Skip to content
/ jailbreakme Public

A webbased jailbreak solution unifying existing jailbreak me solutions and new ones.

racecondition.win

License

View license
90 stars 21 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

MTJailed/jailbreakme

BranchesTags

Repository files navigation

Jailbreak Me 13.37

A webbased jailbreak solution unifying existing jailbreak me solutions and new ones.

Created by Sem Voigtländer

Please read RULES.md as well

Support

  • 8.4.1 & 9.3 up to 9.3.3 & 11.3.1 (64-bit)
  • 3.1.2 up to 4.0.1 & 8.4.1 and 9.1 up to 9.3.4 (32-bit)

Read more: https://github.com/MTJailed/jailbreakme/blob/master/SUPPORT.md

How it works

Using ModularJS various modules are loaded at runtime.

These modules can be divided into the following stages:

1. Identification

  • Uses an information leakage (not vulnerability) in WebGL to detect the GPU of the victim device
  • Uses the browser agent to define what browser and firmware to exploit
  • Uses size and resolution constraints to detect the specific victim device
  • Uses various debugging information about the hardware environment using window.performance or window.navigator
  • Uses benchmarking algorithms and hashing to identify and track the victim device.

2. Eligibility

  • Using the identification information the victim is checked against various constraints, such as whether the victim is a mobile device or a desktop.

3. Strategy selection

  • Based on the eligibility constraints and identity the exploit strategy will be selected for the victim device and loaded.

4. Payload retrieval

  • The strategy will load the payload(s) for the victim device, on iOS this can be for example Cydia, on desktops for example a remote administration tool.
  • The payload is aligned so it can be used later when the exploit has created an executable region.

5. Exploitation

  • The exploit is started and carefully sets up read/write primitives in the browser memory.
  • Once r/w is gained an executable region is created and the payload is aligned / copied into it.
  • The exploit jumps to the shellcode and starts executing it

6. Post-Exploitation

  • Various tools and capabilities could be setup after successful completion of the exploit, such as a telnet client to gain a shell on the victim from the browser.

Credits

  • 5aelo
  • Niklas B
  • Tihmstar
  • Luca Todesco
  • KJC Research
  • Comex
  • PanguTeam
  • Ian Beer
  • Argp
  • Evad3rs
  • Jonathan Levin (For the jailbreak toolkit)
  • Lokihardt (For being able to pwn browsers within a wink)
  • Sem Voigtländer (just a techie)
  • (@wwwtyro) https://github.com/wwwtyro/cryptico

About

A webbased jailbreak solution unifying existing jailbreak me solutions and new ones.

racecondition.win

Resources

Readme

License

View license
Activity

Stars

90 stars

Watchers

9 watching

Forks

21 forks
Report repository

Releases 2

UFOFinder iOS 10 - 11.4.1 (stable, 64-bit) Latest
Jul 9, 2018
+ 1 release

Packages

No packages published

Contributors 5

Languages