Complete Interview With Member Of Evad3rs Jailbreak Team

Complete Interview With Planetbeing (Member Of Evad3rs Jailbreak Team):

1. Has Apple ever contacted you, or the evad3rs, for any
reason (outside of regular business that Apple conducts with its
customers/developers)?

 

Yes. I got a job offer once. As far as I know, all
jailbreaker interactions with Apple have been pretty positive,
especially in contrast with what companies like Sony apparently do.

I didn’t take it for personal and logistical reasons. At the time I
was in Canada with a complicated visa situation. It wasn’t a solid offer
anyway. I’m sure

I’d’ve had to interview, etc., first but I didn’t choose to get much into the process at all.

2. How do you feel the future of jailbreaking looks based on
how long this release took? Do you think Apple will ever just release an
open iOS?

It’s hard to say. Apple has successfully mitigated many
vectors of attack in iOS 6. In this current jailbreak, we “evaded”
Apple’s mitigations in the userland with several vulnerabilities I would
perhaps characterize as “lame”, since these mistakes are a throwback to
earlier days of iOS jailbreaking where we primarily used filesystem
tricks. We only attacked Apple’s hardened security head-on in the
kernel. “Lame” vulnerabilities tend to be hard to find, however, so it’s
likely the next jailbreak will be tougher. That said, we also retain a
few tricks that may or may not help in the future. Who knows what the
weight of each factor should be when trying to determine how long the
next jailbreak will take.

I think the ship has sailed for Apple to consider shipping an open
iOS. The furthest they might have gone was perhaps allowing you to
unlock the bootloader like the Google Nexus phones. However, I don’t
think they currently have a compelling reason to.

3. I understand that the AppleTV jailbreak are usually an afterthought compared to iPhones/iPads/iPods, but do you ever see it becoming a priority or a focus?

Personally, I only work on stuff that I own and use. For
example, when I was in Canada and someone sent me an American locked
iPhone 4, I worked really hard on an unlock for it. I don’t really see
the appeal of an Apple TV at all so it’s not something I’d likely work
on, particularly since the injection part would be significantly harder
anyway.

Nothing is impossible, it’s just that some things fall below the intersection of difficulty and level of interest for people.

4. What is your opinion on what future iOS versions will
bring? Mainly thinking of widgets supported natively (similar to
Android).

When I first saw the SBWeeApp interface and Notification
Center, I thought for sure they’d have some way to let AppStore apps add
to it. However, the primary issue is that all the widgets currently
reside in a single process, which means they’re very likely to be able
to interfere with each other. In something like the AppStore ecosystem,
the probability approaches 1 and there could be a lot of problems.
Compounded with this is the fact that that process is SpringBoard, which
is the entire shell for iOS, so any problems are rather catastrophic
(tweaks crashing SpringBoard is never fun!).

However, they are apparently working on compartmentalizing
SpringBoard (it used to be the window manager for the OS as well) and
perhaps there’s a way to host different views that are actually
controlled by separate processes, so it might be possible in the future.
Another possibility is some widgets that are primarily determined by
property lists or something, similar to how the Settings app works.

5. What are the plans for when iOS 7 comes out? Does the team
plan on having more people on board to find any vulnerabilities that
the new firmware may have in store?

When iOS 7 comes out, we’ll study it and see what we can
do of course. You can’t really plan on “having more people on board”.
It’s a specialized game with a steep learning curve that you can’t grab
people off the street for. Certainly anyone who actually has sufficient
ability to find and/or exploit a vulnerability can help by just sharing
their findings.

6. Where do jailbreaks usually begin? Is it methodical as in
“let’s look for a foot in the door?” Or something such as “We have these
vulnerabilities, what do we need to get something working?” Or just
fuzzing. What tools are involved in the jailbreak development process?
For someone who would like to “get into” jailbreaking because of
interest what would be a good place to start? (As far as articles and
books go)

Honestly, for me, it’s usually when someone drops a lead
in my lap or pod2g chases me down and asks me to do some work improving
something he’s already got. This recent iteration I found a lot of stuff
on accident in the process of trying to get other stuff to work.
Finding vulnerabilities is not usually fun for me though, exploitation
is.

fxr.watson.org, opensource.apple.com, IDA, vim, clang, an existing jailbreak with OpenSSH.

Start by reading about existing jailbreaks and how they work. Perhaps
try to rewrite an existing exploit another way, or improving it
somehow. (I know the kernel exploit still can be improved, I’m planning
to get to it one of these weekends). Make small achievable goals and
work/study hard to accomplish those. There’s going to a lot of stuff you
won’t understand at first, but there’s also a lot of publicly available
information, and the process of piecing that together and/or
experimenting until you get it is more helpful than if someone just told
you.

7. I heard that when you were in the process of jailbreaking
the iPhone 5, you actually had successfully jailbroken already, but you
were looking for another exploit, so you didn’t have to reveal this
‘better’ one to apple. So my questions are, have you done this before in
the past?

We always like to do this, but sometimes the bugs get
closed anyway, but it’s a lot better than having to exploit a device
blind. Exploitation is like having to shoot a bullet through a pinhole
into a room the size of a football stadium at a target inside. Except
you also have to make sure the bullet ricochets off five different other
targets before it hits your final target. That’s hard enough but
imagine doing it without knowing where the targets are in the room.

Third party software is filled with bugs, but they’re not useful
unless they’re shipped with iOS (like racoon, for example). If they are
shipped with iOS, then Apple usually vets them anyway. App Store app
bugs are not useful since Apple can always pull the app before the
jailbreak gets very far. Plus, I think it’s kind of mean to do that to
some random developer.

Rate this post
  • Jailbreak FAQ: Jailbreak Status All Devices

    Jailbreak iOS 18, iOS 17, iOS 16, iOS 15, iOS 14, iOS 13 – iOS 5 Supported Devices. All Devices. Why Jailbreak? What attracts users to jailbreak? First of all, the ability to fine-tune the operating system and installing tweaks that allow to get the device features that are only available on the latest models…

  • iOS 18 Features: new iOS with AI Integration

    As Apple gears up for its highly anticipated Worldwide Developers Conference (WWDC) in June 2024, rumors are swirling about the next big leap for its operating system: iOS 18. Touted to be a game-changer, iOS 18 is expected to bring artificial intelligence (AI) to the forefront of Apple’s ecosystem, enhancing key apps and services like…

  • iOS 18 Download and Install iOS 18 on Your iPhone

    Apple’s latest operating system, iOS 18, is packed with exciting new features and improvements that enhance your iPhone experience. Whether you’re looking forward to the new customization options, privacy features, or performance upgrades, this guide will walk you through the process of downloading and installing iOS 18 on your iPhone, ensuring a smooth transition to…