Shell Jailbreak

0 views
Skip to first unread message

Graciano Goudreau

unread,
Aug 4, 2024, 3:09:35 PM8/4/24
to navirenthe
Greatquestion! A more detailed answer will make its way onto this page later on, but in summary: it gives back to users their legitimate right to enjoy a feature they paid for that TI unilaterally removed in the latest OS versions (allegedly for security reasons, but the bug that cheaters could in theory use was from TI and had nothing to do with ASM!)

Delete the arTIfiCE appvar from the Memory menu (2nd++). Depending on what you need to do, you may also want to delete any installed shell and trigger a RAM Reset as well (be sure to archive and/or backup your files first)


Most probably not, considering arTIfiCE only executes a small piece of assembly code (which was previously possible in earlier OSes), and doesn't install anything persistent. Simply fully reset your calc and there will be no trace of it.


arTIfiCE uses software bugs in the calculator's code to be able to execute assembly. A light "shell" is run allowing you to choose which program to launch. The source code may become available later on GitHub.


No - arTIfiCE resides in an "appvar" file (Application Variable, an 8xv file) and it will be deleted by the OS when going into Press-To-Test mode, just like most other appvars. You'll have to re-transfer+open it after your exam.


Sure, from the arTIfiCE shell, you can install another shell like Cesium which can be opened more quickly (thus you get to launch your programs more easily), or a utility like AsmHook that enables launching directly on the homescreen like before.


I'm trying to do something similar to Matthew Petroff's weather display on a Kindle 4. I have managed to jailbreak the kindle and ssh into it. Now, however, I'm wondering what the best way to run the shell scripts that Petroff shows on the GitHub page is. He mentions that he used Kite, which sounds like it would be great, but I gather that Kite is only for Kindle 3s or earlier.


So in other words my question is this: is there a way to let me select "weather script" on my Kindle 4 and have it show the weather image (and periodically refresh it), but otherwise function as a normal Kindle?


Sure. You need to jailbreak it and install MobileTerminal (an application you'll find in Cydia for installation, once having jailbroken your iPhone).

MobileTerminal gives you access to the iPhones bash (shell).



To write decent shell scripts you would also need to install some shell utilities that you would expect to be there by default like vi, curl, openssh, ...

All of this is available in Cydia as well.


If you mean that you want to run shell commands on the iphone itself, you won't be able to do that without jailbreaking it first. Once jailbroken, there are many tools available for all kinds of "hacking".


It's certainly nice to play with it but the real fun was back in the untethered jailbreak times where loads of incredible useful apps and utilities were available.

Full access to my own files and unlimited device access could made a "pro device" out of the iDevice.

Apple has included quite a few of these into iOS over the years but unfortunately we're not there yet.

My #1 wish would be to clearly separate iPhone from iPad OS and make the iPad a device that is closer to a desktop system like Windows tablets have been since years.


@rs2000 said:

It's certainly nice to play with it but the real fun was back in the untethered jailbreak times where loads of incredible useful apps and utilities were available.

Full access to my own files and unlimited device access could made a "pro device" out of the iDevice.

Apple has included quite a few of these into iOS over the years but unfortunately we're not there yet.

My #1 wish would be to clearly separate iPhone from iPad OS and make the iPad a device that is closer to a desktop system like Windows tablets have been since years.


I think the reason is just because ,,, i mean, its another option albeit sandboxed, and probably therefore SSH out to do things found to not be possible, but it'll be interesting to explore what is possible, even just the fact that you'd be running openSSH in an alpine VM is kind of satisfying. and being able to do stuff offline and only with the ipad around obviously.


@wim said:

Another fun discovery.

The iOS shortcuts app can run SSH commands so you can make shortcuts that do things on your remote boxes and return the stdout to files or as input to other commands, etc.


@wim said:

OK, that was fun. openssh works, including using public/private key authentication.

nmap needs a hacky workaround and doesn't work quite right, but I didn't expect it to work at all.


yeah vi/vim clipboard has always been that same ever so slight faff even on desktop but was always just a case of learning the commands. y for yank p for paste (/put). i really like nvim even though i only know a tiny amount of the commands


One of the most common things you do when testing an app is accessing the device shell. In this section we'll see how to access the iOS shell both remotely from your host computer with/without a USB cable and locally from the device itself.


In contrast to Android where you can easily access the device shell using the adb tool, on iOS you only have the option to access the remote shell via SSH. This also means that your iOS device must be jailbroken in order to connect to its shell from your host computer. For this section we assume that you've properly jailbroken your device and have either Cydia (see screenshot below) or Sileo installed. In the rest of the guide we will reference to Cydia, but the same packages should be available in Sileo.


In order to enable SSH access to your iOS device you can install the OpenSSH package. Once installed, be sure to connect both devices to the same Wi-Fi network and take a note of the device IP address, which you can find in the Settings -> Wi-Fi menu and tapping once on the info icon of the network you're connected to.


Remember to change the default password for both users root and mobile as anyone on the same network can find the IP address of your device and connect via the well-known default password, which will give them root access to your device.


The above command maps port 22 on the iOS device to port 2222 on localhost. You can also make iproxy run automatically in the background if you don't want to run the binary every time you want to SSH over USB.


Small note on USB of an iDevice: on an iOS device you cannot make data connections anymore after 1 hour of being in a locked state, unless you unlock it again due to the USB Restricted Mode, which was introduced with iOS 11.4.1


While usually using an on-device shell (terminal emulator) might be very tedious compared to a remote shell, it can prove handy for debugging in case of, for example, network issues or check some configuration. For example, you can install NewTerm 2 via Cydia for this purpose (it supports iOS 6.0 to 12.1.2 at the time of this writing).


In addition, there are a few jailbreaks that explicitly disable incoming SSH for security reasons. In those cases, it is very convenient to have an on-device shell app, which you can use to first SSH out of the device with a reverse shell, and then connect from your host computer to it.


Dubbed unc0ver, the exploit works only when someone has physical access to an unlocked device and connects it to a computer. Those requirements mean that the jailbreak is unlikely to be used in most malicious scenarios, such as through malware that surreptitiously gains unfettered system rights to an iPhone or iPad. The inability for unc0ver to survive a reboot also makes it less likely it will be used in hostile situations.


Unc0ver, by contrast, works on any device running any version of iOS released since September 2017 or later. The flaw the new jailbreak exploits is located in the OS kernel. That means that unc0ver is less capable then Checkm8 is of disabling or bypassing certain iOS restrictions and security mechanisms. For example: the unc0ver provides no access to JTAG, an interface for debugging and emulating processors.


Many vulnerability researchers working on RouterOS felt the same and found various ways to enable the root shell on RouterOS. Unfortunately, most of the methods are no longer available on the latest RouterOS version.


Thankfully, there is a way to jailbreak RouterOS v7 using netboot functionality. This method achieves a root shell by booting through a modified kernel image. However, You need an actual RouterBOARD to use this method, and it is a bit complicated process to generate a modified kernel image and network boot through it.


Are you looking for a way to improve your ethical hacking skills with the help of ChatGPT? This guide addresses how you can leverage the power of AI to enhance your hacking skills and perform better security testing.


First, we'll explore how you can jailbreak restrictions with ChatGPT. Next, we will show you how it can facilitate social engineering attacks, generate basic hacking tools, write malware, act as a reference source, and analyze code.


Broad AI, sometimes called artificial general intelligence (AGI), is the idea of AI systems that can think and learn like humans, allowing them to handle various tasks. Although AGI is a captivating concept, it remains largely theoretical since no AI can fully emulate human intelligence.


On the other hand, Narrow AI is all about AI systems that excel in specific tasks or closely interconnected fields. These systems concentrate on a single or limited set of tasks but perform them with exceptional expertise. You might be familiar with Narrow AI through speech recognition systems, recommendation engines, or image recognition software.

3a8082e126
Reply all
Reply to author
Forward
0 new messages