Chronic Dev Team: Update On iOS 5 Jailbreak; Release C-Reporter Dev To Discover New iOS Vulnerabilities

BY Jason

Published 27 Nov 2011

greenpois0n

Chronic Dev Team has just published a blog post titled “Weapons of Mass Exploitation” in which they’ve given an update on the untethered jailbreak for iOS 5 and also released a tool called C-Dev Reporter, which will enable iOS device users to send device crash reports to Chronic Dev team that could be helpful in finding new vulnerability in iOS.

Chronic Dev team have released greenpois0n, which was a popular jailbreak tool for iOS 4.2.1. Couple of months back they had announced that they had discovered 5 new vulnerabilities in iOS 5 beta and a recently a bug in iOS 5 that could help in developing an untethered jailbreak for iOS 5.x.

Chronic Dev team has given the following update on the untethered jailbreak for iOS 5:

during my JailbreakCon talk in September, I was excited to announce that the Chronic Dev team had already discovered 5 different exploits for use in our upcoming jailbreak. Unfortunately, that announcement was a bit premature, because in the subsequent weeks, Apple found & patched a (critical) few of those exploits, between the beta versions we used for testing and the final release of iOS5 on October 12.

Sadly (and trust us, we are much more sad about this than any of you could possibly be), this has prevented us from being able to release a new jailbreak as quickly as we wanted to. As I hinted at earlier this week on Twitter, I was initially disheartened to think that so many of the countless hours we’ve worked on this jailbreak seemingly went right down the drain.

Not to mention, these are by no means the first exploits that have been “lost” by Chronic Dev (or any other iOS hacking teams) in this manner. In fact, these are just a few in a long-running series of exploits that were patched by Apple before we hackers could make use of them in a free jailbreak for you, our loyal fans.

Chronic Dev team goes on to explain the method Apple uses to find vulnerabilities:

One of the primary challenges in working with userland exploits is that, every time any program crashes on your iPhone, a “crash report” is generated and instantly sent back to Apple. As you can imagine, while we’re working out all the kinks in the exploitation of a vulnerability, we may need to crash any particular program thousands & thousands of times.

It’s possible to change your iTunes settings to stop sending this diagnostic information back to Apple, and of course everyone in Chronic Dev has made this change on all our development machines. However, even this is not always 100% effective at preventing Apple from obtaining our data. For instance, if one of us is at a friend’s house and plugs our iPhone up to his or her computer (even just to charge it), it’s very likely that computer is set up to send all our valuable data & crash reports right back to Apple.

Chronic Dev team have released a new tool called C-Dev Reporter, which uses a similar method to help find the vulnerabilities:

All this program requires from you is to attach your iOS device to your computer and click a single button!

At this point, the program copies all the crash reports off your device (which, under normal circumstances, would be sent right back to Apple), and instead sends this data to a secure, private server hosted by your friendly Chronic Dev team. Next, our program proceeds to neuter your copy of iTunes, simply by changing your settings to prevent your computer from sending any further diagnostic information from your device to Apple.

Using this agglomeration of your crash reports and our ninja skills, Chronic Dev will be able to quickly pinpoint vulnerabilities in various programs by using the same techniques Apple currently employs. At the very least, your data will help point us in the direction of which applications are the most vulnerable, so we can focus our time & energy on these with laser-like intensity. And, of course, this will also prevent Apple from accessing all your valuable data, just so they can then turn around and use it against you.

You can download C-Dev Reporter using this link. The idea of the new tool could help in identifying new vulnerabilities and in turn result in a jailbreak for future iOS software updates, but it appears to be a long term solution. The news should come as a disappointment to iOS device users who have been eagerly waiting for an untethered jailbreak and in case of iPhone 4S and iPad 2 users a jailbreak for iOS 5.

As of now, it looks like Dev team who have jailbroken iPhone 4S are the only hope when it comes to releasing to jailbreak for iPhone 4S and iPad 2.

As always, we’ll keep you posted if there are any further updates, so stay tuned here at iPhone Hacks or join our Facebook Fan page or follow us on Twitter or subscribe to our RSS feed.

[via Chronic Dev Team blog]