Evasi0n: Difference between revisions
Content deleted Content added
Fix description of how the jailbreak works |
No edit summary |
||
| Line 21: | Line 21: | ||
}} |
}} |
||
'''Evasi0n''', (stylized as "evasi0n"), is a [[iOS jailbreaking|jailbreak]] program for iOS 6.0 - 6.1.2 and for iOS 7.0 - 7.0.6 (with evasi0n7). It is known for a portable code base and minimal use of [[arbitrary code execution]]. More than seven million copies of Evasi0n were downloaded and presumably installed in the first four days after release.<ref name="AI DLs 1">{{cite web|url=http://appleinsider.com/articles/13/02/12/evasi0n-jailbreaks-over-7m-ios-devices-update-already-available-for-ios-611|title=Evasi0n 'jailbreaks' 7M iOS devices, update already available for iOS 6.1.1|publisher=[[AppleInsider]]|date=12 February 2013|accessdate=13 February 2013}}</ref> It was released on 4 February 2013. Four of the six exploits used were patched by [[Apple Inc.|Apple]] on 18 March 2013 with the release of iOS 6.1.3, which meant the end of the original version of evasi0n. On 22 December 2013, the evad3rs released a new version of evasi0n that supports iOS 7.x, known as '''evasi0n7'''. One major exploit used by this jailbreak was patched by Apple with the 4th beta of iOS 7.1 and two more with beta 5. The final release of iOS 7.1 fixed all the exploits used by evasi0n7.<ref name="TW 7.1b5 1">{{cite web|url=https://twitter.com/iH8sn0w/statuses/425683996664926208 |title=iH8sn0w on Twitter: "So the code sign bug that evasi0n7 uses still exists in 7.1b4. Kernel exploit looks patched though :P" |publisher=Twitter.com |date=2014-01-21 |accessdate=2015-01-28}}</ref><ref name="TW 7.1b5 2">{{cite web|url=https://twitter.com/iH8sn0w/statuses/430764851405668352 |title=iH8sn0w on Twitter: "Apple fixed the chown vuln that appeared in iOS 7 <http://t.co/65wfTkCKML> and used by evasi0n7 by checking to see if its a symlink again :P" |publisher=Twitter.com |date=2014-02-04 |accessdate=2015-01-28}}</ref><ref name="TW 7.1b5 3">{{cite web|url=https://twitter.com/iH8sn0w/statuses/430780572093255680 |title=iH8sn0w on Twitter: "evasi0n7's afc sandbox escape is patched in 7.1b5 too." |publisher=Twitter.com |date=2014-02-04 |accessdate=2015-01-28}}</ref> |
'''Evasi0n''', (stylized as "evasi0n"), is a untethered [[iOS jailbreaking|jailbreak]] program for iOS 6.0 - 6.1.2 and for iOS 7.0 - 7.0.6 (with evasi0n7). It is known for a portable code base and minimal use of [[arbitrary code execution]]. More than seven million copies of Evasi0n were downloaded and presumably installed in the first four days after release.<ref name="AI DLs 1">{{cite web|url=http://appleinsider.com/articles/13/02/12/evasi0n-jailbreaks-over-7m-ios-devices-update-already-available-for-ios-611|title=Evasi0n 'jailbreaks' 7M iOS devices, update already available for iOS 6.1.1|publisher=[[AppleInsider]]|date=12 February 2013|accessdate=13 February 2013}}</ref> It was released on 4 February 2013. Four of the six exploits used were patched by [[Apple Inc.|Apple]] on 18 March 2013 with the release of iOS 6.1.3, which meant the end of the original version of evasi0n. On 22 December 2013, the evad3rs released a new version of evasi0n that supports iOS 7.x, known as '''evasi0n7'''. One major exploit used by this jailbreak was patched by Apple with the 4th beta of iOS 7.1 and two more with beta 5. The final release of iOS 7.1 fixed all the exploits used by evasi0n7.<ref name="TW 7.1b5 1">{{cite web|url=https://twitter.com/iH8sn0w/statuses/425683996664926208 |title=iH8sn0w on Twitter: "So the code sign bug that evasi0n7 uses still exists in 7.1b4. Kernel exploit looks patched though :P" |publisher=Twitter.com |date=2014-01-21 |accessdate=2015-01-28}}</ref><ref name="TW 7.1b5 2">{{cite web|url=https://twitter.com/iH8sn0w/statuses/430764851405668352 |title=iH8sn0w on Twitter: "Apple fixed the chown vuln that appeared in iOS 7 <http://t.co/65wfTkCKML> and used by evasi0n7 by checking to see if its a symlink again :P" |publisher=Twitter.com |date=2014-02-04 |accessdate=2015-01-28}}</ref><ref name="TW 7.1b5 3">{{cite web|url=https://twitter.com/iH8sn0w/statuses/430780572093255680 |title=iH8sn0w on Twitter: "evasi0n7's afc sandbox escape is patched in 7.1b5 too." |publisher=Twitter.com |date=2014-02-04 |accessdate=2015-01-28}}</ref> |
||
The evasi0n jailbreak first remounts the root file system as read-write and then achieves persistence by editing the <code>/etc/launchd.conf</code> file, which [[launchd]] consults. Evasi0n then applies patches in the kernel, bypassing [[address space layout randomization]] by triggering a data fault and reconstructing the kernel slide by reading the faulting instruction from the appropriate ARM [[Interrupt vector table|exception vector]].<ref name="forbes evasion 1">{{cite web|url=https://www.forbes.com/sites/andygreenberg/2013/02/05/inside-evasi0n-the-most-elaborate-jailbreak-to-ever-hack-your-iphone|title=Inside Evasi0n, The Most Elaborate Jailbreak To Ever Hack Your iPhone|work=[[Forbes]]|first=Andy|last=Greenberg|accessdate=23 December 2013}}</ref> |
The evasi0n jailbreak first remounts the root file system as read-write and then achieves persistence by editing the <code>/etc/launchd.conf</code> file, which [[launchd]] consults. Evasi0n then applies patches in the kernel, bypassing [[address space layout randomization]] by triggering a data fault and reconstructing the kernel slide by reading the faulting instruction from the appropriate ARM [[Interrupt vector table|exception vector]].<ref name="forbes evasion 1">{{cite web|url=https://www.forbes.com/sites/andygreenberg/2013/02/05/inside-evasi0n-the-most-elaborate-jailbreak-to-ever-hack-your-iphone|title=Inside Evasi0n, The Most Elaborate Jailbreak To Ever Hack Your iPhone|work=[[Forbes]]|first=Andy|last=Greenberg|accessdate=23 December 2013}}</ref> |
||
Revision as of 13:36, 11 September 2022
 Evasi0n 1.5.1 on OS X | |
| Developer(s) | Evad3rs (pod2g, MuscleNerd, planetbeing, pimskeks) |
|---|---|
| Stable release | 1.5.3
|
| Operating system | Microsoft Windows, OS X and Linux |
| Website | evasi0n |
| Developer(s) | Evad3rs (pod2g, MuscleNerd, planetbeing, pimskeks) |
|---|---|
| Stable release | 1.0.8
|
| Operating system | Microsoft Windows, and OS X |
| Website | evasi0n |
Evasi0n, (stylized as "evasi0n"), is a untethered jailbreak program for iOS 6.0 - 6.1.2 and for iOS 7.0 - 7.0.6 (with evasi0n7). It is known for a portable code base and minimal use of arbitrary code execution. More than seven million copies of Evasi0n were downloaded and presumably installed in the first four days after release.[1] It was released on 4 February 2013. Four of the six exploits used were patched by Apple on 18 March 2013 with the release of iOS 6.1.3, which meant the end of the original version of evasi0n. On 22 December 2013, the evad3rs released a new version of evasi0n that supports iOS 7.x, known as evasi0n7. One major exploit used by this jailbreak was patched by Apple with the 4th beta of iOS 7.1 and two more with beta 5. The final release of iOS 7.1 fixed all the exploits used by evasi0n7.[2][3][4]
The evasi0n jailbreak first remounts the root file system as read-write and then achieves persistence by editing the /etc/launchd.conf file, which launchd consults. Evasi0n then applies patches in the kernel, bypassing address space layout randomization by triggering a data fault and reconstructing the kernel slide by reading the faulting instruction from the appropriate ARM exception vector.[5]
See also
- p0sixspwn, an userland jailbreak for iOS 6.1.3-6.1.6 developed by iH8sn0w, winocm and SquiffyPwn.
- Cydia, an open-source package manager for iOS which uses APT repositories to get apps and tweaks.
References
- ^ "Evasi0n 'jailbreaks' 7M iOS devices, update already available for iOS 6.1.1". AppleInsider. 12 February 2013. Retrieved 13 February 2013.
- ^ "iH8sn0w on Twitter: "So the code sign bug that evasi0n7 uses still exists in 7.1b4. Kernel exploit looks patched though :P"". Twitter.com. 2014-01-21. Retrieved 2015-01-28.
- ^ "iH8sn0w on Twitter: "Apple fixed the chown vuln that appeared in iOS 7 <http://t.co/65wfTkCKML> and used by evasi0n7 by checking to see if its a symlink again :P"". Twitter.com. 2014-02-04. Retrieved 2015-01-28.
{{cite web}}: External link in|title= - ^ "iH8sn0w on Twitter: "evasi0n7's afc sandbox escape is patched in 7.1b5 too."". Twitter.com. 2014-02-04. Retrieved 2015-01-28.
- ^ Greenberg, Andy. "Inside Evasi0n, The Most Elaborate Jailbreak To Ever Hack Your iPhone". Forbes. Retrieved 23 December 2013.
External links
- Evasi0n.com – official site