Skip to content
/ jailbreakme Public

A webbased jailbreak solution unifying existing jailbreak me solutions and new ones.

racecondition.win

License

View license
89 stars 20 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

MTJailed/jailbreakme

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

106 Commits
DOCS
DOCS
 
 
analytics
analytics
 
 
assets
assets
 
 
modules
modules
 
 
payloads
payloads
 
 
unittests
unittests
 
 
.htaccess
.htaccess
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
RULES.md
RULES.md
 
 
SUPPORT.md
SUPPORT.md
 
 
fuckoff.html
fuckoff.html
 
 
index.html
index.html
 
 
modular.js
modular.js
 
 
style.css
style.css
 
 
testmacho
testmacho
 
 

Repository files navigation

Jailbreak Me 13.37

A webbased jailbreak solution unifying existing jailbreak me solutions and new ones.

Created by Sem Voigtländer

Please read RULES.md as well

Support

  • 8.4.1 & 9.3 up to 9.3.3 & 11.3.1 (64-bit)
  • 3.1.2 up to 4.0.1 & 8.4.1 and 9.1 up to 9.3.4 (32-bit)

Read more: https://github.com/MTJailed/jailbreakme/blob/master/SUPPORT.md

How it works

Using ModularJS various modules are loaded at runtime.

These modules can be divided into the following stages:

1. Identification

  • Uses an information leakage (not vulnerability) in WebGL to detect the GPU of the victim device
  • Uses the browser agent to define what browser and firmware to exploit
  • Uses size and resolution constraints to detect the specific victim device
  • Uses various debugging information about the hardware environment using window.performance or window.navigator
  • Uses benchmarking algorithms and hashing to identify and track the victim device.

2. Eligibility

  • Using the identification information the victim is checked against various constraints, such as whether the victim is a mobile device or a desktop.

3. Strategy selection

  • Based on the eligibility constraints and identity the exploit strategy will be selected for the victim device and loaded.

4. Payload retrieval

  • The strategy will load the payload(s) for the victim device, on iOS this can be for example Cydia, on desktops for example a remote administration tool.
  • The payload is aligned so it can be used later when the exploit has created an executable region.

5. Exploitation

  • The exploit is started and carefully sets up read/write primitives in the browser memory.
  • Once r/w is gained an executable region is created and the payload is aligned / copied into it.
  • The exploit jumps to the shellcode and starts executing it

6. Post-Exploitation

  • Various tools and capabilities could be setup after successful completion of the exploit, such as a telnet client to gain a shell on the victim from the browser.

Credits

  • 5aelo
  • Niklas B
  • Tihmstar
  • Luca Todesco
  • KJC Research
  • Comex
  • PanguTeam
  • Ian Beer
  • Argp
  • Evad3rs
  • Jonathan Levin (For the jailbreak toolkit)
  • Lokihardt (For being able to pwn browsers within a wink)
  • Sem Voigtländer (just a techie)
  • (@wwwtyro) https://github.com/wwwtyro/cryptico

About

A webbased jailbreak solution unifying existing jailbreak me solutions and new ones.

racecondition.win

Resources

Readme

License

View license
Activity

Stars

89 stars

Watchers

9 watching

Forks

20 forks
Report repository

Releases 2

UFOFinder iOS 10 - 11.4.1 (stable, 64-bit) Latest
Jul 9, 2018
+ 1 release

Packages

 
 
 

Contributors 5

Languages