Complete Interview With Planetbeing (Member Of Evad3rs Jailbreak Team):
1. Has Apple ever contacted you, or the evad3rs, for any reason (outside of regular business that Apple conducts with its customers/developers)?
Yes. I got a job offer once. As far as I know, all jailbreaker interactions with Apple have been pretty positive, especially in contrast with what companies like Sony apparently do.
I didn’t take it for personal and logistical reasons. At the time I was in Canada with a complicated visa situation. It wasn’t a solid offer anyway. I’m sure
I’d’ve had to interview, etc., first but I didn’t choose to get much into the process at all.
2. How do you feel the future of jailbreaking looks based on how long this release took? Do you think Apple will ever just release an open iOS?
It’s hard to say. Apple has successfully mitigated many vectors of attack in iOS 6. In this current jailbreak, we “evaded” Apple’s mitigations in the userland with several vulnerabilities I would perhaps characterize as “lame”, since these mistakes are a throwback to earlier days of iOS jailbreaking where we primarily used filesystem tricks. We only attacked Apple’s hardened security head-on in the kernel. “Lame” vulnerabilities tend to be hard to find, however, so it’s likely the next jailbreak will be tougher. That said, we also retain a few tricks that may or may not help in the future. Who knows what the weight of each factor should be when trying to determine how long the next jailbreak will take.3. I understand that the AppleTV jailbreak are usually an afterthought compared to iPhones/iPads/iPods, but do you ever see it becoming a priority or a focus?
I think the ship has sailed for Apple to consider shipping an open iOS. The furthest they might have gone was perhaps allowing you to unlock the bootloader like the Google Nexus phones. However, I don’t think they currently have a compelling reason to.
Personally, I only work on stuff that I own and use. For example, when I was in Canada and someone sent me an American locked iPhone 4, I worked really hard on an unlock for it. I don’t really see the appeal of an Apple TV at all so it’s not something I’d likely work on, particularly since the injection part would be significantly harder anyway.4. What is your opinion on what future iOS versions will bring? Mainly thinking of widgets supported natively (similar to Android).
Nothing is impossible, it’s just that some things fall below the intersection of difficulty and level of interest for people.
When I first saw the SBWeeApp interface and Notification Center, I thought for sure they’d have some way to let AppStore apps add to it. However, the primary issue is that all the widgets currently reside in a single process, which means they’re very likely to be able to interfere with each other. In something like the AppStore ecosystem, the probability approaches 1 and there could be a lot of problems. Compounded with this is the fact that that process is SpringBoard, which is the entire shell for iOS, so any problems are rather catastrophic (tweaks crashing SpringBoard is never fun!).5. What are the plans for when iOS 7 comes out? Does the team plan on having more people on board to find any vulnerabilities that the new firmware may have in store?
However, they are apparently working on compartmentalizing SpringBoard (it used to be the window manager for the OS as well) and perhaps there’s a way to host different views that are actually controlled by separate processes, so it might be possible in the future. Another possibility is some widgets that are primarily determined by property lists or something, similar to how the Settings app works.
When iOS 7 comes out, we’ll study it and see what we can do of course. You can’t really plan on “having more people on board”. It’s a specialized game with a steep learning curve that you can’t grab people off the street for. Certainly anyone who actually has sufficient ability to find and/or exploit a vulnerability can help by just sharing their findings.6. Where do jailbreaks usually begin? Is it methodical as in “let’s look for a foot in the door?” Or something such as “We have these vulnerabilities, what do we need to get something working?” Or just fuzzing. What tools are involved in the jailbreak development process? For someone who would like to “get into” jailbreaking because of interest what would be a good place to start? (As far as articles and books go)
Honestly, for me, it’s usually when someone drops a lead in my lap or pod2g chases me down and asks me to do some work improving something he’s already got. This recent iteration I found a lot of stuff on accident in the process of trying to get other stuff to work. Finding vulnerabilities is not usually fun for me though, exploitation is.7. I heard that when you were in the process of jailbreaking the iPhone 5, you actually had successfully jailbroken already, but you were looking for another exploit, so you didn’t have to reveal this ‘better’ one to apple. So my questions are, have you done this before in the past?
fxr.watson.org, opensource.apple.com, IDA, vim, clang, an existing jailbreak with OpenSSH.
Start by reading about existing jailbreaks and how they work. Perhaps try to rewrite an existing exploit another way, or improving it somehow. (I know the kernel exploit still can be improved, I’m planning to get to it one of these weekends). Make small achievable goals and work/study hard to accomplish those. There’s going to a lot of stuff you won’t understand at first, but there’s also a lot of publicly available information, and the process of piecing that together and/or experimenting until you get it is more helpful than if someone just told you.
We always like to do this, but sometimes the bugs get closed anyway, but it’s a lot better than having to exploit a device blind. Exploitation is like having to shoot a bullet through a pinhole into a room the size of a football stadium at a target inside. Except you also have to make sure the bullet ricochets off five different other targets before it hits your final target. That’s hard enough but imagine doing it without knowing where the targets are in the room.
Third party software is filled with bugs, but they’re not useful unless they’re shipped with iOS (like racoon, for example). If they are shipped with iOS, then Apple usually vets them anyway. App Store app bugs are not useful since Apple can always pull the app before the jailbreak gets very far. Plus, I think it’s kind of mean to do that to some random developer.