doadam / ziVA

An iOS kernel exploit designated to work on all iOS devices <= 10.3.1
330 stars 102 forks source link

Jailbreak Chain #4

Open okbabsh opened 7 years ago

okbabsh commented 7 years ago

So as you mentioned , it requires a sanbox escape to get a full jailbreak , is there any other requirements? If no then i know someone who can function the P0 exploit and the ziVA into one program , then install cydia and get a jailbreak , tell me what is missing without only saying "alot is missing"

GeekBreak commented 7 years ago

To install Cydia atm a KPP bypass is needed, iOS 10.2.1 is the only version with a public KPP bypass (the one used by mach_portal+taluX, Yalu102 and extra_recipe+yaluX) Without a KPP bypass the best thing that you can do is gain tfp0 patch and set a nonce to use futurerestore with your SHSH2

okbabsh commented 7 years ago

Can't i just install cydia using the normal ipa's? I mean can't it get us to something? And my friend had a jailbreak on 10.2 and the updated to the 10.3.1 does that trigger anything?

GeekBreak commented 7 years ago

Cydia and tweaks can't be installed as iPAs, standard application, just like an AppStore app, can't access the filesystem, needs to be installed as a deb or using a bootstrap.tar, and no, 10.2 Jailbroken>10.3.1 doesn't trigger anything. From what doadam wrote in his HITBSEC slides and xerub on his twitter, if saurik will rewrite Cydia and his core, a KPP/AMCC. bypass could not be necessary

okbabsh commented 7 years ago

Thanks alot that almost answered my question , so now the jailbreak final chapter is maybe betweek saurik's hands , and sorry now i read doadam slides , i think i have to talk to saurik about that? And know if it's even possible , the only missing now is cydia , with cydia installed having access to file system , we can install debs , this way we can have a full functioning jailbreak? Correct me if i mistaked something

okbabsh commented 7 years ago

And another question , can we install cydia's ipa , using bootstrap? Without a jailbreak? I mean depending on a mac not the iphone itself , i'm really trying to help here so just tell me the missings and i can contact the developers personally

robonxt commented 7 years ago

Jailbreaking isn't that easy. We may have the exploits to create a jailbreak, but we also need to bypass rest of the security systems inside iOS. You can't just 'install' Cydia onto a non-jailbroken phone by installing the ipa, because like what @GeekBreak said, Cydia needs access to the file system and without the access to the file system, Cydia will be useless. Also, correct me if I'm wrong, but you can only bootstrap IF you have access to the file system or core iOS processes. I'm not a jailbreaker or a hacker, so take my words with a pinch of salt :)