The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "P0sixspwn"
(Added dyld bug) |
m |
||
(21 intermediate revisions by 8 users not shown) | |||
Line 1: | Line 1: | ||
{{lowercase}} |
{{lowercase}} |
||
− | '''p0sixspwn''' is an [[untethered jailbreak]] for iOS 6.1.3-6.1. |
+ | '''p0sixspwn''' is an [[untethered jailbreak]] for iOS 6.1.3-6.1.6 by [[User:winocm|winocm]], [[User:Ih8sn0w|iH8sn0w]] and [https://twitter.com/SquiffyPwn SquiffyPwn]. It was initially made available as an Cydia package on [[Saurik]]'s repo to untether already jailbroken devices. It works with all devices that support iOS 6.1.3-6.1.6 and 5.2.1 - 5.3 on [[K66AP|Apple TV (2nd generation)]]. On {{date|2013|12|30}}, a Mac OS X program was released to perform a jailbreak. A Windows program was released on {{date|2014|01|03}}. |
== Cydia Package Changelog == |
== Cydia Package Changelog == |
||
* '''1.0-5''' the initial release of the untether |
* '''1.0-5''' the initial release of the untether |
||
− | * '''1.0-9''' [[ |
+ | * '''1.0-9''' [[N90AP|iPhone 4 (iPhone3,1)]] boot loop fix |
* '''1.1-1''' Automatically reboot after 30 seconds if device did not boot. (iH8sn0w's repo only) |
* '''1.1-1''' Automatically reboot after 30 seconds if device did not boot. (iH8sn0w's repo only) |
||
* '''1.1-2''' Automatically reboot after one minute if device did not boot due to 30 seconds was too quick. (iH8sn0w's repo only) |
* '''1.1-2''' Automatically reboot after one minute if device did not boot due to 30 seconds was too quick. (iH8sn0w's repo only) |
||
* '''1.1-3''' Automatically reboot after two minutes if device did not boot due to 60 seconds was too quick. (iH8sn0w's repo only) |
* '''1.1-3''' Automatically reboot after two minutes if device did not boot due to 60 seconds was too quick. (iH8sn0w's repo only) |
||
* '''1.2-1''' Various bug fixes. |
* '''1.2-1''' Various bug fixes. |
||
− | * '''1.3-2''' Fixes iMessage, LTE issues and Apple TV |
+ | * '''1.3-2''' Fixes iMessage, LTE issues and Apple TV (2nd generation) support. |
* '''1.4-1''' Support iOS 6.1.6. |
* '''1.4-1''' Support iOS 6.1.6. |
||
− | == |
+ | ==Download== |
{| class="wikitable" |
{| class="wikitable" |
||
! Version |
! Version |
||
Line 23: | Line 23: | ||
| rowspan="3" | [[wikipedia:OS X|OS X]] |
| rowspan="3" | [[wikipedia:OS X|OS X]] |
||
| <code>b5a66f4e58ab4c813fc851d479b28188eb5115ec</code> |
| <code>b5a66f4e58ab4c813fc851d479b28188eb5115ec</code> |
||
− | | style="text-decoration: line-through;" | [https:// |
+ | | style="text-decoration: line-through;" | [https://MEGA.co.nz/#!0xtw0DAT!YVZmNXsn-kl1kH655zgpMGz8hSVVgk8FU3qlTPNfSdU MEGA] |
| |
| |
||
* Initial release. |
* Initial release. |
||
Line 29: | Line 29: | ||
! 1.0.1 |
! 1.0.1 |
||
| <code>ae5b3907660b161b2ff94a2e2cfef97195404a89</code> |
| <code>ae5b3907660b161b2ff94a2e2cfef97195404a89</code> |
||
− | | style="text-decoration: line-through;" | [https:// |
+ | | style="text-decoration: line-through;" | [https://MEGA.co.nz/#!l8lniKxL!ODQrFDGbOUpm2hvU-mQggm25IgNk3_TmSO1r7tlU178 MEGA] |
| |
| |
||
− | * Resolves issues with [[iPod touch |
+ | * Resolves issues with [[iPod touch (5th generation)]] not being detected. |
|- |
|- |
||
! 1.0.2 |
! 1.0.2 |
||
| <code>259e95fd16468260c8831ca17186f50b7d14ba41</code> |
| <code>259e95fd16468260c8831ca17186f50b7d14ba41</code> |
||
− | | [https:// |
+ | | style="text-decoration: line-through;" |[https://MEGA.co.nz/#!DVtmGLqa!BX2-OQUliBcfdlenMLa93mKxk244KpD9Z71p_DAeil8 MEGA] |
| |
| |
||
* Resolves issues with LTE/data. |
* Resolves issues with LTE/data. |
||
Line 42: | Line 42: | ||
| rowspan="2" | [[wikipedia:Microsoft Windows|Windows]] |
| rowspan="2" | [[wikipedia:Microsoft Windows|Windows]] |
||
| <code>060c95cda0e5ad861bd225ca19324e6ebd3c0a5d</code> |
| <code>060c95cda0e5ad861bd225ca19324e6ebd3c0a5d</code> |
||
− | | style="text-decoration: line-through;" | [https:// |
+ | | style="text-decoration: line-through;" | [https://MEGA.co.nz/#!x0sk1SjB!S86WIGnifrgVhf5aoFQiPHl5aMJvS3miIeTTy9pLL_w MEGA] |
| |
| |
||
* Initial release for Windows. |
* Initial release for Windows. |
||
Line 48: | Line 48: | ||
! 1.0.4 |
! 1.0.4 |
||
| <code>0a40a9780ba0dd9f0476d12950b4fb0026c8559a</code> |
| <code>0a40a9780ba0dd9f0476d12950b4fb0026c8559a</code> |
||
− | | style="text-decoration: line-through;" | [https:// |
+ | | style="text-decoration: line-through;" | [https://MEGA.co.nz/#!Vl9zFJYC!JaCsqwnNNDJvj_4t0APjC2XPBg0ZuUwMSNNz2MGb4Xw MEGA] |
| |
| |
||
* Added README and time adjustments for slow PC's. |
* Added README and time adjustments for slow PC's. |
||
Line 55: | Line 55: | ||
| [[wikipedia:OS X|OS X]] |
| [[wikipedia:OS X|OS X]] |
||
| <code>b99fb1de846c406a15bbd710b623ddd78e139e5e</code> |
| <code>b99fb1de846c406a15bbd710b623ddd78e139e5e</code> |
||
− | | style="text-decoration: line-through;" | [https:// |
+ | | style="text-decoration: line-through;" | [https://MEGA.co.nz/#!B5lxxDLD!YrvjGhvVDxm2ah94hafI7TJWfm9EK0aWsh4_7YN78qE MEGA] |
| rowspan="2" | |
| rowspan="2" | |
||
* Fixes some issues. |
* Fixes some issues. |
||
Line 62: | Line 62: | ||
| [[wikipedia:Microsoft Windows|Windows]] |
| [[wikipedia:Microsoft Windows|Windows]] |
||
| <code>7c782a39ed123f70594e2438eaacc95340e363e3</code> |
| <code>7c782a39ed123f70594e2438eaacc95340e363e3</code> |
||
− | | style="text-decoration: line-through;" class="rborderplz nobrradiusplz" | [https:// |
+ | | style="text-decoration: line-through;" class="rborderplz nobrradiusplz" | [https://MEGA.co.nz/#!l1UFgJiA!Ogbi6Q1GsKZZMZzEhi8w1zvlHXEh0QuDBIGdjfktHb0 MEGA] |
|- |
|- |
||
! rowspan="2" | 1.0.7 |
! rowspan="2" | 1.0.7 |
||
| [[wikipedia:OS X|OS X]] |
| [[wikipedia:OS X|OS X]] |
||
| <code>7f4f867a2e3739e8ee70f7bc7e47afe9871c69b6</code> |
| <code>7f4f867a2e3739e8ee70f7bc7e47afe9871c69b6</code> |
||
− | | [https:// |
+ | | style="text-decoration: line-through;" |[https://MEGA.co.nz/#!Y8M2VAiS!Bq4NRjrlZXE754uNqSJT90mUzwsSGMPVa2PWsp78344 MEGA] |
| rowspan="2" | |
| rowspan="2" | |
||
* Fixes Cydia sometimes not showing up |
* Fixes Cydia sometimes not showing up |
||
Line 73: | Line 73: | ||
| [[wikipedia:Microsoft Windows|Windows]] |
| [[wikipedia:Microsoft Windows|Windows]] |
||
| <code>868a05ba26fd679a28c3eac0c4dc2c0cbb5e9529</code> |
| <code>868a05ba26fd679a28c3eac0c4dc2c0cbb5e9529</code> |
||
− | | class="rborderplz |
+ | | class="rborderplz" style="text-decoration: line-through;" | [https://MEGA.co.nz/#!E0sESCiC!c-ulVmjoa9qtPDe0MBIQgz9D2H03NgCxjBKZmAUPKRc MEGA] |
+ | |- |
||
+ | ! rowspan="2" | 1.0.8 |
||
+ | | [[wikipedia:OS X|OS X]] |
||
+ | | <code>aa20c28c2e052c08893fdbf49d16f084df2f46e6</code> |
||
+ | | [https://mega.nz/#!a81h3LgL!Mn1twcB1bGCeqYgDdb_6X4WeKzjznuYm0rMtuzoemZw MEGA] |
||
+ | | rowspan="2" | |
||
+ | * Supports iOS 6.1.6 |
||
+ | * Fixes iTunes 11.1+ crashes |
||
+ | |- |
||
+ | | [[wikipedia:Microsoft Windows|Windows]] |
||
+ | | <code>5d2711a99433daa1800d1327207bfc870cd16698 </code> |
||
+ | | class="rborderplz nobrradiusplz" | [https://mega.nz/#!y4VlQCqI!41nvHR6x99HZuj8hcBTVFYdBpKJ-hdlHKKIyc9cN6xc MEGA] |
||
|} |
|} |
||
+ | |||
+ | == Installed Packages == |
||
+ | * APR (/usr/lib) (1.3.3-2; <code>apr-lib</code>) |
||
+ | * APT 0.7 (apt-key) (0.7.25.3-3; <code>apt7-key</code>) |
||
+ | * APT 0.7 Strict (lib) (0.7.25.3-11; <code>apt7-lib</code>) |
||
+ | * Base Structure (1-4; <code>base</code>) |
||
+ | * BigBoss Icon Set (1.0; <code>org.thebigboss.repo.icons</code>) |
||
+ | * Bourne-Again SHell (4.0.17-13; <code>bash</code>) |
||
+ | * bzip2 (1.0.5-7; <code>bzip2</code>) |
||
+ | * Core Utilities (/bin) (8.12-7p; <code>coreutils-bin</code>) |
||
+ | * Cydia Installer (1.1.9; <code>cydia</code>) |
||
+ | * Cydia Translations (1.1.8.1; <code>cydia-lproj</code>) |
||
+ | * Darwin Tools (1-4; <code>darwintools</code>) |
||
+ | * Debian Packager (1.14.25-9; <code>dpkg</code>) |
||
+ | * Debian Utilities (3.3ubuntu1-1p; <code>debianutils</code>) |
||
+ | * Diff Utilities (2.8.1-6; <code>diffutils</code>) |
||
+ | * Find Utilities (4.2.33-6; <code>findutils</code>) |
||
+ | * GNU Privacy Guard (1.4.8-4; <code>gnupg</code>) |
||
+ | * grep (2.5.4-3; <code>grep</code>) |
||
+ | * gzip (1.6-7; <code>gzip</code>) |
||
+ | * iPhone Firmware (/sbin) (0-1; <code>firmware-sbin</code>) |
||
+ | * LZMA Utils (4.32.7-4; <code>lzma</code>) |
||
+ | * New Curses (5.7-12; <code>ncurses</code>) |
||
+ | * PAM (Apple) (32.1-3; <code>pam</code>) |
||
+ | * PAM Modules (36.1-4; <code>pam-modules</code>) |
||
+ | * pcre (8.30-5p; <code>pcre</code>) |
||
+ | * p0sixspwn (1.4-1; <code>com.ih8sn0w-squiffy-winocm.p0sixspwn</code>) |
||
+ | * Profile Directory (0-2; <code>profile.d</code>) |
||
+ | * readline (6.0-7; <code>readline</code>) |
||
+ | * sed (4.1.5-7; <code>sed</code>) |
||
+ | * shell-cmds (118-6; <code>shell-cmds</code>) |
||
+ | * system-cmds (433.4-12; <code>system-cmds</code>) |
||
+ | * Tape Archive (1.19-8; <code>tar</code>) |
||
+ | * UIKit Tools (1.1.8; <code>uikittools</code>) |
||
== Exploits == |
== Exploits == |
||
− | * [[posix_spawn kernel information leak]] (by [[i0n1c]] |
+ | * [[posix_spawn kernel information leak]] (by [[i0n1c]]) |
+ | * [[posix_spawn kernel exploit]] (CVE-2013-3954) (by [[i0n1c]]) |
||
− | * [[mach_msg_ool_descriptor_ts for heap shaping]] (proof/quotes? no information found) |
||
+ | * [[mach_msg_ool_descriptor_ts for heap shaping]] |
||
− | * [[AMFID_code_signing_evasion]] |
||
+ | * [[AMFID_code_signing_evasi0n7]] |
||
− | * [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1273 CVE-2014-1273] (by [[planetbeing]]) |
||
− | * [[DeveloperDiskImage race condition]] (by [[comex]] |
+ | * [[DeveloperDiskImage race condition]] (by [[comex]]) |
− | * [[Symbolic Link Vulnerability]] |
||
* [[launchd.conf untether]] |
* [[launchd.conf untether]] |
||
+ | ==Interesting strings== |
||
+ | These strings were found on the jailbroken device in /var/untether/untether: <br> |
||
+ | <code>"@iH8sn0w, @SquiffyPwn & @winocm have launched!"</code><br><code>"This untether was made with love and care in North America."</code><br><code>Lotsa love to @planetbeing for the smexy dyld bug & patches :-)</code><br> |
||
+ | This suggests that there was plans to jailbreak Apple TVs:<br> |
||
+ | <code>This is an AppleTV. Special sandbox patches go here?</code> |
||
== External Links == |
== External Links == |
||
− | *[http://blog.ih8sn0w.com/2013/12/613-615-3gsa4-untether-cydia-package.html iH8sn0w's blog post on the release.] |
+ | * [http://blog.ih8sn0w.com/2013/12/613-615-3gsa4-untether-cydia-package.html iH8sn0w's blog post on the release.] |
− | * [http://p0sixspwn.com/ p0sixspwn] |
+ | * <s>[http://p0sixspwn.com/ p0sixspwn.com]</s> (dead) |
+ | ** [https://ih8sn0w.com/p0sixspwn.html Page now at ih8sn0w.com] |
||
+ | * [https://github.com/p0sixspwn/p0sixspwn Source Code on GitHub] |
||
[[Category:Hacking Software]] |
[[Category:Hacking Software]] |
||
[[Category:Jailbreaks]] |
[[Category:Jailbreaks]] |
||
+ | [[Category:Jailbreaking]] |
||
+ | [[Category:Cydia Packages]] |
Latest revision as of 20:42, 16 September 2021
p0sixspwn is an untethered jailbreak for iOS 6.1.3-6.1.6 by winocm, iH8sn0w and SquiffyPwn. It was initially made available as an Cydia package on Saurik's repo to untether already jailbroken devices. It works with all devices that support iOS 6.1.3-6.1.6 and 5.2.1 - 5.3 on Apple TV (2nd generation). On 30 December 2013, a Mac OS X program was released to perform a jailbreak. A Windows program was released on 3 January 2014.
Contents
Cydia Package Changelog
- 1.0-5 the initial release of the untether
- 1.0-9 iPhone 4 (iPhone3,1) boot loop fix
- 1.1-1 Automatically reboot after 30 seconds if device did not boot. (iH8sn0w's repo only)
- 1.1-2 Automatically reboot after one minute if device did not boot due to 30 seconds was too quick. (iH8sn0w's repo only)
- 1.1-3 Automatically reboot after two minutes if device did not boot due to 60 seconds was too quick. (iH8sn0w's repo only)
- 1.2-1 Various bug fixes.
- 1.3-2 Fixes iMessage, LTE issues and Apple TV (2nd generation) support.
- 1.4-1 Support iOS 6.1.6.
Download
Version | OS | SHA-1 Hash | Download | Changes |
---|---|---|---|---|
1.0.0 | OS X | b5a66f4e58ab4c813fc851d479b28188eb5115ec
|
MEGA |
|
1.0.1 | ae5b3907660b161b2ff94a2e2cfef97195404a89
|
MEGA |
| |
1.0.2 | 259e95fd16468260c8831ca17186f50b7d14ba41
|
MEGA |
| |
1.0.3 | Windows | 060c95cda0e5ad861bd225ca19324e6ebd3c0a5d
|
MEGA |
|
1.0.4 | 0a40a9780ba0dd9f0476d12950b4fb0026c8559a
|
MEGA |
| |
1.0.5 | OS X | b99fb1de846c406a15bbd710b623ddd78e139e5e
|
MEGA |
|
Windows | 7c782a39ed123f70594e2438eaacc95340e363e3
|
MEGA | ||
1.0.7 | OS X | 7f4f867a2e3739e8ee70f7bc7e47afe9871c69b6
|
MEGA |
|
Windows | 868a05ba26fd679a28c3eac0c4dc2c0cbb5e9529
|
MEGA | ||
1.0.8 | OS X | aa20c28c2e052c08893fdbf49d16f084df2f46e6
|
MEGA |
|
Windows | 5d2711a99433daa1800d1327207bfc870cd16698
|
MEGA |
Installed Packages
- APR (/usr/lib) (1.3.3-2;
apr-lib
) - APT 0.7 (apt-key) (0.7.25.3-3;
apt7-key
) - APT 0.7 Strict (lib) (0.7.25.3-11;
apt7-lib
) - Base Structure (1-4;
base
) - BigBoss Icon Set (1.0;
org.thebigboss.repo.icons
) - Bourne-Again SHell (4.0.17-13;
bash
) - bzip2 (1.0.5-7;
bzip2
) - Core Utilities (/bin) (8.12-7p;
coreutils-bin
) - Cydia Installer (1.1.9;
cydia
) - Cydia Translations (1.1.8.1;
cydia-lproj
) - Darwin Tools (1-4;
darwintools
) - Debian Packager (1.14.25-9;
dpkg
) - Debian Utilities (3.3ubuntu1-1p;
debianutils
) - Diff Utilities (2.8.1-6;
diffutils
) - Find Utilities (4.2.33-6;
findutils
) - GNU Privacy Guard (1.4.8-4;
gnupg
) - grep (2.5.4-3;
grep
) - gzip (1.6-7;
gzip
) - iPhone Firmware (/sbin) (0-1;
firmware-sbin
) - LZMA Utils (4.32.7-4;
lzma
) - New Curses (5.7-12;
ncurses
) - PAM (Apple) (32.1-3;
pam
) - PAM Modules (36.1-4;
pam-modules
) - pcre (8.30-5p;
pcre
) - p0sixspwn (1.4-1;
com.ih8sn0w-squiffy-winocm.p0sixspwn
) - Profile Directory (0-2;
profile.d
) - readline (6.0-7;
readline
) - sed (4.1.5-7;
sed
) - shell-cmds (118-6;
shell-cmds
) - system-cmds (433.4-12;
system-cmds
) - Tape Archive (1.19-8;
tar
) - UIKit Tools (1.1.8;
uikittools
)
Exploits
- posix_spawn kernel information leak (by i0n1c)
- posix_spawn kernel exploit (CVE-2013-3954) (by i0n1c)
- mach_msg_ool_descriptor_ts for heap shaping
- AMFID_code_signing_evasi0n7
- DeveloperDiskImage race condition (by comex)
- launchd.conf untether
Interesting strings
These strings were found on the jailbroken device in /var/untether/untether:
"@iH8sn0w, @SquiffyPwn & @winocm have launched!"
"This untether was made with love and care in North America."
Lotsa love to @planetbeing for the smexy dyld bug & patches :-)
This suggests that there was plans to jailbreak Apple TVs:
This is an AppleTV. Special sandbox patches go here?