Guide To Building a Cable That Improves iOS Exploits

mask.of.sanity writes "An Aussie network engineer has published a guide to building a serial cable connector that allows access to a secret kernel debugger hidden within Apple iOS. The debugger was a dormant iOS feature carried over from Apple OS, and seems to serves no function other than to allow hackers to build better exploits. The cable needs an external power source and a jailbroken device to access the debugger." We've mentioned Pollock's serial adapter kit before, modulo the kernel debugging abilities.

Chicken and Egg?

[Anonymous Coward]

Wait... so in order to use the cable to find exploits, you need a jailbroken device. But in order to jailbreak your device, you need to first find an exploit.

* Yes, I do know that there are other ways to find exploits...

Re:

[Vegemeister]

The App Store censors pornography. Most users are also consumers of pornography. Most users are thus affected by the censorship.

Q.E.D., bitch.

Re:

[spire3661]

Same sentence could be used at Wal-mart or pretty much ANY place that sells magazines but not porn.... Not carrying a product is NOT censorship.

Re:

[TrancePhreak]

The difference is there's only 1 store available, so anything not let through for content reasons is censorship. Now I realize there is a web browser built in, and in some ways that gets around this. However, they limit the functionality of that too in some ways.

Re:

[spire3661]

DO you think before you post? There is only one store available on one platform. Apple is doing the SAME exact thing that Wal-Mart does, limiting what THEY sell in THEIR store. IF you want porn apps, go to a competitor. The part i really hate about the microsoft monopoly and its mis-perceptions is that now we think ANY successful computer company is now a 'monopoly' and that we need to control them.

Re:

[s73v3r]

You still have the internet available. And many, if not most websites realize that iOS has a significant chunk of web traffic, and that it can't do flash. So they are designing websites with that limitation in mind. Your point is moot.

Having to jail break your own freaking phone

[roman_mir]

It's amazing that Apple and Jobs in it are so shortsighted that they don't provide official tools that people want. Of-course they have contracts with AT&T and who knows what else, that's most likely why they don't want to let people use these devices as general purpose computers, so that normal apps could be executed (and then you can use Skype or whatever to go around long distance phone charges obviously). But still, this is just so screwed up that a company would not see that it is in its best inte

Re:

[dakameleon]

Yes, because the alternative is... no, wait, Android devices don't let you access root so easily either. Hang on, I'll come up with something...

Re:

[bhtooefr]

The alternative is Windows Mobile 6.5.

Which doesn't support any permissions other than root.

Enjoy!

Oh, you don't like that? Well, I'm sure there's an old Centro running Palm OS 5.4.9 lying around...

(Actually, on a serious note, HPalm hands out the password necessary to get the USB debug interface going, and from there you can easily get root and install whatever you want. Also, if you get a Nexus phone, you can get root without hacking the thing, using an adb, IIRC, and you get an OS that actually has softwa

Re:

[s73v3r]

6.5 is old news and obsolete like Symbian.

That was his point.

Windows Mobile 7 is out and Mango 7.5 is pre-release and about to hit market in a few weeks. According to sites like www.amplicate.com the platform has very good ratings. The gui is very well thoughout and it is identical to Windows 8 and syncs with your desktop much better than an Andriod (I do not know about Iphones).

If you're pissed off about needing a Mac to do iPhone development, then you should be equally pissed off about requiring Windows to do Windows Phone 7 development. Otherwise you're just an anti-Apple hypocrite.

You own the phone and there are other permissions too.

Nope. It's locked down just as much as the iPhone. Remember, you still need to pay the same $99 a year to put your own stuff on it.

I guess you wont have bugs like slashdot rendering poorly because it thinks my Andriod 2.1 phone is Chrome.

Probably because they share the same guts.

Re:

[tepples]

Android devices don't let you access root so easily either

Android-powered devices don't require root access just to install non-Market applications.

Re:

[s73v3r]

They do if you're on AT&T.

Re:

[wolrahnaes]

no, wait, Android devices don't let you access root so easily either.

The Nexus One, Nexus S, Xoom, and Altrix among others beg to differ. By the end of the month the Sensation and Evo 3D will have joined the crowd.

Re:

[spire3661]

WebOs has built in root access, jsut type in "upupdowndownleftrightleftrightbastart" to unlock dev mode.

Re:

[Graff]

I made an assumption that there is a market for more open phones and I believe, (maybe incorrectly), that Android based phones are more open than iPhones. I could be wrong, but that would amaze me actually. They are not more open?

They are as open as each individual manufacturer wants them to be - which, in many cases, is pretty damn closed up.

Sure there are ways to open them up, just like you can open up the iPhone, but it's not a simple process on a lot of them.

Re:

[Rennt]

They are as open as each individual manufacturer wants them to be - which, in many cases, is pretty damn closed up.

Not anymore. HTC put out an official statement back in May (issued by the CEO himself) that they will not be locking the bootloaders on any new devices. Samsung responded in April with a similar (albeit unofficial) statement.

Motorola are the only manufacturer who seem to be stuck in the "don't give the customer what they want" rut, but they haven't exactly been setting the Android world on fire since the original Droid.

Re:

[Relayman]

Ironically, the reason you need to jailbreak your Android phone is that most don't ship with the latest software and no provision for upgrading. Not a problem with iOS.

Re:

[s73v3r]

Yeah, his statement is still correct. Granted, there are manufacturers saying that they are going to open the devices, but there are still others that won't.

And remember, from Motorola's point of view, YOU ARE NOT THE CUSTOMER. Verizon is the customer, and if Verizon wants locked phones, then they get locked phones.

Re:

[spire3661]

It cracks me up when people balk at developing for iOS because they have to have a mac. Trying developing for any other console platform and see what it costs to get started.

Re:

[s73v3r]

However, it is locked and tied down to Apple and you can forget about developing software for it without a mac.

I really, really don't get the pissed-off-ness about this statement. Unless you think you should be able to develop for Windows Phone 7, Xbox 360, or DirectX without Windows.

Re:

[RyuuzakiTetsuya]

I'm sure having record year over year profits is so short sighted. :) Even over a year after the iPhone 4 came out, it's still outselling individual phones from the likes of HTC and Samsung.

People want products they can use now, not products they might be able to get to work with some hacking.

I'm amazed geeks DO NOT GET IT.

At all.

Re:Having to jail break your own freaking phone

[Haedrian]

Even over a year after the iPhone 4 came out, it's still outselling individual phones from the likes of HTC and Samsung.

Its not such a good comparison. Here's why. You use a smartphone to run certain programs on it (or to look good or whatever).

If you want an Android phone, you have tons of choice. Most of them will run the same software, and so you just choose your price range or whatever.

If you want an iOS phone you basically either buy second hand, or buy the current iPhone.

So the iPhone isn't better than 'individual' phones, its just the only choice you have if you want iOS

Re:

[Wingsy]

"If you want an Android phone, you have tons of choice. Most of them will run the same software, and so you just choose your price range or whatever."

It's the whatever that non-geeks (and many geeks) don't care for, and they have no clue what whatever is anyway. Probably the reason why customer satisfaction is off the charts for iPhones, and not so stellar for Android. When you buy an Android phone you may get x, y or z (yes, they're all Android, but futzed with in different ways by different carriers).

Re:

[Wovel]

And IOs is the choice for App developers because those Android phones don't in fact all run the same software.

Re:

[TrancePhreak]

This is a big misconception. Unlike iOS where there have been plenty of API breaking changes, Android has been more stable. You can write for 1.6 and it will work on pretty much any device out there. Or if you want the new fancy UI stuff there is a package that will let it work on older devices provided by Google themselves.

Re:

[s73v3r]

No, there hasn't, unless you're using undocumented Private APIs.

Re:

[s73v3r]

Its not such a good comparison.

It's not a good comparison to compare one manufacturer's product against another manufacturer's product?

So the iPhone isn't better than 'individual' phones, its just the only choice you have if you want iOS

Yeah, no. You're just trying to make excuses here. "People keep choosing iOS! But that doesn't mean that they don't like it more! They don't have a choice!"

Re:Having to jail break your own freaking phone

[Haedrian]

He used the assertion that it outsells "individual" phones as proof that apple got their strategy right. I disputed the his proof and not the conclusion.

If you notice his second sentence was "People want" which is a stepping stone based on how they're purchasing iPhones more than any other individual phone.

Re:

[bjourne]

No, people want status symbols. Overpriced phones from Apple are perfect status symbols for people with to much money to spend. We geeks get it 100%, it is just that we despise it because it disguists us.

Re:Having to jail break your own freaking phone

[Richard_at_work]

What is it that "we geeks" get?

I had both an iPhone and an iPhone 3G, before getting pissed off with iOS 4 on the 3G enough to decide to try out the Android side of the story.

I acquired a new HTC Desire in February, and merrily set about using it as my main phone. Today is the 8th of August, so I have been using my HTC for around 6 months as my main phone - and the conclusion I have come to is that I absolutely hate it.

I have to dig around in subscreens to get to the apps I want - on the iPhone I just scroll left or right on the home screen, but on Android I only have six homescreen slots for apps, the other home screens are taken up with applets, mail and other shite, so I have to open the apps screen specifically, and then dig around in there.

The back button on the HTC is unbelievably broken - it entirely depends on what you were doing before as to what action it has. Does it return you to the home screen or to the previous page in the app? It depends! For example, I get a text message while my phone is locked - I unlock the phone and the message is displayed. I now want to refer to another message I have received previously, and since I am in the SMS app (as that is what is loaded), I click the back button to get to the message list. And I get dumped to the phones home screen instead. If I open the SMS app myself, the back button works as expected! Lots of examples such as that.

The Android Market Place is a terribly poor user experience, I utterly hate using it - its hard to find apps, its hard to search, its hard to preview apps. The AppStore just seems so much better put together, especially when browsing from the device itself!

I have had far far more interface issues with the HTC than I did with either of my iPhones - for example, the other day I was on the phone to a colleague, and the call dropped - but the HTC wouldn't let me hang up! It was sat there on the call screen, with the "End Call" button active but nothing on the line - and each time I clicked "End Call" it would briefly blank everything and then the call screen would reappear. This has happened to me several times.

The screen locking is poor - I cant count the numerous number of times I have taken my HTC out of my pocket to find my penis or keys had randomly dialled someone, or started to write an email. And yes, I am sure the phone was locked (prime example of this happened to me earlier today - I ended a call, locked the phone, put the phone in my pocket - 5 minutes later, I take the phone out to make another call and the phone is unlocked and halfway through a gibberish email).

The HTCs touch sensitivity seems to wildly vary depending on what you are doing, and buttons can be hard to actually get a press confirmed on - plus the onscreen keypad isn't anywhere near as good as the iOS one.

Thats just some of the issues I, as a "geek", have with my Android phone - I desperately want to go back to an iPhone...

Android back is like Windows Alt+F4

[tepples]

The back button on the HTC is unbelievably broken

Back on an Android-powered device always closes the frontmost window. It's not unlike Alt+F4 on a PC running Windows. Maybe you haven't picked up on it because web pages are treated as windows in the back stack.

Re:

[s73v3r]

Yes, but would you say it's not unreasonable to expect the Back button to take you to the Message List from the Conversation View in an SMS app? Especially given the fact that almost none of them have a way to get back to the Message List from the Conversation View because they all expect you to use the Back button?

Re:

[bjourne]

Nice read. Guess someone who likes HTC phones could offer some counter points to at least some of your issues. But you know as well as I do that none of the above is the reason why 99% of iphone consumers chose that phone. Of course, in reality most smart phones are underutilized status symbols. It's just that the iphone is the most egregious example since marketing, combined with the herd mentality of the status seekers has made it the dominant one.

Re:

[jo_ham]

Marketing only works to a point. If your product is garbage, you might get some early sales due to marketing, but eventually you will be found out and word of mouth will spread, along with reviews and so on.

What happens with the iPhone is that *people actually like using it*, and people who don't have one who use one (either a friend's phone or by trying one out in the store) like it too - it does what they want it to do, and is easy and intuitive to use.

For someone who wants a smartphone, just using an iPh

Re:

[s73v3r]

Blah Blah, I'm jealous of smartphone owners, and I can't see why anyone would have a different opinion than me, so it must all be marketing. Never mind the fact that it actually is a good, solid product that was light years ahead of anything else on the market at the time it came out, especially in terms of usability. It's just marketing.

Re:

[s73v3r]

The back button on the HTC is unbelievably broken - it entirely depends on what you were doing before as to what action it has.

This isn't a problem with any phone manufacturer; this is a problem with whoever developed the app you're using at any given time. Many developers implement back button functionality poorly, or they give it some other weird functionality that isn't consistent with the App Developer Guidelines. Many of these apps also would have been rejected on iOS if they tried anything like this, and told to fuck off until they fixed it. Not necessarily a bad thing.

Does it return you to the home screen or to the previous page in the app? It depends! For example, I get a text message while my phone is locked - I unlock the phone and the message is displayed. I now want to refer to another message I have received previously, and since I am in the SMS app (as that is what is loaded), I click the back button to get to the message list. And I get dumped to the phones home screen instead. If I open the SMS app myself, the back button works as expected! Lots of examples such as that.

This actually has to do with they way things are structur

Re:

[Sancho]

The back button was a great idea that had horrible consequences, in part because of some underlying Android fundamentals, and in part because the implementation of the back button's behavior is developer-determined.

Apple's App store prominently features high-quality apps on the front page. If the app isn't on the front page, it's not much easier to find than on Android, except that there's a lot more cruft on Android. Generally, if I search for anything on Android, I'll get tons of wallpaper or other apps

Re:

[Overzeetop]

I'm sure (no, I know) that there is a subset that wants the status symbol, whether its the iFoo for the metrosexual, or the Nexus Foo for the geek crowd - it's the same thing. Most of us just want a device that will do what we need to function, and do it with a minimum of fussing. Apple provides mediocre products that fill 95% of the average users needs and require near zero setup and maintenance - QED.

In the horrible parlance of automotive analogies, I don't need a vehicle that can do 0-60 in under 6 seco

Windshield washer fluid

[tepples]

And unless I'm refilling the wiper fluid, I never want to open the hood.

To continue the analogy, some companies' products don't even let you do that. You have to use the company's own brand of fluid, or the reservoir won't refill.

Re:

[Wovel]

You have never owned an iPone. You are simply spouting BS you have read on Internet forums. Stopping referring to yourself as a geek. You have neither the technical nor analytical ability to claim that title.

Re:

[s73v3r]

This is the most retarded, and geek-hipster statement I've ever read. Congratulations, you've made everyone realize that you think you're better than everyone else.

Re:

[roman_mir]

To continue my line of thinking [slashdot.org] - I wouldn't at all be surprised if at some point it came out that Apple is actively involved in providing ability to quickly jail break the iPhones and other devices that Apple sells on their own to the community through proxy.

Would you be surprised to find out that they did that? To me it seems that the only logical explanation as to why Apple is even locking the phones at all would be 2 fold:
1. Some government regulation.
2. Some private contract with a phone company, like

Re:

[Rennt]

If there was a secret jail break button combo or something (up, up, down, down, left, ...) that unlocked your phone, I'd say you might be on to something - but the methods used are usually security exploits that can also be used by remote attackers to compromise your phone - I really don't think Apple are doing it on purpose. Security is just hard.

Re:

[Wovel]

Why do people keep referring to these long distance profit paranoia when Skypemand countless other VOIP programs have been in the Appmstore for years and Apple went outofmtheir way to make them work better in iOS 4.

Really would not kill you morons to do a 5 second google search. Of course, that would shatter your paranoid fantasy world.

Re:

[Sancho]

Apple wants to control the experience of the end-user. It's that simple. They've learned that providing a great experience to most people is better than providing a good experience to everyone. There will be companies who do certain things better than you, and people who want those things to the exclusion of others. There will be people who don't want to buy your product because they don't like your style, or don't want other people to think that they've embraced your culture. Or they think that your p

My Android phone works fine without hacking

[Snarky McButtface]

The hacking is for fun.

iOS developer program

[tepples]

However saying that because Apple has excellent profits now with the phones locked doesn't at all mean that they couldn't have even more profits if they allowed an option (maybe for some extra money) to those who wanted this option to remove any sort of protection against USER using the device the way they wanted to

Apple already offers this option. It costs $649 to buy a Mac mini if you don't already own a Mac, and then $99 per year to join the iOS developer program.

Re:

[tepples]

if that is true, then I am correct, it makes them more money to sell the ability to break the devices out of jail and do whatever you want with them.

Exactly. It's actually based on the deal that Microsoft introduced with Xbox Live Indie Games: buy a new PC with Windows and pay $99 per year for App Hub and you'll get the right to develop Xbox 360 games in C#. This model is actually less closed than it used to be with the other game consoles and BREW smartphones, where one had to have "relevant industry experience" in order to qualify for a devkit. And in order to gain such experience, one had to leave his family behind and move to the same city as an est

Re:

[s73v3r]

Why would that make them less profit rather than more?

Returns and support. It would cost them much more to handle the idiot users out there who think they're l33t enough to handle opening their phone, and then fuck it up. So they either have to support them, or deal with the bad publicity of "Apple not standing by their customers and product!"

Re:

[mr_lizard13]

Having two thirds of the entire mobile phone industry's profits despite selling just 2 phones would seem to suggest Apple knows what's in its best interests.

Of course that doesnt stop the waves of people willing to offer them free advice on how they should be doing this properly.

Re:

[mwvdlee]

I must admit have ~67% of market profits is rather impressive considering they only have ~16% of the market (http://en.wikipedia.org/wiki/Smartphone).
It means they make about 168x more profit per phone compared to the others.
Wow!

Re:

[Wovel]

It does offer a glimpse into the reality behind Android market share. 2 of the 4 largest manufacturers, at least for US users, lost money last quarter.

Re:

[mr_lizard13]

Isn't Android open?

Manufacturers selling Android phones don't collectively have two thirds of the profits.

Re:

[mr_lizard13]

Firstly, all the numbers suggest Android handsets sell more - not less - than iOS. This isn't about marketshare though, it's about profit share. At least it is if you have shareholders, and want to generate a stack of cash which fuels further R&D, future products, low component costs etc.

But anyway...

The reality is Apple has a proven business model which is notable by it's aversion to being open. It's unashamedly a closed platform as far as obtaining software is concerned, and yet it has been an i

Re:

[s73v3r]

You're trying to dispute actual facts with "What ifs". That doesn't work. They know far better what they are doing than you do.

Re:

[s73v3r]

It wouldn't. They would not increase their profits, and they would have increased costs in support and returns.

And only like what, 10% of iOS users jailbreak? There's no way they would sell enough of those "gadgets" to break even on their costs. Especially not when they can have manufacturing partners do all of that for them, after they've been vetted by Apple. And the bonus is that they can sell them to the entire iPhone user base, not just a subset of jailbreakers.

Re:

[Wovel]

What's truly amazing is that you would make such a wild proclomatiom without any basis in reality...

Skype? Really? This is our example? Skype and other VoIP programs have run on iOS for years. In 4.0 Apple added special hooks to the OS just for VoIP calls to run I'm the background so you can use those free calls while doing other stuff. Clearly preventing Skype is what this is all about.

Did you even bother to try and have an informed opinion?

Re:

[UnknowingFool]

Apple could make more money by selling a way to open the phones and by selling more devices/apps into the aftermarket.

I would guess legal liability would be a reason. By giving users an option to unlock the security, it can be taken that they are condoning any actions that may arise. If something goes wrong, some users even if they have to click a bunch of "Yes" screens would sue regardless. Also remember you are not the only person that can guess access to your phone. If say an ex girlfriend, wife, etc unlocks it and plants spyware to stalk you or plants child porn, etc, no Apple isn't responsible but since they provi

Re:

[Sancho]

I think it's more about perception. Apple wants their phones to be perceived as high quality. Phones which crash won't be perceived as high quality. Running outside of the sandbox means it's more likely that an app can cause the phone to crash. It means that it's more likely that an app can destroy your data.

Look at Windows. It's got a horrible reputation for stability. However, most BSOD I've seen have been the fault of 3rd party drivers. That's the risk you take giving ring 0 access to third-parties. You

Re:

[Sancho]

Well, for various definitions of "completely open", there are some in the US. the N900, for example, gets you as open as a Jailbroken iPhone. The Nexus One and Nexus S from Google do, too. Openmoko was an attempt to build a completely open source phone (hardware and software) but I believe patents got in the way of it being a truly useful device (nonetheless, you can buy them. They don't have 3G, unfortunately.)

I don't think you can modify the baseband of the phone--the part that would be subject to the

Re:

[mwvdlee]

iPhones maybe the best thing since sliced bread, but how would that change at all if Apple sold a way to jail-break their devices for some extra cash and then sold more after-market gadgets and apps for the phone?

It would change because now everybody would be able to create and add features to the iPhone with Apple only receiving some money for the cable instead of receiving a shitload more when everybody is required to buy the next iPhone with those exact same new features. Apple would lose their ability to sell software-only upgrades.

Re:

[mwvdlee]

Whether or not it's a smart business decission I doubt, but Apple seems to believe that any freedom given to the rest of the world means less profit for them.
You, opening up the platform might enable Apple to sell more devices. OTOH, third parties would be able to sell more devices as well and, more importantly, Apple would be unable to sell the iPhone 17 which has the new "connect this specific device" feature that customers want. Apple want to keep everything closed so they can sell a slightly less closed

Re:

[Sancho]

It's almost like the population of Slashdot users isn't completely homogeneous. Weird!

Re:

[spire3661]

I have but one word for you.......Stuxnet.

Debugging circuitry...

[Zapotek]

...exists in pretty much all phones (amongst other devices) although most would require some soldering on the PCBs, they are also used for forensic investigations -- or have completely separate circuits used just for forensics.
I don't remember much to be honest (like protocols etc) but I remember it from a forensics class I took.

The only surprising thing here is that they allow access to that circuitry via the normal device ports.

Re:

[Graff]

The only surprising thing here is that they allow access to that circuitry via the normal device ports.

This is not debugging circuitry. This is a normal serial interface that has been known about for a good long time and is even talked about in Apple's documentation. You do need to have a breakout cable to access the serial lines but once you have that it works just like any other serial port does under Darwin.

Re:

[TeknoHog]

The only surprising thing here is that they allow access to that circuitry via the normal device ports.

This is not debugging circuitry.

A lot of devices have TTL level serial ports hidden somewhere, so I would presume they are there for debugging purposes. Most computers haven't had serial ports in years, but new devices keep popping up with these TTL ports, so I guess the idea is to reserve it for professional uses. One nice thing about this discrepancy is, when all of your serial ports are TTL level, you don't need level converters.

Re:

[drinkypoo]

Most serial ports these days will accept a 5V signal, so if it's actually TTL then it works. A crapload of small devices have ~3.3 volt serial ports on them for debugging (e.g. Dockstar) and you need to shift the levels before even a particularly tolerant serial port will work.

Re:

[petermgreen]

Most serial ports these days will accept a 5V signal, so if it's actually TTL then it works.

IIRC most logic level serial is inverted compared to RS-232 (because most RS-232 level shifters are inverting) sometimes you can reconfigure the logic polarity but if your device doesn't allow that then you would need to add an inverter (at which point you may as well add a level shift chip and do it properly IMO).

Also note that while TTL ran off 5V the logic levels it used were closer to 3.3V cmos than to 5V cmos. Indeed it is pretty common to use 5V cmos devices with "TTL compatible inputs" to convert a s

Re:

[drinkypoo]

Well, virtually anybody around here knows more about electronics than I do. I took a couple classes back in high school as a mere froshling but it didn't really stick. And I'm bad at math. I get some of the basic concepts but I can't rattle off anything but a vulgar resistor color code mnemonic. I did manage to get myself a nice little electrician's handbook at a yard sale for a quarter recently, though, so hopefully that will up my game ;)

Re:

[TeknoHog]

Most serial ports these days will accept a 5V signal, so if it's actually TTL then it works.

IIRC most logic level serial is inverted compared to RS-232 (because most RS-232 level shifters are inverting) sometimes you can reconfigure the logic polarity but if your device doesn't allow that then you would need to add an inverter (at which point you may as well add a level shift chip and do it properly IMO).

True. I've done a fair amout of hacking on these, and the original article seemed rather ignorant. Of course, the way we speak of "voltage levels" is rather misleading, as there is a lot more to it.

To be precise, a mere logical inverter won't work, because RS232 uses both negative and positive levels. Logical high is negative, low is positive, and zero is undefined. This is for the data lines, the control lines (CTS/RTS) are the other way around.

Re:

[gl4ss]

not on all phones. it's common to leave easy jtag out of devices sold to consumers and even to go to extra lengths to remove such access(or to build some security controls on it). for control, trusted computing and all that shit. because, you know, what good is a carrier lock you can get removed at china town? forensics guys don't do more than they do at ct.

leaving the connectors connected - or even just exposed - is just asking for hacking. Nintendo learned that stuff the hard way with wii..

Re:

[reub2000]

My atrix allows debugging over the usb port. To enable it just check a box in the settings. Find some script written by a teenager in his mom's basement, and you have an unlocked phone.

Schematics

[psergiu]

We want the schematics for the "hacker cable".
The schematic from the link in the TFA, ( http://www.ionetworks.com.au/files/serial_port.pdf [ionetworks.com.au] ) using pins 12 & 13 of the dock connector is for a "accessory connection" cable and can be used from a jailbroken iPhone with /dev/tty.iap but the bootloader won't send anything on those pins at startup.

modulo?

[mwvdlee]

Perhaps I don't understand the context, but it appears to me TFA uses the word "modulo" where it means "minus".

Re:

[Tacvek]

To quote wikipedia:

In the mathematical community, the word modulo is often used informally. Generally, to say "A is the same as B modulo C" means, more-or-less, "A and B are the same except for differences accounted for or explained by C".

With that in mind, the summary is saying this article and and the previous one cover the same topic except for differences accounted for by "kernel debugging abilities".

In this case that does mean pretty much the same thing as the word minus would have, and the word minus would probably be have a better choice.

more details ?

[Tom]

Hm, what am I missing here?

It requires an already jailbroken device. So you need to be root already. What additional functions does this allow you to access that you don't already can?

Computer nerds used to like this

[vijayiyer]

Back when Slashdot had "news for nerds" instead of a bunch of fanboys living in their basement, people would be excited about hacks like this. Instead, we get a back and forth by who haven't written a line of code in their life and know absolutely nothing about security. I don't know why I still read this crap.

Re:

[arbiter1]

it it was an exploit that was taken care of them it would be a exploit now so it wasn't taken care of to start with so they are to blame.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[MichaelSmith]

If you can hold the computer in your hand, security has little to do with the operating system.

Re:

[RyuuzakiTetsuya]

Okay, then, CPU?

I think that it's absurd to have the opinion that nothing is unhackable. I think it's feasible to think that there may come a day when security gets tight enough that a computing system for consumer use could become exploit-proof. Look at the PS3. It wasn't until that USB boot exploit was discovered was the thing broken open.

Yes, it's a bit of special pleading, but, most attack vectors were covered. Sony did learn from the PSP. It's conceivable that there could be a day when the only wa

Re:

[CProgrammer98]

"I think it's feasible to think that there may come a day when security gets tight enough"

Umm the intertubes is a couple of decades old now and we're still no nearer to this. Your own example counteracts your argument

So... call me, I'll be waiting... (oh and there's another small problem - you can't prove that a system is unexploitable)

Re:

[Antique Geekmeister]

> If you can hold the computer in your hand, security has little to do with the operating system.

That belief is, of course, completely mistaken and is the source of endless exploits inside wireless equipped LAN's and offices that "trust the people they work with". The threshold is deliberately left so low by both engineers and policy managers with this belief, as a matter of personal convenience, that rootkits and exploits run rampant inside "closed" networks and devices that entirely ignore local securi

Re:

[Pieroxy]

While I agree with you from a theoretical standpoint, the complexity of modern operating systems more or less guarantees that nobody with a finite amount of time will ever be able to secure one 100%.

Re:

[Cyberax]

And you're wrong - there are provably secure operating systems.

Then there are just plain scarily secure operating systems: QNX and (to lesser extent) VxWorks. QNX in particular has just about 2000 lines of kernel-level code which is highly audited, tested and probably damn near bug-free.

Similar approaches are already used in hypervisors. It's certainly possible to make a provably secure hypervisor, for example.

Re:

[CProgrammer98]

>And you're wrong - there are provably secure operating systems.

Citation please?

Re:

[Cyberax]

Here's a link to implementation: http://ertos.nicta.com.au/research/l4.verified/ [nicta.com.au]

You can also check: http://en.wikipedia.org/wiki/Coyotos [wikipedia.org]

Re:

[Pieroxy]

probably damn near bug-free.

The two words I've highlighted pretty much proves my point.

Re:

[Cyberax]

Well, there _are_ provably secure OSes (seL4, Coyotos).

QNX is not formally proven to be secure, but in practice it is - I'm not aware of any vulnerabilities in its microkernel.

Re:

[Pieroxy]

The problem being, a machine is more than an OS. Some NICs are insecure and one can hack into their microchips. That's a good place to do man in the middle attacks. Other exploits don't need root privilege to do their deeds. They'll target the running apps, not the kernel.

All in all, I must say that I don't know how you can prove an OS is secure (and I doubt it is an accurate description of security). You can prove there is a vulnerability by finding it. How do you prove there's no vulnerability ?

Re:

[Cyberax]

Imagine that your phone only runs signed software. And the hypervisor continuously checks that all executable code in RAM is signed.

Now what? You can exploit an application, but it will be immediately detected by the hypervisor. Embedded firmware might dodge it, but it won't be able to do much - all the traffic that goes in/out of NIC is already untrusted.

It'll take a couple of generations of hardware to achieve this. But ultimately it WILL be done.

Re:

[Pieroxy]

It reminds me of the discussions on slashdot in the early days of virtualization (early 2000s). It was like "Of course it's secure: even if the VM is compromized, the virus cannot spread to the host." Except it can spread to the host. Because VMWare is not bulletproof either, and you can exploit the VGA drivers, USB drivers, etc. Especially if you're root on the VM.

The hypervizor thing will be the same IMO. You'll be able to target the encryption, the signing, whatever is exposed to the outside can be explo

Re:

[MobileTatsu-NJG]

Insecurity isn't an inevitability.

As long as there is a human at the keyboard, yes, it is.

Re:

[s73v3r]

I think he meant closed as in, no way to get in or out. So you couldn't actually do anything with it.

Re:when i think back to years gone by

[itsdapead]

I remember the days when apple play commercials claiming their OS don't get virus's, malware, etc.

That was in the old days when major Windows applications required you to run as administrator, when mail messages could silently install software and an unpatched XP machine connected to the internet would be infected before you had a chance to download the patches. Win 7 has done a lot to reduce that, which may by why Apple dropped the ads...

An iOS exploit that requires physical access to the machine, a custom cable and only works on a machine which has already been jailbroken (i.e. deliberately cracked by the legitimate user) isn't exactly in the same league as the sort of remote pwnage seen on PCs in the Bad Old Days.

Re:

[drinkypoo]

It was particularly hilarious given the virus-fest that was Classic MacOS. No memory protection until what, late OS 8? And nothing good for anything until 9. I had to run two antivirals on Classic MacOS... gatekeeper and disinfectant. Such snazzy names.

Re:

[The123king]

The opinion that Jailbreaking is "stupid" is exactly that, an opinion. There are many reasons to jailbreak, and in reality, you're only more vulnerable than unjailbroken iDevices to viruses if you don't change your default SSH passwords[1]. If you don't do that, then it's you who's stupid. [1]http://news.bbc.co.uk/1/hi/8373739.stm

Re:

[qxcv]

That's like saying "Windows Vista doesn't get viruses if you use a Microsoft Certified Firewall Solution, Microsoft Certified Anti-Virus Solution, only install Microsoft Certified software and don't open files from outside your own network in addition to exercising due diligence and having your computer serviced by a Microsoft Approved Technician weekly."

Also: jailbreaking uses the same mechanism as viruses do to get onto your iPhone. A virus could well jailbreak your iPhone and install itself without you

Re:

[s73v3r]

That's like saying "Windows Vista doesn't get viruses if you use a Microsoft Certified Firewall Solution, Microsoft Certified Anti-Virus Solution, only install Microsoft Certified software and don't open files from outside your own network in addition to exercising due diligence and having your computer serviced by a Microsoft Approved Technician weekly."

No, not even close. Quit with the FUD.