Skip to main content

evad3rs

See All Stories
Site default logo image

Evad3rs team again addresses iOS 7 jailbreak concerns: no money exchanged, disappointed w/ cracked release

After much controversy surrounding the surprise release of a public iOS 7 jailbreak from well-known jailbreakers the evad3rs, the team has published another open letter to clear up some questions and concerns related to the release.

The biggest questions many are still asking are related to why and how the group made a deal with Taig, an app store of sorts that was installed on jailbroken devices in China, while not including an updated Cydia store in the release. While the group cleared up much of the situation in its first letter and removed Taig following piracy concerns, the latest letter addresses questions specifically regarding if any money was exchanged with Taig. It also expresses disappointment that the company released a cracked version of the jailbreak.

The full letter is below:

Privacy and Taig

First and foremost, and of utmost concern, is privacy. No one’s data was ever sent anywhere. Of course, as a member of the community whose work frees devices, it would be against everything we’ve worked for the last 7 years to jeopardize the security of the users of our software. To reiterate, no Taig software was installed unless the computer’s language was set to Chinese. Furthermore, no Taig software would run unless the user opened the Taig application.

After rumors abound of encrypted data being sent for users in China who’ve installed Taig, we decided to do what we do best – reverse engineer the code of Taig to understand what was being sent. Taig transmitted data similar to what Cydia transmits. Unique device identifiers were transmitted in encrypted form similar to how Cydia uses SSL to protect the privacy of its users. Taig did not transmit any private user data from the devices at all.

Piracy and Taig

Our written and verbal agreement with Taig banned it. They assured us it was not in there. We did not check every package in their store but a cursory examination before release found no problems. However, after investigation and after notification from the community, we found examples, including pirated tweaks, Apple App Store apps, and even pod2g’s PodDJ app. We dropped the ball on this. While we at first did not believe Taig purposefully violated our agreement, the depth of the transgression against the software developers and the jailbreak community cannot be overlooked and we could not move forward after that even if it were fixed. We terminated our relationship with them. We are very disappointed that they have decided to put up a cracked version of the jailbreak on their site that installs Taig. We did not give them any permission or source code.

We have refused all monies from Taig

There have been a lot of rumors listing various amounts we’ve been paid. We have received no monies from any group, including Taig. We will not be accepting any money. Our donations are being given to Public Knowledge, Electronic Frontier Foundation and Foundation for a Free Information Infrastructure to help protect jailbreaking as your legal right.

Jailbreak Updates

We are working hard to fix the problems with the jailbreak. Unfortunately, it’s the holidays and we would like to spend time with our friends and family. The events of the last couple of days have been extremely stressful for us and we need some time to recover. We will work as hard as we can to resolve any remaining issues. Thank you for your understanding.

We worked very hard to bring this jailbreak free of charge to the community. We hope you can all enjoy it.

evad3rs

Site default logo image

evasi0n Jailbreakers reveal the incredibly complicated methods they used to Jailbreak every Apple iOS device

Forbes posted an article on Tuesday that gave some updates on the highly successful launch of the evasi0n jailbreak tool straight from its creators. After having officially released the jailbreak yesterday at noon, according to stats from Cydia’s Jay Freeman, around 1.7 million people have decided to jailbreak their iOS device. Perhaps more interesting is a description of how exactly the four members of the evad3rds team were able to get the job done. Team member David Wang, aka @planetbeing, walked through the process with Forbes:

Evasi0n alters the socket that allows programs to communicate with a program called Launch Daemon, abbreviated launchd, a master process that loads first whenever an iOS device boots up and can launch applications that require “root” privileges, a step beyond the control of the OS than users are granted by default. That means that whenever an iPhone or iPad’s mobile backup runs, it automatically grants all programs access to the time zone file and, thanks to the symbolic link trick, access to launchd.

Wang described the entire process from finding the initial exploit in the iOS mobile backup system to accessing Launch Daemon and getting around code signing and restrictions at the kernel layer:

Once it’s beaten ASLR, the jailbreak uses one final bug in iOS’s USB interface that passes an address in the kernel’s memory to a program and “naively expects the user to pass it back unmolested,” according to Wang. That allows evasi0n to write to any part of the kernel it wants. The first place it writes is to the part of the kernel that restricts changes to its code–the hacker equivalent of wishing for more wishes.  ”Once you get into the kernel, no security matters any more,” says Wang. “Then we win.”

Go to Forbes to read Wang’s entire step-by-step description of the jailbreak process for evasi0n.

Here’s another third-party analysis. The verdict is the same: incredible work.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications