ADVT

iOS 10.3.1 Jailbreak. Where does it stand? The possibilities.

Its always been a cat and mouse chase between Apple and the Jailbreak community,Recently,Luca Todesco has proven himself to be one skillful hacker with the necessary skills and abilities, but releasing a jailbreak for iOS 10.1.1-10.2 and iOS 10.2.1-10.3.x will be an entirely different challenge, especially given that iOS 10.3.x introduces Apple’s new File System APFS. There’s then also the fact that Todesco himself has already said that he will stop working on all public iOS research work after 10.2 jailbreak.

Recently,PANGU team demoed an ios 10.3.1 jailbreak,which was rumored to be released after Apple releases iOS 10.3.2 because they didn't want Apple to patch the vulnerability used for this jailbreak.
It's been a week since Apple released the iOS 10.3.2 and still there is NO sign of such jailbreak! This puts in a lot of questions. Is pangu working with apple? Was it just a hoax made by Apple to force all users to update to iOS 10.3.1?


Heres some info about the demoed jailbreak by PANGUTEAM:

Images have surfaced on Chinese blogging site Weibo which appear to show a working jailbreak for Apple’s current firmware, iOS 10.3.1. Whilst details are extremely thin on the ground at present, they appear to be genuine and are an encouraging sight for jailbreakers everywhere.
Remember: Demonstrating a jailbreak is not the same as committing to release a jailbreak. Many tools use exploits the teams wish to keep for research purposes. Jailbreaks are sometimes demonstrated with no intention of release.
The first thing to say is that these images are not fully verified, nor were they posted by Pangu themselves. For that reason, maintain a healthy scepticism for the time being. Having said that, the three images appear to have been posted to the Weibo account of one Min Zheng, who is known to be heavily involved in iOS security, and with jailbreaking.
If the Weibo account is his, which it appears to be, then I would consider him a trustworthy source of information, and the sort of person who would be present at conferences of this kind in which mobile security tools and jailbreaks are demoed.

The conference, which is taking place in the Mercedes Benz Arena, on Expo Avenue in Shanghai, appears to be called Janus. The image below shows the attendee’s ticket, in front of the venue:

The event seems however to be private and not publicly ticketed, as the Mercedes Benz Arena website and ticketing site Damai do not seem to list any such event, held in The Mixing Room, on this date.
Further details about the jailbreak are scarce; we know however that it does support the iPhone 7, which is nice news for flagship device owners who were only partially supported by Yalu1011.
It has been rumoured that the jailbreak supports only 10.3-10.3.1, not lower firmwares such as iOS 10.2.1 and 10.2, but this is not confirmed. Similarly, whilst it reportedly supports all 64-bit devices (implying not 32-bit) this is also unknown for sure at present. No facts were given by Zheng, only the three images. All the other alleged details were reported by an unknown Twitter user, not Zheng or Pangu. Certainly, the only thing Zheng’s image shows for certain is that it runs on the iPhone 7 on iOS 10.3.1.
The most tenuous, but most exciting piece of news is the following, which was posted by the unknown Twitter user mentioned above. It appeared that they were also attending the event, but this may not actually be the case, so be careful about trusting their pronouncements:
正在和pp助手公司谈合作。如果谈妥,一周之内发布10.3-10.3.1 jailbreak
The translation is roughly as follows:
We are working with PP Assistant company. If agreed, within a week released 10.3-10.3.1 jailbreak.
Please remember, this could be a lie or a mistake, I include it only in the interest of full information.
So thats about the demoed jailbreak. Now let us see the case of Adam Donenfeld, the security researcher who has been credited for 8 exploits that were fixed in iOS 10.3.2.
Donenfeld has revealed his plans to revel futher more exploits in iOS 10.3.1.This seems to have sparked off rumors that he is planning to release the long-awaited iOS 10.3.1 jailbreak. We’re assuming he is referring to the following exploit mentioned in the security content of iOS 10.3.2:
IOSurface
Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: An application may be able to gain kernel privileges
Description: A race condition was addressed through improved locking.
CVE-2017-6979: Adam Donenfeld (@doadam) of the Zimperium zLabs Team

The speculations started when Donnefeld mentioned that 8 kernel exploits that were fixed by Apple in iOS 10.3.2 will be revealed at the HITB GSEC security conference in Singapore, and recommended jailbreakers to save the SHSH blobs.
 fixed 8 kernel privilege escalation bugs I sent them.
A privilege escalation exploit is already written (1/2)
 fixed 8 kernel privilege escalation bugs I sent them.
A privilege escalation exploit is already written (1/2)
It will be released during conferences’ season in the summer. You may want to save SHSH blobs :)  (2/2)
However, he has clarified that he didn’t say he will be releasing a jailbreak but added that he was happy to help someone who is interested in developing a jailbreak.
I never said anything about jailbreak. I'm releasing an exploit (source code + instructions). (1/2)
I never said anything about jailbreak. I'm releasing an exploit (source code + instructions). (1/2)
If someone wants to take the hassle of wrapping it into a jailbreak I’d be happy to help. (2/2)
The HITB GSEC conference will be held from August 21 – August 25, so it will be another long wait if Donenfeld plans to reveal the exploits at the security conference. Unless he can share the details of the exploits immediately, which seems unlikely.
I think our best bet is still the Pangu team, who had demoed a working iOS 10.3.1 jailbreak at a tech conference last month. Though even they are yet to officially provide any update about the jailbreak.
If you’re waiting for the jailbreak then it is recommended to avoid upgrading to iOS 10.3.2. If you’ve already upgraded to iOS 10.3.2, then check out our guide on how to downgrade iOS 10.3.2 to iOS 10.3.1 as it means that it will be even more difficult to jailbreak iOS 10.3.2 as Apple has patched the security vulnerability in iOS 10.3.2.


SO! WHAT ARE WE SUPPOSED TO DO?:
At the end of the day 10.3.1 might not be THAT bad: We know:
  • Pangu's Jailbreak Demo (might get released, if it does, we know that's gonna be hella stable), so we know it is a jailbreak-able firmware version.
  • Adam's exploit: Compatible with iOS 10.3.1, allows downgrades to any version if you have SHSH2 blobs even iOS 10.2. Might also be used by someone to build a Jailbreak (I doubt tho).
  • Pangu's Demo shows clearly iOS 10.3.1 (HERE: http://wx2.sinaimg.cn/mw690/86280673gy1feyx44wvusj20zk0qon17.jpg), so I am a bit skeptical of iOS 10.2.1 tbh.
  • iPhone 7 users are way better of on iOS 10.3.1, iOS 10.3 or iOS 10.2. I don't know what to say about iOS 10.2.1.
  • iOS 10.2.1 hasn't been signed in a very long while, if something was to happen on iOS 10.2.1, I guess it would have happened already considering that according to Luca, his KPP bypass for iOS 10.2 might be compatible with 10.2.1.
So if you're on iOS 10.3.1, DON'T update to iOS 10.3.2 If you're on iOS 10.2.1, I don't know what to recommend. The community agrees iOS 10.3.1 looks viable as hell due to Pangu's demo (so we are 100% it is jailbreakable with the existing vulnerabilities in it), and Adam's exploit for downgrades. Adam did not mention anything about iOS 10.2.1 being compatible, he said his exploit is compatible with iOS 10.3.1 and iOS 10.2, so you might miss the chance of downgrading back to 10.2 if you have blobs.
VERY hard decision. Unfortunately you'll have to take the risk. There is no safe path. Luca hasn't confirmed that his KPP bypass works on iOS 10.2.1 as well, it was just a supposition driven by the fact that iOS 10.2.1 came shortly after 10.2, that doesn't mean it is 100% confirmed, so pay attention how you read that. Basically if that is not correct and we remain on iOS 10.2.1, we lose the ability to: Use whatever Pangu releases for iOS 10.3 to 10.3.1 (if they do at some point), downgrade to any version we have blobs for using Adam's exploit. On the other hand, if the KPP bypass does prove usable on iOS 10.2.1 but not on 10.3.1, you will lose a possible update to yalu(?) but not the ability to downgrade or to use anything Pangu will release (if they do).
And even if the KPP bypass proves to be usable on iOS 10.2.1, iOS 10.2.1 was released in January, who is going to build a Jailbreak around the KPP bypass of a firmware version unsigned since March? We can't have devs building for iOS 10.3.1 but we'll have them focused on building for an old unsigned firmware? That makes me skeptical, but that's just MY opinion which might be wrong.
TL;DR: If on iPhone 7, stay on iOS 10.2 or iOS 10.3.1. If on other device (x64) Luca hints of possible KPP bypass for iOS 10.2 compatibility with iOS 10.2.1 (was not yet tested, just a supposition). Both versions (iOS 10.3.1 and 10.2.1) seem now safe, in reality, neither of them have anything 100% stable.
INSHORT: If you are in iOS 10.2.1,Stay there as Luca advised. If you have already updated to iOS 10.3.1,You are not in a bad situation either,Since we have a proof that Pangu team was able to Jailbreak it (Which may or may not be release to the public).
Users on iOS 10.3.2 are advised to roll back to 10.3.1 immediately.
I recommend to think thrice before doing any action. There is no way back. You can keep an eye on the TSS (signing) status here: https://ipsw.me


Reactions:

0 comments:

Post a Comment