Interviu cu dezvoltatorul solutiei de untethered jailbreak pentru iOS 4.3.1


Stefan Esser a.k.a. i0n1c, este un cunoscut expert in securitate si hacker din Germania care a dezvoltat solutia de untethered jailbreak pe care noi o folosim acum cu iOS 4.3.1. Datorita lui Dev Team a iesit din nou cu fata curata in fata milioanelor de persoane care asteptau sa faca jailbreak propriilor terminale si presimt ca in viitor va trebui sa ii multumim din nou. Tutoriale pentru jailbreak pe iOS 4.3.1 gasiti aici iar mai jos aveti interviul luat lui i0n1c.

1)how did you “met” apple for the first time?

Do you mean acutally met?
Because then I it was 2008 when I had lunch with part of the apple security team on their awesome campus in cupertino.
And the pizza there was delicious.
Aside from that I don’t remember when I bought my iBook.
However I never used that for anything else than playing around with the PPC platform.
I started to work with Apple products in 2007 when I got a MacBook from my company.

2)when did you became a hacker? Which was your very first exploit you’ve found?

That was about 1998-99.
Don’t remember what vulnerability I found first.
However the first of my vulnerabilities that hit the media was a remote code execution vulnerability in all default PHP installations.

3)Nowadays, being a famous hacker is not so easy: might you tell us your experience?

“To become famous” is the wrong motivation to get into hacking.
If you want to become famous you should record yourself singing/rapping and put it on youtube (well on second thought that is maybe not a good idea).
I got into hacking / security research because I love to solve puzzles.
And yes it is true that puzzling in IT security has become a lot harder in the last 10 years. But it also became a lot more fun.
However like real puzzles vulnerability research is sometimes very tiresome, you need a lot of patience and at the end of the day you should not get too frustrated if you realize one piece of the puzzle was
missing from the start.
Or that you solved the wrong puzzle.
You have to realize that you have to train your skills, start with small puzzles and then work your way up until you can solve the big and hard puzzles.
And at that point you will get recognized by other hackers and become known.
Of course it helps if you concentrate on some topic not so many researching are working.
But there is no cheap win.

4)with iOS 4.3, apple introduced the ASLR protocol, which gave problems with an untether exploit: how did you managed to “break” it?

I used a little trick that involved a legit but lesser known feature of OS X binaries to bypass the ASLR protection.
That said ASLR was not really a challenge for the untether exploit.
More challenging was the fact that Apple removed some system variables in 4.3.
In previous jailbreaks so called return oriented programming (ROP) was used to disable some security features through these variables in order to allow another binary containing the kernel exploit to run.
ROP basically means that you hijack the execution of a process and redirect it through code snippets already in memory.
By combining the right code snippets you can do whatever you want.
So in previous jailbreaks only beginner skills were required to create the ROP payload.
But now the whole kernel exploit has to be build by using such code snippets.
That is far more difficult than before.

5)why do you think that someone should do the jailbreak?

I personally jailbreak because it is required to do real iPhone security research.
I seldomly use anything from Cydia except system tools and from time to time I buy apps in the AppStore and I am sure Apple is aware of that :P
However for some people jailbreaking is the only way to get the iPhone to do what they want.

6)you’ve recently found an exploit for iOS 4.3.1: was it difficult?

Actually no, because in this case I was simply searching for a specific pattern. (most of the work was done months ago when I originally started digging into iPhone security)

7)in a recent tweet of yours, you talkes about some wi fi issues: could you explain better those problems?

I think you don’t have to worry about this. It seems that iOS 4.3(.1) just has changed something in the wifi drivers that causes problems with some routers.
Sometimes these problems go away by just rebooting the router.
Tests have shown that this problem is unrelated to jailbreaking.