7. • Jailbreaking for 3 years
• Best known for GreenPois0n
Saturday, 17 September 11
8. • Jailbreaking for 3 years
• Best known for GreenPois0n
• Discovered many vulnerabilities &
implemented many exploits
Saturday, 17 September 11
9. • Jailbreaking for 3 years
• Best known for GreenPois0n
• Discovered many vulnerabilities &
implemented many exploits
• Chronic-Dev members are p0sixninja,
OPK, Pod2g, |bile|, Jaywalker, DHowett,
Nikias and semaphore and jan0_
Saturday, 17 September 11
12. Who am I?
• Joshua Hill aka @p0sixninja
Saturday, 17 September 11
13. Who am I?
• Joshua Hill aka @p0sixninja
• I am 26 yrs old
Saturday, 17 September 11
14. Who am I?
• Joshua Hill aka @p0sixninja
• I am 26 yrs old
• Lexington, Kentucky USA
Saturday, 17 September 11
15. Who am I?
• Joshua Hill aka @p0sixninja
• I am 26 yrs old
• Lexington, Kentucky USA
• Currently working as an independent
contractor
Saturday, 17 September 11
16. Who am I?
• Joshua Hill aka @p0sixninja
• I am 26 yrs old
• Lexington, Kentucky USA
• Currently working as an independent
contractor
• Hacking for 10 yrs
Saturday, 17 September 11
18. Why do we do it?
• its Fun!
Saturday, 17 September 11
19. Why do we do it?
• its Fun!
• its a challenge
Saturday, 17 September 11
20. Why do we do it?
• its Fun!
• its a challenge
• We all like to see new developments
Saturday, 17 September 11
21. Why do we do it?
• its Fun!
• its a challenge
• We all like to see new developments
• We help catch bad guys :P
Saturday, 17 September 11
22. How did we get we
get here?
Saturday, 17 September 11
23. How did we get we
get here?
• the first incarnation of jailbreakme.com
and the first RAM-Disk jailbreaks
(ZiPhone, TouchFree, iJailbreak)
Saturday, 17 September 11
24. How did we get we
get here?
• the first incarnation of jailbreakme.com
and the first RAM-Disk jailbreaks
(ZiPhone, TouchFree, iJailbreak)
Saturday, 17 September 11
25. How did we get we
get here?
• the first incarnation of jailbreakme.com
and the first RAM-Disk jailbreaks
(ZiPhone, TouchFree, iJailbreak)
• 2008 iPhone Dev Team announced a
new type of jailbreak a two exploit
solution called 'Pwnage' and 'Pwnage2'
Saturday, 17 September 11
26. How did we get we
get here?
Saturday, 17 September 11
27. How did we get we
get here?
Saturday, 17 September 11
28. How did we get we
get here?
Saturday, 17 September 11
29. How did we get we
get here?
Saturday, 17 September 11
30. How did we get we
get here?
• Apple responded and the cat and mouse
game was underway
Saturday, 17 September 11
31. How did we get we
get here?
• Apple responded and the cat and mouse
game was underway
• Will Strafach (@chronic) began to publish
some reverse engineering
Saturday, 17 September 11
32. How did we get we
get here?
• Apple responded and the cat and mouse
game was underway
• Will Strafach (@chronic) began to publish
some reverse engineering
• Friendships where formed on IRC
Saturday, 17 September 11
33. How did we get we
get here?
• Apple responded and the cat and mouse
game was underway
• Will Strafach (@chronic) began to publish
some reverse engineering
• Friendships where formed on IRC
o tethered jailbreak was achieved
Saturday, 17 September 11
34. How did we get we
get here?
Saturday, 17 September 11
35. How did we get we
get here?
• Code execution had been obtained
Saturday, 17 September 11
36. How did we get we
get here?
• Code execution had been obtained
• The code execution needed to be
automatically started on every boot
Saturday, 17 September 11
37. How did we get we
get here?
• Code execution had been obtained
• The code execution needed to be
automatically started on every boot
• 24kpwn discovered!!! :-)
Saturday, 17 September 11
38. How did we get we
get here?
• Code execution had been obtained
• The code execution needed to be
automatically started on every boot
• 24kpwn discovered!!! :-)
• 24kpwn leaked??? :-(
Saturday, 17 September 11
39. How did we get we
get here?
Saturday, 17 September 11
40. How did we get we
get here?
• 24kpwn still present in early iPhone 3g[s]
Saturday, 17 September 11
41. How did we get we
get here?
• 24kpwn still present in early iPhone 3g[s]
• a new injection vector was needed
Saturday, 17 September 11
42. How did we get we
get here?
• 24kpwn still present in early iPhone 3g[s]
• a new injection vector was needed
• our attention turned torwards iBoot
Saturday, 17 September 11
43. How did we get we
get here?
• 24kpwn still present in early iPhone 3g[s]
• a new injection vector was needed
• our attention turned torwards iBoot
• PurpleRa1n first to release
Saturday, 17 September 11
44. How did we get we
get here?
Saturday, 17 September 11
45. How did we get we
get here?
• Apple begins blocking downgrades
Saturday, 17 September 11
46. How did we get we
get here?
• Apple begins blocking downgrades
• New exploits are now needed for every
new firmware version
Saturday, 17 September 11
47. How did we get we
get here?
• Apple begins blocking downgrades
• New exploits are now needed for every
new firmware version
• The cat and mouse game got a lot more
serious
Saturday, 17 September 11
48. How did we get we
get here?
Saturday, 17 September 11
49. How did we get we
get here?
• Apple releases iPod Touch 3rd
Generation
Saturday, 17 September 11
50. How did we get we
get here?
• Apple releases iPod Touch 3rd
Generation
• all non-essential commands had been
stripped from iBoot
Saturday, 17 September 11
51. How did we get we
get here?
• Apple releases iPod Touch 3rd
Generation
• all non-essential commands had been
stripped from iBoot
• less places to find exploits :-(
Saturday, 17 September 11
52. How did we get we
get here?
Saturday, 17 September 11
53. How did we get we
get here?
• Westbaer (Nicholas Haunuld) makes a
fuzzing program
Saturday, 17 September 11
54. How did we get we
get here?
• Westbaer (Nicholas Haunuld) makes a
fuzzing program
• exploitable crashes found!!
Saturday, 17 September 11
55. How did we get we
get here?
• Westbaer (Nicholas Haunuld) makes a
fuzzing program
• exploitable crashes found!!
• George beats us again with Blackra1n,
doh!
Saturday, 17 September 11
56. How did we get we
get here?
Saturday, 17 September 11
57. How did we get we
get here?
• comex arrived and took everyone by
storm with a new userland exploit suitably
named jailbreakme
Saturday, 17 September 11
58. How did we get we
get here?
• comex arrived and took everyone by
storm with a new userland exploit suitably
named jailbreakme
• We had been beaten again but remained
determined, as always
Saturday, 17 September 11
59. How did we get we
get here?
Saturday, 17 September 11
60. How did we get we
get here?
• Jailbreakme was fixed within weeks
Saturday, 17 September 11
61. How did we get we
get here?
• Jailbreakme was fixed within weeks
• iPhone 4 released
Saturday, 17 September 11
62. How did we get we
get here?
• Jailbreakme was fixed within weeks
• iPhone 4 released
• Comex does it again!
Saturday, 17 September 11
63. How did we get we
get here?
• Jailbreakme was fixed within weeks
• iPhone 4 released
• Comex does it again!
• Pod2g starts poking around in BootROM
again
Saturday, 17 September 11
64. How did we get we
get here?
• Jailbreakme was fixed within weeks
• iPhone 4 released
• Comex does it again!
• Pod2g starts poking around in BootROM
again
• no fancy debuggers (gdb, kdb)
Saturday, 17 September 11
65. How did we get we
get here?
• Jailbreakme was fixed within weeks
• iPhone 4 released
• Comex does it again!
• Pod2g starts poking around in BootROM
again
• no fancy debuggers (gdb, kdb)
• crash found! is it exploitable?...
Saturday, 17 September 11
66. How did we get here?
Saturday, 17 September 11
67. How did we get here?
• Exploiting in BootROM isnt like exploiting in
userland
Saturday, 17 September 11
68. How did we get here?
• Exploiting in BootROM isnt like exploiting in
userland
• All the fancy debuggers are gone :(
Saturday, 17 September 11
69. How did we get here?
• Exploiting in BootROM isnt like exploiting in
userland
• All the fancy debuggers are gone :(
• Pod2g after some months came up with the
SHAtter exploit
Saturday, 17 September 11
70. How did we get here?
• Exploiting in BootROM isnt like exploiting in
userland
• All the fancy debuggers are gone :(
• Pod2g after some months came up with the
SHAtter exploit
• 24hrs before we where due to release,
geohot released his LimeRa1n exploit.
Saturday, 17 September 11
72. Where are we now?
• Months ago we promised an iPhone5
jailbreak
Saturday, 17 September 11
73. Where are we now?
• Months ago we promised an iPhone5
jailbreak
• Unfortunately the delayed release of this
device means we need to delay as well
Saturday, 17 September 11
74. Where are we now?
• Months ago we promised an iPhone5
jailbreak
• Unfortunately the delayed release of this
device means we need to delay as well
• Despite this, we are pleased to announce
great progress has been made
Saturday, 17 September 11
77. The New Greenpois0n
• Our next incarnation Greenpois0n will be
a ‘userland’ jailbreak
Saturday, 17 September 11
78. The New Greenpois0n
• Our next incarnation Greenpois0n will be
a ‘userland’ jailbreak
• Due to Apple implementing new
protections this jailbreak requires a record
breaking 5 different exploits to complete!!
Saturday, 17 September 11
79. The New Greenpois0n
• Our next incarnation Greenpois0n will be
a ‘userland’ jailbreak
• Due to Apple implementing new
protections this jailbreak requires a record
breaking 5 different exploits to complete!!
• Jailbreaking is quickly becoming an
insurmountable task
Saturday, 17 September 11
81. Why are we here?
• If jailbreaking is to continue to be possible,
funding sources for further research and
development need to be aquired.
Saturday, 17 September 11
82. Why are we here?
• If jailbreaking is to continue to be possible,
funding sources for further research and
development need to be aquired.
• imagine a world where the next comex could
be hired and trained by us at Chronic-Dev and
guided into the ultimate hacking machine. :D
Saturday, 17 September 11
83. Why are we here?
• If jailbreaking is to continue to be possible,
funding sources for further research and
development need to be aquired.
• imagine a world where the next comex could
be hired and trained by us at Chronic-Dev and
guided into the ultimate hacking machine. :D
• An institution is needed to help foster
innovation in our field.
Saturday, 17 September 11
85. Where are we going?
• Today we would like to introduce ‘Chronic-
Dev LLC’
Saturday, 17 September 11
86. Where are we going?
• Today we would like to introduce ‘Chronic-
Dev LLC’
• It’s is a security consulting firm which
specializes in mobile devices.
Saturday, 17 September 11
88. How can you help?
• Can you reverse engineer?
Saturday, 17 September 11
89. How can you help?
• Can you reverse engineer?
• Have you Development experience?
Saturday, 17 September 11
90. How can you help?
• Can you reverse engineer?
• Have you Development experience?
• We are looking for talented people to come
on board.
Saturday, 17 September 11
91. How can you help?
• Can you reverse engineer?
• Have you Development experience?
• We are looking for talented people to come
on board.
• If you think this could be you, get in touch
irc.chronic-dev.org (msg OPK or p0sixninja)
or admin@chronic-dev.com :)
Saturday, 17 September 11