1. Jailbreaking
Where we’ve come from, and where we’re going
Saturday, 17 September 11

2. Who are we?
Saturday, 17 September 11

3. Saturday, 17 September 11

4. Saturday, 17 September 11

5. Saturday, 17 September 11

6. • Jailbreaking for 3 years
Saturday, 17 September 11

7. • Jailbreaking for 3 years
• Best known for GreenPois0n
Saturday, 17 September 11

8. • Jailbreaking for 3 years
• Best known for GreenPois0n
• Discovered many vulnerabilities &
implemented many exploits
Saturday, 17 September 11

9. • Jailbreaking for 3 years
• Best known for GreenPois0n
• Discovered many vulnerabilities &
implemented many exploits
• Chronic-Dev members are p0sixninja,
OPK, Pod2g, |bile|, Jaywalker, DHowett,
Nikias and semaphore and jan0_
Saturday, 17 September 11

10. Saturday, 17 September 11

11. Who am I?
Saturday, 17 September 11

12. Who am I?
• Joshua Hill aka @p0sixninja
Saturday, 17 September 11

13. Who am I?
• Joshua Hill aka @p0sixninja
• I am 26 yrs old
Saturday, 17 September 11

14. Who am I?
• Joshua Hill aka @p0sixninja
• I am 26 yrs old
• Lexington, Kentucky USA
Saturday, 17 September 11

15. Who am I?
• Joshua Hill aka @p0sixninja
• I am 26 yrs old
• Lexington, Kentucky USA
• Currently working as an independent
contractor
Saturday, 17 September 11

16. Who am I?
• Joshua Hill aka @p0sixninja
• I am 26 yrs old
• Lexington, Kentucky USA
• Currently working as an independent
contractor
• Hacking for 10 yrs
Saturday, 17 September 11

17. Why do we do it?
Saturday, 17 September 11

18. Why do we do it?
• its Fun!
Saturday, 17 September 11

19. Why do we do it?
• its Fun!
• its a challenge
Saturday, 17 September 11

20. Why do we do it?
• its Fun!
• its a challenge
• We all like to see new developments
Saturday, 17 September 11

21. Why do we do it?
• its Fun!
• its a challenge
• We all like to see new developments
• We help catch bad guys :P
Saturday, 17 September 11

22. How did we get we
get here?
Saturday, 17 September 11

23. How did we get we
get here?
• the first incarnation of jailbreakme.com
and the first RAM-Disk jailbreaks
(ZiPhone, TouchFree, iJailbreak)
Saturday, 17 September 11

24. How did we get we
get here?
• the first incarnation of jailbreakme.com
and the first RAM-Disk jailbreaks
(ZiPhone, TouchFree, iJailbreak)
Saturday, 17 September 11

25. How did we get we
get here?
• the first incarnation of jailbreakme.com
and the first RAM-Disk jailbreaks
(ZiPhone, TouchFree, iJailbreak)
• 2008 iPhone Dev Team announced a
new type of jailbreak a two exploit
solution called 'Pwnage' and 'Pwnage2'
Saturday, 17 September 11

26. How did we get we
get here?
Saturday, 17 September 11

27. How did we get we
get here?
Saturday, 17 September 11

28. How did we get we
get here?
Saturday, 17 September 11

29. How did we get we
get here?
Saturday, 17 September 11

30. How did we get we
get here?
• Apple responded and the cat and mouse
game was underway
Saturday, 17 September 11

31. How did we get we
get here?
• Apple responded and the cat and mouse
game was underway
• Will Strafach (@chronic) began to publish
some reverse engineering
Saturday, 17 September 11

32. How did we get we
get here?
• Apple responded and the cat and mouse
game was underway
• Will Strafach (@chronic) began to publish
some reverse engineering
• Friendships where formed on IRC
Saturday, 17 September 11

33. How did we get we
get here?
• Apple responded and the cat and mouse
game was underway
• Will Strafach (@chronic) began to publish
some reverse engineering
• Friendships where formed on IRC
o tethered jailbreak was achieved
Saturday, 17 September 11

34. How did we get we
get here?
Saturday, 17 September 11

35. How did we get we
get here?
• Code execution had been obtained
Saturday, 17 September 11

36. How did we get we
get here?
• Code execution had been obtained
• The code execution needed to be
automatically started on every boot
Saturday, 17 September 11

37. How did we get we
get here?
• Code execution had been obtained
• The code execution needed to be
automatically started on every boot
• 24kpwn discovered!!! :-)
Saturday, 17 September 11

38. How did we get we
get here?
• Code execution had been obtained
• The code execution needed to be
automatically started on every boot
• 24kpwn discovered!!! :-)
• 24kpwn leaked??? :-(
Saturday, 17 September 11

39. How did we get we
get here?
Saturday, 17 September 11

40. How did we get we
get here?
• 24kpwn still present in early iPhone 3g[s]
Saturday, 17 September 11

41. How did we get we
get here?
• 24kpwn still present in early iPhone 3g[s]
• a new injection vector was needed
Saturday, 17 September 11

42. How did we get we
get here?
• 24kpwn still present in early iPhone 3g[s]
• a new injection vector was needed
• our attention turned torwards iBoot
Saturday, 17 September 11

43. How did we get we
get here?
• 24kpwn still present in early iPhone 3g[s]
• a new injection vector was needed
• our attention turned torwards iBoot
• PurpleRa1n first to release
Saturday, 17 September 11

44. How did we get we
get here?
Saturday, 17 September 11

45. How did we get we
get here?
• Apple begins blocking downgrades
Saturday, 17 September 11

46. How did we get we
get here?
• Apple begins blocking downgrades
• New exploits are now needed for every
new firmware version
Saturday, 17 September 11

47. How did we get we
get here?
• Apple begins blocking downgrades
• New exploits are now needed for every
new firmware version
• The cat and mouse game got a lot more
serious
Saturday, 17 September 11

48. How did we get we
get here?
Saturday, 17 September 11

49. How did we get we
get here?
• Apple releases iPod Touch 3rd
Generation
Saturday, 17 September 11

50. How did we get we
get here?
• Apple releases iPod Touch 3rd
Generation
• all non-essential commands had been
stripped from iBoot
Saturday, 17 September 11

51. How did we get we
get here?
• Apple releases iPod Touch 3rd
Generation
• all non-essential commands had been
stripped from iBoot
• less places to find exploits :-(
Saturday, 17 September 11

52. How did we get we
get here?
Saturday, 17 September 11

53. How did we get we
get here?
• Westbaer (Nicholas Haunuld) makes a
fuzzing program
Saturday, 17 September 11

54. How did we get we
get here?
• Westbaer (Nicholas Haunuld) makes a
fuzzing program
• exploitable crashes found!!
Saturday, 17 September 11

55. How did we get we
get here?
• Westbaer (Nicholas Haunuld) makes a
fuzzing program
• exploitable crashes found!!
• George beats us again with Blackra1n,
doh!
Saturday, 17 September 11

56. How did we get we
get here?
Saturday, 17 September 11

57. How did we get we
get here?
• comex arrived and took everyone by
storm with a new userland exploit suitably
named jailbreakme
Saturday, 17 September 11

58. How did we get we
get here?
• comex arrived and took everyone by
storm with a new userland exploit suitably
named jailbreakme
• We had been beaten again but remained
determined, as always
Saturday, 17 September 11

59. How did we get we
get here?
Saturday, 17 September 11

60. How did we get we
get here?
• Jailbreakme was fixed within weeks
Saturday, 17 September 11

61. How did we get we
get here?
• Jailbreakme was fixed within weeks
• iPhone 4 released
Saturday, 17 September 11

62. How did we get we
get here?
• Jailbreakme was fixed within weeks
• iPhone 4 released
• Comex does it again!
Saturday, 17 September 11

63. How did we get we
get here?
• Jailbreakme was fixed within weeks
• iPhone 4 released
• Comex does it again!
• Pod2g starts poking around in BootROM
again
Saturday, 17 September 11

64. How did we get we
get here?
• Jailbreakme was fixed within weeks
• iPhone 4 released
• Comex does it again!
• Pod2g starts poking around in BootROM
again
• no fancy debuggers (gdb, kdb)
Saturday, 17 September 11

65. How did we get we
get here?
• Jailbreakme was fixed within weeks
• iPhone 4 released
• Comex does it again!
• Pod2g starts poking around in BootROM
again
• no fancy debuggers (gdb, kdb)
• crash found! is it exploitable?...
Saturday, 17 September 11

66. How did we get here?
Saturday, 17 September 11

67. How did we get here?
• Exploiting in BootROM isnt like exploiting in
userland
Saturday, 17 September 11

68. How did we get here?
• Exploiting in BootROM isnt like exploiting in
userland
• All the fancy debuggers are gone :(
Saturday, 17 September 11

69. How did we get here?
• Exploiting in BootROM isnt like exploiting in
userland
• All the fancy debuggers are gone :(
• Pod2g after some months came up with the
SHAtter exploit
Saturday, 17 September 11

70. How did we get here?
• Exploiting in BootROM isnt like exploiting in
userland
• All the fancy debuggers are gone :(
• Pod2g after some months came up with the
SHAtter exploit
• 24hrs before we where due to release,
geohot released his LimeRa1n exploit.
Saturday, 17 September 11

71. Where are we now?
Saturday, 17 September 11

72. Where are we now?
• Months ago we promised an iPhone5
jailbreak
Saturday, 17 September 11

73. Where are we now?
• Months ago we promised an iPhone5
jailbreak
• Unfortunately the delayed release of this
device means we need to delay as well
Saturday, 17 September 11

74. Where are we now?
• Months ago we promised an iPhone5
jailbreak
• Unfortunately the delayed release of this
device means we need to delay as well
• Despite this, we are pleased to announce
great progress has been made
Saturday, 17 September 11

75. Saturday, 17 September 11

76. The New Greenpois0n
Saturday, 17 September 11

77. The New Greenpois0n
• Our next incarnation Greenpois0n will be
a ‘userland’ jailbreak
Saturday, 17 September 11

78. The New Greenpois0n
• Our next incarnation Greenpois0n will be
a ‘userland’ jailbreak
• Due to Apple implementing new
protections this jailbreak requires a record
breaking 5 different exploits to complete!!
Saturday, 17 September 11

79. The New Greenpois0n
• Our next incarnation Greenpois0n will be
a ‘userland’ jailbreak
• Due to Apple implementing new
protections this jailbreak requires a record
breaking 5 different exploits to complete!!
• Jailbreaking is quickly becoming an
insurmountable task
Saturday, 17 September 11

80. Why are we here?
Saturday, 17 September 11

81. Why are we here?
• If jailbreaking is to continue to be possible,
funding sources for further research and
development need to be aquired.
Saturday, 17 September 11

82. Why are we here?
• If jailbreaking is to continue to be possible,
funding sources for further research and
development need to be aquired.
• imagine a world where the next comex could
be hired and trained by us at Chronic-Dev and
guided into the ultimate hacking machine. :D
Saturday, 17 September 11

83. Why are we here?
• If jailbreaking is to continue to be possible,
funding sources for further research and
development need to be aquired.
• imagine a world where the next comex could
be hired and trained by us at Chronic-Dev and
guided into the ultimate hacking machine. :D
• An institution is needed to help foster
innovation in our field.
Saturday, 17 September 11

84. Where are we going?
Saturday, 17 September 11

85. Where are we going?
• Today we would like to introduce ‘Chronic-
Dev LLC’
Saturday, 17 September 11

86. Where are we going?
• Today we would like to introduce ‘Chronic-
Dev LLC’
• It’s is a security consulting firm which
specializes in mobile devices.
Saturday, 17 September 11

87. How can you help?
Saturday, 17 September 11

88. How can you help?
• Can you reverse engineer?
Saturday, 17 September 11

89. How can you help?
• Can you reverse engineer?
• Have you Development experience?
Saturday, 17 September 11

90. How can you help?
• Can you reverse engineer?
• Have you Development experience?
• We are looking for talented people to come
on board.
Saturday, 17 September 11

91. How can you help?
• Can you reverse engineer?
• Have you Development experience?
• We are looking for talented people to come
on board.
• If you think this could be you, get in touch
irc.chronic-dev.org (msg OPK or p0sixninja)
or admin@chronic-dev.com :)
Saturday, 17 September 11