The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Corona"
m (not a stub, wrong category, move the two exploits to own page) |
m |
||
(14 intermediate revisions by 7 users not shown) | |||
Line 2: | Line 2: | ||
'''Corona''' is a [[Cydia.app|Cydia]] package from the [[Chronic Dev (team)|Chronic Dev Team]] on [[Saurik]]'s repo. It uses [[User:pod2g|pod2g]]'s [[Racoon String Format Overflow Exploit]] and an [[HFS Heap Overflow]] to untether iOS 5.0.1 on previously-jailbroken devices. Alternatively, users can also re-run the [[iPhone Dev Team]]'s [[redsn0w]] 0.9.10 to untether their jailbreak with the same exploit. The name is an anagram of the aforementioned [http://linux.die.net/man/8/racoon racoon] software. |
'''Corona''' is a [[Cydia.app|Cydia]] package from the [[Chronic Dev (team)|Chronic Dev Team]] on [[Saurik]]'s repo. It uses [[User:pod2g|pod2g]]'s [[Racoon String Format Overflow Exploit]] and an [[HFS Heap Overflow]] to untether iOS 5.0.1 on previously-jailbroken devices. Alternatively, users can also re-run the [[iPhone Dev Team]]'s [[redsn0w]] 0.9.10 to untether their jailbreak with the same exploit. The name is an anagram of the aforementioned [http://linux.die.net/man/8/racoon racoon] software. |
||
− | ==A5 Jailbreak== |
+ | == A5 Jailbreak == |
+ | {{main|absinthe}} |
||
− | According to [http://pod2g-ios.blogspot.com/2012/01/sandbox-difficulties.html pod2g's blog], he was having problems with the app [[sandbox]]ing system used on the [[S5L8940|A5]] processor in the [[iPad 2]] and [[N94ap|iPhone 4S]], so he got [[User:planetbeing|planetbeing]], [[User:MuscleNerd|MuscleNerd]], [[User:posixninja|Joshua Hill]] and [[saurik]], dubbed the "dream team", to help to fix it[http://pod2g-ios.blogspot.com/2012/01/sandbox-difficulties.html][https://twitter.com/pod2g/status/156696427521773568]. [[User:DHowett|Dustin Howett]] also demoed the A5 jailbreak [http://www.youtube.com/watch?v=rDBHXbwgdc4 on YouTube]. A release date still hasn't been revealed, though. |
||
+ | According to [http://pod2g-ios.blogspot.com/2012/01/sandbox-difficulties.html pod2g's blog], he was having problems with the app [[sandbox]]ing system used on the [[S5L8940|A5]] processor in the [[iPad 2]] and [[N94AP|iPhone 4S]]. So he enlisted the help of [[User:planetbeing|planetbeing]], [[User:MuscleNerd|MuscleNerd]], [[User:posixninja|Joshua Hill]] and [[saurik]], dubbed the "Dream Team", to help him fix it[http://pod2g-ios.blogspot.com/2012/01/sandbox-difficulties.html][https://twitter.com/pod2g/status/156696427521773568]. [[User:DHowett|Dustin Howett]] also demoed the A5 jailbreak [http://www.youtube.com/watch?v=rDBHXbwgdc4 on YouTube]. It was released on {{date|2012|01|20}} as [[Absinthe]]. |
||
− | == |
+ | == Details == |
+ | All this package essentially does is disable [[ASLR]] to enable the [[untethered jailbreak|untether]] portion of [[Absinthe]]. It does this by just changing the [[launchd]]'s config file<sup>1-31</sup> (<code>/DisableAslr</code>) from |
||
+ | <key>DisableAslr</key> |
||
+ | <false/> |
||
+ | to |
||
+ | <key>DisableAslr</key> |
||
+ | <true/> |
||
+ | |||
+ | == Changelog == |
||
+ | * '''1.0-8''' Fixed an issue where corona failed on [[N94AP|iPhone 4S]] on [[iOS]] 5.0 |
||
+ | * '''1.0-7''' 1.0-6 had a "Depends" that made it refuse to install on an original iPad. |
||
+ | * '''1.0-6''' fixed iBooks issues (books having DRM may show half pictures and/or grey rectangles). |
||
* '''1.0-5''' was updated by Saurik again to require a reboot after installing. |
* '''1.0-5''' was updated by Saurik again to require a reboot after installing. |
||
* '''1.0-4''' includes sandbox patches by [[User:comex|comex]] that fixes [[iBooks]] problems, as well as another fix for [[launchctl]].[http://blog.iphone-dev.org/post/14857834236/untethered-holidays] |
* '''1.0-4''' includes sandbox patches by [[User:comex|comex]] that fixes [[iBooks]] problems, as well as another fix for [[launchctl]].[http://blog.iphone-dev.org/post/14857834236/untethered-holidays] |
||
* '''1.0-3''' was updated by Saurik to enable [[redsn0w]] 0.9.10 users to update the jailbreak through Cydia. |
* '''1.0-3''' was updated by Saurik to enable [[redsn0w]] 0.9.10 users to update the jailbreak through Cydia. |
||
− | * '''1.0-2''' attempted to fix a bug that caused launchctl to not start daemons on-demand. |
+ | * '''1.0-2''' attempted to fix a bug that caused [[launchctl]] to not start daemons on-demand. |
* '''1.0-1''' is the initial release of the jailbreak. |
* '''1.0-1''' is the initial release of the jailbreak. |
||
− | == |
+ | == References == |
+ | # [[i0n1c]]'s [http://cansecwest.com/csw12/CSW2012_StefanEsser_iOS5_An_Exploitation_Nightmare_FINAL.pdf {{date|2012|03}} presentation] (An Exploitation Nightmare) |
||
+ | |||
+ | == External Links == |
||
*[http://pod2g-ios.blogspot.com/2012/01/details-on-corona.html pod2g's details on the exploits] |
*[http://pod2g-ios.blogspot.com/2012/01/details-on-corona.html pod2g's details on the exploits] |
||
+ | |||
[[Category:Hacking Software]] |
[[Category:Hacking Software]] |
||
+ | [[Category:Jailbreaks]] |
||
+ | [[Category:Jailbreaking]] |
||
+ | [[Category:Cydia Packages]] |
Latest revision as of 12:42, 17 September 2021
Corona is a Cydia package from the Chronic Dev Team on Saurik's repo. It uses pod2g's Racoon String Format Overflow Exploit and an HFS Heap Overflow to untether iOS 5.0.1 on previously-jailbroken devices. Alternatively, users can also re-run the iPhone Dev Team's redsn0w 0.9.10 to untether their jailbreak with the same exploit. The name is an anagram of the aforementioned racoon software.
A5 Jailbreak
- Main article: absinthe
According to pod2g's blog, he was having problems with the app sandboxing system used on the A5 processor in the iPad 2 and iPhone 4S. So he enlisted the help of planetbeing, MuscleNerd, Joshua Hill and saurik, dubbed the "Dream Team", to help him fix it[1][2]. Dustin Howett also demoed the A5 jailbreak on YouTube. It was released on 20 January 2012 as Absinthe.
Details
All this package essentially does is disable ASLR to enable the untether portion of Absinthe. It does this by just changing the launchd's config file1-31 (/DisableAslr
) from
<key>DisableAslr</key> <false/>
to
<key>DisableAslr</key> <true/>
Changelog
- 1.0-8 Fixed an issue where corona failed on iPhone 4S on iOS 5.0
- 1.0-7 1.0-6 had a "Depends" that made it refuse to install on an original iPad.
- 1.0-6 fixed iBooks issues (books having DRM may show half pictures and/or grey rectangles).
- 1.0-5 was updated by Saurik again to require a reboot after installing.
- 1.0-4 includes sandbox patches by comex that fixes iBooks problems, as well as another fix for launchctl.[3]
- 1.0-3 was updated by Saurik to enable redsn0w 0.9.10 users to update the jailbreak through Cydia.
- 1.0-2 attempted to fix a bug that caused launchctl to not start daemons on-demand.
- 1.0-1 is the initial release of the jailbreak.
References
- i0n1c's March 2012 presentation (An Exploitation Nightmare)