Famous iOS hacker and member of Evad3rs jailbeak team David Wang dubbed planetbeing who Evasi0n jailbreak iOS 6.x recently for newer iOS devices like iPhone 5 has answered questions on reddit on a range of topics such as the future of jailbreaking, working for Apple etc, why does he jailbreak his iOS device, his favorite jailbreak tweaks etc.
Has Apple ever contacted you, or the evad3rs, for any reason (outside of regular business that Apple conducts with its customers/developers)
Yes. I got a job offer once. As far as I know, all jailbreaker interactions with Apple have been pretty positive, especially in contrast with what companies like Sony apparently do.
I didn’t take it for personal and logistical reasons. At the time I was in Canada with a complicated visa situation. It wasn’t a solid offer anyway. I’m sure I’d’ve had to interview, etc., first but I didn’t choose to get much into the process at all.
How do you feel the future of jailbreaking looks based on how long this release took? Do you think Apple will ever just release an open iOS?
It’s hard to say. Apple has successfully mitigated many vectors of attack in iOS 6. In this current jailbreak, we “evaded” Apple’s mitigations in the userland with several vulnerabilities I would perhaps characterize as “lame”, since these mistakes are a throwback to earlier days of iOS jailbreaking where we primarily used filesystem tricks. We only attacked Apple’s hardened security head-on in the kernel. “Lame” vulnerabilities tend to be hard to find, however, so it’s likely the next jailbreak will be tougher. That said, we also retain a few tricks that may or may not help in the future. Who knows what the weight of each factor should be when trying to determine how long the next jailbreak will take.
I think the ship has sailed for Apple to consider shipping an open iOS. The furthest they might have gone was perhaps allowing you to unlock the bootloader like the Google Nexus phones. However, I don’t think they currently have a compelling reason to.
I understand that the AppleTV jailbreaks are usually an afterthought compared to iPhones/iPads/iPods, but do you ever see it becoming a priority or a focus?
Personally, I only work on stuff that I own and use. For example, when I was in Canada and someone sent me an American locked iPhone 4, I worked really hard on an unlock for it. I don’t really see the appeal of an Apple TV at all so it’s not something I’d likely work on, particularly since the injection part would be significantly harder anyway.
Nothing is impossible, it’s just that some things fall below the intersection of difficulty and level of interest for people.
What is your opinion on what future iOS versions will bring? Mainly thinking of widgets supported natively (similar to Android).
When I first saw the SBWeeApp interface and Notification Center, I thought for sure they’d have some way to let AppStore apps add to it. However, the primary issue is that all the widgets currently live in a single process, which means they’re very likely to be able to interfere with each other. In something like the AppStore ecosystem, the probability approaches 1 and there could be a lot of problems. Compounded with this is the fact that that process is SpringBoard, which is the entire shell for iOS, so any problems are rather catastrophic (tweaks crashing SpringBoard is never fun!).
However, they are apparently working on compartmentalizing SpringBoard (it used to be the window manager for the OS as well) and perhaps there’s a way to host different views that are actually controlled by separate processes, so it might be possible in the future. Another possibility is some widgets that are primarily determined by property lists or something, similar to how the Settings app works.
I would like to know why do you personally jailbreak. What tweaks do you use on your devices that are essential?
The biggest thing for me is openssh. I also use IntelliScreenX a lot. Sometimes I install My3G if that becomes necessary for something. The thing is, I restore my devices a lot in the course of testing so it’d be annoying for me to restore a heavily customized setup every single time that happens.
The things I most use on my phone is probably Alien Blue, MobileSafari and MobileMail, though. IntelliScreenX helps with the mail part, but the other two don’t really need the jailbreak.
Also, do you think Apple will ever release an OS without retarded restrictions that prevent us from theming/tweaking our devices?
No. As I said in another comment, the most they’ll likely do is allow you to install modified firmware with an unlocked bootloader. Allowing iOS by default to do stuff like this would not be fun for Apple, I think. Already, every time something goes wrong with a tweak, there’s a post here saying “After the evasi0n jailbreak, stopped working.” People tend to assign responsibility to the first thing they did instead of the last thing they did for some reason. I doubt Apple wants to deal with “iOS 8 is horribly broken!” just because some tweak is incompatible or written poorly.
What are the plans for
? Does the team plan on having more people on board to find any vulnerabilities that the new firmware may have in store? I’ve noticed that each firmware release takes longer to do since Apple does the cat and mouse ordeal and patches the firmware to prevent anything from modifying the firmware.
When iOS 7 comes out, we’ll study it and see what we can do of course. You can’t really plan on “having more people on board”. It’s a specialized game with a steep learning curve that you can’t grab people off the street for. Certainly anyone who actually has sufficient ability to find and/or exploit a vulnerability can help by just sharing their findings.
Where do jailbreaks usually begin? Is it methodical as in “let’s look for a foot in the door”? Or something such as “We have these vulnerabilities, what do we need to get something working?” Or just fuzzing. What tools are involved in the jailbreak development process? For someone who would like to “get into” jailbreaking because of interest what would be a good place to start? (As far as articles and books go)
- Honestly, for me, it’s usually when someone drops a lead in my lap or pod2g chases me down and asks me to do some work improving something he’s already got. This recent iteration I found a lot of stuff on accident in the process of trying to get other stuff to work. Finding vulnerabilities is not usually fun for me though, exploitation is.
- fxr.watson.org, opensource.apple.com, IDA, vim, clang, an existing jailbreak with OpenSSH.
- Start by reading about existing jailbreaks and how they work. Perhaps try to rewrite an existing exploit another way, or improving it somehow. (I know the kernel exploit still can be improved, I’m planning to get to it one of these weekends). Make small achievable goals and work/study hard to accomplish those. There’s going to a lot of stuff you won’t understand at first, but there’s also a lot of publicly available information, and the process of piecing that together and/or experimenting until you get it is more helpful than if someone just told you.
I heard that when you were in the process of jailbreaking the iPhone 5, you actually had successfully jailbroken already, but you were looking for another exploit, so you didn’t have to reveal this ‘better’ one to apple. So my questions are, have you done this before in the past?
We always like to do this, but sometimes the bugs get closed anyway, but it’s a lot better than having to exploit a device blind. Exploitation is like having to shoot a bullet through a pinhole into a room the size of a football stadium at a target inside. Except you also have to make sure the bullet ricochet off five different other targets before it hits your last target. That’s hard enough but imagine doing it without knowing where the targets are in the room.
Third party software is filled with bugs, but they’re not useful unless they’re shipped with iOS (like racoon, for example). If they are shipped with iOS, then Apple usually vets them anyway. App Store app bugs are not useful since Apple can always pull the app before the jailbreak gets very far. Plus, I think it’s kind of mean to do that to some random developer.