SlideShare una empresa de Scribd logo

Chronic Dev Team @ MyGreatFest

M
macpost

Chronic Dev Team Delivers a presentation at World's first iOS jailbreaking convention Uploaded by: www.macpost.net

TecnologíaEmpresariales
1 de 91
Jailbreaking Where we’ve come from, and where we’re going Saturday, 17 September 11
Who are we? Saturday, 17 September 11
Saturday, 17 September 11
Saturday, 17 September 11
Saturday, 17 September 11
• Jailbreaking for 3 years Saturday, 17 September 11
• Jailbreaking for 3 years • Best known for GreenPois0n Saturday, 17 September 11
• Jailbreaking for 3 years • Best known for GreenPois0n • Discovered many vulnerabilities & implemented many exploits Saturday, 17 September 11
• Jailbreaking for 3 years • Best known for GreenPois0n • Discovered many vulnerabilities & implemented many exploits • Chronic-Dev members are p0sixninja, OPK, Pod2g, |bile|, Jaywalker, DHowett, Nikias and semaphore and jan0_ Saturday, 17 September 11
Saturday, 17 September 11
Who am I? Saturday, 17 September 11
Who am I? • Joshua Hill aka @p0sixninja Saturday, 17 September 11
Who am I? • Joshua Hill aka @p0sixninja • I am 26 yrs old Saturday, 17 September 11
Who am I? • Joshua Hill aka @p0sixninja • I am 26 yrs old • Lexington, Kentucky USA Saturday, 17 September 11
Who am I? • Joshua Hill aka @p0sixninja • I am 26 yrs old • Lexington, Kentucky USA • Currently working as an independent contractor Saturday, 17 September 11
Who am I? • Joshua Hill aka @p0sixninja • I am 26 yrs old • Lexington, Kentucky USA • Currently working as an independent contractor • Hacking for 10 yrs Saturday, 17 September 11
Why do we do it? Saturday, 17 September 11
Why do we do it? • its Fun! Saturday, 17 September 11
Why do we do it? • its Fun! • its a challenge Saturday, 17 September 11
Why do we do it? • its Fun! • its a challenge • We all like to see new developments Saturday, 17 September 11
Why do we do it? • its Fun! • its a challenge • We all like to see new developments • We help catch bad guys :P Saturday, 17 September 11
How did we get we get here? Saturday, 17 September 11
How did we get we get here? • the first incarnation of jailbreakme.com and the first RAM-Disk jailbreaks (ZiPhone, TouchFree, iJailbreak) Saturday, 17 September 11
How did we get we get here? • the first incarnation of jailbreakme.com and the first RAM-Disk jailbreaks (ZiPhone, TouchFree, iJailbreak) Saturday, 17 September 11
How did we get we get here? • the first incarnation of jailbreakme.com and the first RAM-Disk jailbreaks (ZiPhone, TouchFree, iJailbreak) • 2008 iPhone Dev Team announced a new type of jailbreak a two exploit solution called 'Pwnage' and 'Pwnage2' Saturday, 17 September 11
How did we get we get here? Saturday, 17 September 11
How did we get we get here? Saturday, 17 September 11
How did we get we get here? Saturday, 17 September 11
How did we get we get here? Saturday, 17 September 11
How did we get we get here? • Apple responded and the cat and mouse game was underway Saturday, 17 September 11
How did we get we get here? • Apple responded and the cat and mouse game was underway • Will Strafach (@chronic) began to publish some reverse engineering Saturday, 17 September 11
How did we get we get here? • Apple responded and the cat and mouse game was underway • Will Strafach (@chronic) began to publish some reverse engineering • Friendships where formed on IRC Saturday, 17 September 11
How did we get we get here? • Apple responded and the cat and mouse game was underway • Will Strafach (@chronic) began to publish some reverse engineering • Friendships where formed on IRC o tethered jailbreak was achieved Saturday, 17 September 11
How did we get we get here? Saturday, 17 September 11
How did we get we get here? • Code execution had been obtained Saturday, 17 September 11
How did we get we get here? • Code execution had been obtained • The code execution needed to be automatically started on every boot Saturday, 17 September 11
How did we get we get here? • Code execution had been obtained • The code execution needed to be automatically started on every boot • 24kpwn discovered!!! :-) Saturday, 17 September 11
How did we get we get here? • Code execution had been obtained • The code execution needed to be automatically started on every boot • 24kpwn discovered!!! :-) • 24kpwn leaked??? :-( Saturday, 17 September 11
How did we get we get here? Saturday, 17 September 11
How did we get we get here? • 24kpwn still present in early iPhone 3g[s] Saturday, 17 September 11
How did we get we get here? • 24kpwn still present in early iPhone 3g[s] • a new injection vector was needed Saturday, 17 September 11
How did we get we get here? • 24kpwn still present in early iPhone 3g[s] • a new injection vector was needed • our attention turned torwards iBoot Saturday, 17 September 11
How did we get we get here? • 24kpwn still present in early iPhone 3g[s] • a new injection vector was needed • our attention turned torwards iBoot • PurpleRa1n first to release Saturday, 17 September 11
How did we get we get here? Saturday, 17 September 11
How did we get we get here? • Apple begins blocking downgrades Saturday, 17 September 11
How did we get we get here? • Apple begins blocking downgrades • New exploits are now needed for every new firmware version Saturday, 17 September 11
How did we get we get here? • Apple begins blocking downgrades • New exploits are now needed for every new firmware version • The cat and mouse game got a lot more serious Saturday, 17 September 11
How did we get we get here? Saturday, 17 September 11
How did we get we get here? • Apple releases iPod Touch 3rd Generation Saturday, 17 September 11
How did we get we get here? • Apple releases iPod Touch 3rd Generation • all non-essential commands had been stripped from iBoot Saturday, 17 September 11
How did we get we get here? • Apple releases iPod Touch 3rd Generation • all non-essential commands had been stripped from iBoot • less places to find exploits :-( Saturday, 17 September 11
How did we get we get here? Saturday, 17 September 11
How did we get we get here? • Westbaer (Nicholas Haunuld) makes a fuzzing program Saturday, 17 September 11
How did we get we get here? • Westbaer (Nicholas Haunuld) makes a fuzzing program • exploitable crashes found!! Saturday, 17 September 11
How did we get we get here? • Westbaer (Nicholas Haunuld) makes a fuzzing program • exploitable crashes found!! • George beats us again with Blackra1n, doh! Saturday, 17 September 11
How did we get we get here? Saturday, 17 September 11
How did we get we get here? • comex arrived and took everyone by storm with a new userland exploit suitably named jailbreakme Saturday, 17 September 11
How did we get we get here? • comex arrived and took everyone by storm with a new userland exploit suitably named jailbreakme • We had been beaten again but remained determined, as always Saturday, 17 September 11
How did we get we get here? Saturday, 17 September 11
How did we get we get here? • Jailbreakme was fixed within weeks Saturday, 17 September 11
How did we get we get here? • Jailbreakme was fixed within weeks • iPhone 4 released Saturday, 17 September 11
How did we get we get here? • Jailbreakme was fixed within weeks • iPhone 4 released • Comex does it again! Saturday, 17 September 11
How did we get we get here? • Jailbreakme was fixed within weeks • iPhone 4 released • Comex does it again! • Pod2g starts poking around in BootROM again Saturday, 17 September 11
How did we get we get here? • Jailbreakme was fixed within weeks • iPhone 4 released • Comex does it again! • Pod2g starts poking around in BootROM again • no fancy debuggers (gdb, kdb) Saturday, 17 September 11
How did we get we get here? • Jailbreakme was fixed within weeks • iPhone 4 released • Comex does it again! • Pod2g starts poking around in BootROM again • no fancy debuggers (gdb, kdb) • crash found! is it exploitable?... Saturday, 17 September 11
How did we get here? Saturday, 17 September 11
How did we get here? • Exploiting in BootROM isnt like exploiting in userland Saturday, 17 September 11
How did we get here? • Exploiting in BootROM isnt like exploiting in userland • All the fancy debuggers are gone :( Saturday, 17 September 11
How did we get here? • Exploiting in BootROM isnt like exploiting in userland • All the fancy debuggers are gone :( • Pod2g after some months came up with the SHAtter exploit Saturday, 17 September 11
How did we get here? • Exploiting in BootROM isnt like exploiting in userland • All the fancy debuggers are gone :( • Pod2g after some months came up with the SHAtter exploit • 24hrs before we where due to release, geohot released his LimeRa1n exploit. Saturday, 17 September 11
Where are we now? Saturday, 17 September 11
Where are we now? • Months ago we promised an iPhone5 jailbreak Saturday, 17 September 11
Where are we now? • Months ago we promised an iPhone5 jailbreak • Unfortunately the delayed release of this device means we need to delay as well Saturday, 17 September 11
Where are we now? • Months ago we promised an iPhone5 jailbreak • Unfortunately the delayed release of this device means we need to delay as well • Despite this, we are pleased to announce great progress has been made Saturday, 17 September 11
Saturday, 17 September 11
The New Greenpois0n Saturday, 17 September 11
The New Greenpois0n • Our next incarnation Greenpois0n will be a ‘userland’ jailbreak Saturday, 17 September 11
The New Greenpois0n • Our next incarnation Greenpois0n will be a ‘userland’ jailbreak • Due to Apple implementing new protections this jailbreak requires a record breaking 5 different exploits to complete!! Saturday, 17 September 11
The New Greenpois0n • Our next incarnation Greenpois0n will be a ‘userland’ jailbreak • Due to Apple implementing new protections this jailbreak requires a record breaking 5 different exploits to complete!! • Jailbreaking is quickly becoming an insurmountable task Saturday, 17 September 11
Why are we here? Saturday, 17 September 11
Why are we here? • If jailbreaking is to continue to be possible, funding sources for further research and development need to be aquired. Saturday, 17 September 11
Why are we here? • If jailbreaking is to continue to be possible, funding sources for further research and development need to be aquired. • imagine a world where the next comex could be hired and trained by us at Chronic-Dev and guided into the ultimate hacking machine. :D Saturday, 17 September 11
Why are we here? • If jailbreaking is to continue to be possible, funding sources for further research and development need to be aquired. • imagine a world where the next comex could be hired and trained by us at Chronic-Dev and guided into the ultimate hacking machine. :D • An institution is needed to help foster innovation in our field. Saturday, 17 September 11
Where are we going? Saturday, 17 September 11
Where are we going? • Today we would like to introduce ‘Chronic- Dev LLC’ Saturday, 17 September 11
Where are we going? • Today we would like to introduce ‘Chronic- Dev LLC’ • It’s is a security consulting firm which specializes in mobile devices. Saturday, 17 September 11
How can you help? Saturday, 17 September 11
How can you help? • Can you reverse engineer? Saturday, 17 September 11
How can you help? • Can you reverse engineer? • Have you Development experience? Saturday, 17 September 11
How can you help? • Can you reverse engineer? • Have you Development experience? • We are looking for talented people to come on board. Saturday, 17 September 11
How can you help? • Can you reverse engineer? • Have you Development experience? • We are looking for talented people to come on board. • If you think this could be you, get in touch irc.chronic-dev.org (msg OPK or p0sixninja) or admin@chronic-dev.com :) Saturday, 17 September 11

Recomendados

How I Learned To Stop Worrying & Love HTML5
How I Learned To Stop Worrying & Love HTML5How I Learned To Stop Worrying & Love HTML5
How I Learned To Stop Worrying & Love HTML5
Dale Cruse
 
Logic audio ideas - Introduction
Logic audio ideas - IntroductionLogic audio ideas - Introduction
Logic audio ideas - Introduction
Steven Ene
 
Audiobucket - My new name with lesson
Audiobucket - My new name with lessonAudiobucket - My new name with lesson
Audiobucket - My new name with lesson
Steven Ene
 
Taller limites
Taller limitesTaller limites
Taller limites
diegores14
 
Kalkulus
Kalkulus Kalkulus
Kalkulus
James Pauli Sinambela
 
Aula 02 Cálculo de limites - Conceitos Básicos
Aula 02 Cálculo de limites - Conceitos BásicosAula 02 Cálculo de limites - Conceitos Básicos
Aula 02 Cálculo de limites - Conceitos Básicos
João Alessandro da Luz, Secretaria de Estado da Educação do Paraná, Campo Mourão - Pr
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 

Recomendados

How I Learned To Stop Worrying & Love HTML5
How I Learned To Stop Worrying & Love HTML5How I Learned To Stop Worrying & Love HTML5
How I Learned To Stop Worrying & Love HTML5
Dale Cruse
 
Logic audio ideas - Introduction
Logic audio ideas - IntroductionLogic audio ideas - Introduction
Logic audio ideas - Introduction
Steven Ene
 
Audiobucket - My new name with lesson
Audiobucket - My new name with lessonAudiobucket - My new name with lesson
Audiobucket - My new name with lesson
Steven Ene
 
Taller limites
Taller limitesTaller limites
Taller limites
diegores14
 
Kalkulus
Kalkulus Kalkulus
Kalkulus
James Pauli Sinambela
 
Aula 02 Cálculo de limites - Conceitos Básicos
Aula 02 Cálculo de limites - Conceitos BásicosAula 02 Cálculo de limites - Conceitos Básicos
Aula 02 Cálculo de limites - Conceitos Básicos
João Alessandro da Luz, Secretaria de Estado da Educação do Paraná, Campo Mourão - Pr
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Dropbox
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Juan lago vázquez
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
The Digital Insurer
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
rafiqahmad00786416
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Rustici Software
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
apidays
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 

Más contenido relacionado

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Último (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 

Destacado

How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Applitools
 

Destacado (20)

Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 

Chronic Dev Team @ MyGreatFest

  • 1. Jailbreaking Where we’ve come from, and where we’re going Saturday, 17 September 11
  • 2. Who are we? Saturday, 17 September 11
  • 6. • Jailbreaking for 3 years Saturday, 17 September 11
  • 7. • Jailbreaking for 3 years • Best known for GreenPois0n Saturday, 17 September 11
  • 8. • Jailbreaking for 3 years • Best known for GreenPois0n • Discovered many vulnerabilities & implemented many exploits Saturday, 17 September 11
  • 9. • Jailbreaking for 3 years • Best known for GreenPois0n • Discovered many vulnerabilities & implemented many exploits • Chronic-Dev members are p0sixninja, OPK, Pod2g, |bile|, Jaywalker, DHowett, Nikias and semaphore and jan0_ Saturday, 17 September 11
  • 11. Who am I? Saturday, 17 September 11
  • 12. Who am I? • Joshua Hill aka @p0sixninja Saturday, 17 September 11
  • 13. Who am I? • Joshua Hill aka @p0sixninja • I am 26 yrs old Saturday, 17 September 11
  • 14. Who am I? • Joshua Hill aka @p0sixninja • I am 26 yrs old • Lexington, Kentucky USA Saturday, 17 September 11
  • 15. Who am I? • Joshua Hill aka @p0sixninja • I am 26 yrs old • Lexington, Kentucky USA • Currently working as an independent contractor Saturday, 17 September 11
  • 16. Who am I? • Joshua Hill aka @p0sixninja • I am 26 yrs old • Lexington, Kentucky USA • Currently working as an independent contractor • Hacking for 10 yrs Saturday, 17 September 11
  • 17. Why do we do it? Saturday, 17 September 11
  • 18. Why do we do it? • its Fun! Saturday, 17 September 11
  • 19. Why do we do it? • its Fun! • its a challenge Saturday, 17 September 11
  • 20. Why do we do it? • its Fun! • its a challenge • We all like to see new developments Saturday, 17 September 11
  • 21. Why do we do it? • its Fun! • its a challenge • We all like to see new developments • We help catch bad guys :P Saturday, 17 September 11
  • 22. How did we get we get here? Saturday, 17 September 11
  • 23. How did we get we get here? • the first incarnation of jailbreakme.com and the first RAM-Disk jailbreaks (ZiPhone, TouchFree, iJailbreak) Saturday, 17 September 11
  • 24. How did we get we get here? • the first incarnation of jailbreakme.com and the first RAM-Disk jailbreaks (ZiPhone, TouchFree, iJailbreak) Saturday, 17 September 11
  • 25. How did we get we get here? • the first incarnation of jailbreakme.com and the first RAM-Disk jailbreaks (ZiPhone, TouchFree, iJailbreak) • 2008 iPhone Dev Team announced a new type of jailbreak a two exploit solution called 'Pwnage' and 'Pwnage2' Saturday, 17 September 11
  • 26. How did we get we get here? Saturday, 17 September 11
  • 27. How did we get we get here? Saturday, 17 September 11
  • 28. How did we get we get here? Saturday, 17 September 11
  • 29. How did we get we get here? Saturday, 17 September 11
  • 30. How did we get we get here? • Apple responded and the cat and mouse game was underway Saturday, 17 September 11
  • 31. How did we get we get here? • Apple responded and the cat and mouse game was underway • Will Strafach (@chronic) began to publish some reverse engineering Saturday, 17 September 11
  • 32. How did we get we get here? • Apple responded and the cat and mouse game was underway • Will Strafach (@chronic) began to publish some reverse engineering • Friendships where formed on IRC Saturday, 17 September 11
  • 33. How did we get we get here? • Apple responded and the cat and mouse game was underway • Will Strafach (@chronic) began to publish some reverse engineering • Friendships where formed on IRC o tethered jailbreak was achieved Saturday, 17 September 11
  • 34. How did we get we get here? Saturday, 17 September 11
  • 35. How did we get we get here? • Code execution had been obtained Saturday, 17 September 11
  • 36. How did we get we get here? • Code execution had been obtained • The code execution needed to be automatically started on every boot Saturday, 17 September 11
  • 37. How did we get we get here? • Code execution had been obtained • The code execution needed to be automatically started on every boot • 24kpwn discovered!!! :-) Saturday, 17 September 11
  • 38. How did we get we get here? • Code execution had been obtained • The code execution needed to be automatically started on every boot • 24kpwn discovered!!! :-) • 24kpwn leaked??? :-( Saturday, 17 September 11
  • 39. How did we get we get here? Saturday, 17 September 11
  • 40. How did we get we get here? • 24kpwn still present in early iPhone 3g[s] Saturday, 17 September 11
  • 41. How did we get we get here? • 24kpwn still present in early iPhone 3g[s] • a new injection vector was needed Saturday, 17 September 11
  • 42. How did we get we get here? • 24kpwn still present in early iPhone 3g[s] • a new injection vector was needed • our attention turned torwards iBoot Saturday, 17 September 11
  • 43. How did we get we get here? • 24kpwn still present in early iPhone 3g[s] • a new injection vector was needed • our attention turned torwards iBoot • PurpleRa1n first to release Saturday, 17 September 11
  • 44. How did we get we get here? Saturday, 17 September 11
  • 45. How did we get we get here? • Apple begins blocking downgrades Saturday, 17 September 11
  • 46. How did we get we get here? • Apple begins blocking downgrades • New exploits are now needed for every new firmware version Saturday, 17 September 11
  • 47. How did we get we get here? • Apple begins blocking downgrades • New exploits are now needed for every new firmware version • The cat and mouse game got a lot more serious Saturday, 17 September 11
  • 48. How did we get we get here? Saturday, 17 September 11
  • 49. How did we get we get here? • Apple releases iPod Touch 3rd Generation Saturday, 17 September 11
  • 50. How did we get we get here? • Apple releases iPod Touch 3rd Generation • all non-essential commands had been stripped from iBoot Saturday, 17 September 11
  • 51. How did we get we get here? • Apple releases iPod Touch 3rd Generation • all non-essential commands had been stripped from iBoot • less places to find exploits :-( Saturday, 17 September 11
  • 52. How did we get we get here? Saturday, 17 September 11
  • 53. How did we get we get here? • Westbaer (Nicholas Haunuld) makes a fuzzing program Saturday, 17 September 11
  • 54. How did we get we get here? • Westbaer (Nicholas Haunuld) makes a fuzzing program • exploitable crashes found!! Saturday, 17 September 11
  • 55. How did we get we get here? • Westbaer (Nicholas Haunuld) makes a fuzzing program • exploitable crashes found!! • George beats us again with Blackra1n, doh! Saturday, 17 September 11
  • 56. How did we get we get here? Saturday, 17 September 11
  • 57. How did we get we get here? • comex arrived and took everyone by storm with a new userland exploit suitably named jailbreakme Saturday, 17 September 11
  • 58. How did we get we get here? • comex arrived and took everyone by storm with a new userland exploit suitably named jailbreakme • We had been beaten again but remained determined, as always Saturday, 17 September 11
  • 59. How did we get we get here? Saturday, 17 September 11
  • 60. How did we get we get here? • Jailbreakme was fixed within weeks Saturday, 17 September 11
  • 61. How did we get we get here? • Jailbreakme was fixed within weeks • iPhone 4 released Saturday, 17 September 11
  • 62. How did we get we get here? • Jailbreakme was fixed within weeks • iPhone 4 released • Comex does it again! Saturday, 17 September 11
  • 63. How did we get we get here? • Jailbreakme was fixed within weeks • iPhone 4 released • Comex does it again! • Pod2g starts poking around in BootROM again Saturday, 17 September 11
  • 64. How did we get we get here? • Jailbreakme was fixed within weeks • iPhone 4 released • Comex does it again! • Pod2g starts poking around in BootROM again • no fancy debuggers (gdb, kdb) Saturday, 17 September 11
  • 65. How did we get we get here? • Jailbreakme was fixed within weeks • iPhone 4 released • Comex does it again! • Pod2g starts poking around in BootROM again • no fancy debuggers (gdb, kdb) • crash found! is it exploitable?... Saturday, 17 September 11
  • 66. How did we get here? Saturday, 17 September 11
  • 67. How did we get here? • Exploiting in BootROM isnt like exploiting in userland Saturday, 17 September 11
  • 68. How did we get here? • Exploiting in BootROM isnt like exploiting in userland • All the fancy debuggers are gone :( Saturday, 17 September 11
  • 69. How did we get here? • Exploiting in BootROM isnt like exploiting in userland • All the fancy debuggers are gone :( • Pod2g after some months came up with the SHAtter exploit Saturday, 17 September 11
  • 70. How did we get here? • Exploiting in BootROM isnt like exploiting in userland • All the fancy debuggers are gone :( • Pod2g after some months came up with the SHAtter exploit • 24hrs before we where due to release, geohot released his LimeRa1n exploit. Saturday, 17 September 11
  • 71. Where are we now? Saturday, 17 September 11
  • 72. Where are we now? • Months ago we promised an iPhone5 jailbreak Saturday, 17 September 11
  • 73. Where are we now? • Months ago we promised an iPhone5 jailbreak • Unfortunately the delayed release of this device means we need to delay as well Saturday, 17 September 11
  • 74. Where are we now? • Months ago we promised an iPhone5 jailbreak • Unfortunately the delayed release of this device means we need to delay as well • Despite this, we are pleased to announce great progress has been made Saturday, 17 September 11
  • 76. The New Greenpois0n Saturday, 17 September 11
  • 77. The New Greenpois0n • Our next incarnation Greenpois0n will be a ‘userland’ jailbreak Saturday, 17 September 11
  • 78. The New Greenpois0n • Our next incarnation Greenpois0n will be a ‘userland’ jailbreak • Due to Apple implementing new protections this jailbreak requires a record breaking 5 different exploits to complete!! Saturday, 17 September 11
  • 79. The New Greenpois0n • Our next incarnation Greenpois0n will be a ‘userland’ jailbreak • Due to Apple implementing new protections this jailbreak requires a record breaking 5 different exploits to complete!! • Jailbreaking is quickly becoming an insurmountable task Saturday, 17 September 11
  • 80. Why are we here? Saturday, 17 September 11
  • 81. Why are we here? • If jailbreaking is to continue to be possible, funding sources for further research and development need to be aquired. Saturday, 17 September 11
  • 82. Why are we here? • If jailbreaking is to continue to be possible, funding sources for further research and development need to be aquired. • imagine a world where the next comex could be hired and trained by us at Chronic-Dev and guided into the ultimate hacking machine. :D Saturday, 17 September 11
  • 83. Why are we here? • If jailbreaking is to continue to be possible, funding sources for further research and development need to be aquired. • imagine a world where the next comex could be hired and trained by us at Chronic-Dev and guided into the ultimate hacking machine. :D • An institution is needed to help foster innovation in our field. Saturday, 17 September 11
  • 84. Where are we going? Saturday, 17 September 11
  • 85. Where are we going? • Today we would like to introduce ‘Chronic- Dev LLC’ Saturday, 17 September 11
  • 86. Where are we going? • Today we would like to introduce ‘Chronic- Dev LLC’ • It’s is a security consulting firm which specializes in mobile devices. Saturday, 17 September 11
  • 87. How can you help? Saturday, 17 September 11
  • 88. How can you help? • Can you reverse engineer? Saturday, 17 September 11
  • 89. How can you help? • Can you reverse engineer? • Have you Development experience? Saturday, 17 September 11
  • 90. How can you help? • Can you reverse engineer? • Have you Development experience? • We are looking for talented people to come on board. Saturday, 17 September 11
  • 91. How can you help? • Can you reverse engineer? • Have you Development experience? • We are looking for talented people to come on board. • If you think this could be you, get in touch irc.chronic-dev.org (msg OPK or p0sixninja) or admin@chronic-dev.com :) Saturday, 17 September 11