The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Evasi0n"
(→Exploits: rename link and mark CVE as two parts) |
m (→Exploits: remove the parts note, details in text) |
||
Line 255: | Line 255: | ||
== Exploits == |
== Exploits == |
||
evasi0n takes advantage of several vulnerabilities: |
evasi0n takes advantage of several vulnerabilities: |
||
− | * [[Symbolic Link Vulnerability]] |
+ | * [[Symbolic Link Vulnerability]] |
− | * [[Timezone Vulnerability]] (CVE-2013-0979 |
+ | * [[Timezone Vulnerability]] (CVE-2013-0979) |
* [[Shebang Trick]] |
* [[Shebang Trick]] |
||
* [[AMFID code signing evasion]] |
* [[AMFID code signing evasion]] |
Revision as of 08:54, 15 April 2013
evasi0n is a jailbreak tool that can perform an untethered jailbreak on iOS 6.0-6.1.2 for all supported devices, excluding both Apple TV 3G revisions. It was first released on 4 February 2013 by evad3rs, and is available for Windows, Mac OS X, and Linux (x86 and x86_64). There is also a Cydia package called "evasi0n iOS 6.0-6.1 untether" which can untether an existing tethered jailbreak without the need to restore and use the desktop tool. It is a userland jailbreak.
Contents
Supported Devices
As of evasi0n's release, the only unsupported devices are the Apple TV 3G revisions, since the kernels on these devices lack an injection vector to run unsigned code. All other devices running iOS 6.0-6.1.2 are supported (including iOS 5.2 for the Apple TV 2G).
Cydia Package
The Cydia package contains just these files:
usr\libexec\dirhelper var\evasi0n\amfi.dylib var\evasi0n\evasi0n
Version History
Version | Cydia Package Version | Release Date | Changes |
---|---|---|---|
1.0 | 0.1-1 | 04 Feb 2013 |
|
1.1 | 0.2-3 | 06 Feb 2013 | |
1.2 | 0.3-1 | 08 Feb 2013 |
|
1.3 | 0.3-2 | 11 Feb 2013 | |
1.4 | 0.3-3 | 19 Feb 2013 |
|
1.5 | 0.4-1 | 23 Feb 2013 |
|
1.5.1 | 05 Mar 2013 |
| |
1.5.2 | 0.4.1-1 | 11 Mar 2013 |
|
1.5.3 | 12 Mar 2013 |
|
Download
Version | OS | SHA-1 Hash | Download | ||
---|---|---|---|---|---|
1.0 | GNU/Linux | c9e4b15a161b89f0e412721f471c5f8559b6054f
|
Google Sites | Box | Mega |
Mac OS X | 23f99a0d65e71fd79ff072b227f0ecb176f0ffa8
|
Google Sites | Box | Mega | |
Windows | 2ff288e1798b4711020e9dd7f26480e57704d8b2
|
Google Sites | Box | Mega | |
1.1 | GNU/Linux | 6c06a6be87e003eee470eb749b42ffbaafcc9e62
|
Google Sites | Box | Mega |
Mac OS X | ae9d20bc927976a1f55089cd80afca48de0f7a2e
|
Google Sites | Box | Mega | |
Windows | 4225b01afd4a4fd1277565954964bd3310ad8b5f
|
Google Sites | Box | Mega | |
1.2 | GNU/Linux | 2e1d1f6c7e6ca775860df03298dce3b0d798658a
|
Google Sites | Box | Mega |
Mac OS X | 8f91aba478ad28bda800dc5c303be1699fcfb800
|
Google Sites | Box | Mega | |
Windows | 9942559caf779da6526b9fd0e207d21554a8a9cf
|
Google Sites | Box | Mega | |
1.3 | GNU/Linux | d93bc45653345e62a315e0a0aaa1b709aacd26c4
|
Google Sites | Box | Mega |
Mac OS X | c239da3fd4e312c8468cdca967c86962b2cbd3f9
|
Google Sites | Box | Mega | |
Windows | 92bbe23f125f3b0155334f1925943624e24ce130
|
Google Sites | Box | Mega | |
1.4 | GNU/Linux | 95c34e7a7220d2dab2e93cf9bb62beb49aef8996
|
Google Sites | Box | Mega |
Mac OS X | 96b62f303e335bb5c6b78034027606fee5fc93c3
|
Google Sites | Box | Mega | |
Windows | 36adf9ccf62aaf770163666e757c7a89e9ba3a55
|
Google Sites | Box | Mega | |
1.5 | GNU/Linux | 923db21a9045df6aaaff27670be92330f4855a21
|
Google Sites | Box | Mega |
Mac OS X | cccf7e5b4a83df8c05dcfed98b9627533c018541
|
Google Sites | Box | Mega | |
Windows | 25799bbeea3733c26fb010e6aca432d686fd8f9f
|
Google Sites | Box | Mega | |
1.5.1 | GNU/Linux | cc0bd166a1480c2a838584b201981db1e45ca411
|
N/A | Box | Mega |
Mac OS X | 4a0e9fb8b5f83fbee5e26d1d7db876cefd09832a
|
Box | Mega | ||
Windows | a220bb5fb1ccf5cf1cb666dc03e20ac54890835d
|
Box | Mega | ||
1.5.2 | GNU/Linux | 97fbeb932dd3cb22ec339ec4c2f95a17d570d30c
|
Box | Rapidshare | |
Mac OS X | 051079f808f5c31f32ba09c6a39f09a8c3479157
|
Box | Rapidshare | ||
Windows | 30d34e23f860eae28d4ae6513edc46ef8aa2042c
|
Box | Rapidshare | ||
1.5.3 | GNU/Linux | 620dcb7996b1f3497827b11876bf0c2fae069ecf
|
Box | Rapidshare | |
Mac OS X | 54827d78cb45b7dae4e7566b9ed5c1b833d68850
|
Box | Rapidshare | ||
Windows | 2f8c2f111a6afefd099ecb0ce5aab63f160940b8
|
Box | Rapidshare |
Exploits
evasi0n takes advantage of several vulnerabilities:
- Symbolic Link Vulnerability
- Timezone Vulnerability (CVE-2013-0979)
- Shebang Trick
- AMFID code signing evasion
- launchd.conf untether
- IOUSBDeviceFamily Vulnerability (CVE-2013-0981)
- ARM Exception Vector Info Leak (CVE-2013-0978)
- dynamic memmove() locating
- vm_map_copy_t corruption for arbitrary memory disclosure
- kernel memory write via ROP gadget
- Overlapping Segment Attack (CVE-2013-0977)
See Also
External Links
- Official Website
- Accuvant Labs analysis
- Analysis by kernelpool
- kernelpool presentation at NISlab: slides
- kernelpool presentation at NISlab: video
- Explanation by planetbeing in Forbes
- Hopper Script to demangle evasi0n strings for Mac client of evasi0n, use in Hopper disassembler
- Apple Response: iOS 6.1.3 Security Fixes
- Apple Response: iOS 5.2.1 (Apple TV) Security Fixes
- Slides from HITB presentation in Amsterdam 2013