V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
Suclogger
V2EX  ›  iPhone

Checkm8-无法被软修复的硬件缺陷使 A5-A11 全系统版本的 IOS 设备越狱成为可能

  •  
  •   Suclogger · 2019-09-28 11:06:49 +08:00 · 12136 次点击
    这是一个创建于 1874 天前的主题,其中的信息可能已经有所发展或是发生改变。

    最近越狱社区出了个大新闻,开发者 axi0mX 放出了利用启动 rom 漏洞的脚本:Checkm8 影响芯片:A5-A11,即 iPhone 4s- iPhone x,这是个越狱界的大地震啊

    What I am releasing today is not a full jailbreak with Cydia, just an exploit. Researchers and developers can use it to dump SecureROM, decrypt keybags with AES engine, and demote the device to enable JTAG. You still need additional hardware and software to use JTAG.

    大家对这件事是什么看法?

    第 1 条附言  ·  2019-09-28 11:39:19 +08:00
    再贴一段来自:Osiris Jailbreak 的解释:
    这个东西可以实现什么:
    What can it do?
    1. 降级到任意系统版本
    Tethered downgrades without SHSH2 blobs to any supported version. SEP may be a problem with this even with this exploit, I need to check.
    2. 导出 SecureROM
    Dumping the SecureROM (dumps the bootroom itself for research purposes).
    3. 加载任何自定义的固件(这个是我最感兴趣的)
    Load a custom firmware (CFW) for any purpose: jailbreak, activation, custom Apple logo, verbose boot, etc.
    4. 在任意系统版本上实现越狱
    Jailbreak the latest signed firmware tethered (needs a computer for every boot, even for stock).
    5. 修复越狱引入的问题
    Load an SSH ramdisk and fix a bootloop caused by the removal of files during Jailbreak.
    6. 类似双系统
    DualBoot iOS versions tethered.
    7. 在 ios 设备上运行 android ( XD )
    Possibly port and run Linux or Android (requires huge amounts of work)
    8. 各种安全研究
    Do security research and patch ANY security feature Apple introduces in Software on the newer iOS versions.
    9. 绕过各种安全策略
    Give no hecks about KPP / KTRR, AMFI, CoreTrust and such. No more clumsy patches but tethered.
    第 2 条附言  ·  2019-09-28 11:44:57 +08:00

    拉了个群,欢迎进群吹水:

    pic

    24 条回复    2019-09-30 15:39:40 +08:00
    laoyur
        1
    laoyur  
       2019-09-28 11:12:56 +08:00
    v 站已经有人发了,底下没什么反应
    kljsandjb
        2
    kljsandjb  
       2019-09-28 11:14:47 +08:00 via iPhone
    只关心会不会有 untethered jailbreak,不然懒得折腾…
    bookit
        3
    bookit  
       2019-09-28 11:16:21 +08:00
    要 JTAG,一般人没这玩意,有了也很难用
    Suclogger
        4
    Suclogger  
    OP
       2019-09-28 11:17:57 +08:00
    @laoyur #1 #1 貌似没搜到,被降权了么
    Suclogger
        5
    Suclogger  
    OP
       2019-09-28 11:18:46 +08:00
    @kljsandjb #2 #2 个人感觉,这个东西的意义在于,不受系统版本限制的越狱,是不是完美越狱,取决于如何在他的基础上二次开发
    Suclogger
        6
    Suclogger  
    OP
       2019-09-28 11:19:46 +08:00
    @bookit #3 #3 原作者回复:

    >Maybe someone can figure out a nice way to use JTAG on iPhone without proprietary hardware and software. I and many others would be forever grateful if someone makes that possible.

    获取将来无需硬件设备也未可知
    kljsandjb
        7
    kljsandjb  
       2019-09-28 11:24:41 +08:00 via iPhone
    @Suclogger 4.3.3 和 4.3.4 的区别吧,都有 hw 漏洞,但是 4.3.4 就每次要引导,二次开发就一定能完美?不了解越狱的细节,不做评价
    Suclogger
        8
    Suclogger  
    OP
       2019-09-28 11:25:59 +08:00
    @kljsandjb #7 #7 嗯,看到有人说:

    >This is tethered, not untethered as some people say on this sub-reddit. This means anything from Downgrades to activation to Jailbreak made with this would be tethered forever. Tethered = you need to run ipwndfu software on the computer with the phone in DFU mode everytime you wanna power on your device, otherwise it would not even boot to stock. Much more annoying than the semi-tethered jailbreaks of today.

    貌似只能做到 tethered,每次启动需要重新引导
    kljsandjb
        9
    kljsandjb  
       2019-09-28 11:28:14 +08:00 via iPhone
    @Suclogger 看到了,谢谢。这个确实够 annoying 的,现在过了折腾的年龄了
    Suclogger
        10
    Suclogger  
    OP
       2019-09-28 11:34:48 +08:00
    再贴一段来自:Osiris Jailbreak 的解释:
    这个东西可以实现什么:
    What can it do?
    1. 降级到任意系统版本
    Tethered downgrades without SHSH2 blobs to any supported version. SEP may be a problem with this even with this exploit, I need to check.
    2. 导出 SecureROM
    Dumping the SecureROM (dumps the bootroom itself for research purposes).
    3. 加载任何自定义的固件(这个是我最感兴趣的)
    Load a custom firmware (CFW) for any purpose: jailbreak, activation, custom Apple logo, verbose boot, etc.
    4. 在任意系统版本上实现越狱
    Jailbreak the latest signed firmware tethered (needs a computer for every boot, even for stock).
    5. 修复越狱引入的问题
    Load an SSH ramdisk and fix a bootloop caused by the removal of files during Jailbreak.
    6. 类似双系统
    DualBoot iOS versions tethered.
    7. 在 ios 设备上运行 android ( XD )
    Possibly port and run Linux or Android (requires huge amounts of work)
    8. 各种安全研究
    Do security research and patch ANY security feature Apple introduces in Software on the newer iOS versions.
    9. 绕过各种安全策略
    Give no hecks about KPP / KTRR, AMFI, CoreTrust and such. No more clumsy patches but tethered.
    orzOEZ
        11
    orzOEZ  
       2019-09-28 12:38:38 +08:00 via iPhone
    群在哪?
    zro
        12
    zro  
       2019-09-28 15:18:53 +08:00
    好想快点看到运行 Android 的 iPhone/iPad
    tianyu1234
        13
    tianyu1234  
       2019-09-28 17:10:16 +08:00 via iPhone
    @zro 卡出翔吧,内存太小了
    iwtbauh
        14
    iwtbauh  
       2019-09-28 18:49:45 +08:00 via Android
    好想快点看到运行 Debian GNU/Linux 的 iPhone/iPad (认真脸)
    iwtbauh
        15
    iwtbauh  
       2019-09-28 18:52:49 +08:00 via Android
    @tianyu1234 2G RAM 的 Android Pie 手机,用着很流畅啊。(国产流氓软件绿色守护伺候一下即可
    learningman
        16
    learningman  
       2019-09-28 18:54:37 +08:00 via Android
    @iwtbauh 但是比苹果便宜多了
    konyeth
        17
    konyeth  
       2019-09-28 22:37:47 +08:00 via iPhone
    如果 a12 的 ipad pro 12.9 可以用就更好了
    不过能折腾手机,也足够了
    sephinh
        18
    sephinh  
       2019-09-28 23:48:18 +08:00 via iPhone
    任意版本降级就 ok,越狱现在半残好歹有了
    zhaidoudou123
        19
    zhaidoudou123  
       2019-09-28 23:58:15 +08:00
    回想起 a4 时候每一代 iOS 都立马有不完美越狱
    hronro
        20
    hronro  
       2019-09-29 08:59:16 +08:00
    我只想把我的 iPad Pro 10.5 降级到 iOS 10.3.3,现在有相关教程了么?
    byuan04
        21
    byuan04  
       2019-09-29 10:03:35 +08:00
    该群不存在
    xiaoke
        22
    xiaoke  
       2019-09-29 11:34:40 +08:00
    期待完美越狱,那就可以换回苹果了
    Dashit
        23
    Dashit  
       2019-09-29 12:08:22 +08:00
    该群已不存在。
    bigsb
        24
    bigsb  
       2019-09-30 15:39:40 +08:00
    该群已不存在。
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   5698 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 21ms · UTC 06:28 · PVG 14:28 · LAX 22:28 · JFK 01:28
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.