JailbreakMe! Jailbreak tutorial

Www.2cto.com: If you think the text image is not intuitive, you can watch the video:

JailbreakMe is a perfect jailbreak for iPad 1 generation, iPad 2, iPhone 4, iPhone 3GS, iTouch 3, and iTouch 4 iOS4.3.3 firmware ~ It's so powerful! I'm not so excited again ~

FirstOpen the Safari browser on the iPadEnter the URL http://www.jailbreakme.com/to the bottom:

▲Click the Free button under the Cydia icon, and then click the green Install

In this case, the browser automatically exits and returns to the desktop for Cydia download.

▲According to the speed of the network, it does not take too much time to download. It seems that it takes 20 seconds to download the file.

After the download is complete, a complete Cydia program will appear. Click to enter.

▲For the first time I entered Cydia, I had to select my identity. xiaobian shamelessly chose "hacker"

Since this jailbreak exploits the vulnerability when Safari opened a PDF file, to prevent the vulnerability from being exploited maliciously, comex then provided a PDF vulnerability patch on Cydia, now, you can use JailbreakMe to install the patch again by searching "PDF Patcher 2" in Cydia.

▲Pdf security patch released by conmex

The text above is too cumbersome. Check more intuitive video tutorials.

▲Enter Cydia and click search in the lower right corner.

▲Enter PDF Patcher 2 in the search box.

▲Click confirm in the upper right corner to install

▲Reboot the device after installation to complete the jailbreak !!

The reason why the patch pdf patcher 2 cannot be found in cydia is probably because it is a brand new software, which is not found in the cache and must be completely loaded again. Therefore, you must search for the patch after cydia is fully loaded. Check whether the patch is fully loaded. You can see the prompt in the upper left corner of the screen. The time when cydia is fully loaded depends on the network speed. It may take several minutes or even ten minutes. Wait for a moment before starting Cydia for the first time after restart. do not perform any operations.Because conmex released a JailbreakMe patch to fix the camera kit BUG in July 12, a dialog box will pop up when the source software is synchronized. For example:

▲Click "update only necessary software packages" to install

▲After installation, return to CydiaPC to log on to the JailbreakMe interface, for example:

JailbreakMe 3 PDF jailbreak uses a buffer overflow vulnerability in the Apple iOS operating system to handle Postscript Type (also known as Adobe Type 1) fonts. The vulnerability exists in the t1_decoder_parse_charstrings () function, this function is used to decode the CharStrings field in the Type 1 font file. The font file used in the jailbreak vulnerability contains a 351-byte special CharStrings field. After this function processes this special field, as a result, a callback parsing function stored in the stack for processing the glyph is overwritten, which affects the execution process of the program and can be used to execute arbitrary code.

Due to the special nature of the iOS system, the program code signature, the Nerver execute bit setting of the ARM processor, and address randomization protection increase the difficulty of jailbreak. Due to the special nature of this vulnerability, you can determine the address in dyld_shared_cache in the font program and execute the Shellcode of drop.

After the PDF vulnerability is exploited, the kernel vulnerability in the iOKit interface is called to escalate the root permission, disable the code signature in iOS, and replace the sandbox in the kernel.

The browser extracts the authority and decompress the executable file locutus to the/tmp directory. After the file is executed, it connects to the comex jailbreak server to download install. dylib: The deb package saffron-jailbreak and Cydia installation files that are perfectly jailbroken