How The Evasi0n iOS 6.x Untethered Jailbreak Works

Today was an awesome day for the Jailbreaking community! For the first time in nearly a year an Untethered Jailbreak was released that works on all devices including the iPhone 5 and 4th generation iPad with Retina display. The Jailbreak worked almost flawlessly, with only some people reporting errors with the stock Weather app. The Evasi0n iOS 6.x Untethered Jailbreak was downloaded a whopping 100,000 times in only 10 minutes as well, which proves this will likely be the biggest adoption rate for Jailbroken devices the community has ever seen.

As Jailbreaking tools nowadays are so well tested, it is easy for people to forget just how complex they really are. Sure a Jailbreaking tool looks simple behind the graphical user interface (GUI), but underneath it is the work of hundreds of hours from some of the brightest minds in the exploitation / hacking industry.

Braden Thomas from Accuvant Labs has recently provided a detailed explanation on how Evasi0n was accomplished. It is definitely a technical read that is not for the feint hearted, but the introduction provides a somewhat helpful overview.

Evasi0n’s userland component is very unique, because it is entirely filesystem-based.  It doesn’t require memory corruption to escalate privileges from mobile to root.  Perhaps it was named evasi0n because it evades all the userland exploit defenses instead of attacking them head-on.

Evasi0n works in 3 stages that are described below.  All of the stages use functionality on the phone exposed by MobileBackup, the daemon used to backup user data from the device, and restore backups back to the device.  Since backups are created by the user’s device, and must be interchangeable between devices, they cannot be easily cryptographically signed, so they are essentially untrusted data.

How-Evasi0n-Works

Something to point out with Evasi0n is unlike Jailbreaking exploits used with JailbreakMe, Evasi0n’s is less dangerous in terms of what it could do in the hands of a malicious hacker. Thomas explains:

Uunlike the previous jailbreakme.com exploits, which could be used against an unwitting victim, jailbreaks that require USB tethering have a lower security impact, and are usually only useful to the phone’s owner.  Attackers are less interested because iPhones with a passcode set will refuse to communicate over USB if they are locked, unless they have previously paired with the connecting computer.  So your phone is stolen and it’s locked, attackers won’t be able to jailbreak it.  Therefore, only malicious code already running on your computer can leverage USB jailbreaks nefariously.

Definitely check out the entire article on Accuvant Labs if you are curious about all the technicalities. I think now would be a good time to remind you that if you enjoyed the iOS 6.x Untethered Jailbreak released by the Evad3rs donate to all the hard work and effort that went into it (or click their ads hehe).

Don't forget to follow iJailbreak.com on Facebook, Twitter and Google+. Be sure to check out our partnership page where you can get mentorship on starting your own business online.
  • Mike

    how to install appsync?

  • http://www.facebook.com/Anamovich Anamovich

    after jailbreak if evasi0n, if i add new repo. there is always show “Bad URL”. How To fix it

  • Kelvin

    seems messed up wif Cydia tho.. ><

  • http://www.facebook.com/Dr.sick.8 DRsick Doc

    after the jailbreak when i power off the iPhone and turn it on it stuck in apple logo i try to hold on home button about 6 sec and it work >in 4S

  • Bill

    there’s a appsync on the sinfuliphone repo hackyouriphone

  • http://twitter.com/J_Private_dev J Private Dev

    Soooooo, how does it work?

  • DraqonX

    The servers are probably full, Activator Tweak downloaded 500 times in 2 seconds..

    Try other sources for repos

  • Aaron

    shockingly no INSTALLOUS 6 available..how to downloads cracked apps?

  • http://thedevicedr.wordpress.com/ thedevicedr

    To quote Dr. Peter Venkman… “My friend, don’t be a jerk.”

  • Arod381

    VShare, Appcake, Zeusmos
    Just to name a few

  • http://twitter.com/RileyFreeman Riley Freeman

    Ther are definitely bugs. If you reboot your phone it causes problems that you have to hold home and power button and hen let it boot up again. It’s a pain in the ass and while I appreciate their work this is somethig that could be a huge issue in a life an death situation

  • jasper1234

    ipastore is good