On Monday, December 30, 2013 an iOS 6.1.3, 6.1.4, 6.1.5 untethered jailbreak all iPhones, iPads and iPods was released by @iH8sn0w and @winocm. Its name is p0sixspwn. While many in the jailbreak community should be pleased — particularly those with the iPhone 3GS and other iDevices which don't support the latest iOS 7 jailbreak — it seems this iOS 6.1.3-6.1.5 jailbreak came at a high cost, as other exploits reportedly could have been used to produce the same result.
On Monday morning, Evad3rs team member and evasi0n7 creator Cyril Cattiaux aka @Pod2g posted a series of tweets with regard to how the new p0sixspwn jailbreak was created and released.
— pod2g (@pod2g) December 30, 2013
While the jailbreak community has been extremely torn by the events of the last week, and few know where to place their loyalty, this latest drama seems like just one more hit to those who simply want to enjoy the freedom jailbreaks provide to their iOS devices.
Throughout the evasi0n7 debacle, @pod2g has been the most vocal of the evad3rs team members since the TaiG debacle, taking responsibility for the damage done and working to rebuild the bridge that was burned with @Saurik. Though the team did release two public letters to the community to explain the situation and offer apology, he has remained the most active with the community in the last few days. But this morning's tweets seemed to show some frustration with the on-going drama that runs even deeper than has been completely told. It seems in releasing their new jailbreak for iOS 6X, @iH8sn0w and @winocm burnt some incredibly valuable exploits which have been kept carefully by the jailbreak developers for use in research when new iOS devices and firmwares are released. The most unsettling part of all is that burning that exploit was not a necessity.
.@pod2g @comex and they have two other invaluable exploits that could have been used instead :( — Nikias Bassen (@pimskeks) December 30, 2013
So what does all of today's drama mean for the jailbreak community? In speaking to @pod2g this morning, it seems the loss is not a small one.
"They talked a lot of sh-- about us, but now they've burnt valuable stuff just for 6.1.x ... nobody looked at their jailbreak tool, but they burnt something allowing root on all devices without any effort. Something that jailbreakers were aware of for years now. Something that's usually the entry point for jailbreak research on new iOS versions and devices. Root code execution. Something that usually requires multiple exploits to achieve."
In hearing this description, numerous questions came into my mind. What will happen in the future if Apple patches this exploit? Could it be used in a downgrade tool? If Apple doesn't patch the exploit will a 7.1 jailbreak be released? Both @pod2g and @comex were gracious enough to give me some comment on these points.
According to @comex, though the exploit burned is valuable, it does not completely negate the ability to create future jailbreaks. According to the former jailbreak developer, "it makes things more difficult, but not impossible."
To that @pod2g added,
"Implications are that it'll make life of jailbreakers even harder for future iOS jailbreak developments. And I suppose that we'll never find another root execution and injection exploit of this kind in the future. Basically, it allows files to be made available in the device file system (injection) and allows to execute code as root. For example, we could setup afc2 on new iOS versions to play with the file system and find vulnerabilities."
This exploit, along with some others, was the same one @chpwn used last fall when he produced the infamous iOS 6 failbreak, which prematurely raised the community's hopes. In seeing the value that this particular exploit holds, I asked Cyril if a downgrade tool was in the works, or if by chance, Apple doesn't patch the exploit in 7.1, would the evad3rs be releasing an iOS 7.1 jailbreak using it.
Here is how he replied.
"A downgrade tool is a completely different story. It requires breaking the boot chain of trust."
As to a possible iOS 7.1 jailbreak, this was his response.
"It depends on what Apple patches ... let's say we'd want to burn it for iOS 7.1, we would also need a unsigned code execution vulnerability, a kernel exploit, and a way to stick that at boot."
To that he added,
"But even if we still had that injection and root stuff, not sure that we would release it, because of its value."
To emphasize just how valuable the exploit is, @pod2g takes his explanation a bit further.
"A jailbreak is a whole chain of exploits ... that exploit of @comex's that we did not want to burn in evasi0n7 [would require] 5 vulnerabilities to do the same thing. That's why it is so valuable. The fact that Apple did not patched it in years also is important. It means that it is probably the last thing you'd like to burn when there's nothing remaining."
As a final question, I did ask Cyril what his thoughts were on why @winocm and @iH8sn0w would burn such valuable exploits in the iOS 6.1.3 - 6.1.5 p0sixpwn jailbreak released Monday. Was it truly spite?
To that there seems to be no answer. Cyril's only response was:
"Why? I dunno. Perhaps they were not aware it still works on newer versions."
I have reached out to @winocm and @iH8sn0w for a response, but thus far have received no reply. If they submit a rebuttal, I will update this post. To download and install @winocm and @iH8sn0w's iOS 6.1.3 - 6.1.5 jailbreak, visit p0sixspwn.com
Like this article?