|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "AMFID code signing evasion"
m (add reference) |
m (here it has also changed) |
||
| Line 21: | Line 21: | ||
* [http://networkpx.blogspot.ch/2009/09/compiling-iphoneos-31-apps-with-xcode.html networkpx blog post from 2009] |
* [http://networkpx.blogspot.ch/2009/09/compiling-iphoneos-31-apps-with-xcode.html networkpx blog post from 2009] |
||
* [http://iphonedevwiki.net/index.php/Xcode#Developing_without_Provisioning_Profile iPhoneDevWiki, Xcode, Developing without Provisioning Profile] |
* [http://iphonedevwiki.net/index.php/Xcode#Developing_without_Provisioning_Profile iPhoneDevWiki, Xcode, Developing without Provisioning Profile] |
||
| − | * [http://blog. |
+ | * [http://blog.accuvant.com/bthomasaccuvant/evasi0n-jailbreaks-userland-component/ Accuvant Labs analysis of evasi0n] |
[[Category:Exploits]] |
[[Category:Exploits]] |
||
Latest revision as of 22:31, 30 December 2013
By creating a dylib without code, just redefining the signed code verification function with a "return ok" method from another signed library and using lazy binding, the entire code signing requirement gets circumvented. This method has been used by developers for a long time now.
In evasi0n, the amfi.dylib redefines these functions:
- _kMISValidationOptionValidateSignatureOnly (_kCFUserNotificationTokenKey from CoreFoundation)
- _kMISValidationOptionExpectedHash (_kCFUserNotificationTimeoutKey from CoreFoundation)
- _MISValidateSignature (_CFEqual from CoreFoundation)
TODO: some more detailed description missing here.
Contents
Usage
- evasi0n jailbreak
See Also
Credit
- KennyTM~
- maybe others too
