Is jailbreaking dead? No. A quick search on Twitter or on Reddit, and it’s obvious that the passion for jailbreaking continues to ebb and flow throughout the community. Jailbreaking isn’t dead as some may think, but no one can discount the fact that it’s entered a sustained lull. Expand Expanding Close
Researchers from Palo Alto Networks have discovered that a piece of iOS malware successfully stole more than 225,000 Apple IDs and passwords from jailbroken phones, using them to make purchases from the official App Store. The malware, dubbed KeyRaider, also has the ability to remotely lock jailbroken iOS devices in order to hold them to ransom.
These two tweaks will hijack app purchase requests, download stolen accounts or purchase receipts from the C2 server, then emulate the iTunes protocol to log in to Apple’s server and purchase apps or other items requested by users. The tweaks have been downloaded over 20,000 times, which suggests around 20,000 users are abusing the 225,000 stolen credentials.
However, it’s extremely unlikely that you’re at risk: the malware can only run on jailbroken devices, and appears to spread through only one set of Cydia repositories, run by Weiphone.
The malware was used in two tweaks that allow those running them to download paid apps and make in-app purchases from Apple’s official App Store without payment. The tweaks used the stolen credentials to make the purchases.
If you think your iPhone or iPad may be at risk, Palo Alto Networks has provided the following instructions to detect and remove the malware. Further details over at the company’s lengthy blog entry.
Users can use the following method to determine by themselves whether their iOS devices was infected:
Install openssh server through Cydia
Connect to the device through SSH
Go to /Library/MobileSubstrate/DynamicLibraries/, and grep for these strings to all files under this directory:
wushidou
gotoip4
bamu
getHanzi
If any dylib file contains any one of these strings, we urge users to delete it and delete the plist file with the same filename, then reboot the device.
We also suggest all affected users change their Apple account password after removing the malware, and enable two-factor verifications for Apple IDs.
The company also notes that not jailbreaking iOS devices is the only way to protect against such exploitation.
Hundreds of iOS developers have been working with Apple in secret Cupertino-based sessions on apps for the Apple Watch, and now we’ve learned that this list includes game developers. According to two sources, multiple “mass market, casual” game developers have been in the running to show off light games on stage during Monday’s “Spring Forward” event in San Francisco. While Apple could end up not showcasing games next week, we’re still told that they are championing the idea of light weight gaming on the Apple Watch. As one source said, “the iOS gaming ecosystem will be well represented on the Apple Watch despite [the simplicity] of the Software Development Kit (SDK)…
Cydia creator Jay Freeman (better known as Saurik) has tweeted that the Pangu jailbreak for iOS 8.0 to 8.1 is now “stable enough” for use.
We first saw a developer version of the jailbreak last month, with a user version released a week later, complete with Cydia installer. The installer is Windows-only, but it’s an untethered jailbreak, so once it’s done you won’t need to reconnect to a PC following a reboot … Expand Expanding Close
Security researcher Stefan Esser (via ArsTechnica) has discovered that an issue reported on Reddit as causing crashes on jailbroken iPhones and iPads is actually a piece of malware designed to capture Apple IDs and passwords from infected devices.
This malware appears to have Chinese origin and comes as a library called Unflod.dylib that hooks into all running processes of jailbroken iDevices and listens to outgoing SSL connections. From these connections it tries to steal the device’s Apple-ID and corresponding password and sends them in plaintext to servers with IP addresses in control of US hosting companies for apparently Chinese customers.
Early indications are that the source of the malware is likely to have been from a tweak downloaded from somewhere outside of Cydia. Esser has identified that the code only runs on 32-bit devices, meaning that the iPhone 5s, iPad Air and iPad mini with Retina display are safe, while other devices are vulnerable.
The blog post says that the malware is easy to check for, but may not be easy to remove. Using SSH/Terminal, check the path /Library/MobileSubstrate/DynamicLibraries/ for the presence of either Unflod.dylib or framework.dylib.
Currently the jailbreak community believes that deleting the Unflod.dylib/framework.dylib binary and changing the apple-id’s password afterwards is enough to recover from this attack. However it is still unknown how the dynamic library ends up on the device in the first place and therefore it is also unknown if it comes with additional malware gifts.
We therefore believe that the only safe way of removal is a full restore, which means the removal and loss of the jailbreak.
Cydia developer Jay Freeman, aka Saurik, pointed out on Reddit that adding random download URLs to Cydia is as risky as opening attachments received in spam emails.
nds4ios has released a special version of the app that runs on non-jailbroken devices using a sneaky workaround. As the app is not available in the App Store, previously the app could only be installed on jailbroken devices, such as through the Cydia jailbreak app store. The app gets around Apple’s restrictions by using an enterprise provisioning profile reports TourchArcade. This is normally meant for businesses to distribute apps to company employees, but nds4ios is exploiting it as a way to enable widespread app distribution. Find install instructions after the break.
Following the success of Hashbang Productions’ iOS jailbreak tweak TypeStatus, the development group has released a beta version of the tweak for OS X. TypeStatus for Mac will provide simple system-wide notifications in the OS X menu bar when your iMessage has been read or someone is typing a response.
Jailbreaking may be for those who want the freedom to step outside of what Apple has decided iOS devices should do, but even jailbreakers are not immune to the influence of the company’s design guidelines, it seems.
The Cydia app, which allows users of jailbroken iPhones and iPads to install software not available on the App Store, has been updated with a flat look, bright colors and translucent overlays in line with iOS 7. This follows the surprise release of an iOS 7-compatible untethered jailbreak by the Evasi0n team.
There’s perhaps a small amount of rebellion in the fact that the app’s icon has not yet been updated to an iOS 7 look.
A thank-you for help with the new look was tweeted by @saurik. Video of the new app below the break …
Screenshot by <a href="https://twitter.com/saurik/status/414810297937838080">@saurik</a>.
(Updates below)
This morning, the evad3rs released the first public iOS 7 jailbreak. At the time, it seemed like something was off because other key members of the community had not been informed of the upcoming release. For instance, Jay Freeman (@Saurik on Twitter) had not been notified and as such the version of Cydia bundled was not official or up-to-date.
It turns out, however, that more questionable activity has taken place. The evasion jailbreak includes a Chinese ‘alternative’ app store, which is full of cracked versions of real apps and games found in Apple’s App Store.
We heard reports that yesterday’s Chrome browser update is crashing on Jailbroken iPhones. It appears there was some code that detected jailbreaks in the browser and assumed that crash-reporting was enabled. The fix is unsurprisingly enabling crash reporting.
We have found a bug that affects jailbroken devices with crash reporting and metrics *disabled*. The fix will be in our next release (we can’t say when that will be, please don’t ask).
One workaround is to enable crash reporting. Open “Library/Application Support/Google/Chrome/Local State” and change the “reporting_enabled” flag to “true”. That will enable reporting without needing to reinstall the app. Mind you, we haven’t tested this ourselves. :-) If you do not wish to do this, or are not comfortable doing this, you’ll need to wait for the next release. The other workaround is to uninstall and re-install and enable crash reporting, but you might lose data if you don’t use sync.
For those who are hitting crashes with 3rd-party add-ons, this workaround is not sufficient and you will need to contact the 3rd-party developer directly and have them update their add-on to work with Chrome M25.
@googlechrome Your jailbreak detection code has a scheduling issue. Bet it's fun explaining to Apple why you need a fast update.
With each new release of an iPhone, jailbreaking becomes just one step more difficult. Throw in constant OS updates, and it’s amazing the hacker community is able to jailbreak it at all. So, it’s no surprise it has taken more than four months for an official jailbreak to be released for the iPhone 5.
On Sunday, that may change. A group of jailbreakers, known as the Evad3rs, plan to release its jailbreak tool: Evasi0n. The website, which claimed the team is “Processing the GUI”, has a very clean and simple layout. If all goes as planned and Evasi0n is released on Sunday, it very well may be the easiest jailbreak tool since JailBreakMe.
Evasi0n is an iOS 6.1 jailbreak said to support the iPhone 5, 4S, 4, 3GS, fourth- and fifth-generation iPod Touch, as well as the iPad mini and third- and fourth-generation iPad. Oh, and it is legal after all.
First, the good news. The legal shield for jailbreaking and rooting your phone remains up – it’ll protect us at least through 2015. The shield for unlocking your phone is down, but carriers probably aren’t going to start suing customers en masse, RIAA-style. And the Copyright Office’s decision, contrary to what some sensational headlines have said, doesn’t necessarily make unlocking illegal.
Carrier unlocking is murky, but it appears that phones bought before last weekend are fair game for unlocking. Go nuts!
But, new phones? It sounds like the risk is on the “unlockers” or the people who do the unlocking.
More likely, wireless carriers, or even federal prosecutors, will be emboldened to sue not individuals, but rather businesses that unlock and resell phones. If a court rules in favor of the carriers, penalties can be stiff – up to $2,500 per unlocked phone in a civil suit, and $500,000 or five years in prison in a criminal case where the unlocking is done for “commercial advantage.” And this could happen even for phones that are no longer under contract. So we’re really not free to do as we want with devices that we own.
What’s interesting is a cottage industry has formed around unlocking done by actually getting the carriers to unlock your phone. For instance, friend of the site, ChronicUnlocks is still in operation in the United States, and we’re hearing nothing but good things from readers who’ve bought unlocks. The site says:
Famed iOS hacker Comex tweeted today that his internship at Apple has ceased. “So… no point in delaying,” he said to 195,000 followers. “As of last week, after about a year, I’m no longer associated with Apple.” Comex, whose real name Nicholas Allegra, explained to Forbes that his employment at Apple was terminated for not responding to an email. Forbes Andy Greenberg wrote:
When I followed up with Allegra in a phone call, he explained that the email he forgot to answer was an offer to continue his employment at Apple as a remote intern. At Apple, apparently, offer letters are taken rather seriously, and Allegra soon learned that his had been rescinded. “I wasn’t too happy about it, but it didn’t seem like I was able to fix it,” he says. “So that’s what it is.”
Before joining Apple as an intern over a year ago, Comex’s hacking work most notably included JailbreakMe. It is a popular tool to jailbreak iOS devices through an exploit within Safari. He also developed another popular jailbreak tool called “Spirit”. Expand Expanding Close
Update 2, July 03, 2012: It looks like Apple has now pulled the Display Recorder app from the App Store.
The ability to record your iOS display was a functionality previously limited to a Cydia app for jailbroken iPhone users that is called “Display Recorder.” As noted by JBN, Apple has allowed an app of the same name, and with even more screen recording functionality, into the App Store. The App Store version of Display Recorder, released by Bugun Software, allows you to export to YouTube or your Camera Roll, adjust video and audio settings, and settles for recording and merging audio picked up by the built-in microphone.
It appears the app might take a succession of screenshots to compile the video. Apple does not allow third-party screen capturing apps for even screenshots into the App Store (apart from third-party browser apps), because it would mimic the native screenshot functionality in iOS. It is possible Apple will pull the Display Recorder app, but it is still available in at least the U.S. and Canadian App Stores for $1.99. A video of the app in action, courtesy of JBN, is below. We will let you know if Apple decides to pull it.
Update: The developer of the original Cydia Display Recorder app, Ryan Petrich, confirmed in a tweet (above) that he is not affiliated with the new app. He also filed a complaint with Apple.
A jailbroken iPhone simply means it is freed from the limitations imposed by Apple for safety measures. It gives users extensive access to the internal system with options to install non-App Store third-party software. The procedure, however, voids Apple and carriers’ warranty offerings.
SquareTrade’s Vice President of Strategy Vince Tseng told 9to5Mac exclusively that jailbroken iPhones are eligible for coverage, but the firm does not cover issues that occur as a result of jailbreaking. When jailbreak-related software mishaps occur, Tseng said SquareTrade will only provide support options. Moreover, iPhones with jailbreak-related hardware mishaps are not eligible for coverage, and such situations will void any SquareTrade warranty.
The warranty offered through SquareTrade covers when a “techie” jailbreaks an iPhone, and then drops or breaks it. At that point, the coverage guarantees a replacement or repaired smartphone—depending on a user’s preference and case. The inclusive change affects both existing and new coverage holders.
“The warranty service is for all iOS devices,” Tseng further elaborated, “and it covers four claims, where as Apple only covers two claims.”
Pedro Franceschi’s Quasar jailbreak adds window app management to the iPad, which allows a user to operate and view multiple apps by entering and exiting full screen, resizing, changing orientation, and rearranging them simultaneously.
The above video demonstrates the tweak, and it should surely entice those whom are sick of double-tapping the iPad’s home button to switch between a dozen open apps. It also looks enticing for iPhone-optimized apps on the iPad that lack a tablet counterpart. However, it may seem useless for a slew of apps that require full screen usage.
According to Above the Law, the original iPhone jailbreaker, Geohot, was arrested for felony possession of marijuana while at an international border crossing on his way to SXSW. According to the report, the arresting border patrol officers may have been outside of their jurisdiction (and likely measured improperly).
Before you rush to judge the guy, remember Steve Jobs’ thoughts on mind-altering substances (and phone hacking). If you have jailbroken using any of the “xxxRain” jailbreaking tools, you have used Geohot’s work. He also recently worked at both Google and Facebook (and Lady Gaga’s BackPlane).
Apple usually disables jailbreaks in new software releases. That is part of the reason why it took so long for Absinthe to debut for the iPhone 4S. It appears that Apple is also trying to break Siri running on unsupported devices, such as the iPhone 4. Many people who use Spire, the popular Siri port for the iPhone 4, have reported Siri is now disabled on their unsupported device. Has another cat and mouse game begun?
Historically, to get Siri working on an older device, you only need a server host and an iPhone 4S certificate. However, Apple apparently added a “SetActivationToken” that breaks services like Spire.
Just as quick, hackers have found a temporary workaround to get Spire working again. The fix is simply to delete “com.apple.assistant.plist” and the service should work again.
On Friday, the Chronic-Dev team (along with a few other contributors) released “Absinthe,” the long-awaited free unteathered jailbreak tool for the iPhone 4S and iPad 2. Today, the team updated us with a few interesting statistics. The shocker is that 1 million people jailbroke their A5 device in under three days.
The Chronic-Dev team were able to get such exact numbers thanks to statistics from Cydia, the popular app marketplace that comes bundled with the jailbreak. The team was able to specifically pin-point how many installs were on each device: 491,325 on an iPhone 4S; 308,967 on an iPad 2; and, 152,940 on an iPad 2 that had been previously jailbroken (iOS 4). These are certainly impressive numbers.
Like always, the Chronic-Dev team reminds you not upgrade off of 5.0.1 if you intend to keep the jailbreak. Did you jailbreak your A5 device this weekend? If you did not, make sure to check out the tutorial after the break:
UPDATE: If you’re getting the “Error establishing a database connection” when launching the jailbreak tool, hacker PlanetBeingtweeted a simple workaround solution: Go to Settings and enable VPN under Network.
According to hacker p0sixninja, the jailbreak community just posted an untethered jailbreak solution for A5-driven devices running iOS 5.0 or iOS 5.0.1. The software is a long expected follow-up to an untethered iOS 5.0.1 exploit for non-A5 devices, released last December. According to a blog post, the new jailbreak is called “Absinthe A5,” and it was not exactly a walk in the park.
The updated greenpois0n tool is now available for download here. It’s Mac-only, but Windows version is “coming soon”. The application lets iPad 2 and iPhone 4S owners finally jailbreak their device without the need to tether it to a computer upon each reboot. This jailbreak can be used with both iPhone 4S running iOS 5.0 build 9A334 and iOS 5.0.1 (builds 9A405 and 9A406) and iPad 2 running iOS 5.0.1 build 9A405.
Hacker Pod2g posted an interesting video this morning on his blog that shows a working untethered jailbreak performed on the iPhone 4S with iOS 5.0.1. It runs without a hiccup and the device easily reboots after the jailbreak without needing to tether it to a computer. The video is credited to Dustin Howett, a Chronic Dev Team member.
According to Pod2g, with “only a few to wait now,” an untethered jailbreak for iPhone 4S and iPad 2 is around the corner. The video demonstration follows a flurry of Twitter activity last week that indicated that jailbreak community is now close to releasing a jailbreak solution for A5-driven iOS devices running iOS 5.0.1. Note that an untethered jailbreak for non-A5 devices running iOS 5.0.1 has been available since the end of 2011.
Chronic Dev Team is putting finishing touches on what is set to become the world’s first untethered jailbreak solution for iOS 5 and 5.0.1. Team member and French hacker pod2g just released this video showing off the jailbreak, which appears to be near-complete and functioning properly.
Unlike tethered, untethered jailbreak does not require that the device be connected to a computer each time it needs to be booted. It appears you won’t be able to untether with iOS 5.0.1 using Chronic’s tool, but pod2g did confirm that the iOS 5 untether will work on iOS 5.0.1:
Tons of questions from my nice followers. Too early to answer. Will work on iOS 5.0.1, will try iPad 2 and 4S after others are ready.
Yesterday, iOS hackers Conrad and Chpwnexposed the upcoming panorama mode in the iOS camera app that we previously revealed. While you can enable it a little easier by using the jailbreak tweak available on Cydia, for those of us who don’t jailbreak, Funky Space Monkeyshows us how to do it. We followed the steps, and it works just fine!
3. Open iBackupBot and find the backup, then load it.
4. Find Library/Preferences/com.apple.mobileslideshow.plist and open the file. (if your software isn’t registered you’ll have to press cancel and then it will open)