Sunday, November 27, 2011

Weapons of Mass Exploitation

Greetings, friends & jailbreakers!

It has now been several months since OPK and I (posixninja) took the stage at JailbreakCon (fka MyGreatFest) in London. Since then, I & other members of the Chronic Dev team have been keeping quietly busy on many fronts, so I thought it was about time to give you all a brief update.

Update on iOS5 Jailbreak

First & foremost: during my JailbreakCon talk in September, I was excited to announce that the Chronic Dev team had already discovered 5 different exploits for use in our upcoming jailbreak. Unfortunately, that announcement was a bit premature, because in the subsequent weeks, Apple found & patched a (critical) few of those exploits, between the beta versions we used for testing and the final release of iOS5 on October 12.
Sadly (and trust us, we are much more sad about this than any of you could possibly be), this has prevented us from being able to release a new jailbreak as quickly as we wanted to. As I hinted at earlier this week on Twitter, I was initially disheartened to think that so many of the countless hours we’ve worked on this jailbreak seemingly went right down the drain.
Not to mention, these are by no means the first exploits that have been “lost” by Chronic Dev (or any other iOS hacking teams) in this manner. In fact, these are just a few in a long-running series of exploits that were patched by Apple before we hackers could make use of them in a free jailbreak for you, our loyal fans.
Well, to be frank… this is bullshit!!! And now, Chronic Dev is ready to turn this little information battle into an all-out, no-holds-barred information WAR. So we want to use this experience as an opportunity to explain the method Apple uses to find potential vulnerabilities, as well as to unveil our new master plan, which should not only prevent this from happening to us again in the future, but also allow us to use all of you to find more exploits, so we can ultimately get an untethered jailbreak into your hands as quickly as possible.

How Apple Finds Exploits

One of the primary challenges in working with userland exploits is that, every time any program crashes on your iPhone, a “crash report” is generated and instantly sent back to Apple. As you can imagine, while we’re working out all the kinks in the exploitation of a vulnerability, we may need to crash any particular program thousands & thousands of times.
It’s possible to change your iTunes settings to stop sending this diagnostic information back to Apple, and of course everyone in Chronic Dev has made this change on all our development machines. However, even this is not always 100% effective at preventing Apple from obtaining our data. For instance, if one of us is at a friend’s house and plugs our iPhone up to his or her computer (even just to charge it), it’s very likely that computer is set up to send all our valuable data & crash reports right back to Apple.
As a side note, this is also the primary reason we’re unable to perform or allow any public beta testing of our software before it’s released. Any potential beta tester could be unknowingly sending crash reports back to Apple, which would prematurely alert the company to our exploits & the discovery of their vulnerabilities before we even have the chance to release.

Help Us Help You: Send Us Your Crash Reports

Instead of allowing this vicious cycle to continue, we decided to write a new program to turn Apple’s own beast against its master, per se. All this program requires from you is to attach your iOS device to your computer and click a single button!
At this point, the program copies all the crash reports off your device (which, under normal circumstances, would be sent right back to Apple), and instead sends this data to a secure, private server hosted by your friendly Chronic Dev team. Next, our program proceeds to neuter your copy of iTunes, simply by changing your settings to prevent your computer from sending any further diagnostic information from your device to Apple.
Using this agglomeration of your crash reports and our ninja skills, Chronic Dev will be able to quickly pinpoint vulnerabilities in various programs by using the same techniques Apple currently employs. At the very least, your data will help point us in the direction of which applications are the most vulnerable, so we can focus our time & energy on these with laser-like intensity. And, of course, this will also prevent Apple from accessing all your valuable data, just so they can then turn around and use it against you.

Thank You!

Many thanks in advance for your prompt response & help in this effort, your continued support of GreenPois0n & the Chronic Dev team, and your patience while we continue our never-ending, diligent work on your (free!! coming soon!) untethered jailbreak for iOS5 and/or iPhone 4S.
One final THANKS! While I have spent many of my own hours on the development, design & programming of this tool, especially the back-end, I also owe a great debt of gratitude to:
  • C-Dev hacker Nikias & his lovely wife Hanene – for the many tedious hours they spent programming the front-end & user-friendly interface;
  • C-Dev member OPK – for his graphic design work & the brilliant logo for this app; and
  • Chronic-Dev, LLC – for graciously hosting the servers where we will store the (fingers crossed) millions of crash reports and other data that you all are going to send us momentarily, via this link…

[CDevReporter_mac.zip]

[CDevReporter_win.zip]

[PLEASE NOTE: This link is to the Mac beta version of our software. An updated/final Mac version as well as a Windows version will be available in the next 24 hours.]

No comments :

Post a Comment