Checkm8-无法被软修复的硬件缺陷使 A5-A11 全系统版本的 IOS 设备越狱成为可能
Suclogger · 2019-09-28 11:06:49 +08:00 · 12313 次点击这是一个创建于 1883 天前的主题,其中的信息可能已经有所发展或是发生改变。
最近越狱社区出了个大新闻,开发者 axi0mX 放出了利用启动 rom 漏洞的脚本:Checkm8 影响芯片:A5-A11,即 iPhone 4s- iPhone x,这是个越狱界的大地震啊
What I am releasing today is not a full jailbreak with Cydia, just an exploit. Researchers and developers can use it to dump SecureROM, decrypt keybags with AES engine, and demote the device to enable JTAG. You still need additional hardware and software to use JTAG.
大家对这件事是什么看法?
第 1 条附言 · 2019-09-28 11:39:19 +08:00
再贴一段来自:Osiris Jailbreak 的解释:
这个东西可以实现什么:
What can it do?
1. 降级到任意系统版本
Tethered downgrades without SHSH2 blobs to any supported version. SEP may be a problem with this even with this exploit, I need to check.
2. 导出 SecureROM
Dumping the SecureROM (dumps the bootroom itself for research purposes).
3. 加载任何自定义的固件(这个是我最感兴趣的)
Load a custom firmware (CFW) for any purpose: jailbreak, activation, custom Apple logo, verbose boot, etc.
4. 在任意系统版本上实现越狱
Jailbreak the latest signed firmware tethered (needs a computer for every boot, even for stock).
5. 修复越狱引入的问题
Load an SSH ramdisk and fix a bootloop caused by the removal of files during Jailbreak.
6. 类似双系统
DualBoot iOS versions tethered.
7. 在 ios 设备上运行 android ( XD )
Possibly port and run Linux or Android (requires huge amounts of work)
8. 各种安全研究
Do security research and patch ANY security feature Apple introduces in Software on the newer iOS versions.
9. 绕过各种安全策略
Give no hecks about KPP / KTRR, AMFI, CoreTrust and such. No more clumsy patches but tethered.
这个东西可以实现什么:
What can it do?
1. 降级到任意系统版本
Tethered downgrades without SHSH2 blobs to any supported version. SEP may be a problem with this even with this exploit, I need to check.
2. 导出 SecureROM
Dumping the SecureROM (dumps the bootroom itself for research purposes).
3. 加载任何自定义的固件(这个是我最感兴趣的)
Load a custom firmware (CFW) for any purpose: jailbreak, activation, custom Apple logo, verbose boot, etc.
4. 在任意系统版本上实现越狱
Jailbreak the latest signed firmware tethered (needs a computer for every boot, even for stock).
5. 修复越狱引入的问题
Load an SSH ramdisk and fix a bootloop caused by the removal of files during Jailbreak.
6. 类似双系统
DualBoot iOS versions tethered.
7. 在 ios 设备上运行 android ( XD )
Possibly port and run Linux or Android (requires huge amounts of work)
8. 各种安全研究
Do security research and patch ANY security feature Apple introduces in Software on the newer iOS versions.
9. 绕过各种安全策略
Give no hecks about KPP / KTRR, AMFI, CoreTrust and such. No more clumsy patches but tethered.
第 2 条附言 · 2019-09-28 11:44:57 +08:00
拉了个群,欢迎进群吹水:
 |
1
laoyur 2019-09-28 11:12:56 +08:00
v 站已经有人发了,底下没什么反应
|
 |
2
kljsandjb 2019-09-28 11:14:47 +08:00 via iPhone
只关心会不会有 untethered jailbreak,不然懒得折腾…
|
 |
3
bookit 2019-09-28 11:16:21 +08:00
要 JTAG,一般人没这玩意,有了也很难用
|
 |
5
Suclogger OP @kljsandjb #2 #2 个人感觉,这个东西的意义在于,不受系统版本限制的越狱,是不是完美越狱,取决于如何在他的基础上二次开发
|
|
6
Suclogger OP @bookit #3 #3 原作者回复:
>Maybe someone can figure out a nice way to use JTAG on iPhone without proprietary hardware and software. I and many others would be forever grateful if someone makes that possible. 获取将来无需硬件设备也未可知 |
|
7
kljsandjb 2019-09-28 11:24:41 +08:00 via iPhone
@Suclogger 4.3.3 和 4.3.4 的区别吧,都有 hw 漏洞,但是 4.3.4 就每次要引导,二次开发就一定能完美?不了解越狱的细节,不做评价
|
|
8
Suclogger OP @kljsandjb #7 #7 嗯,看到有人说:
>This is tethered, not untethered as some people say on this sub-reddit. This means anything from Downgrades to activation to Jailbreak made with this would be tethered forever. Tethered = you need to run ipwndfu software on the computer with the phone in DFU mode everytime you wanna power on your device, otherwise it would not even boot to stock. Much more annoying than the semi-tethered jailbreaks of today. 貌似只能做到 tethered,每次启动需要重新引导 |
|
10
Suclogger OP 再贴一段来自:Osiris Jailbreak 的解释:
这个东西可以实现什么: What can it do? 1. 降级到任意系统版本 Tethered downgrades without SHSH2 blobs to any supported version. SEP may be a problem with this even with this exploit, I need to check. 2. 导出 SecureROM Dumping the SecureROM (dumps the bootroom itself for research purposes). 3. 加载任何自定义的固件(这个是我最感兴趣的) Load a custom firmware (CFW) for any purpose: jailbreak, activation, custom Apple logo, verbose boot, etc. 4. 在任意系统版本上实现越狱 Jailbreak the latest signed firmware tethered (needs a computer for every boot, even for stock). 5. 修复越狱引入的问题 Load an SSH ramdisk and fix a bootloop caused by the removal of files during Jailbreak. 6. 类似双系统 DualBoot iOS versions tethered. 7. 在 ios 设备上运行 android ( XD ) Possibly port and run Linux or Android (requires huge amounts of work) 8. 各种安全研究 Do security research and patch ANY security feature Apple introduces in Software on the newer iOS versions. 9. 绕过各种安全策略 Give no hecks about KPP / KTRR, AMFI, CoreTrust and such. No more clumsy patches but tethered. |
 |
11
orzOEZ 2019-09-28 12:38:38 +08:00 via iPhone
群在哪?
|
 |
12
zro 2019-09-28 15:18:53 +08:00
好想快点看到运行 Android 的 iPhone/iPad
 |
 |
13
tianyu1234 2019-09-28 17:10:16 +08:00 via iPhone
@zro 卡出翔吧,内存太小了
|
 |
14
iwtbauh 2019-09-28 18:49:45 +08:00 via Android
好想快点看到运行 Debian GNU/Linux 的 iPhone/iPad (认真脸)
|
|
15
iwtbauh 2019-09-28 18:52:49 +08:00 via Android
@tianyu1234 2G RAM 的 Android Pie 手机,用着很流畅啊。(国产流氓软件绿色守护伺候一下即可
|
 |
16
learningman 2019-09-28 18:54:37 +08:00 via Android
@iwtbauh 但是比苹果便宜多了
|
 |
17
konyeth 2019-09-28 22:37:47 +08:00 via iPhone
如果 a12 的 ipad pro 12.9 可以用就更好了
不过能折腾手机,也足够了 |
 |
18
sephinh 2019-09-28 23:48:18 +08:00 via iPhone
任意版本降级就 ok,越狱现在半残好歹有了
|
 |
19
zhaidoudou123 2019-09-28 23:58:15 +08:00
回想起 a4 时候每一代 iOS 都立马有不完美越狱
|
 |
20
hronro 2019-09-29 08:59:16 +08:00
我只想把我的 iPad Pro 10.5 降级到 iOS 10.3.3,现在有相关教程了么?
|
 |
21
byuan04 2019-09-29 10:03:35 +08:00
该群不存在
|
 |
22
xiaoke 2019-09-29 11:34:40 +08:00
期待完美越狱,那就可以换回苹果了
|
 |
23
Dashit 2019-09-29 12:08:22 +08:00
该群已不存在。
|
 |
24
bigsb 2019-09-30 15:39:40 +08:00
该群已不存在。
|
Select Language