最近越狱社区出了个大新闻,开发者 axi0mX 放出了利用启动 rom 漏洞的脚本:Checkm8 影响芯片:A5-A11,即 iPhone 4s- iPhone x,这是个越狱界的大地震啊
What I am releasing today is not a full jailbreak with Cydia, just an exploit. Researchers and developers can use it to dump SecureROM, decrypt keybags with AES engine, and demote the device to enable JTAG. You still need additional hardware and software to use JTAG.
大家对这件事是什么看法?
拉了个群,欢迎进群吹水:
 | 1 laoyur Sep 28, 2019 v 站已经有人发了,底下没什么反应 |
 | 2 kljsandjb Sep 28, 2019 via iPhone 只关心会不会有 untethered jailbreak,不然懒得折腾… |
 | 3 bookit Sep 28, 2019 要 JTAG,一般人没这玩意,有了也很难用 |
 | 6 Suclogger OP @bookit #3 #3 原作者回复: >Maybe someone can figure out a nice way to use JTAG on iPhone without proprietary hardware and software. I and many others would be forever grateful if someone makes that possible. 获取将来无需硬件设备也未可知 |
| 7 kljsandjb Sep 28, 2019 via iPhone @Suclogger 4.3.3 和 4.3.4 的区别吧,都有 hw 漏洞,但是 4.3.4 就每次要引导,二次开发就一定能完美?不了解越狱的细节,不做评价 |
| 8 Suclogger OP @kljsandjb #7 #7 嗯,看到有人说: >This is tethered, not untethered as some people say on this sub-reddit. This means anything from Downgrades to activation to Jailbreak made with this would be tethered forever. Tethered = you need to run ipwndfu software on the computer with the phone in DFU mode everytime you wanna power on your device, otherwise it would not even boot to stock. Much more annoying than the semi-tethered jailbreaks of today. 貌似只能做到 tethered,每次启动需要重新引导 |
| 10 Suclogger OP 再贴一段来自:Osiris Jailbreak 的解释: 这个东西可以实现什么: What can it do? 1. 降级到任意系统版本 Tethered downgrades without SHSH2 blobs to any supported version. SEP may be a problem with this even with this exploit, I need to check. 2. 导出 SecureROM Dumping the SecureROM (dumps the bootroom itself for research purposes). 3. 加载任何自定义的固件(这个是我最感兴趣的) Load a custom firmware (CFW) for any purpose: jailbreak, activation, custom Apple logo, verbose boot, etc. 4. 在任意系统版本上实现越狱 Jailbreak the latest signed firmware tethered (needs a computer for every boot, even for stock). 5. 修复越狱引入的问题 Load an SSH ramdisk and fix a bootloop caused by the removal of files during Jailbreak. 6. 类似双系统 DualBoot iOS versions tethered. 7. 在 ios 设备上运行 android ( XD ) Possibly port and run Linux or Android (requires huge amounts of work) 8. 各种安全研究 Do security research and patch ANY security feature Apple introduces in Software on the newer iOS versions. 9. 绕过各种安全策略 Give no hecks about KPP / KTRR, AMFI, CoreTrust and such. No more clumsy patches but tethered. |
 | 11 orzOEZ Sep 28, 2019 via iPhone 群在哪? |
 | 12 zro Sep 28, 2019 好想快点看到运行 Android 的 iPhone/iPad  |
 | 13 tianyu1234 Sep 28, 2019 via iPhone @zro 卡出翔吧,内存太小了 |
 | 14 iwtbauh Sep 28, 2019 via Android 好想快点看到运行 Debian GNU/Linux 的 iPhone/iPad (认真脸) |
| 15 iwtbauh Sep 28, 2019 via Android @tianyu1234 2G RAM 的 Android Pie 手机,用着很流畅啊。(国产流氓软件绿色守护伺候一下即可 |
 | 16 learningman Sep 28, 2019 via Android @iwtbauh 但是比苹果便宜多了 |
 | 17 konyeth Sep 28, 2019 via iPhone 如果 a12 的 ipad pro 12.9 可以用就更好了 不过能折腾手机,也足够了 |
 | 18 sephinh Sep 28, 2019 via iPhone 任意版本降级就 ok,越狱现在半残好歹有了 |
 | 19 unneeded Sep 28, 2019 回想起 a4 时候每一代 iOS 都立马有不完美越狱 |
 | 20 hronro Sep 29, 2019 我只想把我的 iPad Pro 10.5 降级到 iOS 10.3.3,现在有相关教程了么? |
 | 21 byuan04 Sep 29, 2019 该群不存在 |
 | 22 xiaoke Sep 29, 2019 期待完美越狱,那就可以换回苹果了 |
 | 23 PhanKiap Sep 29, 2019 该群已不存在。 |
 | 24 bigsb Sep 30, 2019 该群已不存在。 |
Select Language