Snapchat is a popular multimedia chat app with an allegedly vanishing history. Users can send pics or videos and set an expiration in seconds. After viewing the content for the prescribed duration… poof, it’s gone. I was bored and playing with my wife when I noticed that the app sends an alert to the sender when their message is captured using iOS’s screen capture function. I was actually impressed with the forethought. Unfortunately, that impression did not last long. It took me less then 20 minutes and only 3 messages to take advantage of Snapchat’s prebuffering to capture the message permanently without revealing that I had even viewed it. I did this all with the latest Snapchat on the latest iOS on a stock iPhone 6s+ (no jailbreak). Honestly I find this kind of thing in a lot in applications not designed specifically for security. Non authenticated data is sent before the authentication for speed or some other performance reason that negatively impacts security. Kinda like client side authentication, sure there is a reason for it, but that doesn’t make it a good idea. I am certainly not the only one to figure this out. It seems that the basics of this method have been known for at least a year.
UPDATE (6-15-16): Tested again with newest Snapchat app. still working.
For the past few days, I have been gathering the pieces for a project I finally started tonight. The strange part is that until tonight, I didn’t know that I’d be on this project. It involves an old iOS device, custom payloads, older Mac OS and especially old Xcode. It is as if it touched on everything i had been blogging about this week. Nothing new. Just stuff I was letting myself forget. None of it works with any of the newer devices (explains all the old code). It also involved finding my old methods or rediscovering them. When I’m done, I will pack it up nicely, document it thoroughly and hopefully never have to redo this part of the work again. Thanks for the much needed distraction, now back to work. (the gif above is from a very early payload from 2010 with much help from eric)
This morning I woke to see that I hadn’t plugged in my phone overnight. I plugged it in and continued to prepare my breakfast. I returned to find the boot screen staring ominously at me. It never booted. So much for my jailbreak. I tried a few things (force restart, safe mode, no luck). Oddly enough, my watch was still receiving txt messages- no other iMessage client was working at that time). Now i am restoring to last year. (lol – it’s only 2 weeks old)
Once again, Chinese team Pangu drops a public iOS jailbreak for all the devices presently released including the new iPhone 6s/+. The usual warning about backing up your devices and that most of the software on cydia must be updated to work with the OS. We know that 9.1 is already in the pipe. I hope no unnecessary bugs were burned. Taig did amazing work in iOS 8 to ensure that their bugs were released at the perfect time for maximum effect and user elation.
Only windows app presently. My windows virtual machine decided to implode this morning, so i used my gaming PC to get it done. (my new windows VM is still updating)
I was successful jailbreaking my iPhone 6s+ that had been OTA updated to iOS 9.0.2. Strangely, I received no confirmation screen upon success. Pangu recommends restoring your device directly to 9.0.2 instead of using the update feature on your device.
Apple’s big announcement today turned out to be more small enhancements that add up to exciting developments. First off the rundown, iPhone 6s/6s Plus hits stores the 25th. Faster, better camera, haptic feedback, force touch, and rose gold. New iPad Pro with 2732‑by‑2048 12.9″ screen, a keyboard case, and a stylus! Hits stores November. (also a new iPad Mini) The Apple TV, got a complete rebuild with amazing looking features, but no delivery date. Also some new Watch styles and bands or whatever.
If you would like to restore your device for jailbreaking, now is the last chance for a while (probably until 9.0.1 or so). It is not difficult as long as Apple is still signing the earlier version. Simply visit https://ipsw.me/ and download the iOS version you wish to install (for us it is 8.4 for your device model). Once this file is downloaded, fire up iTunes select the summary screen for your device, hold option (or alt if you are on windows) and click restore. This will bring up an open dialogue and simply feed it the file you downloaded in the previous step. You will need to temporarily turn off Find My iPhone before you will be allowed to restore. Restoring creates a cleaner foundation for the jailbreak. It is not always required, but i highly recommend it. Soon, we will not be able to restore without loosing jailbreak. We want to ensure that our devices are functioning fully. That is why we jailbreak!
check status of apple signing:
TaiG now has a mac version. Download jailbreak here:
Wow, great timing guys. Wonderful work. I just hope you fixed the little setreuid() bug that allows root privilege escalation from any running app. It’s nice to have a phone that cannot be reboot by a txt message. Now that app developers have had some time to update their apps/manifests the jailbreak experience is looking glorious.