SlideShare a Scribd company logo

iOS jailbreaking

Download as PPTX, PDF
Varun Luthra
Varun Luthra

This document provides an overview of iOS jailbreaking. It explains that jailbreaking removes limitations imposed by Apple to allow root access and installation of unauthorized apps. Reasons for jailbreaking include customization, adding features, and making development easier. The document discusses the jailbreaking process, which involves exploiting checkpoints in the device startup process. It also covers jailbreak tools, repositories for unauthorized apps like Cydia, common jailbreak terms, and legal issues.

1 of 20
iOS Jailbreaking We Control our iDevice
What is iOS Jailbreaking? • iOS jailbreaking is the process of removing the limitations imposed by Apple on devices running the iOS operating system through the use of hardware/software exploits . • Jailbreaking allows iOS users to gain root access to the operating system.
Why Jailbreak? • One of the main reasons for jailbreaking is to expand the feature set limited by Apple and its App Store and get paid apps for free. • Users install these programs for purposes including personalization and customization of the interface, adding desired features and fixing annoyances,and making development work easier.
Processing Involved •Jailbreak itself is getting control over the root and media partition of your iDevice; where all the iOS’s files are stored at. •To do so /private/etc/fstab must be patched. •fstab is the switch room of your iDevice, controlling the permission of the root and media partition. The default is ‘read-only’, allowing eyes and no hands.
•The main problem is not getting the files in, but getting them trough various checkpoints. These checkpoints were put by Apple to verify if the file is indeed legit, or a third- party. •When an iDevice boots up it goes trough a “chain of trust”. It goes on the following (specific) order: Runs Bootrom: Also called “SecureROM” by Apple, it is the first significant code that runs on an iDevice. Runs Bootloader: Generally, it is responsible for loading the main firmware.
Loads Kernel: Bridge between the iOS and the actual data processing done at the hardware level. Loads iOS: The final step to the chain, iOS starts and we get our nice “Slide to Unlock” view. •The jailbreaker objective is to either patch the checks or simply bypass them. •Thus bringing us to the two main exploit categories: Bootrom exploit: Exploit done during the bootrom. It can’t be patched by conventional firmware update, and must be patched by new hardware.
•Since it’s before almost any checkpoint, the malicious code is injected before everything, thus allowing a passage way to be created to bypass all checks or simply disable them. •Userland exploit: Exploit done during or after the kernel has loaded and can easily be patched by Apple with a software update. •Since it’s after all the checks, it injects the malicious code directly into the openings back into the kernel. These openings are not so easy to find, and once found can be patched.
Types Of Jailbreak •Tethered: With a tethered jailbreak, if the device starts back up on its own, it will no longer have a patched kernel, and it may get stuck in a partially started state. •Untethered: An untethered jailbreak has the property that if the user turns the device off and back on, the device will start up completely.
How to Jailbreak? •redsn0w: redsn0w is a free iOS jailbreaking tool developed by the iPhone Dev Team, capable of executing jailbreaks on many iOS devices. •Absinthe or greenpoisi0n: It is another tool created to jailbreak Apple iOS devices, developed by Chronic Dev Team.
Cydia •Developed by Jay Freeman (also called "saurik") and his company, SaurikIT. •Cydia is a graphical front end to Advanced Packaging Tool (APT) and the dpkg package management system, which means packages available in Cydia are provided by a decentralized system of repositories (also called sources) that list these packages.
iOS ‘Signature’ Feature •In September 2009 Cydia was improved to help users to downgrade their device to versions of iOS not currently allowed by Apple. Cydia caches the digital signatures called SHSH blobs used by Apple to verify restores of iOS. •Cydia's storage mechanism enables users to downgrade a device to a prior version of iOS by means of a replay attack.
Installous •Installous is an iOS application developed by docmorelli and originally created by puy0. • Installous allows users to download, install, update and share cracked iOS applications in a clean and organized fashion. It has been installed on nearly thirteen million different devices.
Jailbreak Terminologies •Baseband: This has everything to do with your service and signal. This is why most unlockers have to be extremely careful when upgrading. If the baseband changes, it can permanently keep them from achieving an unlock. •Blobs : When you upgrade firmware in iTunes, you’ll see at the top when you start a restore “Verifying restore with Apple”. SHSH blobs basically give iTunes a fake hand to shake, which in turn, makes iTunes think your restore has been verified.
•DFU mode : Stands for device firmware update. DFU mode will talk to iTunes but it bypasses iBoot which will then allow you to downgrade firmware. Most jailbreaks will require DFU mode for these reasons as opposed to recovery mode. •SpringBoard: The graphical user interface on iOS devices. •Respring: Process of restarting the springboard. Many Cydia packages will require users to do this in order to install and execute bottom level files.
Top 10 Cydia Sources 1. http://cydia.hackulo.us/ 2. http://repo.hackyouriphone.org/ 3. http://repo.insanelyi.com/ 4. http://apt.modmyi.com/ 5. http://cydia.xsellize.com/ 6. http://apt.thebigboss.org/repofiles/cydia/ 7. http://repo666ultrasn0w.com/ 8. http://ihacksrepo.com/ 9. http://sinfuliphonerepo.com/ 10.http://biteyourapple.net/
Top 10 Cydia Tweaks 1.Byta Font 2.SB Settings 3.Barrel 4.Zephyr 5.Call Bar 6.Activator 7.Swipe Selection 8.Bigify+ 9.Springtomize 10.Bite SMS
Open SSH •The iPhone runs on a basic variant of Mac's OS X operating system, which is Unix-based. This means that if you're so inclined, you could jailbreak the iPhone platform and install certain Unix apps with SSH daemon to accept remote connections -- thus turning the iPhone into a tiny computer. •This is a useful utility for the users in order to allow SSH access to the device. Once the SSH gets access to the system, you can use the SSH clients to access the main file of your device for editing.
•SSH consumes more battery power and allows the hackers to get access to your file system if you forget to close or disable SSH. Changing root password is necessary.
Legal Issues • Under the Digital Millennium Copyright Act, jailbreaking iPhones is legal in the United States, although Apple has announced that the practice "can violate the warranty“. •As of July 26, 2010, the U.S. Copyright Office has approved exemptions to the DMCA that allow iPhone users to jailbreak their devices legally.
R.I.P.

Recommended

Rooting of an android phone
Rooting of an android phoneRooting of an android phone
Rooting of an android phone
Abhishek Mahajan
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applications
jasonhaddix
 
iOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for Beginners
RyanISI
 
Mobile operating system
Mobile operating systemMobile operating system
Mobile operating system
Arindam Ganguly
 
Leveraging the Android Open Accessory Protocol
Leveraging the Android Open Accessory ProtocolLeveraging the Android Open Accessory Protocol
Leveraging the Android Open Accessory Protocol
Gary Bisson
 
Forensics Analysis and Validation
Forensics Analysis and Validation Forensics Analysis and Validation
Forensics Analysis and Validation
Jyothishmathi Institute of Technology and Science Karimnagar
 
Android Security
Android SecurityAndroid Security
Android Security
Arqum Ahmad
 
Keyloggers.ppt
Keyloggers.pptKeyloggers.ppt
Keyloggers.ppt
Chetanmalviya8
 

Recommended

Rooting of an android phone
Rooting of an android phoneRooting of an android phone
Rooting of an android phone
Abhishek Mahajan
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applications
jasonhaddix
 
iOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for Beginners
RyanISI
 
Mobile operating system
Mobile operating systemMobile operating system
Mobile operating system
Arindam Ganguly
 
Leveraging the Android Open Accessory Protocol
Leveraging the Android Open Accessory ProtocolLeveraging the Android Open Accessory Protocol
Leveraging the Android Open Accessory Protocol
Gary Bisson
 
Forensics Analysis and Validation
Forensics Analysis and Validation Forensics Analysis and Validation
Forensics Analysis and Validation
Jyothishmathi Institute of Technology and Science Karimnagar
 
Android Security
Android SecurityAndroid Security
Android Security
Arqum Ahmad
 
Keyloggers.ppt
Keyloggers.pptKeyloggers.ppt
Keyloggers.ppt
Chetanmalviya8
 
Mobile operating system ppt
Mobile operating system pptMobile operating system ppt
Mobile operating system ppt
Santosh Kumar
 
20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanisms20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanisms
Csaba Fitzl
 
Lesson 6 - Understanding File and Print Sharing
Lesson 6 - Understanding File and Print SharingLesson 6 - Understanding File and Print Sharing
Lesson 6 - Understanding File and Print Sharing
Gene Carboni
 
Achieving HIPAA Compliance with Postgres Plus Cloud Database
Achieving HIPAA Compliance with Postgres Plus Cloud DatabaseAchieving HIPAA Compliance with Postgres Plus Cloud Database
Achieving HIPAA Compliance with Postgres Plus Cloud Database
EDB
 
Evolution of android operating system
Evolution of android operating systemEvolution of android operating system
Evolution of android operating system
Md. Abdullah Al Maruf
 
Apple iOS
Apple iOSApple iOS
Apple iOS
Chetan Gowda
 
Dial up security
Dial up securityDial up security
Dial up security
Ramla Sheikh
 
AN INTRODUCTION TO MOBILE APPLICATION DEVELOPMENT
AN INTRODUCTION TO MOBILE APPLICATION DEVELOPMENTAN INTRODUCTION TO MOBILE APPLICATION DEVELOPMENT
AN INTRODUCTION TO MOBILE APPLICATION DEVELOPMENT
GbadeboTEkunola
 
Debugging webOS applications
Debugging webOS applicationsDebugging webOS applications
Debugging webOS applications
fpatton
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
G Prachi
 
Kali Linux
Kali LinuxKali Linux
Kali Linux
Chanchal Dabriya
 
Android security
Android securityAndroid security
Android security
Midhun P Gopi
 
1 security goals
1 security goals1 security goals
1 security goals
drewz lin
 
Mobile application testing tutorial
Mobile application testing tutorialMobile application testing tutorial
Mobile application testing tutorial
Lokesh Agrawal
 
Module 02 ftk imager
Module 02 ftk imagerModule 02 ftk imager
Module 02 ftk imager
ParminderKaurBScHons
 
Metasploit
MetasploitMetasploit
Metasploit
henelpj
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
Raghav Bisht
 
Mobile Operating Systems
Mobile Operating Systems Mobile Operating Systems
Mobile Operating Systems
Anant Lodha
 
iOS I phone operating system
iOS I phone operating system iOS I phone operating system
iOS I phone operating system
Hùssâîn Mîrzã
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration Testing
Subho Halder
 
Jailbreaking iOS
Jailbreaking iOSJailbreaking iOS
Jailbreaking iOS
Mihir Patel
 
Jailbreaking iOS
Jailbreaking iOSJailbreaking iOS
Jailbreaking iOS
Kai Aras
 

More Related Content

What's hot

Mobile operating system ppt
Mobile operating system pptMobile operating system ppt
Mobile operating system ppt
Santosh Kumar
 
20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanisms20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanisms
Csaba Fitzl
 
Lesson 6 - Understanding File and Print Sharing
Lesson 6 - Understanding File and Print SharingLesson 6 - Understanding File and Print Sharing
Lesson 6 - Understanding File and Print Sharing
Gene Carboni
 
Achieving HIPAA Compliance with Postgres Plus Cloud Database
Achieving HIPAA Compliance with Postgres Plus Cloud DatabaseAchieving HIPAA Compliance with Postgres Plus Cloud Database
Achieving HIPAA Compliance with Postgres Plus Cloud Database
EDB
 
Evolution of android operating system
Evolution of android operating systemEvolution of android operating system
Evolution of android operating system
Md. Abdullah Al Maruf
 
Apple iOS
Apple iOSApple iOS
Apple iOS
Chetan Gowda
 
Dial up security
Dial up securityDial up security
Dial up security
Ramla Sheikh
 
AN INTRODUCTION TO MOBILE APPLICATION DEVELOPMENT
AN INTRODUCTION TO MOBILE APPLICATION DEVELOPMENTAN INTRODUCTION TO MOBILE APPLICATION DEVELOPMENT
AN INTRODUCTION TO MOBILE APPLICATION DEVELOPMENT
GbadeboTEkunola
 
Debugging webOS applications
Debugging webOS applicationsDebugging webOS applications
Debugging webOS applications
fpatton
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
G Prachi
 
Kali Linux
Kali LinuxKali Linux
Kali Linux
Chanchal Dabriya
 
Android security
Android securityAndroid security
Android security
Midhun P Gopi
 
1 security goals
1 security goals1 security goals
1 security goals
drewz lin
 
Mobile application testing tutorial
Mobile application testing tutorialMobile application testing tutorial
Mobile application testing tutorial
Lokesh Agrawal
 
Module 02 ftk imager
Module 02 ftk imagerModule 02 ftk imager
Module 02 ftk imager
ParminderKaurBScHons
 
Metasploit
MetasploitMetasploit
Metasploit
henelpj
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
Raghav Bisht
 
Mobile Operating Systems
Mobile Operating Systems Mobile Operating Systems
Mobile Operating Systems
Anant Lodha
 
iOS I phone operating system
iOS I phone operating system iOS I phone operating system
iOS I phone operating system
Hùssâîn Mîrzã
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration Testing
Subho Halder
 

What's hot (20)

Mobile operating system ppt
Mobile operating system pptMobile operating system ppt
Mobile operating system ppt
 
20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanisms20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanisms
 
Lesson 6 - Understanding File and Print Sharing
Lesson 6 - Understanding File and Print SharingLesson 6 - Understanding File and Print Sharing
Lesson 6 - Understanding File and Print Sharing
 
Achieving HIPAA Compliance with Postgres Plus Cloud Database
Achieving HIPAA Compliance with Postgres Plus Cloud DatabaseAchieving HIPAA Compliance with Postgres Plus Cloud Database
Achieving HIPAA Compliance with Postgres Plus Cloud Database
 
Evolution of android operating system
Evolution of android operating systemEvolution of android operating system
Evolution of android operating system
 
Apple iOS
Apple iOSApple iOS
Apple iOS
 
Dial up security
Dial up securityDial up security
Dial up security
 
AN INTRODUCTION TO MOBILE APPLICATION DEVELOPMENT
AN INTRODUCTION TO MOBILE APPLICATION DEVELOPMENTAN INTRODUCTION TO MOBILE APPLICATION DEVELOPMENT
AN INTRODUCTION TO MOBILE APPLICATION DEVELOPMENT
 
Debugging webOS applications
Debugging webOS applicationsDebugging webOS applications
Debugging webOS applications
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
 
Kali Linux
Kali LinuxKali Linux
Kali Linux
 
Android security
Android securityAndroid security
Android security
 
1 security goals
1 security goals1 security goals
1 security goals
 
Mobile application testing tutorial
Mobile application testing tutorialMobile application testing tutorial
Mobile application testing tutorial
 
Module 02 ftk imager
Module 02 ftk imagerModule 02 ftk imager
Module 02 ftk imager
 
Metasploit
MetasploitMetasploit
Metasploit
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
 
Mobile Operating Systems
Mobile Operating Systems Mobile Operating Systems
Mobile Operating Systems
 
iOS I phone operating system
iOS I phone operating system iOS I phone operating system
iOS I phone operating system
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration Testing
 

Viewers also liked

Jailbreaking iOS
Jailbreaking iOSJailbreaking iOS
Jailbreaking iOS
Mihir Patel
 
Jailbreaking iOS
Jailbreaking iOSJailbreaking iOS
Jailbreaking iOS
Kai Aras
 
Hotspots of biodiversity
Hotspots of biodiversityHotspots of biodiversity
Hotspots of biodiversity
Somya Bagai
 
Evolution of ERP
Evolution of ERPEvolution of ERP
Evolution of ERP
Monojit Banerjee
 
Evolution & structure of erp
Evolution & structure of erpEvolution & structure of erp
Evolution & structure of erp
Somya Bagai
 
History and Evolution of ERP & SAP
History and Evolution of ERP & SAPHistory and Evolution of ERP & SAP
History and Evolution of ERP & SAP
Shivkumar Rai
 
Evolution of ERP Systems
Evolution of ERP SystemsEvolution of ERP Systems
Evolution of ERP Systems
Prince Mosquitor
 

Viewers also liked (7)

Jailbreaking iOS
Jailbreaking iOSJailbreaking iOS
Jailbreaking iOS
 
Jailbreaking iOS
Jailbreaking iOSJailbreaking iOS
Jailbreaking iOS
 
Hotspots of biodiversity
Hotspots of biodiversityHotspots of biodiversity
Hotspots of biodiversity
 
Evolution of ERP
Evolution of ERPEvolution of ERP
Evolution of ERP
 
Evolution & structure of erp
Evolution & structure of erpEvolution & structure of erp
Evolution & structure of erp
 
History and Evolution of ERP & SAP
History and Evolution of ERP & SAPHistory and Evolution of ERP & SAP
History and Evolution of ERP & SAP
 
Evolution of ERP Systems
Evolution of ERP SystemsEvolution of ERP Systems
Evolution of ERP Systems
 

Similar to iOS jailbreaking

Android and ios cracking, hackintosh included !
Android and ios cracking, hackintosh included !Android and ios cracking, hackintosh included !
Android and ios cracking, hackintosh included !
Veduruparthy Bharat
 
OWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration TestingOWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration Testing
eightbit
 
Ruxmon April 2014 - Introduction to iOS Penetration Testing
Ruxmon April 2014 - Introduction to iOS Penetration TestingRuxmon April 2014 - Introduction to iOS Penetration Testing
Ruxmon April 2014 - Introduction to iOS Penetration Testing
eightbit
 
Toorcon 2010: IPhone Rootkits? There's an App for That
Toorcon 2010: IPhone Rootkits? There's an App for ThatToorcon 2010: IPhone Rootkits? There's an App for That
Toorcon 2010: IPhone Rootkits? There's an App for That
Eric Monti
 
128-ch3.pptx
128-ch3.pptx128-ch3.pptx
128-ch3.pptx
DeepakPanchal65
 
CNIT 128 Ch 3: iOS
CNIT 128 Ch 3: iOSCNIT 128 Ch 3: iOS
CNIT 128 Ch 3: iOS
Sam Bowne
 
Attacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesAttacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS Devices
Tom Eston
 
iOS Basics
iOS BasicsiOS Basics
iOS Basics
Richa Jain
 
Rooting an Android phone
Rooting an Android phoneRooting an Android phone
Rooting an Android phone
Arnav Gupta
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applications
mgianarakis
 
ios 5 semi tethered jailbreak
ios 5 semi tethered jailbreakios 5 semi tethered jailbreak
ios 5 semi tethered jailbreak
Jack Smith
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
Prem Kumar (OSCP)
 
2a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 12a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 1
Sam Bowne
 
Forensics WS Consolidated
Forensics WS ConsolidatedForensics WS Consolidated
Forensics WS Consolidated
Karter Rohrer
 
iOS Application Security
iOS Application SecurityiOS Application Security
iOS Application Security
Egor Tolstoy
 
CNIT 128 2. Analyzing iOS Applications (Part 1)
CNIT 128 2. Analyzing iOS Applications (Part 1)CNIT 128 2. Analyzing iOS Applications (Part 1)
CNIT 128 2. Analyzing iOS Applications (Part 1)
Sam Bowne
 
AusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS ApplicationsAusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS Applications
eightbit
 
YOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS ApplicationsYOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS Applications
eightbit
 
Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1
Subhransu Behera
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
n|u - The Open Security Community
 

Similar to iOS jailbreaking (20)

Android and ios cracking, hackintosh included !
Android and ios cracking, hackintosh included !Android and ios cracking, hackintosh included !
Android and ios cracking, hackintosh included !
 
OWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration TestingOWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration Testing
 
Ruxmon April 2014 - Introduction to iOS Penetration Testing
Ruxmon April 2014 - Introduction to iOS Penetration TestingRuxmon April 2014 - Introduction to iOS Penetration Testing
Ruxmon April 2014 - Introduction to iOS Penetration Testing
 
Toorcon 2010: IPhone Rootkits? There's an App for That
Toorcon 2010: IPhone Rootkits? There's an App for ThatToorcon 2010: IPhone Rootkits? There's an App for That
Toorcon 2010: IPhone Rootkits? There's an App for That
 
128-ch3.pptx
128-ch3.pptx128-ch3.pptx
128-ch3.pptx
 
CNIT 128 Ch 3: iOS
CNIT 128 Ch 3: iOSCNIT 128 Ch 3: iOS
CNIT 128 Ch 3: iOS
 
Attacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesAttacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS Devices
 
iOS Basics
iOS BasicsiOS Basics
iOS Basics
 
Rooting an Android phone
Rooting an Android phoneRooting an Android phone
Rooting an Android phone
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applications
 
ios 5 semi tethered jailbreak
ios 5 semi tethered jailbreakios 5 semi tethered jailbreak
ios 5 semi tethered jailbreak
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
 
2a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 12a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 1
 
Forensics WS Consolidated
Forensics WS ConsolidatedForensics WS Consolidated
Forensics WS Consolidated
 
iOS Application Security
iOS Application SecurityiOS Application Security
iOS Application Security
 
CNIT 128 2. Analyzing iOS Applications (Part 1)
CNIT 128 2. Analyzing iOS Applications (Part 1)CNIT 128 2. Analyzing iOS Applications (Part 1)
CNIT 128 2. Analyzing iOS Applications (Part 1)
 
AusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS ApplicationsAusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS Applications
 
YOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS ApplicationsYOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS Applications
 
Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
 

iOS jailbreaking

  • 1. iOS Jailbreaking We Control our iDevice
  • 2. What is iOS Jailbreaking? • iOS jailbreaking is the process of removing the limitations imposed by Apple on devices running the iOS operating system through the use of hardware/software exploits . • Jailbreaking allows iOS users to gain root access to the operating system.
  • 3. Why Jailbreak? • One of the main reasons for jailbreaking is to expand the feature set limited by Apple and its App Store and get paid apps for free. • Users install these programs for purposes including personalization and customization of the interface, adding desired features and fixing annoyances,and making development work easier.
  • 4. Processing Involved •Jailbreak itself is getting control over the root and media partition of your iDevice; where all the iOS’s files are stored at. •To do so /private/etc/fstab must be patched. •fstab is the switch room of your iDevice, controlling the permission of the root and media partition. The default is ‘read-only’, allowing eyes and no hands.
  • 5. •The main problem is not getting the files in, but getting them trough various checkpoints. These checkpoints were put by Apple to verify if the file is indeed legit, or a third- party. •When an iDevice boots up it goes trough a “chain of trust”. It goes on the following (specific) order: Runs Bootrom: Also called “SecureROM” by Apple, it is the first significant code that runs on an iDevice. Runs Bootloader: Generally, it is responsible for loading the main firmware.
  • 6. Loads Kernel: Bridge between the iOS and the actual data processing done at the hardware level. Loads iOS: The final step to the chain, iOS starts and we get our nice “Slide to Unlock” view. •The jailbreaker objective is to either patch the checks or simply bypass them. •Thus bringing us to the two main exploit categories: Bootrom exploit: Exploit done during the bootrom. It can’t be patched by conventional firmware update, and must be patched by new hardware.
  • 7. •Since it’s before almost any checkpoint, the malicious code is injected before everything, thus allowing a passage way to be created to bypass all checks or simply disable them. •Userland exploit: Exploit done during or after the kernel has loaded and can easily be patched by Apple with a software update. •Since it’s after all the checks, it injects the malicious code directly into the openings back into the kernel. These openings are not so easy to find, and once found can be patched.
  • 8. Types Of Jailbreak •Tethered: With a tethered jailbreak, if the device starts back up on its own, it will no longer have a patched kernel, and it may get stuck in a partially started state. •Untethered: An untethered jailbreak has the property that if the user turns the device off and back on, the device will start up completely.
  • 9. How to Jailbreak? •redsn0w: redsn0w is a free iOS jailbreaking tool developed by the iPhone Dev Team, capable of executing jailbreaks on many iOS devices. •Absinthe or greenpoisi0n: It is another tool created to jailbreak Apple iOS devices, developed by Chronic Dev Team.
  • 10. Cydia •Developed by Jay Freeman (also called "saurik") and his company, SaurikIT. •Cydia is a graphical front end to Advanced Packaging Tool (APT) and the dpkg package management system, which means packages available in Cydia are provided by a decentralized system of repositories (also called sources) that list these packages.
  • 11. iOS ‘Signature’ Feature •In September 2009 Cydia was improved to help users to downgrade their device to versions of iOS not currently allowed by Apple. Cydia caches the digital signatures called SHSH blobs used by Apple to verify restores of iOS. •Cydia's storage mechanism enables users to downgrade a device to a prior version of iOS by means of a replay attack.
  • 12. Installous •Installous is an iOS application developed by docmorelli and originally created by puy0. • Installous allows users to download, install, update and share cracked iOS applications in a clean and organized fashion. It has been installed on nearly thirteen million different devices.
  • 13. Jailbreak Terminologies •Baseband: This has everything to do with your service and signal. This is why most unlockers have to be extremely careful when upgrading. If the baseband changes, it can permanently keep them from achieving an unlock. •Blobs : When you upgrade firmware in iTunes, you’ll see at the top when you start a restore “Verifying restore with Apple”. SHSH blobs basically give iTunes a fake hand to shake, which in turn, makes iTunes think your restore has been verified.
  • 14. •DFU mode : Stands for device firmware update. DFU mode will talk to iTunes but it bypasses iBoot which will then allow you to downgrade firmware. Most jailbreaks will require DFU mode for these reasons as opposed to recovery mode. •SpringBoard: The graphical user interface on iOS devices. •Respring: Process of restarting the springboard. Many Cydia packages will require users to do this in order to install and execute bottom level files.
  • 15. Top 10 Cydia Sources 1. http://cydia.hackulo.us/ 2. http://repo.hackyouriphone.org/ 3. http://repo.insanelyi.com/ 4. http://apt.modmyi.com/ 5. http://cydia.xsellize.com/ 6. http://apt.thebigboss.org/repofiles/cydia/ 7. http://repo666ultrasn0w.com/ 8. http://ihacksrepo.com/ 9. http://sinfuliphonerepo.com/ 10.http://biteyourapple.net/
  • 16. Top 10 Cydia Tweaks 1.Byta Font 2.SB Settings 3.Barrel 4.Zephyr 5.Call Bar 6.Activator 7.Swipe Selection 8.Bigify+ 9.Springtomize 10.Bite SMS
  • 17. Open SSH •The iPhone runs on a basic variant of Mac's OS X operating system, which is Unix-based. This means that if you're so inclined, you could jailbreak the iPhone platform and install certain Unix apps with SSH daemon to accept remote connections -- thus turning the iPhone into a tiny computer. •This is a useful utility for the users in order to allow SSH access to the device. Once the SSH gets access to the system, you can use the SSH clients to access the main file of your device for editing.
  • 18. •SSH consumes more battery power and allows the hackers to get access to your file system if you forget to close or disable SSH. Changing root password is necessary.
  • 19. Legal Issues • Under the Digital Millennium Copyright Act, jailbreaking iPhones is legal in the United States, although Apple has announced that the practice "can violate the warranty“. •As of July 26, 2010, the U.S. Copyright Office has approved exemptions to the DMCA that allow iPhone users to jailbreak their devices legally.