|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Evasi0n"
m (→Version History: Being consistent.) |
(7.x untether.) |
||
| Line 2: | Line 2: | ||
[[File:Evasi0n.png|165px|thumb|right|evasi0n's icon]] |
[[File:Evasi0n.png|165px|thumb|right|evasi0n's icon]] |
||
<!-- Do not change this to something like "used to make an untethered jailbreak" - it doesn't make a jailbreak - what makes a jailbreak is the developers who put the exploits together --> |
<!-- Do not change this to something like "used to make an untethered jailbreak" - it doesn't make a jailbreak - what makes a jailbreak is the developers who put the exploits together --> |
||
| − | '''evasi0n''' is a [[jailbreak]] tool that can perform an [[untethered jailbreak]] on [[iOS]] 6.0-6.1.2 for all [[#Supported Devices|supported devices]], excluding both [[Apple TV 3G]] revisions. It was first released on 4 February 2013 by [[evad3rs]], and is available for Windows, Mac OS X, and Linux (x86 and x86_64). There is also a [[Cydia.app|Cydia]] package called "evasi0n [[iOS]] 6.0-6.1 [[untethered jailbreak|untether]]" which can untether an existing [[tethered jailbreak]] without the need to restore and use the desktop tool. It is a [[userland]] [[jailbreak]]. |
+ | '''evasi0n''' is a [[jailbreak]] tool that can perform an [[untethered jailbreak]] on [[iOS]] 6.0-6.1.2 for all [[#Supported Devices|supported devices]], excluding both [[Apple TV 3G]] revisions. It was first released on 4 February 2013 by [[evad3rs]], and is available for Windows, Mac OS X, and Linux (x86 and x86_64). There is also a [[Cydia.app|Cydia]] package called "evasi0n [[iOS]] 6.0-6.1 [[untethered jailbreak|untether]]" which can untether an existing [[tethered jailbreak]] without the need to restore and use the desktop tool. It is a [[userland]] [[jailbreak]]. On 22 December 2013, '''evasi0n''' 7 was released to jailbreak iOS 7.x. |
== Supported Devices == |
== Supported Devices == |
||
| − | As of evasi0n's release, the only unsupported devices are the [[Apple TV 3G]] revisions, since the [[kernel]]s on these devices lack an [[Injection Vector|injection vector]] to run unsigned code. All other devices running [[iOS]] 6.0-6.1.2 are supported (including iOS 5.2 for the [[k66ap|Apple TV 2G]]). |
+ | As of evasi0n's release, the only unsupported devices are the [[Apple TV 3G]] revisions, since the [[kernel]]s on these devices lack an [[Injection Vector|injection vector]] to run unsigned code. All other devices running [[iOS]] 6.0-6.1.2 are supported (including iOS 5.2 for the [[k66ap|Apple TV 2G]]). The 7.x untether supports all devices except Apple TV. |
== Cydia Package == |
== Cydia Package == |
||
| Line 102: | Line 102: | ||
| |
| |
||
* Fixes Windows bugs. |
* Fixes Windows bugs. |
||
| + | |- |
||
| + | ! 7 |
||
| + | | 0.1 |
||
| + | | 22 Dec 2013 |
||
| + | | 9 |
||
| + | | <code>3e89337956189e6654cd359995ac550f0372ac8b</code> |
||
| + | | |
||
| + | * iOS 7.x untether. |
||
|} |
|} |
||
| Line 241: | Line 249: | ||
| GNU/Linux |
| GNU/Linux |
||
| <code>cc0bd166a1480c2a838584b201981db1e45ca411</code> |
| <code>cc0bd166a1480c2a838584b201981db1e45ca411</code> |
||
| − | | rowspan=" |
+ | | rowspan="11" {{n/a|class=nobborderplz}} |
| [https://evad3rs.box.com/shared/static/q9kxt1rx26jtsp5t23jf.lzma Box] |
| [https://evad3rs.box.com/shared/static/q9kxt1rx26jtsp5t23jf.lzma Box] |
||
| class="rborderplz" | [https://mega.co.nz/#!A9cGhJ7R!WBD8mEP44G8xto1QE6buXV8wVr9JjwE8ZzXR1GETZwA Mega] |
| class="rborderplz" | [https://mega.co.nz/#!A9cGhJ7R!WBD8mEP44G8xto1QE6buXV8wVr9JjwE8ZzXR1GETZwA Mega] |
||
| Line 259: | Line 267: | ||
| <code>97fbeb932dd3cb22ec339ec4c2f95a17d570d30c</code> |
| <code>97fbeb932dd3cb22ec339ec4c2f95a17d570d30c</code> |
||
| [https://evad3rs.box.com/shared/static/4t8gg74ybfmm0q6ca617.lzma Box] |
| [https://evad3rs.box.com/shared/static/4t8gg74ybfmm0q6ca617.lzma Box] |
||
| − | | rowspan=" |
+ | | rowspan="8" {{n/a|class=nobborderplz}} |
| [http://rapidshare.com/files/2315522066/evasi0n-linux-1.5.2-7ef0895fb6c0ba200b952906c3d36594ace7bf84-release.tar.lzma RapidShare] |
| [http://rapidshare.com/files/2315522066/evasi0n-linux-1.5.2-7ef0895fb6c0ba200b952906c3d36594ace7bf84-release.tar.lzma RapidShare] |
||
|- |
|- |
||
| Line 272: | Line 280: | ||
| [http://rapidshare.com/files/3354239509/evasi0n-win-1.5.2-7ef0895fb6c0ba200b952906c3d36594ace7bf84-release.zip RapidShare] |
| [http://rapidshare.com/files/3354239509/evasi0n-win-1.5.2-7ef0895fb6c0ba200b952906c3d36594ace7bf84-release.zip RapidShare] |
||
|- |
|- |
||
| − | ! rowspan="3 |
+ | ! rowspan="3" | 1.5.3 |
| GNU/Linux |
| GNU/Linux |
||
| <code>620dcb7996b1f3497827b11876bf0c2fae069ecf</code> |
| <code>620dcb7996b1f3497827b11876bf0c2fae069ecf</code> |
||
| Line 287: | Line 295: | ||
| [https://evad3rs.box.com/shared/static/mh5vk7hpa7r3ymhnyjsz.zip Box] |
| [https://evad3rs.box.com/shared/static/mh5vk7hpa7r3ymhnyjsz.zip Box] |
||
| [http://rapidshare.com/files/1014635071/evasi0n-win-1.5.3-f284166e164e33735163af64b0af4e6336654345-release.zip RapidShare] |
| [http://rapidshare.com/files/1014635071/evasi0n-win-1.5.3-f284166e164e33735163af64b0af4e6336654345-release.zip RapidShare] |
||
| + | |- |
||
| + | ! rowspan="2" class="blradiusplz nobborderplz" | 7 |
||
| + | | Mac OS X |
||
| + | | <code>6b22e1d94988a76244d08a5592576f61a0cb5ffb</code> |
||
| + | | [https://evad3rs.box.com/s/q4xydmi2qzgqdhqr35i0 Box] |
||
| + | | rowspan="2" {{n/a|class=nobborderplz}} |
||
| + | |- |
||
| + | | Windows |
||
| + | | <code>8a4e1fcd7b1fc0084366c182cbcf850dfc45d59f</code> |
||
| + | | class="rborderplz nobrradiusplz" | [https://evad3rs.box.com/s/hzapsnk73mbrs770z50y Box] |
||
|} |
|} |
||
Revision as of 13:43, 22 December 2013
evasi0n is a jailbreak tool that can perform an untethered jailbreak on iOS 6.0-6.1.2 for all supported devices, excluding both Apple TV 3G revisions. It was first released on 4 February 2013 by evad3rs, and is available for Windows, Mac OS X, and Linux (x86 and x86_64). There is also a Cydia package called "evasi0n iOS 6.0-6.1 untether" which can untether an existing tethered jailbreak without the need to restore and use the desktop tool. It is a userland jailbreak. On 22 December 2013, evasi0n 7 was released to jailbreak iOS 7.x.
Contents
Supported Devices
As of evasi0n's release, the only unsupported devices are the Apple TV 3G revisions, since the kernels on these devices lack an injection vector to run unsigned code. All other devices running iOS 6.0-6.1.2 are supported (including iOS 5.2 for the Apple TV 2G). The 7.x untether supports all devices except Apple TV.
Cydia Package
The Cydia package contains just these files:
/usr/libexec/dirhelper /var/evasi0n/amfi.dylib /var/evasi0n/evasi0n
It also includes three Debian maintenance scripts: prerm (a bash script that cancels uninstallation if the device is not vulnerable to limera1n), as well as postrm and extrainst_ binaries.
Version History
| Version | Cydia Package Version | Release Date | # | SHA-1 of evasi0n binary | Changes |
|---|---|---|---|---|---|
| 1.0 | 0.1-1 | 4 Feb 2013 | 1 | f16f4592e5d65927faf98a25bce51b22ee9bc831
|
|
| 1.1 | 0.2-3 | 6 Feb 2013 | 2 | 301003d8aa58a0a2e1bf7030bb903ca42a89c851
|
|
| 1.2 | 0.3-1 | 8 Feb 2013 | 3 | 75d140c53bdd615cc279932f843ab3af584086a5
|
|
| 1.3 | 0.3-2 | 11 Feb 2013 | 4 | ff5a5e767acb4c9acf9a25555ae172ad254e596a
|
|
| 1.4 | 0.3-3 | 19 Feb 2013 | 5 | 3b2cc5e2d7be397c09d369e83ea52094250d86e9
|
|
| 1.5 | 0.4-1 | 23 Feb 2013 | 6 | cd5a71b4d0b2767294049cc6b3b2ce3e09d68445
|
|
| 1.5.1 | 5 Mar 2013 | 7 | 1a826416932e77f24c94da17884e48ccfe7cdbf6
|
| |
| 1.5.2 | 0.4.1-1 | 11 Mar 2013 | 8 | 3e89337956189e6654cd359995ac550f0372ac8b
|
|
| 1.5.3 | 12 Mar 2013 | 9 | 3e89337956189e6654cd359995ac550f0372ac8b
|
| |
| 7 | 0.1 | 22 Dec 2013 | 9 | 3e89337956189e6654cd359995ac550f0372ac8b
|
|
Download
| Version | OS | SHA-1 Hash | Download | |||
|---|---|---|---|---|---|---|
| 1.0 | GNU/Linux | c9e4b15a161b89f0e412721f471c5f8559b6054f
|
Google Sites | Box | Mega | RapidShare |
| Mac OS X | 23f99a0d65e71fd79ff072b227f0ecb176f0ffa8
|
Google Sites | Box | Mega | RapidShare | |
| Windows | 2ff288e1798b4711020e9dd7f26480e57704d8b2
|
Google Sites | Box | Mega | RapidShare | |
| 1.1 | GNU/Linux | 6c06a6be87e003eee470eb749b42ffbaafcc9e62
|
Google Sites | Box | Mega | RapidShare |
| Mac OS X | ae9d20bc927976a1f55089cd80afca48de0f7a2e
|
Google Sites | Box | Mega | RapidShare | |
| Windows | 4225b01afd4a4fd1277565954964bd3310ad8b5f
|
Google Sites | Box | Mega | RapidShare | |
| 1.2 | GNU/Linux | 2e1d1f6c7e6ca775860df03298dce3b0d798658a
|
Google Sites | Box | Mega | RapidShare |
| Mac OS X | 8f91aba478ad28bda800dc5c303be1699fcfb800
|
Google Sites | Box | Mega | RapidShare | |
| Windows | 9942559caf779da6526b9fd0e207d21554a8a9cf
|
Google Sites | Box | Mega | RapidShare | |
| 1.3 | GNU/Linux | d93bc45653345e62a315e0a0aaa1b709aacd26c4
|
Google Sites | Box | Mega | RapidShare |
| Mac OS X | c239da3fd4e312c8468cdca967c86962b2cbd3f9
|
Google Sites | Box | Mega | RapidShare | |
| Windows | 92bbe23f125f3b0155334f1925943624e24ce130
|
Google Sites | Box | Mega | RapidShare | |
| 1.4 | GNU/Linux | 95c34e7a7220d2dab2e93cf9bb62beb49aef8996
|
Google Sites | Box | Mega | N/A |
| Mac OS X | 96b62f303e335bb5c6b78034027606fee5fc93c3
|
Google Sites | Box | Mega | ||
| Windows | 36adf9ccf62aaf770163666e757c7a89e9ba3a55
|
Google Sites | Box | Mega | ||
| 1.5 | GNU/Linux | 923db21a9045df6aaaff27670be92330f4855a21
|
Google Sites | Box | Mega | |
| Mac OS X | cccf7e5b4a83df8c05dcfed98b9627533c018541
|
Google Sites | Box | Mega | ||
| Windows | 25799bbeea3733c26fb010e6aca432d686fd8f9f
|
Google Sites | Box | Mega | ||
| 1.5.1 | GNU/Linux | cc0bd166a1480c2a838584b201981db1e45ca411
|
N/A | Box | Mega | |
| Mac OS X | 4a0e9fb8b5f83fbee5e26d1d7db876cefd09832a
|
Box | Mega | |||
| Windows | a220bb5fb1ccf5cf1cb666dc03e20ac54890835d
|
Box | Mega | |||
| 1.5.2 | GNU/Linux | 97fbeb932dd3cb22ec339ec4c2f95a17d570d30c
|
Box | N/A | RapidShare | |
| Mac OS X | 051079f808f5c31f32ba09c6a39f09a8c3479157
|
Box | RapidShare | |||
| Windows | 30d34e23f860eae28d4ae6513edc46ef8aa2042c
|
Box | RapidShare | |||
| 1.5.3 | GNU/Linux | 620dcb7996b1f3497827b11876bf0c2fae069ecf
|
Box | RapidShare | ||
| Mac OS X | 54827d78cb45b7dae4e7566b9ed5c1b833d68850
|
Box | RapidShare | |||
| Windows | 2f8c2f111a6afefd099ecb0ce5aab63f160940b8
|
Box | RapidShare | |||
| 7 | Mac OS X | 6b22e1d94988a76244d08a5592576f61a0cb5ffb
|
Box | N/A | ||
| Windows | 8a4e1fcd7b1fc0084366c182cbcf850dfc45d59f
|
Box | ||||
Exploits and Vulnerabilities
evasi0n takes advantage of several vulnerabilities:
- Symbolic Link Vulnerability
- Malformed PairRequest
- Timezone Vulnerability (CVE-2013-0979)
- Shebang Trick
- AMFID code signing evasion
- launchd.conf untether
- IOUSBDeviceFamily Vulnerability (CVE-2013-0981)
- ARM Exception Vector Info Leak (CVE-2013-0978)
- dynamic memmove() locating
- vm_map_copy_t corruption for arbitrary memory disclosure
- kernel memory write via ROP gadget
- Overlapping Segment Attack (CVE-2013-0977)
Symbols in Untether code
| Symbol | v1 | v2 | v3 | v4 | v5 | v6 | v7 | v8/9 |
|---|---|---|---|---|---|---|---|---|
| start | 020B0 | 02EF8 | 02BFC | 02BFC | 02BFC | 02E30 | ? | 02A80 |
| find_memmove_arm#search | ? | ? | ? | ? | ? | 0AFA0 | ? | ? |
| find_memmove_thumb#search | ? | ? | ? | ? | ? | 0AFD0 | ? | ? |
| find_memmove | ? | ? | ? | ? | ? | 0571C | ? | ? |
| find_memmove#exit | ? | ? | ? | ? | ? | 05762 | ? | ? |
| _catch_exception_raise_state_identity | ? | ? | ? | ? | ? | ? | ? | 065B8 |
See Also
External Links
- Official Website
- Accuvant Labs analysis
- Analysis by kernelpool
- kernelpool presentation at NISlab: slides
- kernelpool presentation at NISlab: video
- Explanation by planetbeing in Forbes
- Hopper Script to demangle evasi0n strings for Mac client of evasi0n, use in Hopper disassembler
- Apple Response: iOS 6.1.3 Security Fixes
- Apple Response: iOS 5.2.1 (Apple TV) Security Fixes
- Slides from HITB presentation in Amsterdam 2013
- Quarkslab blog post describing how evasi0n bypasses code signing
