So Much for "Rootless," iOS Hacker ih8sn0w Demonstrates Untethered Jailbreak on iOS 9
by
Published on 2015-09-10 04:38 PM
So much for what was supposed to be called "
Rootless;" iOS 9 has been pwned.
iOS hacker ih8sn0w has shared a video on his YouTube channel Thursday morning showing what appears to be an untethered jailbreak on his iPhone 5 running
iOS 9 Golden Master, which was released to developers for final testing stages just yesterday. The video demonstrates a reboot, opening Cydia, and confirms the device type and firmware version.
It's worth noting that ih8sn0w says iOS 9 was much like iOS 8 internally, but there's one major caveat. 64-bit devices have a KPP (Kernel Patch Protection) system, which would theoretically cause a kernel panic should the kernel on the device appear modified to the device in any way.
Originally Posted by ih8sn0w
Poking into iOS 9 is fun. A little annoyed at some new things. But very surprised at how similar it is to iOS 8 internally.
Worth noting, iOS 9+ arm64 iDevices now enforce a checksum on __TEXT/DATA.const regions of the kernel through the use of TrustZone. Modifying said sections will cause the device to panic (either at kernel or EL3 will force a reboot if the kernel refused to gracefully panic). Essentially, it's KPP (Kernel Patch Protection). You can race it though if you want to play with things. Just be quick! ;P
Also, there should technically now be two additional partitions (baseband_data [s1s3] and logs [s1s4]) but didn't really bother with those as they weren't critical.
At the very least, the video shows that there could be a light at the end of the tunnel for the future of jailbreaking. It'll just take a skilled hacker to get around the safeguards.
This jailbreak demonstration was for demonstration purposes only and likely will not see the public. It will most likely be the work of a hacking team like TaiG or Pangu to release an actual tool in the future for the public to use.
Source: YouTube via
ih8sn0w
Message