A few days ago we told you that the infamous iOS hacker pod2g had already started working on finding vulnerabilities in iOS 5.1 to use in a new jailbreak. The new software includes patches for the previous jailbreaks for both A4 and A5 devices.

Today, pod2g has come forward with another announcement. He is calling on the jailbreak community, or any iOS user for that matter, to help him find bugs in Apple’s mobile OS by sending him crash reports. Keep reading for details…

Pod2g posted this guide to identifying exploitable vulnerabilities to his blog this morning, and we encourage you to look it over:

“How can I help the jailbreak community?

To jailbreak a device, hackers need a set of exploitable vulnerabilities:

  • a code injection vector : a vulnerability in the core components of iOS that leads to custom, unsigned code execution.
  • a privilege escalation vulnerability : it’s usually not enough to have unsigned code execution. Nearly all iOS applications and services are sandboxed, so one often need to escape from the jail to trigger the kernel exploit.
  • a kernel vulnerability : the kernel is the real target of the jailbreak payload. The jailbreak has to patch it to remove the signed code enforcement. Only the kernel can patch the kernel, that’s why a code execution vulnerability in the context of the kernel is needed.
  • an untethering vulnerability : when the device boots, it is unpatched, thus cannot run unsigned code. Thus, to start the jailbreak payload at boot time, a code execution vector either in the services bootstrap or in the loading of binaries is mandatory.

You can help if you can crash either a core application (Safari, Mail, etc…) or the kernel in a repeatable way. A kernel crash is easy to recognize as it reboots the device.

  • Important facts:
  • Always test on the latest iOS version before reporting a crash (at the time of writing, iOS 5.1)
  • Be sure to not report crashes to Apple : on your iOS device, go to Settings / General / About /Diagnostics & Usage, and verify that “Don’t Send” is checked.
  • Not all crashes are interesting : aborts, timeouts or out of memory kind of crashes are useless. Verify the crash dump in Settings / General / About /Diagnostics & Usage / Diagnostic & Usage Data that the crash report you created is of Exception Type SIGILL, SIGBUS or SIGSEGV.
  • The crash should be repeatable, which means you should know what exact steps produced it and how to produce it on another device.”

All crash reports can be sent to iOS.pod2g@gmail.com. Make sure that the crash falls under one of the above-mentioned exception types and that you include the report, as well as the steps to reproduce it. Otherwise the data is useless and instead of helping pod2g, you’ll be creating more work.

Any questions?

  • ur LATE TO REPORT THIS 😛

    • Better late than never?

      • I agree. That’s how apple blogs work. Sometimes it’s breaking the news story while other times it’s sharing the info.

        You obviously read this somewhere else so there was no need to read this and comment “ur LATE TO REPORT THIS” and sound like a 14 y/o.
        The article was great for people to don’t really pay attention to other blogs and want their news from here.

        Don’t be “that” kinda commenter next time.

      • looks like someone does not understand the meaning of ”:P”.

        No0b to the texting world.

    • Thwy’re always the last ones to report anything lol
      Whatcha talking about?

      • Well yeah, with that said they put all pertinate information in a nice easy to read place. This blog has a nice format. The Jeff videos on the jailbreak tweaks are put together well. Could use more, you almost can run an video blog!!

      • no Modmyi is the last to report stuff. iDB FTW!!!!

  • I will dig deep on this and try to find some exploits, This is the best way to help this hard working guys to make this new FW jailbroken.

  • Pod2g then stated, “OK, let’s forget this crash report idea. My mail box is flooded with useless stuff 😉 My bad, I’ll write a more detailed article.”

  • Okay so since I’m on 5.0.1 my crash reports are useless?

    • Anonymous

      Pretty much out from what the article said, they are not worth too much…

    • If it’s a native app crashing with SIGILL, SIGBUS or SIGSEGV and you can reproduce it even if you haven’t tested it on 5.1 because you dont have one, send it to him. Just note it as “Not tested on 5.1”

  • I don’t think Apple’s patched the glitch where you can throw Newsstand into a folder, but when you try to launch Newsstand from a folder, Springboard crashes. Does that count?

    • It’s been patched. I tried it on iOS 5.1 but it doesn’t work :'(

    • This does not count, as the Newsstand is a folder, and the iOS is not able to open folders in folders.

    • Anonymous

      Springboard does not crash………….It reloads.

    • How to do that?

  • can we still use the automatic crash reporter thing that they used for the last jailbreak? the cydia download?

    • Anonymous

      They definitely need to make one for 5.1, would help find a vulnerability real quick

  • Hey guys I’m on 5.1 iPhone 4S and when i receive a text message the new camera toggle button on the lockscreen disappear and later appear, maybe is a bug..

    • That’s probably a bug. A vulnerability is usually shown when an app crashes.

  • David Villamizar

    I’ve got a LatestCrash-kernel_task.plist does it count?

    • Open it and find the “Exception Type” line, if it says SIGILL, SIGBUS or SIGSEGV at the end then it can be sent to pod2g.

      Ad@m

      • David Villamizar

        well it says SIGKILL, is the same?

      • No, sorry.

        Ad@m

  • I found a couple SIGBUS on Mail from .dat files that didn’t open should I submit?

    • Yes, you should

    • Yeah, with the crash log from /var/mobile/Library/Logs/CrashReporter/LatestCrash-MobileMail.plist and the dat files if possible

      Ad@m

  • Soon as I get my iPad this friday I will be sure to help out! I have CDEVReporter installed on my Original iPad and my 4S but seeings how they are both on 5.0.1 this does not help at all for 5.1 But I am not upgrading! Not till there is a jailbreak for 5.1.

  • Jex

    I think Pod2G is going to rewrite in proper language.

  • As a heads up, do not have an app crash on you(Like a game) and instantly assume that you just found the next great exploit, likely the program locked up and iOS killed it to preserver memory. Although I’m sure Pod2g has gotten 10000 “OMGEEEZZZ I OPENED UP TEMPLE RUN AND IT CRASHED IM SUCH A L33T H4X05” emails.

  • sn0wbaLL

    if he gives us a program like the chronic dev team did then ill use it to send the crash reports.

  • sn0wbaLL

    if you updated to 5.1. then either jailbreaking means nothing to you or your just stupid

    • David Villamizar

      maybe photo stream catched some “pictures” you have to hide

      • sn0wbaLL

        if that’s your problem then photos are the least of your problems

      • David Villamizar

        before 5.1 almost anybody could just open photos and if they chosed well, thoey would see my GF naked, that wouldn’t be good, preffer to update than locking my photos with a password

      • sn0wbaLL

        the hell you mean “almost anybody could just open photos”? No one in my family opens my photos. u must use 1 itunes account for all

  • Anonymous

    why is pod2g infamous….:o

  • Anonymous

    why is pod2g infamous…:0

  • How do i know if a crash report is sigill, sigbus, sigsegv, i have found a crash at messages, which is named messages, and i cant understand what type of crash it is

    • If you open it and find the exception type line, it says at the end of it in brackets.

      Ad@m

  • not going to upgrade until a jailbreak is discovered 😀
    cant live without a jailbroken iphone …

  • X commerce is redefining the marketplace!

  • Some people say 5.0.1 crashes is not needed, true or false, cuz I got alot of SIGILL and SÌGBUS reports of 5.0.1..?

    • David Villamizar

      @pod2g:”Please people stop sending crash reports. Actually, it’s not helpful, I have to precise what we need..”

    • True, 5.0.1’s already untethered so there’s no point.

      Ad@m

      • David Villamizar

        actually as someone uot her said, if the crash hasn’t be fixed yet in 5.1, it might work

  • I had a crash when trying to edit (backspace) a specific contact’s name in Phone app, but it doesn’t seem to appear in Diagnostics & Usage. How am I supposed to know what Exception type it is? FYI, I know how to reproduce the crash on my iphone.
    Just trying to make sure before creating more work for pos2g.

  • ok im jus messin around playin a game bck out check it n i got a sigsegv should i send it to him or only on main apps?

  • i ve found a bug

  • in ios 5.1
    and i know the steps
    how can i tell to pod2g???

  • guys
    i found a bug in ios 5.1 and i think this bug can help pod2g with jailbreak untethered and i want to tell what is the bug!!! how do i tell him???(pod2g)