Jump to content

Pangu Team

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Iridescent (talk | contribs) at 21:44, 24 November 2016 (Exploits: Typo fixing, typo(s) fixed: a app → an app using AWB). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

The Pangu Team (Chinese: 盘古越狱团队; pinyin: Pángǔ yuèyù tuánduì), is a Chinese programming team in the iOS community that developed the Pangu jailbreaking tools. These are tools that assist users in bypassing device restrictions and enabling root access to the iOS operating system. This permits the user to install applications and customizations typically unavailable through the official iOS App Store.[1]

Etymology

The name Pangu (or Pan Gu) is the Chinese (Chinese: 盘古) word for the first living being and creator of all, in some versions of Chinese mythology.[2]

Pangu jailbreak

Pangu or Pangu Jailbreak for iOS 7.1 - 7.1.x is a free iOS jailbreaking tool developed by the Pangu Team that is capable of executing jailbreaks on various iOS 7.1 devices (iPod touch, iPhone and iPad) by using various exploits. The tool was first released on 23 June 2014 UTC+08:00 to jailbreak iOS 7.1 on all iOS devices and the new Apple TV 4 (for tvOS 9.0 and 9.0.1).[3] The initial release of the tool included support for iOS 7.1.2. This was because the team suspected that a firmware update was imminent, and Apple would use that release to patch the vulnerabilities used in the tool.

Controversy

Pangu uses a revoked enterprise certificate to inject the jailbreak, which is removed after the jailbreak is complete.[4]

In the initial release (v1.0.0), 25PP, a Chinese cracked app store would be installed if the user did not uncheck the check box that was checked by default during installation.[4] 25PP was removed from the package as of version 1.1.0.

Originally (in v1.0.0), Pangu achieved the jailbreaking using an Infoleak vulnerability taken from Stefan Esser's (AKA: i0n1c) paid security training sessions, along with other vulnerabilities that they found themselves.[5] Although the team acknowledges Esser's help within the Pangu jailbreak tool, Esser took to Twitter to let everyone know he was "in no way okay" with Pangu using the exploit he discovered.[6]

One of the Pangu members, Daniel_K4, later responded to the public that no one was asked to sign the NDA during the paid security training sessions, and the Infoleak bug was known to everyone that attended the security training sessions. Daniel_K4 said that they too have found a similar vulnerability in Infoleak, but it was not used since they didn't want to disclose any new vulnerabilities. The Infoleak bug was used to bypass the KASLR which will not make an untethered jailbreak alone. The team said they never thought using what they had learned from a paid class would be wrong.[5]

Pangu offered Esser another vulnerability of their own as compensation but received no response.[5] Thus, since version 1.1.0 of the release, Esser's Infoleak was replaced with another vulnerability found by Pangu.[7]

Pangu 8

Pangu app running on iOS 8.

Pangu8 or Pangu Jailbreak for iOS 8.0 - 8.1 is a free iOS 8 jailbreak tool from the Pangu Team. It was first released on October 22, 2014 UTC+08:00. The tool is compatible with all devices capable of running iOS 8 (iPhone 6, iPhone 6 Plus, iPad mini 3, and iPad Air 2), and is currently available in both Chinese and English. Cydia was not included in the initial release package, but was added in v1.1.0 and is available from the Pangu website.[8]

Pangu app

Since Cydia was incompatible in the initial release, Pangu8 included a Pangu app that allows users to install Cydia, alongside various Pangu bug fixes and recommended software. The tool works as a tweaking utility and also recommends tools such as OpenSSH. After Cydia is installed, the Pangu app can be removed from the device by removing the "Pangu loader for iOS" from Cydia and respringing the device.[9] Uninstalling the Pangu app is not the same as removing the Pangu jailbreak. If iOS users remove Pangu jailbreak then they have to restore their device to the latest iOS version. Moreover, it's impossible to downgrade an iOS device back to the previous iOS version because Apple stops signing the old iOS versions after the release of a newer iOS firmware.[10] The initial releases also enabled for Cydia to be installed through a Debian package file instead of within the Pangu app as an alternative.

Pangu 9

Pangu9 or Pangu Jailbreak for iOS 9.0 - 9.1 is the latest free iOS 9 jailbreak tool from the Pangu Team. It was first released on October 14, 2015 UTC+08:00.[11] and only included a jailbreak for iOS 9.0 - 9.0.2. On March 11, 2016, Pangu released Pangu9 V1.3.0 that included a Jailbreak for iOS 9.1. The tool is capable of jailbreaking all devices running iOS 9.0 and all 64bit devices running iOS 9.1. It is currently available in English. There are both Windows and OSX versions available. Cydia was bundled with Pangu 9 in its first release, removing the need for a Pangu app found in previous Pangu jailbreaks.

PP25 Assistant (PP助手) 5.0

Released on the 24th of July, 2016, PP25 also known as Pangu9 or the new Pangu9 is a Jailbreak for iOS 9.2 - 9.3.3 that is only supported for 64-Bit devices and is not supported on the iPod 6th gen and iPad Pro (on the 1st release). The Application known as PP Assistant which is a Chinese Program that can install Cracked apps, The Pangu jailbreak is bundled with PP Assistant that has the option to install the PP25 App on your Device. during the jailbreak process it will ask you for a Apple ID used to install the unofficial app to jailbreak. The English version was released, adding support for the iPod 6th Gen and the iPad Pro but will most likely not add support for 32-bit.

iOS 9.3.3

Apple corrected the "IOMobileFrameBuffer" bug in iOS 9.3.4, released on August 4, 2016. “Team Pangu” was creditied as the source for this update in the official security notes. [12]

Apple states: "Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later; Impact: An application may be able to execute arbitrary code with kernel privileges; Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4654: Team Pangu" [13][14][15]

Like all iOS 9.x releases, iOS 9.3.4 is designed for iPhone 4S and later, iPad 2 and later, iPad mini and later, iPad Pro range, and the 5th generation iPod touch and later.[12] Outsiders recommend that you upgrade from iOS 9.3.3 to iOS 9.3.4 only if you do not jailbreak.[12]

Exploits

The Pangu9 (iOS 9 - 9.1) worked by allowing access to Photos to be able to install the unsigned application Cydia. Pangu9 (iOS 9.2 - 9.3.3) used a similar exploit. Allowing Notifications enabled the installation of Cydia. It used an app bundled with PP25 that allowed for a jailbreak without use of a computer.

See also

References

  1. ^ Titlow, John Paul (January 20, 2012). "Now You Can Jailbreak Your iPhone 4S and iPad 2". ReadWriteWeb. Retrieved December 29, 2012.
  2. ^ "What is Pangu?". The iPhone FAQ. Retrieved 23 October 2014.
  3. ^ Benjamin, Jeff. "Pangu releases Apple TV 4 jailbreak for units running tvOS 9.0 and 9.0.1". 9to5Mac. Retrieved 2016-03-26.
  4. ^ a b "Pangu untethered iOS 7.1.X jailbreak released, but proceed with caution". 9to5Mac. Retrieved 23 October 2014.
  5. ^ a b c Daniel_K4 (25 June 2014). 致不明真相的观众. weibo.com (in Chinese). Retrieved 23 October 2014.{{cite web}}: CS1 maint: numeric names: authors list (link)
  6. ^ "Chinese developers release untethered iOS 7.1.X jailbreak to much controversy". Softonic. Retrieved 23 October 2014.
  7. ^ "Pangu 1.1 jailbreak In English Language with Mac OS X Support Available for Download". shoutpedia. Retrieved 23 October 2014.
  8. ^ "iOS 8 jailbreak Pangu now comes with Cydia installer and English support for the masses (Update)". 9to5Mac. Retrieved 31 October 2014.
  9. ^ "How to remove Pangu app icon from homescreen after iOS 8 jailbreak". Retrieved 2 November 2014.
  10. ^ "How to remove Pangu jailbreak". Retrieved 6 July 2014.
  11. ^ "Pangu Changelog (English)". Retrieved 15 October 2015.
  12. ^ a b c Gordon Kelly (August 8, 2016). "Apple iOS 9.3.4: Should You Upgrade?". Forbes.com. Retrieved August 12, 2016.
  13. ^ "About the security content of iOS 9.3.4 (English)". Retrieved 8 August 2016.
  14. ^ "Memory corruption issue fixed in iOS 9.3.4". Apple Inc. Retrieved August 4, 2016.
  15. ^ Antony Leather (August 5, 2016). "Apple iOS 9.3.4 Breaks Pangu's Jailbreak: Install Now Before It's Too Late". Forbes.com. Retrieved August 12, 2016.