Cydia icon iPhone 5s

You may remember MuscleNerd as being the head of the iPhone Dev Team, which has been on the sidelines in recent years in favor of the Chronic Dev Team and, later, the evad3rs. Nevertheless, the well-known iPhone hacker congratulated the Pangu Team for its impromptu iOS 7.1.1 untethered jailbreak release, in addition to providing some interesting commentary on how the exploit works.

According to his tweets, MuscleNerd says that the most unique part of the Pangu jailbreak is that it uses an expired enterprise certificate as an injection vector. He adds that enterprise certificates are something that have been out of bounds for the iPhone Dev Team, due to legal reasons, but he is glad that this method was used rather than the Pangu team burning through something more native and powerful… 

MuscleNerd also claimed that he was unsettled about the Pangu jailbreak executing any scripts or Mach-Os in /etc/rc.d/ on every boot. He added that this functionality should be patched out of the jailbreak, referring to it as something that so-called “script kiddies” would use. Cydia creator Jay Freeman (saurik) quickly chimed in, though, saying that the evasi0n7 untethered jailbreak also ran /etc/rc.d scripts to replace /etc/launchd.conf, making it no less powerful or dangerous.

All in all, these technical details surrounding the iOS 7.1.1 jailbreak provide some interesting insight into how a jailbreak is executed. Apple has not patched the enterprise certificate loophole that lets you roll back the system time on a device, and perhaps this will make the prospect of an iOS 8 jailbreak one step easier. It is also interesting that the iPhone Dev Team could have potentially used the certificate loophole for past jailbreaks as well, although that is merely speculation.

  • Foellarbear

    This is quite interesting….

    • Pato_

      Very interesting

      • ic0dex

        Very interesting indeed!!!

  • Andy

    Joe, you missed the part where saurik replied to his tweets, saying evasi0n did the same thing as Pangu.

    • Joe Rossignol

      “Cydia creator Jay Freeman (saurik) quickly chimed in, though, saying that the evasi0n7 untethered jailbreak also ran /etc/rc.d scripts to replace /etc/launchd.conf, making it no less powerful or dangerous.”

      • Andy

        Ah, thought you would actually embed his tweet since you did it with MuscleNerd 🙂

      • Joe Rossignol

        I’ve embedded it now. There we go.

      • Matt Taylor


  • MrShutEmDown

    Can I have this wallpaper though used on the iphone?

  • Matt Taylor

    So glad jailbreak hacking is moving away from the monopoly it has been lately! I’m thankful to the evaders of course, but they do take their sweet time…

    I remember the days of GeoHot when a jailbreak would come out within days of a public iOS release

    • ✪ aidan harris ✪

      Jailbreaking has got consoderably harder to do over the years. I think I remember reading an artical on Forbes about how the evasi0n jailbreak (for iOS 6) works and it uses multiple exploits and is incredibly complex…

      Here’s the article which I’d highly recommend readinng to anyone with a bit of free time on their hands:


      • Rio

        Actually even if they find an easy jailbreak or a complex one they would keep it for themselfs and show off videos so people get mad. They keep waiting so they can be full of donations and then after they Finally release it they get filled up with donations again.

        This has become a monopoly seeing just the “well known hackers” . Well they arent the only hackers out there and i am very glad Pangu Team smacked that jailbreak out of nowhere in their faces…

        The jailbreak was free so it can make people happy, and now has become a millionaire buisness.

    • raveur

      The Chinese hackers seem to be taking a short-term view rather than a community-oriented long-term view. I don’t think that’s good.

  • SteveZ

    legal reasons….
    Most of my Chinese fellows never give a **** about the law.

  • Eikast

    I’m just glad that more people are releasing jailbreaks. At least PanGu gave users the option to uncheck the piracy App Store. It’s a bit controversial since they were able to due this from i0n1c’s training but hey, karma is a b****.

    There will always be a jailbreak for iOS. There are always exploits/bugs in software. New updates that fixes or add features can add more bugs/exploits. It’s just a matter of is it worth it for people to explore. iOS is extremely popular so there will always be an urge to find exploits.

    Now if we were talking about an OS that was used by 500K people then ya…good luck with that. After saying that, finding exploits must be tiring, not only for finding the exploits but to make sure that it works on all supported devices. This is probably why you won’t see many jailbreaks released for the same iOS X version.Groups that released a jailbreak for a version of iOS will have already gotten their money from donations etc. and not as many people need a newer one compared to the first jailbreak for said iOS X.

    • Kurt

      Musclenerd was putting them down because he doesn’t want more competition for donations. They make a lot of money from putting out jailbreaks. I’m glad their are more people working on jailbreaks. I don’t get any donations so I shouldn’t care. They released a safe jailbreak. We should all be happy about that. But clearly some people are not (musclenerd)

      • mlee19841

        yea when it comes down to it money talks. with a couple million people using jailbroken devices. A part of that figure will be people that make donations to the envasion team. So they make off pretty good with the donations.

      • Kurt

        If I remember correctly, Sebastien gave a hundred bucks one time to some jailbreakers. Other people stated in the comments section they gave similar amounts, not sure if I believe them, but I do believe Sebastien gave that much.

  • TeChNoStyLeZ

    Is there a possibility that evasi0n7 gets updated for 7.1.1 ?

    • Probably not, Musclenerd says that the method Pangu used was illegal, the only way Evasion7 would be updated would be to either use the same method, or use their “saved” exploits. Neither of which they’ll do

      • ARX8

        I wouldn’t burn the exploits if I were in the team. Let those glorious exploits be safeguarded for iOS8

  • Arjan Vlek

    This method is in use for a long time. You could install retro game emulators on non jailbroken devices by setting the date and time back to like 2012 or 2013

  • Kenneth Lin

    What legal reasons? Anyone who knows care to elaborate?

    • ‘Ariff

      I’m leaving this here to follow the post. I would like to know too

      • mlee19841

        same here

      • Kyle

        Because of the expired Enterprise certificate. That’s a matter of copyright infringement.

  • JoJo

    Where is Marcus now, crying about his iOS8 jailbreak will be so much delayed because pangu used up exploits?

    All i can say is… I told you so.

    • Dan

      u mad?

    • vifish

      Ya when i read this “but he is glad that this method was used rather than the Pangu team burning through something more native and powerful… ” i was like “SUCK ON THAT MARCUS!”

      I hate these kids that show up here, saying things like they are a developer…

    • mlee19841

      lol. that guy was madder then the people actually doing the work.

  • ‘Ariff

    Just a suggestion, but can you guys make a clarification post regarding the PPSync and Apple File Conduit situation? More specifically the differences between Karen’s AFC2 Unified and this new Apple File Conduit “2” that saurik added to Cydia

    Just so us consumers can figure out which one is better than the other or moreso which one should we install instead. Saurik’s explanation intriguied me.

    Thank you

    • ‘Ariff

      Nevermind I realised that it was actually AppSync Unified and not AFC2 unified as stated. =,=”

  • cd d

    you know the pangu team tried they did better than show us dumb videos of IOS 7.1.X being jailbroken…. those videos do nothing but make people mad …. and I read their blog page ….yeah I think jailbreak has become a monopoly…shame on the people who find exploits for jailbreaks 🙁

  • cd d

    and don’t release it