SlideShare une entreprise Scribd logo

Chronic Dev Team @ MyGreatFest

M
macpost

Chronic Dev Team Delivers a presentation at World's first iOS jailbreaking convention Uploaded by: www.macpost.net

TechnologieBusiness
1  sur  91
Jailbreaking Where we’ve come from, and where we’re going Saturday, 17 September 11
Who are we? Saturday, 17 September 11
Saturday, 17 September 11
Saturday, 17 September 11
Saturday, 17 September 11
• Jailbreaking for 3 years Saturday, 17 September 11
• Jailbreaking for 3 years • Best known for GreenPois0n Saturday, 17 September 11
• Jailbreaking for 3 years • Best known for GreenPois0n • Discovered many vulnerabilities & implemented many exploits Saturday, 17 September 11
• Jailbreaking for 3 years • Best known for GreenPois0n • Discovered many vulnerabilities & implemented many exploits • Chronic-Dev members are p0sixninja, OPK, Pod2g, |bile|, Jaywalker, DHowett, Nikias and semaphore and jan0_ Saturday, 17 September 11
Saturday, 17 September 11
Who am I? Saturday, 17 September 11
Who am I? • Joshua Hill aka @p0sixninja Saturday, 17 September 11
Who am I? • Joshua Hill aka @p0sixninja • I am 26 yrs old Saturday, 17 September 11
Who am I? • Joshua Hill aka @p0sixninja • I am 26 yrs old • Lexington, Kentucky USA Saturday, 17 September 11
Who am I? • Joshua Hill aka @p0sixninja • I am 26 yrs old • Lexington, Kentucky USA • Currently working as an independent contractor Saturday, 17 September 11
Who am I? • Joshua Hill aka @p0sixninja • I am 26 yrs old • Lexington, Kentucky USA • Currently working as an independent contractor • Hacking for 10 yrs Saturday, 17 September 11
Why do we do it? Saturday, 17 September 11
Why do we do it? • its Fun! Saturday, 17 September 11
Why do we do it? • its Fun! • its a challenge Saturday, 17 September 11
Why do we do it? • its Fun! • its a challenge • We all like to see new developments Saturday, 17 September 11
Why do we do it? • its Fun! • its a challenge • We all like to see new developments • We help catch bad guys :P Saturday, 17 September 11
How did we get we get here? Saturday, 17 September 11
How did we get we get here? • the first incarnation of jailbreakme.com and the first RAM-Disk jailbreaks (ZiPhone, TouchFree, iJailbreak) Saturday, 17 September 11
How did we get we get here? • the first incarnation of jailbreakme.com and the first RAM-Disk jailbreaks (ZiPhone, TouchFree, iJailbreak) Saturday, 17 September 11
How did we get we get here? • the first incarnation of jailbreakme.com and the first RAM-Disk jailbreaks (ZiPhone, TouchFree, iJailbreak) • 2008 iPhone Dev Team announced a new type of jailbreak a two exploit solution called 'Pwnage' and 'Pwnage2' Saturday, 17 September 11
How did we get we get here? Saturday, 17 September 11
How did we get we get here? Saturday, 17 September 11
How did we get we get here? Saturday, 17 September 11
How did we get we get here? Saturday, 17 September 11
How did we get we get here? • Apple responded and the cat and mouse game was underway Saturday, 17 September 11
How did we get we get here? • Apple responded and the cat and mouse game was underway • Will Strafach (@chronic) began to publish some reverse engineering Saturday, 17 September 11
How did we get we get here? • Apple responded and the cat and mouse game was underway • Will Strafach (@chronic) began to publish some reverse engineering • Friendships where formed on IRC Saturday, 17 September 11
How did we get we get here? • Apple responded and the cat and mouse game was underway • Will Strafach (@chronic) began to publish some reverse engineering • Friendships where formed on IRC o tethered jailbreak was achieved Saturday, 17 September 11
How did we get we get here? Saturday, 17 September 11
How did we get we get here? • Code execution had been obtained Saturday, 17 September 11
How did we get we get here? • Code execution had been obtained • The code execution needed to be automatically started on every boot Saturday, 17 September 11
How did we get we get here? • Code execution had been obtained • The code execution needed to be automatically started on every boot • 24kpwn discovered!!! :-) Saturday, 17 September 11
How did we get we get here? • Code execution had been obtained • The code execution needed to be automatically started on every boot • 24kpwn discovered!!! :-) • 24kpwn leaked??? :-( Saturday, 17 September 11
How did we get we get here? Saturday, 17 September 11
How did we get we get here? • 24kpwn still present in early iPhone 3g[s] Saturday, 17 September 11
How did we get we get here? • 24kpwn still present in early iPhone 3g[s] • a new injection vector was needed Saturday, 17 September 11
How did we get we get here? • 24kpwn still present in early iPhone 3g[s] • a new injection vector was needed • our attention turned torwards iBoot Saturday, 17 September 11
How did we get we get here? • 24kpwn still present in early iPhone 3g[s] • a new injection vector was needed • our attention turned torwards iBoot • PurpleRa1n first to release Saturday, 17 September 11
How did we get we get here? Saturday, 17 September 11
How did we get we get here? • Apple begins blocking downgrades Saturday, 17 September 11
How did we get we get here? • Apple begins blocking downgrades • New exploits are now needed for every new firmware version Saturday, 17 September 11
How did we get we get here? • Apple begins blocking downgrades • New exploits are now needed for every new firmware version • The cat and mouse game got a lot more serious Saturday, 17 September 11
How did we get we get here? Saturday, 17 September 11
How did we get we get here? • Apple releases iPod Touch 3rd Generation Saturday, 17 September 11
How did we get we get here? • Apple releases iPod Touch 3rd Generation • all non-essential commands had been stripped from iBoot Saturday, 17 September 11
How did we get we get here? • Apple releases iPod Touch 3rd Generation • all non-essential commands had been stripped from iBoot • less places to find exploits :-( Saturday, 17 September 11
How did we get we get here? Saturday, 17 September 11
How did we get we get here? • Westbaer (Nicholas Haunuld) makes a fuzzing program Saturday, 17 September 11
How did we get we get here? • Westbaer (Nicholas Haunuld) makes a fuzzing program • exploitable crashes found!! Saturday, 17 September 11
How did we get we get here? • Westbaer (Nicholas Haunuld) makes a fuzzing program • exploitable crashes found!! • George beats us again with Blackra1n, doh! Saturday, 17 September 11
How did we get we get here? Saturday, 17 September 11
How did we get we get here? • comex arrived and took everyone by storm with a new userland exploit suitably named jailbreakme Saturday, 17 September 11
How did we get we get here? • comex arrived and took everyone by storm with a new userland exploit suitably named jailbreakme • We had been beaten again but remained determined, as always Saturday, 17 September 11
How did we get we get here? Saturday, 17 September 11
How did we get we get here? • Jailbreakme was fixed within weeks Saturday, 17 September 11
How did we get we get here? • Jailbreakme was fixed within weeks • iPhone 4 released Saturday, 17 September 11
How did we get we get here? • Jailbreakme was fixed within weeks • iPhone 4 released • Comex does it again! Saturday, 17 September 11
How did we get we get here? • Jailbreakme was fixed within weeks • iPhone 4 released • Comex does it again! • Pod2g starts poking around in BootROM again Saturday, 17 September 11
How did we get we get here? • Jailbreakme was fixed within weeks • iPhone 4 released • Comex does it again! • Pod2g starts poking around in BootROM again • no fancy debuggers (gdb, kdb) Saturday, 17 September 11
How did we get we get here? • Jailbreakme was fixed within weeks • iPhone 4 released • Comex does it again! • Pod2g starts poking around in BootROM again • no fancy debuggers (gdb, kdb) • crash found! is it exploitable?... Saturday, 17 September 11
How did we get here? Saturday, 17 September 11
How did we get here? • Exploiting in BootROM isnt like exploiting in userland Saturday, 17 September 11
How did we get here? • Exploiting in BootROM isnt like exploiting in userland • All the fancy debuggers are gone :( Saturday, 17 September 11
How did we get here? • Exploiting in BootROM isnt like exploiting in userland • All the fancy debuggers are gone :( • Pod2g after some months came up with the SHAtter exploit Saturday, 17 September 11
How did we get here? • Exploiting in BootROM isnt like exploiting in userland • All the fancy debuggers are gone :( • Pod2g after some months came up with the SHAtter exploit • 24hrs before we where due to release, geohot released his LimeRa1n exploit. Saturday, 17 September 11
Where are we now? Saturday, 17 September 11
Where are we now? • Months ago we promised an iPhone5 jailbreak Saturday, 17 September 11
Where are we now? • Months ago we promised an iPhone5 jailbreak • Unfortunately the delayed release of this device means we need to delay as well Saturday, 17 September 11
Where are we now? • Months ago we promised an iPhone5 jailbreak • Unfortunately the delayed release of this device means we need to delay as well • Despite this, we are pleased to announce great progress has been made Saturday, 17 September 11
Saturday, 17 September 11
The New Greenpois0n Saturday, 17 September 11
The New Greenpois0n • Our next incarnation Greenpois0n will be a ‘userland’ jailbreak Saturday, 17 September 11
The New Greenpois0n • Our next incarnation Greenpois0n will be a ‘userland’ jailbreak • Due to Apple implementing new protections this jailbreak requires a record breaking 5 different exploits to complete!! Saturday, 17 September 11
The New Greenpois0n • Our next incarnation Greenpois0n will be a ‘userland’ jailbreak • Due to Apple implementing new protections this jailbreak requires a record breaking 5 different exploits to complete!! • Jailbreaking is quickly becoming an insurmountable task Saturday, 17 September 11
Why are we here? Saturday, 17 September 11
Why are we here? • If jailbreaking is to continue to be possible, funding sources for further research and development need to be aquired. Saturday, 17 September 11
Why are we here? • If jailbreaking is to continue to be possible, funding sources for further research and development need to be aquired. • imagine a world where the next comex could be hired and trained by us at Chronic-Dev and guided into the ultimate hacking machine. :D Saturday, 17 September 11
Why are we here? • If jailbreaking is to continue to be possible, funding sources for further research and development need to be aquired. • imagine a world where the next comex could be hired and trained by us at Chronic-Dev and guided into the ultimate hacking machine. :D • An institution is needed to help foster innovation in our field. Saturday, 17 September 11
Where are we going? Saturday, 17 September 11
Where are we going? • Today we would like to introduce ‘Chronic- Dev LLC’ Saturday, 17 September 11
Where are we going? • Today we would like to introduce ‘Chronic- Dev LLC’ • It’s is a security consulting firm which specializes in mobile devices. Saturday, 17 September 11
How can you help? Saturday, 17 September 11
How can you help? • Can you reverse engineer? Saturday, 17 September 11
How can you help? • Can you reverse engineer? • Have you Development experience? Saturday, 17 September 11
How can you help? • Can you reverse engineer? • Have you Development experience? • We are looking for talented people to come on board. Saturday, 17 September 11
How can you help? • Can you reverse engineer? • Have you Development experience? • We are looking for talented people to come on board. • If you think this could be you, get in touch irc.chronic-dev.org (msg OPK or p0sixninja) or admin@chronic-dev.com :) Saturday, 17 September 11

Recommandé

How I Learned To Stop Worrying & Love HTML5
How I Learned To Stop Worrying & Love HTML5How I Learned To Stop Worrying & Love HTML5
How I Learned To Stop Worrying & Love HTML5
Dale Cruse
 
Logic audio ideas - Introduction
Logic audio ideas - IntroductionLogic audio ideas - Introduction
Logic audio ideas - Introduction
Steven Ene
 
Audiobucket - My new name with lesson
Audiobucket - My new name with lessonAudiobucket - My new name with lesson
Audiobucket - My new name with lesson
Steven Ene
 
Taller limites
Taller limitesTaller limites
Taller limites
diegores14
 
Kalkulus
Kalkulus Kalkulus
Kalkulus
James Pauli Sinambela
 
Aula 02 Cálculo de limites - Conceitos Básicos
Aula 02 Cálculo de limites - Conceitos BásicosAula 02 Cálculo de limites - Conceitos Básicos
Aula 02 Cálculo de limites - Conceitos Básicos
João Alessandro da Luz, Secretaria de Estado da Educação do Paraná, Campo Mourão - Pr
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 

Recommandé

How I Learned To Stop Worrying & Love HTML5
How I Learned To Stop Worrying & Love HTML5How I Learned To Stop Worrying & Love HTML5
How I Learned To Stop Worrying & Love HTML5
Dale Cruse
 
Logic audio ideas - Introduction
Logic audio ideas - IntroductionLogic audio ideas - Introduction
Logic audio ideas - Introduction
Steven Ene
 
Audiobucket - My new name with lesson
Audiobucket - My new name with lessonAudiobucket - My new name with lesson
Audiobucket - My new name with lesson
Steven Ene
 
Taller limites
Taller limitesTaller limites
Taller limites
diegores14
 
Kalkulus
Kalkulus Kalkulus
Kalkulus
James Pauli Sinambela
 
Aula 02 Cálculo de limites - Conceitos Básicos
Aula 02 Cálculo de limites - Conceitos BásicosAula 02 Cálculo de limites - Conceitos Básicos
Aula 02 Cálculo de limites - Conceitos Básicos
João Alessandro da Luz, Secretaria de Estado da Educação do Paraná, Campo Mourão - Pr
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
Sandro Moreira
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Deepika Singh
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Zilliz
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
apidays
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Zilliz
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
WSO2
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Nanddeep Nachan
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
danishmna97
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 

Contenu connexe

Dernier

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 

Dernier (20)

[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 

En vedette

How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Applitools
 

En vedette (20)

Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 

Chronic Dev Team @ MyGreatFest

  • 1. Jailbreaking Where we’ve come from, and where we’re going Saturday, 17 September 11
  • 2. Who are we? Saturday, 17 September 11
  • 6. • Jailbreaking for 3 years Saturday, 17 September 11
  • 7. • Jailbreaking for 3 years • Best known for GreenPois0n Saturday, 17 September 11
  • 8. • Jailbreaking for 3 years • Best known for GreenPois0n • Discovered many vulnerabilities & implemented many exploits Saturday, 17 September 11
  • 9. • Jailbreaking for 3 years • Best known for GreenPois0n • Discovered many vulnerabilities & implemented many exploits • Chronic-Dev members are p0sixninja, OPK, Pod2g, |bile|, Jaywalker, DHowett, Nikias and semaphore and jan0_ Saturday, 17 September 11
  • 11. Who am I? Saturday, 17 September 11
  • 12. Who am I? • Joshua Hill aka @p0sixninja Saturday, 17 September 11
  • 13. Who am I? • Joshua Hill aka @p0sixninja • I am 26 yrs old Saturday, 17 September 11
  • 14. Who am I? • Joshua Hill aka @p0sixninja • I am 26 yrs old • Lexington, Kentucky USA Saturday, 17 September 11
  • 15. Who am I? • Joshua Hill aka @p0sixninja • I am 26 yrs old • Lexington, Kentucky USA • Currently working as an independent contractor Saturday, 17 September 11
  • 16. Who am I? • Joshua Hill aka @p0sixninja • I am 26 yrs old • Lexington, Kentucky USA • Currently working as an independent contractor • Hacking for 10 yrs Saturday, 17 September 11
  • 17. Why do we do it? Saturday, 17 September 11
  • 18. Why do we do it? • its Fun! Saturday, 17 September 11
  • 19. Why do we do it? • its Fun! • its a challenge Saturday, 17 September 11
  • 20. Why do we do it? • its Fun! • its a challenge • We all like to see new developments Saturday, 17 September 11
  • 21. Why do we do it? • its Fun! • its a challenge • We all like to see new developments • We help catch bad guys :P Saturday, 17 September 11
  • 22. How did we get we get here? Saturday, 17 September 11
  • 23. How did we get we get here? • the first incarnation of jailbreakme.com and the first RAM-Disk jailbreaks (ZiPhone, TouchFree, iJailbreak) Saturday, 17 September 11
  • 24. How did we get we get here? • the first incarnation of jailbreakme.com and the first RAM-Disk jailbreaks (ZiPhone, TouchFree, iJailbreak) Saturday, 17 September 11
  • 25. How did we get we get here? • the first incarnation of jailbreakme.com and the first RAM-Disk jailbreaks (ZiPhone, TouchFree, iJailbreak) • 2008 iPhone Dev Team announced a new type of jailbreak a two exploit solution called 'Pwnage' and 'Pwnage2' Saturday, 17 September 11
  • 26. How did we get we get here? Saturday, 17 September 11
  • 27. How did we get we get here? Saturday, 17 September 11
  • 28. How did we get we get here? Saturday, 17 September 11
  • 29. How did we get we get here? Saturday, 17 September 11
  • 30. How did we get we get here? • Apple responded and the cat and mouse game was underway Saturday, 17 September 11
  • 31. How did we get we get here? • Apple responded and the cat and mouse game was underway • Will Strafach (@chronic) began to publish some reverse engineering Saturday, 17 September 11
  • 32. How did we get we get here? • Apple responded and the cat and mouse game was underway • Will Strafach (@chronic) began to publish some reverse engineering • Friendships where formed on IRC Saturday, 17 September 11
  • 33. How did we get we get here? • Apple responded and the cat and mouse game was underway • Will Strafach (@chronic) began to publish some reverse engineering • Friendships where formed on IRC o tethered jailbreak was achieved Saturday, 17 September 11
  • 34. How did we get we get here? Saturday, 17 September 11
  • 35. How did we get we get here? • Code execution had been obtained Saturday, 17 September 11
  • 36. How did we get we get here? • Code execution had been obtained • The code execution needed to be automatically started on every boot Saturday, 17 September 11
  • 37. How did we get we get here? • Code execution had been obtained • The code execution needed to be automatically started on every boot • 24kpwn discovered!!! :-) Saturday, 17 September 11
  • 38. How did we get we get here? • Code execution had been obtained • The code execution needed to be automatically started on every boot • 24kpwn discovered!!! :-) • 24kpwn leaked??? :-( Saturday, 17 September 11
  • 39. How did we get we get here? Saturday, 17 September 11
  • 40. How did we get we get here? • 24kpwn still present in early iPhone 3g[s] Saturday, 17 September 11
  • 41. How did we get we get here? • 24kpwn still present in early iPhone 3g[s] • a new injection vector was needed Saturday, 17 September 11
  • 42. How did we get we get here? • 24kpwn still present in early iPhone 3g[s] • a new injection vector was needed • our attention turned torwards iBoot Saturday, 17 September 11
  • 43. How did we get we get here? • 24kpwn still present in early iPhone 3g[s] • a new injection vector was needed • our attention turned torwards iBoot • PurpleRa1n first to release Saturday, 17 September 11
  • 44. How did we get we get here? Saturday, 17 September 11
  • 45. How did we get we get here? • Apple begins blocking downgrades Saturday, 17 September 11
  • 46. How did we get we get here? • Apple begins blocking downgrades • New exploits are now needed for every new firmware version Saturday, 17 September 11
  • 47. How did we get we get here? • Apple begins blocking downgrades • New exploits are now needed for every new firmware version • The cat and mouse game got a lot more serious Saturday, 17 September 11
  • 48. How did we get we get here? Saturday, 17 September 11
  • 49. How did we get we get here? • Apple releases iPod Touch 3rd Generation Saturday, 17 September 11
  • 50. How did we get we get here? • Apple releases iPod Touch 3rd Generation • all non-essential commands had been stripped from iBoot Saturday, 17 September 11
  • 51. How did we get we get here? • Apple releases iPod Touch 3rd Generation • all non-essential commands had been stripped from iBoot • less places to find exploits :-( Saturday, 17 September 11
  • 52. How did we get we get here? Saturday, 17 September 11
  • 53. How did we get we get here? • Westbaer (Nicholas Haunuld) makes a fuzzing program Saturday, 17 September 11
  • 54. How did we get we get here? • Westbaer (Nicholas Haunuld) makes a fuzzing program • exploitable crashes found!! Saturday, 17 September 11
  • 55. How did we get we get here? • Westbaer (Nicholas Haunuld) makes a fuzzing program • exploitable crashes found!! • George beats us again with Blackra1n, doh! Saturday, 17 September 11
  • 56. How did we get we get here? Saturday, 17 September 11
  • 57. How did we get we get here? • comex arrived and took everyone by storm with a new userland exploit suitably named jailbreakme Saturday, 17 September 11
  • 58. How did we get we get here? • comex arrived and took everyone by storm with a new userland exploit suitably named jailbreakme • We had been beaten again but remained determined, as always Saturday, 17 September 11
  • 59. How did we get we get here? Saturday, 17 September 11
  • 60. How did we get we get here? • Jailbreakme was fixed within weeks Saturday, 17 September 11
  • 61. How did we get we get here? • Jailbreakme was fixed within weeks • iPhone 4 released Saturday, 17 September 11
  • 62. How did we get we get here? • Jailbreakme was fixed within weeks • iPhone 4 released • Comex does it again! Saturday, 17 September 11
  • 63. How did we get we get here? • Jailbreakme was fixed within weeks • iPhone 4 released • Comex does it again! • Pod2g starts poking around in BootROM again Saturday, 17 September 11
  • 64. How did we get we get here? • Jailbreakme was fixed within weeks • iPhone 4 released • Comex does it again! • Pod2g starts poking around in BootROM again • no fancy debuggers (gdb, kdb) Saturday, 17 September 11
  • 65. How did we get we get here? • Jailbreakme was fixed within weeks • iPhone 4 released • Comex does it again! • Pod2g starts poking around in BootROM again • no fancy debuggers (gdb, kdb) • crash found! is it exploitable?... Saturday, 17 September 11
  • 66. How did we get here? Saturday, 17 September 11
  • 67. How did we get here? • Exploiting in BootROM isnt like exploiting in userland Saturday, 17 September 11
  • 68. How did we get here? • Exploiting in BootROM isnt like exploiting in userland • All the fancy debuggers are gone :( Saturday, 17 September 11
  • 69. How did we get here? • Exploiting in BootROM isnt like exploiting in userland • All the fancy debuggers are gone :( • Pod2g after some months came up with the SHAtter exploit Saturday, 17 September 11
  • 70. How did we get here? • Exploiting in BootROM isnt like exploiting in userland • All the fancy debuggers are gone :( • Pod2g after some months came up with the SHAtter exploit • 24hrs before we where due to release, geohot released his LimeRa1n exploit. Saturday, 17 September 11
  • 71. Where are we now? Saturday, 17 September 11
  • 72. Where are we now? • Months ago we promised an iPhone5 jailbreak Saturday, 17 September 11
  • 73. Where are we now? • Months ago we promised an iPhone5 jailbreak • Unfortunately the delayed release of this device means we need to delay as well Saturday, 17 September 11
  • 74. Where are we now? • Months ago we promised an iPhone5 jailbreak • Unfortunately the delayed release of this device means we need to delay as well • Despite this, we are pleased to announce great progress has been made Saturday, 17 September 11
  • 76. The New Greenpois0n Saturday, 17 September 11
  • 77. The New Greenpois0n • Our next incarnation Greenpois0n will be a ‘userland’ jailbreak Saturday, 17 September 11
  • 78. The New Greenpois0n • Our next incarnation Greenpois0n will be a ‘userland’ jailbreak • Due to Apple implementing new protections this jailbreak requires a record breaking 5 different exploits to complete!! Saturday, 17 September 11
  • 79. The New Greenpois0n • Our next incarnation Greenpois0n will be a ‘userland’ jailbreak • Due to Apple implementing new protections this jailbreak requires a record breaking 5 different exploits to complete!! • Jailbreaking is quickly becoming an insurmountable task Saturday, 17 September 11
  • 80. Why are we here? Saturday, 17 September 11
  • 81. Why are we here? • If jailbreaking is to continue to be possible, funding sources for further research and development need to be aquired. Saturday, 17 September 11
  • 82. Why are we here? • If jailbreaking is to continue to be possible, funding sources for further research and development need to be aquired. • imagine a world where the next comex could be hired and trained by us at Chronic-Dev and guided into the ultimate hacking machine. :D Saturday, 17 September 11
  • 83. Why are we here? • If jailbreaking is to continue to be possible, funding sources for further research and development need to be aquired. • imagine a world where the next comex could be hired and trained by us at Chronic-Dev and guided into the ultimate hacking machine. :D • An institution is needed to help foster innovation in our field. Saturday, 17 September 11
  • 84. Where are we going? Saturday, 17 September 11
  • 85. Where are we going? • Today we would like to introduce ‘Chronic- Dev LLC’ Saturday, 17 September 11
  • 86. Where are we going? • Today we would like to introduce ‘Chronic- Dev LLC’ • It’s is a security consulting firm which specializes in mobile devices. Saturday, 17 September 11
  • 87. How can you help? Saturday, 17 September 11
  • 88. How can you help? • Can you reverse engineer? Saturday, 17 September 11
  • 89. How can you help? • Can you reverse engineer? • Have you Development experience? Saturday, 17 September 11
  • 90. How can you help? • Can you reverse engineer? • Have you Development experience? • We are looking for talented people to come on board. Saturday, 17 September 11
  • 91. How can you help? • Can you reverse engineer? • Have you Development experience? • We are looking for talented people to come on board. • If you think this could be you, get in touch irc.chronic-dev.org (msg OPK or p0sixninja) or admin@chronic-dev.com :) Saturday, 17 September 11