Difference between revisions of "User:Aker"

@@ Line 1: / Line 1: @@
-= Jailbreak Exploits =
-== Common exploits which are used in order to jailbreak different versions of iOS ==
-* [[Pwnage]] + [[Pwnage 2.0]] (together to jailbreak the [[n82ap|iPhone 3G]])
-* [[ARM7 Go]] (from iOS 2.1.1) (for [[tethered jailbreak]] on [[n72ap|iPod touch 2G]])
-* [[0x24000 Segment Overflow]] (for [[untethered jailbreak]] on [[n88ap|iPhone 3GS]] with [[Bootrom 359.3|old bootrom]] and [[n72ap|iPod touch 2G]] with [[Bootrom 240.4|old bootrom]]; another exploit as the [[limera1n Exploit]] is required)
-* [[limera1n Exploit]] (for [[tethered jailbreak]] on [[n88ap|iPhone 3GS]], [[n18ap|iPod touch 3G]], [[k48ap|iPad]], [[iPhone 4]], [[n81ap|iPod touch 4G]] and [[k66ap|Apple TV 2G]])
-* [[usb_control_msg(0xA1, 1) Exploit]] (also known as "steaks4uce") (for [[tethered jailbreak]] on [[n72ap|iPod touch 2G]])
-== Programs which are used in order to jailbreak different versions of iOS ==
-=== [[PwnageTool]] (2.0 - 5.1.1) ===
-* uses different common exploits
-* uses the exploits listed below to untether up to iOS 5.1.1
-=== [[redsn0w]] (3.0 - 6.0) ===
-* uses different common exploits
-* uses the same exploits as [[Absinthe|Absinthe]] and [[Absinthe|Absinthe 2.0]] to jailbreak iOS 5.0/5.0.1 and 5.1.1
-* uses the exploits listed below to untether up to iOS 5.1.1
-=== [[sn0wbreeze]] (3.1.3 - 6.1.3) ===
-* uses different common exploits
-* uses the exploits listed below to untether up to iOS 6.1.2
-== Programs which are used in order to jailbreak 3.x ==
-=== [[purplera1n]] (3.0 / 3.0.1) ===
-* [[iBoot Environment Variable Overflow]] ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2795 CVE-2009-2795])
-* uses [[0x24000 Segment Overflow]]
-=== [[blackra1n]] (3.1.2) ===
-* [[usb_control_msg(0x21, 2) Exploit]] ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0038 CVE-2010-0038])
-* uses [[0x24000 Segment Overflow]]
-=== [[Spirit]] (3.1.2 / 3.1.3 / 3.2) ===
-* [[MobileBackup Copy Exploit]]
-* [[Incomplete Codesign Exploit]]
-* [[BPF_STX Kernel Write Exploit]]
-=== [[Star|JailbreakMe 2.0 / Star]] (3.1.2 / 3.1.3 / 3.2 / 3.2.1) ===
-* [[Malformed CFF Vulnerability]] ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1797 CVE-2010-1797])
-* [[Incomplete Codesign Exploit]]
-* [[IOSurface Kernel Exploit]] ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2973 CVE-2010-2973])
-=== [[limera1n]] / [[greenpois0n (jailbreak)|greenpois0n]] (3.2.2) ===
-* uses different common exploits
-* [[Packet Filter Kernel Exploit]]
-== Programs which are used in order to jailbreak 4.x ==
-=== [[Star|JailbreakMe 2.0 / Star]] (4.0 / 4.0.1) ===
-* [[Malformed CFF Vulnerability]] ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1797 CVE-2010-1797])
-* [[Incomplete Codesign Exploit]]
-* [[IOSurface Kernel Exploit]] ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2973 CVE-2010-2973])
-=== [[limera1n]] /  (4.0 / 4.0.1 / 4.0.2 / 4.1) ===
-* uses different common exploits
-* [[Packet Filter Kernel Exploit]]
-=== [[greenpois0n (jailbreak)|greenpois0n]] (4.1) ===
-* uses different common exploits
-* [[Packet Filter Kernel Exploit]]
-=== [[greenpois0n (jailbreak)|greenpois0n]] (4.2.1) ===
-* uses different common exploits
-* [[HFS Legacy Volume Name Stack Buffer Overflow]]
-=== [[Saffron|JailbreakMe 3.0 / Saffron]] (4.2.6 / 4.2.7 / 4.2.8) ===
-* [[T1 Font Integer Overflow]] ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0226 CVE-2011-0226])
-* [[HFS Legacy Volume Name Stack Buffer Overflow]]
-=== [[Saffron|JailbreakMe 3.0 / Saffron]] (4.3 / 4.3.1 / 4.3.2 / 4.3.3) ===
-Except for the [[n18ap|iPod touch 3G]] on iOS 4.3.1.
-* [[T1 Font Integer Overflow]] ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0226 CVE-2011-0226])
-* [[IOMobileFrameBuffer Privilege Escalation Exploit]] ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0227 CVE-2011-0227])
-=== i0nic's Untether (4.3.1 / 4.3.2 / 4.3.3) ===
-* [[ndrv_setspec() Integer Overflow]]
-== Programs which are used in order to jailbreak 5.x ==
-=== [[unthredera1n]] (5.0 / 5.0.1 / 5.1 / 5.1.1) ===
-Except for the [[iPad 3]]
-* MobileBackup2 Copy Exploit
-* a new Packet Filter Kernel Exploit ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3728 CVE-2012-3728])
-* [[AMFID code signing evasion]] ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0977 CVE-2013-0977])
-* [[launchd.conf untether]]
-* [[Timezone Vulnerability]]
-=== [[Absinthe]] (5.0 on [[n94ap|iPhone 4S]] only / 5.0.1 on [[iPad 2]] and [[iPhone 4S]])  ===
-* [[Racoon String Format Overflow Exploit]] ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0646 CVE-2012-0646])(used both for payload injection and untether)
-* [[HFS Heap Overflow]] ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0642 CVE-2012-0642])
-* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0643 CVE-2012-0643]
-=== [[Corona|Corona Untether]] (5.0.1)  ===
-* [[Racoon String Format Overflow Exploit]] ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0646 CVE-2012-0646])
-* [[HFS Heap Overflow]] ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0642 CVE-2012-0642])
-* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0643 CVE-2012-0643]
-=== [[Absinthe|Absinthe 2.0]] and [[Rocky Racoon|Rocky Racoon Untether]] (5.1.1) ===
-{{Section Stub}}
-* a new Packet Filter Kernel Exploit ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3728 CVE-2012-3728])
-* Racoon DNS4/WINS4 table buffer overflow ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3727 CVE-2012-3727])
-* MobileBackup2 Copy Exploit
-== Programs which are used in order to jailbreak 6.x ==
-=== [[evasi0n]] (6.0 / 6.0.1 / 6.0.2 / 6.1 / 6.1.1 / 6.1.2)  ===
-* [[Symbolic Link Vulnerability]] ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0979 CVE-2013-0979])
-* [[Timezone Vulnerability]]
-* [[Shebang Trick]] ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5154 CVE-2013-5154])
-* [[AMFID code signing evasion]] ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0977 CVE-2013-0977])
-* [[launchd.conf untether]]
-* [[IOUSBDeviceFamily Vulnerability]] ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0981 CVE-2013-0981])
-* [[ARM Exception Vector Info Leak]] ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0978 CVE-2013-0978])
-* [[dynamic memmove() locating]]
-* [[vm_map_copy_t corruption for arbitrary memory disclosure]]
-* [[kernel memory write via ROP gadget]]
-=== [[p0sixspwn]] (6.1.3 / 6.1.4 / 6.1.5 / 6.1.6) ===
-* [[posix_spawn kernel information leak]] ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3954 CVE-2013-3954]) (by [[i0n1c]])
-* [[posix_spawn kernel exploit]] ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3954 CVE-2013-3954]) (by [[i0n1c]])
-* [[mach_msg_ool_descriptor_ts for heap shaping]] ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3953 CVE-2013-3953])
-* [[AMFID_code_signing_evasi0n7]]
-* [[DeveloperDiskImage race condition]] (by [[comex]])
-* [[launchd.conf untether]]
-== Programs which are used in order to jailbreak 7.x ==
-{{Section Stub}}
-=== [[evasi0n7]] (7.0 / 7.0.1 / 7.0.2 / 7.0.3 / 7.0.4 / 7.0.5 / 7.0.6) ===
-* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5133 CVE-2013-5133]
-* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1272 CVE-2014-1272]
-* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1273 CVE-2014-1273]
-* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1278 CVE-2014-1278]
-* [[Symbolic Link Vulnerability]]
-=== [[Geeksn0w]] (7.1 / 7.1.1 / 7.1.2) ===
-* [[limera1n]]'s bootrom exploit ([[Tethered jailbreak]]) on [[iPhone 4]]
-=== [[Pangu]] (7.1 / 7.1.1 / 7.1.2) ===
-* [[i0n1c]]'s Infoleak vulnerability (Pangu v1.0.0)
-* break_early_random (by [[i0n1c]] and Tarjei Mandt of Azimuth) (Pangu v1.1.0)
-* LightSensor / ProxALSSensor kernel exploit (Pangu 1.0.0) ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4388 CVE-2014-4388])
-* TempSensor kernel exploit (Pangu 1.1.0) ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4388 CVE-2014-4388])
-* "syslogd chown" vulnerability
-* enterprise certificate (no real exploit, used for initial "unsigned" code execution)
-* "foo_extracted" symlink vulnerability (used to write to /var) ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4386 CVE-2014-4386])
-* /tmp/bigfile (a big file for improvement of the reliability of a race condition)
-* VoIP backgrounding trick (used to auto restart the app)
-* hidden segment attack
-* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4407 CVE-2014-4407]
-== Programs which are used in order to jailbreak 8.x ==
-{{Section Stub}}
-=== [[Pangu8]] (8.0 / 8.0.1 / 8.0.2 / 8.1) ===
-* an exploit for a bug in /usr/libexec/neagent (source @iH8sn0w)
-* enterprise certificate (inside the IPA)
-* a kind of dylib injection into a system process (see IPA)
-* a dmg mount command (looks like the Developer DMG) (syslog while jailbreaking)
-* a sandboxing problem in debugserver ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4457 CVE-2014-4457])
-* the same/a similar kernel exploit as used in [[Pangu|the first Pangu]] ([http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4461 CVE-2014-4461]) (source @iH8sn0w)
-* enable-dylibs-to-override-cache
-* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4455 CVE-2014-4455]
-=== [[TaiG]] (8.0 / 8.0.1 / 8.0.2 / 8.1 / 8.1.1) ===
-* LightSensor / ProxALSSensor kernel exploit (Also used in Pangu 1.0.0)
-* [[DeveloperDiskImage race condition]] (by [[comex]]) (source: https://twitter.com/iH8sn0w/status/538602532088860672; also used in p0sixspwn)
-* enable-dylibs-to-override-cache (Also used in Pangu8)
-* a kind of dylib injection into a system process (see IPA) (Also used in Pangu8 but tweaked slightly)

Difference between revisions of "User:Aker"

Latest revision as of 09:51, 17 January 2015

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Miscellaneous

Tools