
Evasi0n iOS 6.x jailbreak - DHowett
http://evasi0n.com/?o=1
======
gcb0
So you guys use a closed source program from 'hackers' to be able to fully use
your phone? So you have all the disavantages of paying for something and all
the disadvantages of using some keygen binary to use as it was pirated.

and i'm worried about what lies in the binary blob of my phone's boot1 and
radio driver....

~~~
jawngee
I'm sure you're not using a closed source binary anywhere in your day to day
usage of computing devices.

~~~
jarek
Sure, but my laptop's graphics driver isn't preventing me from sharing a
torrent while trolling^Wbrowsing HN.

------
0x0
Some interesting strings from the binary. Hopefully there will be a write-up
explaining the exploit in detail soon.

    
    
      /var/mobile/DemoApp.app
      Media/Recordings/.haxx/DemoApp.app/Info.plist
      Media/Recordings/.haxx/Library/Caches/com.apple.mobile.installation.plist
      Media/Recordings/.haxx/timezone
      Media/Recordings/.haxx/var/evasi0n/evasi0n
    
    

Edit: I also spotted a few references to Racoon, the VPN client which I think
was abused in an earlier jailbreak as well?

~~~
jevinskie
Here is a more detailed analysis:
[http://blog.accuvantlabs.com/blog/bthomas/evasi0n-jailbreaks...](http://blog.accuvantlabs.com/blog/bthomas/evasi0n-jailbreaks-
userland-component)

The lazy binding is really interesting. There is lots of interesting stuff in
the kernel, dyld, and libSystem. I would encourage you to have a look! You can
do interesting things like run code before libSystem_init[1]

[0]:

<https://github.com/Apple-FOSS-Mirror/dyld/tree/master/src>

[https://github.com/Apple-FOSS-
Mirror/Libsystem/blob/master/i...](https://github.com/Apple-FOSS-
Mirror/Libsystem/blob/master/init.c)

[https://github.com/Apple-FOSS-
Mirror/xnu/blob/master/bsd/ker...](https://github.com/Apple-FOSS-
Mirror/xnu/blob/master/bsd/kern/kern_exec.c)

[1]: <https://gist.github.com/jevinskie/4615901>

~~~
0x0
Nice analysis. According to twitter, there's something more to it, though,
there still seems to be some sort of kernel memory corruption exploit:

<https://twitter.com/kernelpool/status/298714209187921921>

------
JonnieCache
Shame it doesn't happen in the browser this time around. That PDF exploit last
year was _slick._

~~~
MichaelGG
If it was a browser exploit, wouldn't that put all users at a great risk, and
also put more pressure on Apple to rapidly patch?

~~~
Finster
IIRC, the first jailbreakme.com used a PDF exploit that Apple patched REALLY
fast, for the very reason you cited.

~~~
coob
May have been TIFF?

~~~
robotmay
Aye, I believe it was the TIFF exploit.

------
antirez
Not worth it because the parallel jailbroken world instead of being something
full of free and interesting things is poor and full of things that you need
to pay for, but, 5 times the average app price on iTunes.

I'm not going to get instabilities and hard to upgrade devices just for
SBSettings or alike.

Unfortunately too many people only jailbreak so that they can install software
for free. That said it completely sucks that Apple does not allow me to be in
control of what I want to install, including apps downloaded from a web site.

Also, a lot of people install SBSettings just because how freaking lame is the
iOS algorithm to understand how bright the screen should be a given light
level. Lame.

~~~
imissmyjuno
Please don't lump everyone wanting to JB into the same (laughable, to me)
SBSettings or the even more presumptuous pirating use cases. For example, I'm
in Canada, and my favourite music service is Grooveshark (Spotify is not
available). The only way to get the Grooveshark iOS app is through
jailbreaking.

~~~
antirez
Sure, too many people but definitely not everybody, and I just talk for what I
see, that is, the population here in Italy that I can monitor directly
(however in Italy there is a strong inclination for software piracy).

------
Watabou
Awesome! Does anyone know if SMS GV/Phone GV extension is working or not? I
tried the tethered jailbreak on the 3GS and it wasn't working then. Only the
Phone GV was working but it was slow.

I have an iPhone 5 now and hopefully the day ends early today so I can go home
and jailbreak. Can't wait to get NCsettings and Google voice integration!

~~~
britta
They aren't updated for iOS 6 yet, but I believe the developer is planning on
updating them. You can email him for more information if you like - his email
address is listed at the bottom of his website (<http://gvexts.appspot.com/>).

------
asiekierka
Here are my mirrors:

Windows:
[http://asiekierka.pl/evasi0n-win-1.0-3c53ba10e2448d311b0f415...](http://asiekierka.pl/evasi0n-win-1.0-3c53ba10e2448d311b0f4157f2d7eb568f106c4f-release.zip)

OSX:
[http://asiekierka.pl/evasi0n-mac-1.0-3c53ba10e2448d311b0f415...](http://asiekierka.pl/evasi0n-mac-1.0-3c53ba10e2448d311b0f4157f2d7eb568f106c4f-release.dmg)

Linux:
[http://asiekierka.pl/evasi0n-linux-1.0-3c53ba10e2448d311b0f4...](http://asiekierka.pl/evasi0n-linux-1.0-3c53ba10e2448d311b0f4157f2d7eb568f106c4f-release.tar.lzma)

~~~
LogicX
Your sha for OSX does not match those listed on the site.

Also the size is different: 9.6M
evasi0n-mac-1.0-3c53ba10e2448d311b0f4157f2d7eb568f106c4f-release (1).dmg 9.2M
evasi0n-mac-1.0-3c53ba10e2448d311b0f4157f2d7eb568f106c4f-release.dmg

I'm choosing not to open yours.

~~~
asiekierka
Odd.

~~~
technosmurf
I also checked the shasum by comparing 2 files.

The Mega link (Mac client) from the official web page:
bd9fe1e58343a5c03295a975697de3e64e65b42c

asiekierka's Mac link: bd9fe1e58343a5c03295a975697de3e64e65b42c

Both file sizes are the same (9,690,941 bytes, 9.7 MB on disk). Maybe the
discrepancy has to do with -a flag for 224, 256, 384, or 512 or something.

I think his mirror is safe. It's the one I used to successfully jailbreak my
iPad 3. Now I can SSH into my iPad and change the hosts file for some ad-
blocking and installed Flux for "easier on the eyes" nighttime reading.

I don't look forward to Apple's next update which will wipe out my jailbreak,
so I don't want to customize things too much. Last time I did a jailbreak for
my iPod Touch, it messed up an in-app purchasing mechanism for a game I was
testing. After this experience, I dread that jailbreaks will cause unforeseen
problems and prefer not having to customize every single little tech option.
Still, I performed this jailbreak mostly to get ad-blocking in MobileSafari.

Actually, one snag I have: the iPad time was totally wrong, insisting that it
was 8 hours ahead, and the General Settings wouldn't properly automatically
update the time. Had to do a lot of fiddling with Location services and Date &
Time to fix it.

Jailbreakin' ain't all that it's cracked up to be!

~~~
technosmurf
Another glitch: the volume controls don't work correctly. No matter what level
your volume is at, if you press the down button just once, the volume will go
completely to 0! You have to keep pressing up again to reach the proper level.
Quite annoying when the volume is a function used so many times a day.
Jailbreaking may allow you to get more features, but it usually brings a whole
host of headaches, too. I'll probably just stick with the standard iOS system
after the next update.

------
justinwr
The last time I jailbroke my devices they slowed to a crawl and crashed
frequently. Felt like I had installed Windows on my iOS device. I'd much
rather have my walled garden of reliable bliss.

I'll still donate to the cause however. Keep up the fine work gents! :)

~~~
bobbles
It would have been the apps that you installed, not the jailbreak itself.

~~~
justinwr
Oh it definitely was.

------
gorekee
"If the device is stuck displaying "patching kernel", you can press Power+Home
for a long time to force a reboot." [1]

[1] <https://twitter.com/pod2g/status/298493685765648384>

------
NotAnEngineer
There's a Cydia app called BrowserChanger that lets you change the default
browser (so clicking a link in Mail will open Chrome instead of Safari, for
example). Is there a similar app that lets you change the default maps
application?

~~~
britta
MapsOpener makes Google Maps the default maps app - see
<http://www.idownloadblog.com/2012/12/14/mapsopener/> for some information and
a video.

~~~
NotAnEngineer
Thanks!

------
Gurrewe
The last time I had a jailbroken phone was at the time of iOS 2, back then I
didn't think it was worth it.

What has changed in the last four years?

~~~
seanc722
I do like having OpenVPN and better wireless scanning/details.

~~~
marchdown
What do you use for wireless scanning?

~~~
seanc722
Sorry late response... One is WiFi Analyzer. Shows Channel, strength,
encryption, ssid. Has a nice little great with signal strength along with
min/max/avg. Not sure if you can get it from appstore now as someone else
pointed out can get OpenVPN officially there now :)

Also... I'm curious as to why Apple hasn't added a SBSettings / NCSettings
type feature as most other smartphones have toggle buttons in the
"notification area" which make life a lot easier.

------
ROFISH
As a sidenote, I'm interested in hearing piracy numbers after this jailbreak.
Is piracy still popular, or are people just jailbreaking solely for the mods?

~~~
ThePinion
didn't hackulous develop Appsync? That's the only simple method I knew of for
transferring pirated apps from iTunes to the iDevice. Which is the main way
the non technical users did it. Now that they've called it quits piracy will
probably be drastically slowed down until there are new well known
alternatives.

I could be totally wrong though, I don't own any iDevices, just basing my
knowledge off helping people jailbreak their phones and pods over the past
many years (except this last year of course..)

~~~
emersonrsantos
Try AppCake or vShare. Installous is dead.

~~~
ROFISH
I'm not interesting in pirating apps, I'm interested in either prevention
and/or not selecting iOS as a games platform. Nothing has shaken me more than
buying an iPad 3 off Craigslist because the dude couldn't jailbreak it to get
free apps. (And he definitely did not come across as a technical person.)

~~~
emersonrsantos
It will always happen. The only known way to prevent this is to get your users
to authenticate in your DRM service.

------
stevedc3
The jailbreak community, who overall do very good things for users, are
shooting themselves in the foot by not having the Cydia store work properly
once you jailbreak --- the store is totally down, servers slammed. They had 6
months to prepare for this? why don't they correct it? people's first
impressions (who have never jailbroken before) are that the process is
terrible.

I am referring to the Cydia store by @saurik.

~~~
saurik
Look, I mostly do this because I find it meaningful. It pays miserably, and
yet people always act like I'm making tons of money off of it, so a ton of
people hate me and I don't even get to self-medicate by staring at a massive
pile of cash. I've built a lot of really cool assets, but they (even the Cydia
Store) are totally reliant on security flaws in something that is becoming
more secure every day, so the work is even futile.

That doesn't mean, however, that I should be expected to perform miracles. I
already work nearly every waking hour on things related to jailbreaking: "I'm
giving er' all she's got, captain". For the record, by the way, here is what
I'm up against today:

<http://cache.saurik.com/tinyimg/cydia6hits.png>

The game is also really difficult to predict. In this case, this is unlike any
previous jailbreak, because they announced a specific time. I was not
expecting them to announce a time: they have never announced a time before. I
was not prepared for them to announce a specific time. What normally happens
is there is a massive wave over the first few days while people find out about
the jailbreak. Today, there were people watching a progress bar for hours
until it hit 100%.

Meanwhile, you make it sound like it is really simple to take a payment
transaction and licensing system, and just go "oh wow, we are doing over 10x
the load? flip the switch boys!"... payment systems just don't work like that:
this isn't some stupid web forum where you can play fast and loose with
consistency (or even durability) to get more performance.

Also, six months to prepare? Seriously: you think I should spend six months
while Cydia is losing money and there are no jailbreaks available--and there
may never be a jailbreak available again--sitting around figuring out how to
make a payment system scale infinitely so that during a small multi-hour long
window it can shine?

Even in jailbreak-land, that is not the most important thing to be doing; one
of my big time sinks this last half year was figuring out how to better deal
with credit card fraud, for example. Leaving the world of payments, vendors
are happier with more backend features, developers are happier with more
Substrate improvements, and end users would prefer I make more tweaks or add
things to WinterBoard.

~~~
wvenable
This may be one of the most anticipated jailbreaks ever.. I'm not sure, even
without announcing a specific time, you wouldn't get hammered. The moment the
jailbreak went up, sites like reddit and hackernews would be on it like a
flash.

You do great work, don't let the few smaller complainers get to you.

------
evoxed
Am I the only one getting a stream of NetDB errors (with the occasional HTTP
500 or 502)? I guess I'll just have to wait until... whatever server it's
trying to connect to is up and running. I haven't had a chance to install a
single package yet.

Edit: Popping over to r/jailbreak confirms it, I guess it'll be a while before
things calm down. I just hope I can get f.lux before I have to go to work.

~~~
slushieman
Confirming this as well... If you see this error, NetDB, Failed to fetch,
etc., it is not any problem with your iDevice, Cydia, the jailbreak, or really
anything at all. In fact, if you are seeing this right now on 2/4/2013, it
most likely means everything is working properly!

The servers that provide the apps, the 'sources', are overloaded with people
trying to download. Waiting until the servers are less loaded is the only
solution, right now.

~~~
slajax
Me too.

------
dmauro
Is this a tether jailbreak or is it permanent?

~~~
britta
It's an untethered jailbreak (allows the device to reboot on its own without
using a desktop tool to help it boot), if that's what you mean by permanent. I
probably wouldn't call it "permanent" since you can easily remove the
jailbreak by restoring the device with iTunes.

------
tibbon
Seems to be crashing on me instantly on 10.8 with my 3rd Gen iPad:

Application Specific Information: __* error for object 0x10fea00: pointer
being freed was not allocated

------
kape
I haven't Jailbroke my iPhone for a few years. I did out of curiosity, but
updating OS was just too much pain.

Been thinking what are the real benefits of doing that? Why? Is it customizing
UI, adding more effects? Or is it just downloading apps outside app store? I
think it brought value when we didn't have notification center etc, but still
people doing it?

~~~
kls
The big one for those of us with an AT&T unlimited data plan is tethering.
They had to grandfather our plans in because they sold them to us as
unlimited, but they will not offer tethering as they are trying to force all
users off of those plans and on to the 5GB plan.

~~~
stcredzero
Do those apps actually still work on AT&T? I thought AT&T detected their
operation and blocked them.

~~~
killahpriest
They still do work, PdaNet has an option to hide the tethering from AT&T.
<http://junefabrics.com/iphone/index.php>

------
seles
It worked for me, but now I am getting error "HTTP/1.1 500 Internal Server
Error" in cydia

It looks like this also happened to people alot when the jailbreak for iOS 5
first appeared, so I am pretty sure cydia is just getting flooded with traffic
from hoards of newly jailbroken users.

------
mikecane
Curious, does it work with the iPad Mini? [EDIT: Yes.
<https://twitter.com/tomle12/status/298496235894095873>]

Also, how soon could Apple push out an update to kill this one?

------
FPSDavid
Definitely waiting until tonight to jailbreak. Last few times my phone got
slightly screwed up when I jailbroke right after it came out, followed by a
couple updates/fixes to the jailbreak program the same day.

------
SquareWheel
Mirrored the Windows version on MultiUpload. It's the only one I could snag
before everything imploded.

<http://www.multiupload.nl/QZTXLPXVHB>

------
xguru
Almost all the Cydia sources become slow because the heavy load.

------
supercoder
As a developer the jailbreak is conflicting.

On one hand it's good to get all the cheap skates off ios 5.1 but then
alternatively were going to see a bigger piracy spike now.

~~~
yareally
That's an awfully big assumption that only pirates don't update to the latest
and greatest device. Especially when many can't afford to and a smaller
community does actually jailbreak to mod their devices. Some I know that went
back to iOS from Android were waiting for a jailbreak so they could mod stuff.

~~~
supercoder
It's not an assumption, it's a fact. Our stats show that 84% of the pirated
copies of our apps in the last 30 days users have been on 5.x.

------
uwnav
Does anybody know what the state of unlocking A4+ chips is after this release?
Stuck with a friggin Bell Canada iPhone 4S I can do shit all with

------
steed
I installed Sms GV extension, then the iPhone 5 keep rebooting... I recovery
it try again, them keep rebooting again.... ><

------
abdophoto
Already Jailbroken. Thank you Evasi0n!

------
asiekierka
Can't connect for 30 minutes now, stuck on the "Just a moment..." screen.

Can anyone provide mirrors?

~~~
EchoVelocity
Here's a dropbox link for the windows version. It'll be up until there is too
much activity:
[https://dl.dropbox.com/u/6469722/evasi0n-win-1.0-3c53ba10e24...](https://dl.dropbox.com/u/6469722/evasi0n-win-1.0-3c53ba10e2448d311b0f4157f2d7eb568f106c4f-release.zip)

------
so898
I am very afraid of this moment. I know after this jailbreak released, there
will be more and more people use illegal applications, and I have to worry
about the meals next month. For god sake, hoping they will not release
something that could break the IAP.....

~~~
thethimble
Your concern is silly. People pirating applications are likely not going to be
willing to pay for those applications in the first place. There is no
opportunity cost associated with piracy.

If anything, in my opinion, app piracy just increases the visibility of your
app and could potentially win new, legitimate users through word of mouth.

~~~
gfodor
Citation needed.

Do you really think that software pirates with jailbroken iPhones that have
their phones loaded up with the latest popular apps would not spring the 20
bucks or so in the app store to buy them if it were hard to pirate them? The
"no opportunity cost associated with piracy" canard held water in the days
where lots of commercial software was reasonably outside the reach of your
average individual who wanted to play with it. But saying that little Johnny
that's playing Angry Birds for free would not have bought the game for a
dollar anyway is, to be frank, complete bullshit.

~~~
nitrogen
Not the OP, but the only people I've heard of pirating apps are those for whom
$20 is the difference between eating and starving (e.g. students whose phone
is paid for by family, but their food and apps are not).

~~~
britta
A number of people pirating apps are people who don't have the App Store
available in their countries, and some others are children and young teenagers
who don't have their own money to buy things online (with parents who aren't
interested in helping them buy games).

------
lutusp
Warning: jailbreaking your phone is now illegal:

[http://investorplace.com/2013/01/jailbreaking-your-phone-
wil...](http://investorplace.com/2013/01/jailbreaking-your-phone-will-be-
illegal-after-jan-26/)

~~~
ansgri
I always wonder, how can you U.S. guys tolerate this stupid carrier lock-in
with year-long contracts? When in other parts of the world they are planning
or already have laws obliging carriers to provide call forwarding to your new
number after you switch away.

~~~
0x0
It's happening in Europe too, and I don't see the big problem.

It's what makes it economically possible for carriers to offer a subsidized
up-front price on the phone. You're free to buy the much more expensive
unlocked phone, even in the US, on apple.com, no?

~~~
rednukleus
Its completely unnecessary. If you sign up for a 1 year contract, you still
have to pay out the rest of the contract, regardless of whether your phone is
unlocked or not. The only reasons to lock the phone are to force users to pay
roaming charges, and to stop people from switching carriers _after_ the
contract has expired.

------
5vforest
Jailbreak was smooth as can be on my iPhone 4S Sprint.

------
garkrau
Does it really work? ever for New iPad (3gen iPad)?

~~~
rcchen
I just jailbroke my iPad 3 with it, works like a charm, on iOS 6.1

~~~
garkrau
omg. can't wait get to my ipad to do this. christmas once again.

------
tommys
JB worked like a charm! Thx evasi0n! :-)

~~~
tommys
On my iPhone 5.

------
cududa
Has Cydia keeled over for anyone else?

~~~
slajax
Yup.

------
aioprisan
can someone provide a mac download link?

~~~
asiekierka
[http://asiekierka.pl/evasi0n-mac-1.0-3c53ba10e2448d311b0f415...](http://asiekierka.pl/evasi0n-mac-1.0-3c53ba10e2448d311b0f4157f2d7eb568f106c4f-release.dmg)

[https://mega.co.nz/#!5h0BwQoa!KdRLFwNJ3OjMS-7Zs2YGQnsvPxAKEs...](https://mega.co.nz/#!5h0BwQoa!KdRLFwNJ3OjMS-7Zs2YGQnsvPxAKEsaAjabY__8pNtY)

