[Cyberwar Central Links & Resources][Cyberwar Central][Cyberwar Central Members Area]

            
  

 

 Return to Cyberwar Central  

Absinthe 2.0 jailbreaks most iDevices running iOS 5.1.1

May 27 2012 at 12:55 PM
Sheogorath  (Login Sheogorath)
CWC Member

 
The untethered jailbreak Absinthe v2.0 debuted on Friday with compatibility for almost all devices powered by Apple's A4 and A5 processors running the latest iOS 5.1.1 firmware, and is the first solution to unlock the new iPad.

Disclaimer: Jailbreaking may void Apple's warranty and in rare cases cause damage to the device being unlocked. Users opting to run jailbreak software and tweaks do so at their own risk.

Announced at the Hack in the Box event in Amsterdam, GreenPois0n Absinthe v2.0 is the result of a collaboration between the Chronic-Dev Team and iPhone Dev Team and gives iDevice users wider access to system features normally prohibited by Apple thus allowing for the download of applications and extensions unavailable in the official App Store.

Currently, the iOS 5.1.1-only jailbreak can be applied to nearly all iPads, the iPhone 3G, 4 and 4S, third and fourth generation iPod touch media players, and the second-generation Apple TV. Support for the new 8GB iPad 2, which features a custom-designed A5 chip, will be available soon though the team notes that Apple TV compatibility will not be included in the version 2.0 build.

[linked image]


During the event, the "dream team" of hackers explained (via iClarified) how Absinthe v2.0 works:

GreenPois0n Absinthe was built upon @pod2g's Corona untether jailbreak to create the first public jailbreak for the iPhone 4S and iPad 2 on for the 5.0.1 firmware. In this paper, we present a chain of multiple exploits to accomplish sandbox breakout, kernel unsigned code injection and execution that result in a fully-featured and untethered jailbreak.

Corona is an acronym (sic) for "racoon", which is the primary victim for this attack. A format string vulnerability was located in racoon's error handling routines, allowing the researchers to write arbitrary data to racoon's stack, one byte at a time, if they can control racoon's configuration file. Using this technique researchers were able to build a ROP payload on racoon's stack to mount a rogue HFS volume that injects code at the kernel level and patch its code-signing routines.

The original Corona untether exploit made use of the LimeRa1n bootrom exploit as an injection vector, to allow developers to disable ASLR and sandboxing, and call racoon with a custom configuration script. This however left it unusable for newer A5 devices like the iPad2 and iPhone 4S, which weren't exploitable to LimeRa1n, so another injection vector was needed.


Basically, the jailbreak takes advantage of certain exploits found in iOS to gain higher levels of systems access to "breakout" of the Apple-imposed sandboxing, or the iPad maker's stringent set of operating rules for apps running on the device. For example, jailbreaking gives apps the power to change certain system settings, like Wi-Fi or Bluetooth, on or off.

Friday's announcement saw such high levels of interest that the Cydia app store became overloaded with a flood of new users.

http://www.appleinsider.com/articles/12/05/25/absinthe_20_jailbreaks_most_idevices_running_ios_511.html


 
 Respond to this message   
Response TitleAuthorDate
 Re: Absinthe 2.0 jailbreaks most iDevices running iOS 5.1.1CoaldeJun 2, 2012, 1:10 PM
 Re: Absinthe 2.0 jailbreaks most iDevices running iOS 5.1.1CoaldeJun 14, 2012, 4:54 PM
Find more forums on SocietyCreate your own forum at Network54
 Copyright © 1999-2014 Network54. All rights reserved.   Terms of Use   Privacy Statement  
      free countersMember of The Internet Defense League   [Exchange Links with CWC]