and the battery just drains in jailbreak mode. i tried using detailed battery usage but it didn't really give me any help, anyone else had this?

    Electra 11.1.2

    submitted by /u/Flumpyshmoo
    [link] [comments]

    [Help] CoolBooter - My partition has disappeared?

    Posted: 30 Jun 2018 11:41 AM PDT

    I can't boot into my secondary OS anymore; whenever I press "Boot", my screen gets "corrupted" and the phone reboots. When I type "mount" in Terminal, disk0s1s3 doesn't show up there. What do I do? I also can't make a backup of my OS because I don't have enough of storage.

    P.S. CoolBooterCLI gives "Segmentation fault: 11" error.

    submitted by /u/L0W_P1X3L
    [link] [comments]

    [Request] A tweak that will switch these two buttons

    Posted: 30 Jun 2018 08:36 PM PDT

    [help] Ext3nder installer crashing when trying to open app

    Posted: 30 Jun 2018 02:35 PM PDT

    Just updated all my tweaks in Cydia for the first time in months. One update was for Ext3nder Installer. Now after updating I can not open the app and even if I reinstall it still doesn't open. I'm on 11.1.2 iPhone 7+ Electra 1.0.2

    submitted by /u/Madboarder
    [link] [comments]

    [Question] Will restoring to a backup remove Electra completely?

    Posted: 30 Jun 2018 09:06 PM PDT

    [Question] this setting is turned off but my phone still changes it’s brightness automatically?

    Posted: 30 Jun 2018 03:45 PM PDT

    [Question] If Eletra releases, I can remove EU(Korea) Volume limit?

    Posted: 30 Jun 2018 10:15 AM PDT

    I really hate volume limit and I wanna listen to songs more loudly.. So I can remove volume limit when Eletra releases? Thanks.

    submitted by /u/jasonlee2401
    [link] [comments]

    [Question] Impactor stops at "VerifyingApplication"?

    Posted: 30 Jun 2018 07:12 PM PDT

    I'm trying to use Cydia Impactor, but for some reason every time I try to install Filza to my iPad with it, it always seemingly stops loading at the "VerifyingApplication" bit.

    It always stops at the same place every time I try; does anyone have any idea why this happens, and/or suggestions on how to fix it?

    submitted by /u/primal-meridian
    [link] [comments]

    [Help] Help with downgrading iPhone 4 to iOS 5/6

    Posted: 30 Jun 2018 10:51 PM PDT

    Hello r/Jailbreak , I used to be an active jailbreaker back in the iOS 5 and 6 days, and so recently I picked up my old iPhones and iPod touches and realized my iPhone 4 is on iOS 7 and iPod Touch on iOS 6, I remember I have saved my SHSH blobs for both devices on iOS 5 respectively via TinyUmbrella, I want to downgrade but since I haven't been caught up with the Jailbreak community for a while I don't know where to start. I did manage to downgrade my 3GS to iOS 4, thanks to Apple still signing the firmware and from what I've read Tiny Umbrella is no longer available. Will it even be possible to downgrade my iPhone 4 to iOS 6 or 5?

    submitted by /u/Rikarour
    [link] [comments]

    [question] is there any method to enable Facetime in the countries that doesn't support it?

    Posted: 30 Jun 2018 06:46 AM PDT

    solved!

    hello, i bought my iphone 5 from a country that ban facetime sevice and facetime is disabled on the device and doesn't even appear on homescreen and connot be opened from the appstore when i open its page on appstore
    i tried all youtube methods but didn't work is there any solution to try using filza or terminal or any other stuff!

    edit1: even after editing /System/Library/RegionFeatures/RegionFeatures_iphone.txt facetime still disabled: https://i.imgur.com/ePAmnv9.jpg

    edit2:[solved it] first of all do the previous point in edit1 then go to Cydia and add this source: chinasnow install commcenter patch

    then open filza or ifile and go to

    /var/mobile/Library/Carrier Bundle.bundle/carrier.plist

    then open it you will see something like this:https://i.imgur.com/qewR657.jpg

    click on the (i) on the right you will see this: https://i.imgur.com/84Q1GIt.jpg

    swipe down and click on (add item) https://i.imgur.com/aWlY0vA.jpg you'll see a new item appeared in the bottom click on it: https://i.imgur.com/JrOIjqw.jpg change the name to

    AllowsVoIP

    change type to :boolean change value to: YES https://i.imgur.com/SPXjwSn.jpg save the changes and (restart-rejailbreak-reinstall commcenter patch-respring) respeing couble of times and facetime will apear in the end

    thanks for all the people who helped i appreciate your help

    this was a tutorial for dummies enable facetime for jailbroken devices for dummies step by step :)

    submitted by /u/AhmadSaleh96
    [link] [comments]

    [Help] Buy new Apple TV 4 with tvOS 11.1

    Posted: 30 Jun 2018 03:13 PM PDT

    Hi everyone, i want to buy a new Apple TV 4 with tvOS 11.1. i want to go to a local store and check the serial number. Which serial number is for tvOS 11.1 (ex. PPPWYSSSCCCC). I want to know only the WY after PPP.

    Sorry for my Bad english, i hope it's understanable.

    submitted by /u/ra1nb0wm4n
    [link] [comments]

    [Question] What tweak is this? Where you can add these to CC.

    Posted: 30 Jun 2018 04:37 PM PDT

    [Question] Trying to fix spotlight daemon, help wanted

    Posted: 30 Jun 2018 01:31 PM PDT

    I need help fixing searchd daemon as it seems hogging all the cpu power and draining battery in the process.

    After trying everything I could, Cydia Eraser, replacing the daemon from a fresh ipsw, the problem still persisted. So I decided to run the exec in terminal and see what it does, and you can see it below.

    tl;dr: It seems like it is trying to delete keyboard cache (/var/mobile/Library/Caches/com.apple.keyboards) over and over again.

    So my question is what is "/var/mobile/Library/Caches/com.apple.keyboards"? And how should I proceed? Any suggestions?

    Thanks in advance

    Edit: I suspect this might be related to NudeKeys as I have upgraded to the newer 4.0 version of it recently, and I don't have the previous .deb to downgrade to :(

    bash-4.0$ cd "/System/Library/PrivateFrameworks/Search.framework";./searchd 2018-06-30 00:40:59.703 searchd[43044:1261260] [JODebox: Tweak.xm:509] ERROR: logos: nil class SpringBoard 2018-06-30 00:40:59.740 searchd[43044:1261260] Error deleting Keyboard Cache : Error Domain=NSCocoaErrorDomain Code=513 ""com.apple.keyboards" couldn't be removed because you don't have permission to access it." UserInfo={NSFilePath=/var/mobile/Library/Caches/com.apple.keyboards, NSUserStringVariant=( Remove ), NSUnderlyingError=0x10037fa50 {Error Domain=NSPOSIXErrorDomain Code=13 "Permission denied"}} 2018-06-30 00:40:59.743 searchd[43044:1261260] Error deleting Keyboard Cache : Error Domain=NSCocoaErrorDomain Code=513 ""com.apple.keyboards" couldn't be removed because you don't have permission to access it." UserInfo={NSFilePath=/var/mobile/Library/Caches/com.apple.keyboards, NSUserStringVariant=( Remove ), NSUnderlyingError=0x10042a520 {Error Domain=NSPOSIXErrorDomain Code=13 "Permission denied"}} 
    submitted by /u/hohchu
    [link] [comments]

    [Discussion] Houdini 'not supported' on 11.2.5

    Posted: 30 Jun 2018 02:03 PM PDT

    I decided to try houdini to hold me over until the 11.2 - 11.3.1 jailbreak, but it keeps saying 'not supported', even though I'm on 11.2.5. I installed it through the official IPA and with Cydia Impactor, so it should be working.

    submitted by /u/iamcomptonrapper
    [link] [comments]

    [Question] I’m getting this every time I open Cydia, is there a fix?

    Posted: 30 Jun 2018 12:45 PM PDT

    [question] how do I use one of my friends IPAs on my phone without their password?

    Posted: 30 Jun 2018 02:03 PM PDT

    My friend has one app that's no longer available on the store, but we have the IPA. He definitely does not know his password and doesn't have access to email

    Any recommendations help

    submitted by /u/JustAnotherJerry1
    [link] [comments]

    No comments:

    Post a Comment

    Fashion

    Beauty

    Travel