After the release of iOS 5.1, developers started upgrading their jailbreak tools to include the new firmware. RedSnow was updated to V0.9.10b6 for Mac and soon followed SnowBreeze V2.9.2 for Windows. However,all the available jailbreaks are tethered and for A4 devices only.


Hacker Pod2g tweeted a few days ago that he is working on finding a jailbreaking by trying to find vulnerabilities with the new firmware. Today, Pod2g announced that he wants the jailbreak community and any iOS users to help him find the exploits by sending him crash reports.

Pod2g posted a guide on his blog to identify exploitable vulnerabilities:

  • “How can I help the jailbreak community?
  • To jailbreak a device, hackers need a set of exploitable vulnerabilities:
  • a code injection vector : a vulnerability in the core components of iOS that leads to custom, unsigned code execution.
  • a privilege escalation vulnerability : it’s usually not enough to have unsigned code execution. Nearly all iOS applications and services are sandboxed, so one often need to escape from the jail to trigger the kernel exploit.
  • a kernel vulnerability : the kernel is the real target of the jailbreak payload. The jailbreak has to patch it to remove the signed code enforcement. Only the kernel can patch the kernel, that’s why a code execution vulnerability in the context of the kernel is needed.
  • an untethering vulnerability : when the device boots, it is unpatched, thus cannot run unsigned code. Thus, to start the jailbreak payload at boot time, a code execution vector either in the services bootstrap or in the loading of binaries is mandatory.
  • You can help if you can crash either a core application (Safari, Mail, etc…) or the kernel in a repeatable way. A kernel crash is easy to recognize as it reboots the device.
  • Important facts:
  • Always test on the latest iOS version before reporting a crash (at the time of writing, iOS 5.1)
  • Be sure to not report crashes to Apple : on your iOS device, go to Settings / General / About /Diagnostics & Usage, and verify that “Don’t Send” is checked.
  • Not all crashes are interesting : aborts, timeouts or out of memory kind of crashes are useless. Verify the crash dump in Settings / General / About /Diagnostics & Usage / Diagnostic & Usage Data that the crash report you created is of Exception Type SIGILL, SIGBUS or SIGSEGV.
  • The crash should be repeatable, which means you should know what exact steps produced it and how to produce it on another device.”

The sent crash reports must be according to these categories or else the information will be useless and you must give information on how to reproduce the situation .All crash reports can be sent to pod2g@gmail.com.

CONTACT US

We're not around right now. But you can send us an email and we'll get back to you, asap.

Sending

Log in with your credentials

Forgot your details?