One of the developers of the new evasi0n jailbreak, which has been downloaded too many times to keep track of, has come out to explain just how the tool works. One thing is for certain, this is an extremely complex jailbreak. David Wang, aka @planetbeing, is who described the jailbreak to Forbes. It goes through multiple steps of multiple exploits in order to install the application Cydia and disable the devices code-signing abilities. Part of this process is outlined here:
Once it’s beaten ASLR, the jailbreak uses one final bug in iOS’s USB interface that passes an address in the kernel’s memory to a program and “naively expects the user to pass it back unmolested,” according to Wang. That allows evasi0n to write to any part of the kernel it wants. The first place it writes is to the part of the kernel that restricts changes to its code–the hacker equivalent of wishing for more wishes. ”Once you get into the kernel, no security matters any more,” says Wang. “Then we win.”
There are 7 lengthy bullet points over at Forbes that walks through each step of the jailbreak process (in somewhat layman’s terms). If you are interested in reading the behind the scenes of what evasi0n is doing to your device, it is an interesting read. If not, and you just want to go ahead and jailbreak because you haven’t done so, you can check out our tutorials for OS X and Windows.
What do you think? Over your head? Wonder how they figured this all out? Let us know in the comments, or tweet me @TiP_Kyle.