synackuk

Here's n1ghtshade 1.0 Fixes all the known bugs as far as I'm aware. Note you MUST restore again if you wish to update to this version. Have fun, and let me know of any bugs. github.com/synackuk/n1ght…

@Vyce_Merculous @dora2ios Yeah I’ll write it up. To be honest the process doesn’t change though. I did use my own tooling though

@synackuk @dora2ios Could you make a writeup/guide on how to port DRA to other versions? I'm too much a noob to figure this stuff out.

De Rebus Antiquis on iOS 6.1.6 (iPod touch 4G)! Thanks to @dora2ios, I’ll release this at some point if anyone’s interested.

@Xernium @SashaKirichenko @dora2ios Yes, I’d expect it to be possible

@SashaKirichenko @synackuk @dora2ios That ... could be used to untether downgrade any iPhone 4S (since 6.1.3 is signed)

@pwnerblu @dora2ios Indeed it can!

@synackuk @dora2ios This is interesting! Maybe iOS 7 iPod touch 4 can be untethered some time in the future…

@Pingzi610 @dora2ios For nettoyeur I used an iBoot payload for the diff rather than kdumper. Not sure about r0, I may play about with the iPhone 4S at some point soon.

@synackuk @dora2ios Umm I have a problem running kdumper and it won’t dump a correct iBoot on iPhone 4s 6.1.3. And don’t know how to control r0 I’m using iloader

@Pingzi610 @dora2ios What’s the problem you’re facing?

@synackuk @dora2ios Great work！I’m still doing iPhone 4s’ work，I haven't find a good hierarchy yet，do you have any advice？

@dedbeddedbed @dora2ios I will, but I want to integrate it back into n1ghtshade, and also put out a write up on the tools I built for this work (since I didn’t use iloader..). So will take some time.

@synackuk @dora2ios (please release)

@Pingzi610 @ShadowLee19 @xerub Thanks I’ll give this a go!

@synackuk @ShadowLee19 @xerub not iloader.o，nettoyeur.o is，open with binary editor and you can find the correct version of arm-none-eabi-gcc

I'm currently making a writeup of almost everything I know about @xerub's De Rebus Antiquis iBoot exploit, see pmbonneau.com/de-rebus-antiq… to read the introduction!

@Pingzi610 @ShadowLee19 @xerub I have code execution, but am having problems getting iBoot to restart correctly. Not sure if you have any advice on creating nettoyeur? I just ran kdumper and diffed it with my decrypted iBoot..

@synackuk @ShadowLee19 @xerub I haven’t add any breakpoints or debugging _memalign. Just only can make iloader running and let readp() work.

@Pingzi610 @ShadowLee19 @xerub Can we DM? I didn’t manage to get iloader working, but have been playing about with patching breakpoints into an iBoot image and booting it to achieve the same thing, would be good to compare notes?

@synackuk @ShadowLee19 @xerub I can fake-run iBoot 1537-9.55（iOS 6.1.3）using iloader，but I have no idea utilizing the exploit since I can’t control r0. I can send you the modified iloader if you need.

Still searching for my next project!! Really struggling to even land any interviews

@p0sixninja @ShadowLee19 Are the slides or similar from that training available anywhere? I thought I remembered seeing it years ago, but I can't find it now...

@ShadowLee19 seek out the irecovery logs from my training ;)

which one? ;P

SundanceInH2A (rev2) brings ability to create bundles with jailbreak applied Please note that it needs a different kernelcache - more info in README github.com/NyanSatan/Sund…

@nyan_satan Ah after finishing the article I can see you're way ahead of me :) I remember @p0sixninja saying that in the talk where he demoed the iBoot exploit you're using here he actually leaked multiple iBoot bugs. I wonder if any of them were left unpatched

@nyan_satan Hmm.. I bet that iOS 6 on the iPad 1st gen would be plausible with a similar method

Here is my little article with technical details behind the iOS 6 on iPod touch 3 bring-up nyansatan.github.io/run-unsupporte…

Just released my little tool that generates iOS 6 restore bundle for iPod touch 3! USE THIS STRICTLY ON YOUR OWN RISK github.com/NyanSatan/Sund…

It's been a long time since I published a write-up, so... Here's my little article about log strings obfuscation in modern iBoot and 2 methods I found to (partially) deobfuscate them Read on your own risk! nyansatan.github.io/iboot-log-deob…

@eepyeri @snwy_me 32 bit tools are available 😉

@snwy_me checkm8 itself does, checkrain is only for 64bit

i need some help I've recently got this iphone 5c (fmi on), managed to get to the home screen but because it's not activated i can't sideload anything. is there any possible way to jailbreak the thing without sideloading any apps?