Planetbeing reveals some of the complicated hacks used in evasi0n

By , Feb 5, 2013

Evasion Wallpapers

This week’s evasi0n release has garnered a lot of attention over the past two days—and not just from folks who intend on jailbreaking. Sites like CBS and DaringFireball, who don’t normally cover the jailbreak scene, are running multiple stories on the hack.

The consensus seems to be that folks are just genuinely flat-out impressed with the technical aspects of evasi0n, and the team behind it. And for good reason too. Check out this Forbes interview with planetbeing, where he talks in-depth about the jailbreak…

In the conversation, David Wang (planetbeing) explains that the evasi0n hack takes advantage of at least five bugs in iOS 6’s code. And he notes, for reference, that that’s one more than Stuxnet, the malware developed by the NSA to attack Nuclear centrifuges.

And when Forbes’ Andy Greenberg asks Wang to walk him through exactly how evasi0n works, he doesn’t disappoint:

“Evasi0n begins by running libimobiledevice, a program that substitutes for iTunes to communicate with iOS devices via the same protocol as Apple’s program. Using that tool, Evasi0n exploits a bug in iOS’s mobile backup system to gain access to certain settings that it normally shouldn’t be able to access, namely a file that indicates the device’s time zone.”

The program then inserts a “symbolic link” in the time zone file, which is essentially a shortcut from one place in an OS to another. In this case, it leads to a restricted communications channel, or “socket,” between different programs that evasi0n alters for its benefit.

“Evasi0n alters the socket that allows programs to communicate with a program called Launch Daemon, abbreviated launchd, a master process that loads first whenever an iOS device boots up and can launch applications that require “root” privileges, a step beyond the control of the OS than users are granted by default. That means that whenever an iPhone or iPad’s mobile backup runs, it automatically grants all programs access to the time zone file and, thanks to the symbolic link trick, access to launchd.”

These are just a few of the steps mentioned in Forbes’ interview. To read the full article—and we recommend that you do, just to see how much is actually involved in these hacks—click here. It’s crazy to think that by the time it gets to us, we just click a button.

If you’re interested in checking out the new jailbreak, and for some reason haven’t already, make sure to visit our dedicated evasi0n section. We have step-by-step tutorials on how to jailbreak your iPhone, iPad and iPod touch for both Windows and Mac platforms.

  • Share:
  • Follow:
  • http://twitter.com/iAppleTech2 iAppleTech

    English please hah

    • http://www.facebook.com/Nasser1510 Nasser Cedeño

      ahhh ?? That’s English Man . What Language do you Speak :) lol

      • Metroview

        I believe he means layman’s terms

      • http://www.facebook.com/Nasser1510 Nasser Cedeño

        Maybe..

      • Steve

        We are legion

    • Marcos

      hahahaha i was just going to say the same. They are genius!

  • http://twitter.com/ChrisRigby80 Christopher Rigby

    When I install five icon dock or infinidock it muddles my apps up all over the place after respring. Can anyone help me please

    • shq

      five icon dock is not comparible with ios6

      • gcat10

        Five Icon Dock has been iOS6 compatible for awhile now.

    • Voice of Treason

      I don’t know about Inifinidock, but Five Icon Dock has its own app placement so you must reorganize them, then make a backup using iTunes. You shouldn’t use both tweaks at the same time either, because it will cause conflicts.

    • http://www.facebook.com/zacksloane Zachary Sloane

      Just get Springtomize 2. You have the option of having the five icon dock plus a bunch of other cool stuff!

  • pauleebe

    I think it’s so cool these guys are now in a Forbes’ interview.

  • Guest

    i can proudly say i know every word in the paragraphs… but yet i cant understand what they are saying ;p

    • Luis Finke

      I understand how it works, I just can’t see how apple goes about patching things like this.

  • Luis Finke

    Thats why my time was 7 hours off….

    • Lupius

      I accidentally figure out the fix by disabling and enabling auto set time.

  • http://twitter.com/jpcacho Josh Cacho

    Couldnt have worded it better myself.

  • http://www.facebook.com/cubanno2031 Adrian Rodriguez

    Wow this is historical!!!!

  • Jimothy

    Ah, okay. Very insightful! They really are keeping Apple on its toes.

  • http://www.facebook.com/lucas.kunert Lucas Kunert

    Sounds fairly complicated, but very impressive they found that little injection site. I’m sure there’s more, otherwise they’re just giving up all the info Apple for future JB’s. I reckon they’d find these anyways by breaking down the evasion tool, so I guess it’s not a big deal.

  • crazy_moo

    binary bitches, learn to speak it

    • http://twitter.com/e420kush e420Kush

      That is not binary…..

  • Ernie Marin

    this might just be me, but where can I get that cool evad3r matrix wallpaper, and can someone turn that into a theme?, or at least maybe something that can change the slider arrow to the evad3r E

    • http://www.facebook.com/profile.php?id=829245704 Matthew Cleveland

      Search iDB for evasi0n wallpaper. They posted it the other day.

  • http://twitter.com/Antonio14_ Antonio Latte

    And that’s why take so long, the deserv all donations in the world

  • mwpitt52

    Donate which is well deserved!!

  • Wassim Omais

    I read this and I am amazed that they were able to find vulnerabilities and code ALL of these exploits. Imagine searching for this without knowing what you will find. This is really interesting, and it truly shows the time and effort the evad3rs spent on this.

  • http://www.facebook.com/joe.jonsen Joe Jonsen

    Why is he telling all this to apple. The iPad 5 and iPhone 5sand 6 will take for ever to jailbreak

    • http://www.facebook.com/antman217 Anthony Antunez

      Once a jailbreak is out it doesn’t matter because Apple could easily get a team of developers to crack open the jailbreak and figure how it works and how to patch iOS. Might as well just talk about it anyways.

  • jose castro

    Nice

  • http://www.facebook.com/rbodamer Ron Bodamer

    Question for anybody else that may be having this issue. After jailbreaking my 5, I went to Siri for some helpful advice and whenever I say “open the pod bay doors” Siri shuts down, my SpringBoard crashes and I’m in Safe Mode. But only when I say “open the pod bay doors” it’s so weird and frustrating but at the same time it’s funny because you can’t help but think that Siri must really take offense to that command to crash your SpringBoard. Any thoughts??

    • Name

      Having the same issue ._. Idk why…

  • Gary Ehrlich

    What A great job resume!

  • Mohammad Ridwan

    “Then we win.”… like a boss…

  • http://twitter.com/BryantAllred Bryant Allred

    Did anyone else think of the avengers when this happened? I sure did.

  • http://aalaap.com Aalaap Ghag

    It’s like reading a fantasy novel for the first time in your life. I’d totally read this to my kids at bedtime so they can dream of exploits and kernel patches. If I ever had any kids.

    If you don’t feel like donating, at least go and check out the “sponsor messages” on the site!

  • Mr. Dumb

    I feel proud to announce i didn’t understand a god damn thing here :-)

  • ReanimationXP

    Am I the only one concerned that we’re all breaking rules 1 and 2?

  • oneil young

    Genius.apple slip and they slid right in there

  • brase

    if apple inc is smart they should incooperate this guys into thier dev team to make abetter ios for the market…

    • tggt00

      making a more secure ios is just sick.. and apple just earn from this jailbreak..

  • Ahmadjoon

    تو این گرونی؟

  • EpicFacepalm

    I knew I were right. They were using libimobiledevice like I said million times to cry newbies saying “why the heck they are making a linux version?!! This is a waste of time!!”…