New security updates overtake jailbreak advantages.

There are just so many privilege escalation fixes in the latest iOS 12.2 update. I finally removed the jailbreak from my primary device and updated.  Privilege escalation is when an unprivileged or user process (like an app from the app store or even a web page*) gets root or even kernel authority.  This is when bad turns to worse because it can do and see anything with any of the device’s data or sensors.   Since even the big trusted apps have been caught tracking or stealing data, I simply couldn’t leave myself unprotected any longer.

I’ll still of course keep a development device jailbroken on 12.1.2 for all of the reasons. It was a wonderful experience, only slightly beta. I appreciate all the hard work by everyone in the scene. I think i am going hate seeing the home bar again the most.

* web pages are often sandboxed separately from the app itself. Some might argue that a webpage would first have to escape the sandbox before it could escalate privileges. this is true, but i would respond that sandbox escape is just another form of privilege escalation, only one level down. There are also over a dozen webkit fixes in this update.

Playing with screenshots & Snapchat

You think you can beat it? (snapchat screenshot detection) Snapchat is a popular multimedia chat app with an allegedly vanishing history. Users can send pics or videos and set an expiration in seconds. After viewing the content for the prescribed duration… poof, it’s gone.  I was bored and playing with Forest when I noticed that the app sends an alert to the sender when their message is captured using iOS’s screen capture function. I was actually impressed with the forethought. Unfortunately, that impression did not last long.  It took me less then 20 minutes and only 3 messages to take advantage of Snapchat’s prebuffering to capture the message permanently without revealing that I had even viewed it. I did this all with the latest Snapchat on the latest iOS on a stock iPhone 6s+ (no jailbreak).  Honestly I find this kind of thing in a lot in applications not designed specifically for security.  Non authenticated data is sent before the authentication for speed or some other performance reason that negatively impacts security.  Kinda like client side authentication, sure there is a reason for it, but that doesn’t make it a good idea.  I am certainly not the only one to figure this out.  It seems that the basics of this method have been known for at least a year.

UPDATE (6-15-16):  Tested again with newest Snapchat app.  still working.

Amazing timing. I just got that. . .

iphone custom payload

For the past few days, I have been gathering the pieces for a project I finally started tonight.  The strange part is that until tonight, I didn’t know that I’d be on this project.  It involves an old iOS device, custom payloads, older Mac OS and especially old Xcode.  It is as if it touched on everything i had been blogging about this week.  Nothing new.  Just stuff I was letting myself forget.  None of it works with any of the newer devices (explains all the old code).  It also involved finding my old methods or rediscovering them.  When I’m done, I will pack it up nicely, document it thoroughly and hopefully never have to redo this part of the work again.  Thanks for the much needed distraction, now back to work.  (the gif above is from a very early payload from 2010 with much help from eric)

iPhone takes another dump!

This morning I woke to see that I hadn’t plugged in my phone overnight. I plugged it in and continued to prepare my breakfast.  I returned to find the boot screen staring ominously at me.  It never booted. So much for my jailbreak.  I tried a few things (force restart, safe mode, no luck).  Oddly enough, my watch was still receiving txt messages- no other iMessage client was working at that time).  Now i am restoring to last year.  (lol – it’s only 2 weeks old)

iphone 6s plus wipeiphone 6s plus restore

Great work Pangu! Jailbreak 9-9.0.2!

Once again, Chinese team Pangu drops a public iOS jailbreak for all the devices presently released including the new iPhone 6s/+. The usual warning about backing up your devices and that most of the software on cydia must be updated to work with the OS.  We know that 9.1 is already in the pipe.  I hope no unnecessary bugs were burned.  Taig did amazing work in iOS 8 to ensure that their bugs were released at the perfect time for maximum effect and user elation.

Only windows app presently.  My windows virtual machine decided to implode this morning, so i used my gaming PC to get it done.  (my new windows VM is still updating)

I was successful jailbreaking my iPhone 6s+ that had been OTA updated to iOS 9.0.2.  Strangely, I received no confirmation screen upon success.  Pangu recommends restoring your device directly to 9.0.2 instead of using the update feature on your device.

Pangu9 Jailbreak start

Continue reading “Great work Pangu! Jailbreak 9-9.0.2!”

Apple announces small changes that signify an exciting direction!

Apple Announcement 2015Apple’s big announcement today turned out to be more small enhancements that add up to exciting developments.  First off the rundown, iPhone 6s/6s Plus hits stores the 25th.  Faster, better camera, haptic feedback, force touch, and rose gold.  New iPad Pro with 2732‑by‑2048 12.9″ screen, a keyboard case, and a stylus!  Hits stores November. (also a new iPad Mini)  The Apple TV, got a complete rebuild with amazing looking features, but no delivery date.  Also some new Watch styles and bands or whatever.

Continue reading “Apple announces small changes that signify an exciting direction!”

iOS 8.4.1 released 8.4 Signing window is closing. . .

new iOS version 8.4.1If you would like to restore your device for jailbreaking, now is the last chance for a while (probably until 9.0.1 or so).  It is not difficult as long as Apple is still signing the earlier version.  Simply visit https://ipsw.me/ and download the iOS version you wish to install (for us it is 8.4 for your device model).  Once this file is downloaded, fire up iTunes select the summary screen for your device, hold option (or alt if you are on windows) and click restore.  This will bring up an open dialogue and simply feed it the file you downloaded in the previous step.  You will need to temporarily turn off Find My iPhone before you will be allowed to restore.  Restoring creates a cleaner foundation for the jailbreak.  It is not always required, but i highly recommend it.  Soon, we will not be able to restore without loosing jailbreak.  We want to ensure that our devices are functioning fully.  That is why we jailbreak!

new iOS version restore

check status of apple signing:
http://api.ineal.me/tss/status

TaiG now has a mac version. Download jailbreak here:
http://www.taig.com/en/