I don't talk about Darwin, no, no, no...
@Morpheus______
Followers
27,364
Following
0
Media
288
Statuses
1,431
But..
#Android Internals Vols IV/III
Joined January 2016
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Liam Payne
• 2235486 Tweets
ブロック
• 428641 Tweets
LINGORM PANTENE VOGUE TRIP
• 285806 Tweets
Twitterくん
• 275704 Tweets
西田さん
• 262756 Tweets
西田敏行さん
• 241685 Tweets
俳優さん
• 174516 Tweets
生成AI
• 140509 Tweets
Bluesky
• 117652 Tweets
ツイッター
• 111601 Tweets
AI学習
• 98894 Tweets
ブルスカ
• 97057 Tweets
Grok
• 95944 Tweets
利用規約
• 88875 Tweets
規約変更
• 80762 Tweets
イーロン
• 70176 Tweets
スーパームーン
• 66168 Tweets
イラスト投稿
• 64514 Tweets
ぐりとぐら
• 57562 Tweets
pixiv
• 49691 Tweets
블루스카이
• 38970 Tweets
タイッツー
• 35073 Tweets
#INDvsNZ
• 33811 Tweets
他のSNS
• 28940 Tweets
池中玄太80キロ
• 27740 Tweets
Misskey
• 27381 Tweets
ドクターX
• 22833 Tweets
無断転載
• 17317 Tweets
探偵ナイトスクープ
• 14840 Tweets
相互さん
• 14506 Tweets
絵師さん
• 10238 Tweets
Pinned Tweet
Venit tempus eius (2/2):
#Android
#Internals
Volume 2 is now available to order(domestically) on Amazon!
Pretty please use link(so I can get some of AMZN 20% fee back)
Btw: For
#MOXiI
PDFs (wasn't a 4/1 joke :-) 0.03ETH/0.002BTC(/book) more than welcome
5
12
43
Non techie version:
Any iPhone 8/X or earlier can now be:
- booted to any iOS version, past/present/future, with no SHSH/APTickets
- booted to any OS (e.g. Android)
- compromised by attacker w/physical access, but still requires password (or brute force)for private data
79
686
2K
Hey, ETA-folk: Which do you prefer for a rootfs remount?
Half-baked, cut/paste code, which usually works but may totally brick your iDevice NOW,
or
Rigorously tested code which is tried and true, but LATER.
Patience is a virtue. Suppress the urge for instant gratification.
272
293
2K
Santa's early by 30 mins because it's been a long day.
Jailbreak movement
#2
: LiberIOS, to liberate (almost) all other *OS devices - 11.0 and 11.1.x ONLY.
Again, please use official page - I might update.
And no, we're not done. But that's all tonight.
233
690
2K
It's time to start.
Jailbreaking movement
#1
: LiberTV11. Get it now at
Works on all 11.0 and 11.1 versions.
See you again same time tomorrow for more, maybe? ;-)
Happy Holidays!
145
469
1K
To all those on 11.1.2 and lower, good things WILL come. But you have to be PATIENT AND UNDERSTAND: A) This is a lot of work B) It's a hobby. C) Neither I nor
@s1guza
nor any other hobbyist does this to serve you. D) The more you nag the longer it takes. Enjoy freedom, more soon.
156
227
1K
People:
A) I am not working with coolstar or anyone else.
B) I’m doing this on my own spare time, for FREE - no donations or anything either.
C) I owe you *nothing*.
D) This is my last priority. After real life, and my paying job.
Don’t wait on me and DO NOT HARASS ME. Period.
113
123
945
Liberty is coming soon to a *OS device (< 11.2) near you.
Watch this space.
134
207
862
JBToolkit successfully tested across ATV5 (4th gen) ATV6 (4k), iPad6,8 (Pro), iPhone10,x (8/X) and iPod7,1.
#LiberTV
just got promoted to a
#universal
64-bit dev
#jailbreak
. ***NO CYDIA*** but full SSH, any jtool signed binaries, without stuffing trust cache.
HABEMUS LIBERTAM!
75
252
821
HA. Apple closed the 11.1.2 signing window. Told ya so.
Toolkit coming soon -- for those who upgraded in time or stayed in 11.x but below 11.2.
If you're on 11.2.x - that's your problem. Don't wen ETA. Next time, read carefully and heed warnings.
292
225
744
Not "possibly the biggest". THE Biggest.
Congratulations to
@axi0mx
! Thankfully AAPL eventually patched this - the stuff Cellebrite , Grey key etc base their entire business model on.
For researchers,this is a great boon:Brings back tethered, JB&opens up dual boot, for life!
1/ The last iOS device with a public bootrom exploit until today was iPhone 4, which was released in 2010. This is possibly the biggest news in iOS jailbreak community in years. I am releasing my exploit for free for the benefit of iOS jailbreak and security research community.
36
318
2K
13
126
757
Ok everyone, I'm done!
-
#MOXiI2
(
#MacOS
#iOS
#Internals
)
#vol2
in print, will ship next week. Pay/PYPL only. Was WELL worth the wait!
- 'done' means DONE. I'm quitting Darwin, indefinitely: Dec
@Technologeeks
training is my last; No more book updates
36
144
709
iOS 11.4 closes Ian’s upcoming Exploit. 11.3.1 update window likely to close by next week. Update *NOW* or suffer later.
(Btw
#QiLin
is forward compatible, but rootfs remount requires APFS snapshot workaround)
Reports of jailbreaking’s demise have been greatly exaggerated :-)
89
251
650
To all those on 11.2 and later: in the beginning of the month, I implored EVERYONE to update to 11.1.x and stay there. You didn't. Suffer the consequences. One needs a bug to exploit for a JB, and presently no such bugs are known. Next time, do as implored. Oh - and - Enjoy jail.
67
128
633
Let x := i/TVOS ver.
If 11<= x <= 11.1.2 - STAY,save 11.3.1 blob
Else UPDATE to 11.3.1 - get ipsw () and press ALT in iTunes.
11.1.2 has root fs rw: 11.2+ requires bug, so far more valuable for iOS 12.
Be *responsible* and don’t blow it if you know it.
74
200
603
If you're at
#iOS
10.3.3, downgrade to 10.3.2 while you can:Ian Beer's awesome CVE-2017-7047 bit unstable,can be adapted to a dev
#jailbreak
75
267
567
10 days later,
#LiberiOS
usage statistics:
Unique IPs jailbreaking successfully. 14,649 (give or take)
Donations to charity: 3
76
112
537
Ok that does it. From now on, anyone asking about SSH/SCP/SFTP/Cydia/offsets by reply or mention after my repeated pleas and desperate begging to USE THE FORUM AND READ THE FAQ gets blocked. Period. I can't win with these people, who find me an aloof asshole no matter what I do.
85
28
524
The official (and ONLY) FAQ about
#Jailreak
#toolkit
+ upcoming
#universal
64-bit JB ***WITH NO CYDIA*** but pretty much everything else.
Please: do NOT reply here with eta wen, or speculate on Reddit, only to get answered by hearsay. Use official link.
58
184
517
Yep. Nailed it :-) Bypassing code signing using amfid, bypassing sandbox launchd trusted binaries restriction *and* that nasty "outside of container && !i_can_has_debugger" - all without blowing another 0-day! Maybe this toolkit thingy can be a full jailbreak after all ;-)
So you think you're so special,
@launchderp
, hiding behind the sandbox after AMFI has been defeated, eh? Well, once I get about patching the platform profile to allow the fremen's "untrusted" binaries to run, we'll see about that.
16
22
140
44
162
522
Ok. Got all offsets I need, thank you ARX8X. Working on offset server for this and future jailbreaks; also fixing a rare panic;
#LiberiOS
to be updated soon with more options.
66
7
509
PSA:
#checkra1n
is not malware nor has backdoors despite what bitter, jealous has beens, who couldn't accomplish half of it, claim. Said people will likely still use it in lesser "trainings", while slamming the incredible talent (
#Axi0mX
,
@S1guza
,
@qwertyoruiopz
et al) behind it.
9
72
522
People still don't get it:
If you don't know what SSH is, all you need to do is use
#LiberiOS
exactly once. This locks you in the current JBable iOS version you're on, even after reboot.
When/if Cydia is updated, THAT is when you can install it on top. I'll provide update then
45
72
429
Further emphases:
- iOS version won’t matter- iDevice matters: any 64bit before 2018 (8/X, iPod 6, iPad 4/pro, etc)
- iCloud lock bypass is partial; AAPL can detect/relock when connected to internet.
- Every boot without valid SHSH blob, or to custom OS must be tethered.
14
64
421
Coming soon to an iPhone X near you :-)
59
117
424
Friends, Romans, Countrymen.. Lend me your kernel_task port!
52
124
424
1.5 minutes of fame may have just screwed root remount for iOS 12.. thanks
@sparkZheng
for forcing AAPL to psych:
At least the good news is I can now update
#QiLin
/
#LiberiOS
/
#LiberTV
. Stay tuned.
Anyone below iOS 11.3.1 should update at this point.
27
107
414
People - STOP NAGGING/mentioning me needlessly in languages I can't read. Proper code sign bypass and making this stable & 64-bit universal takes time. Toolkit (eta: weekend) to support EVERY 64-Bit iOS or TvOS 11.1.x or lower. Period. LiberTV will show full toolkit usage sample.
84
91
406
36
206
383
FINALLY:
#MOXiI
Volume is up for sale!!! Thanks for your patience - and it was totally worth the wait!
Please get through link on so I get some fees back from AMZN! Details: (and see below)
47
133
383
I guess this makes a good PSA:
To all jailbreakers seeking to appease the masses and provide Cydia - PLEASE PLEASE PLEASE remember to touch /.cydia_no_stash else the throngs with their pitchforks will come after YOU after they reset to factory defaults for the first time...
37
73
364
To all wen eta naggers, if it wasn't clear: UPDATE TO iOS 11.1.2 (TvOS 11.1) NOW - that's what
@i41nbeer
's TFP0 will be for. iOS 11.1 NO LONGER SIGNED BY AAPL. Ian's PoC won't be full JB, but will enable partial (kdata) on >=i7, and(possibly)full on<=6s, and it's best you'll get.
50
108
353
Coming soon: The
#jailbreak
toolkit - a dylib for those people who end up with a send right to the kernel_task port (a.k.a tfp0) in their process, but don't know what to do next.
22
126
359
Congratulating unparalleled paragon of hacking
@i41nbeer
for a truly marvelous, clean exploit which also works (*confirmed*) on TvOS 11.x and the Apple TV 4K! My
#Jailbreak
#Toolkit
will be expanded to support this platform as well - and
#LiberTV
will finally get its update :-)
58
91
350
Put things in perspective:
- These aren't new 0-days. They've all been patched over time, hence why 5 chains used.
- Apple actually strives for security/privacy. Others make a business from flouting the latter.
- What, Android is more secure? *Cough* CamScanner*Cough* 🤮
17
70
348
Move over, Cydia Impactor:
#JTool
can now code sign with any code signing identity in your keychain. Will autodetect iPhone/Mac dev cert from partial match, and sign with valid certificate chain (using Security.framework APIs so only on MacOS)
Download:
12
115
343
Why do people just fail to get that making Cydia execute on iOS 11 is the easy part. Getting third party, non-app store binaries to run (NOT through stuffing the trust cache) is one challenge (solvable) and getting tweaks running (problematic, but solvable) - that's where it is.
28
43
334
Notes from kernelcache.release.iphone12:
- Ah... where's the PPLTRAMP??!
- Come to think of it, where's APRR?KTRR?any RR?
- What are all the mysterious S3_6_C15_C* registers?!
More research ahead for
@Technologeeks
Dec training :-)
(Btw,Rose ftab.bin is v7/Thumb)
15
46
336
#checkm8
in two moves: iBSS/iBEC/iLLB/iBoot are effectively same image. What's needed now is to dump/decrypt each device class (A7-11)'s iBoot and patch out the part which verifies APTicket/IMG4 signatures, or
(Better yet) create a dynamic pathfinder.
Then the real game begins.
9
47
334
To all redditers, naggers, eta, etc: Nobody needs to wait for me. I’m neither affiliated nor coordinated w/Electra.
If they ruin a good persistent root remount & blow their load early with dev cert MPTCP or unreliable vfs exploit, remember it when they don’t have any for iOS 12.
23
45
318
Proceeding faster than expected - almost done! TVers - Our day of (renewed) independence is nigh :-)
35
48
320
*Sigh* People F5 the URL and don't give me a chance to formally announce. Oh well.
#LiberiOS
is at 11.0.1. Lots of improvements and a proper UI (the morons who mocked my UI skills - I know my limitations and so should you, but I enlisted
@horatiohno
). JB Should be rock solid..
33
81
323
XPoCe version 2.0 - Forget library injection, just attach to *any* MacOS process on the system by PID, and start eavesdropping its XPC messages!
4
132
325
About them missing offsets for
#LiberiOS
#jailbreak
: It's a really simple fix with only two exported - symbols But I need people to help me.
34
62
307
#LiberTV
#JailBreak
1.1 for
#TvOS
11.0 and 11.1 on AppleTV5,x and 6,x (4K) will be out as soon as I completely disable code signing (i.e. next day or so), but don't nag me.JB
#Toolkit
will follow shortly after. AGAIN, DO NOT NAG. Reply to this with ETA/11.2/lame questions==>BLOCK
49
106
314
I bet that reintroducing
@NedWilliamson
's superbly crafted SockPuppet into
#iOS
12.4 is just a ploy to enable
@tim_cook
to walk on stage in three or so weeks and safely boast that "iOS 12.4 has the BIGGEST ADOPTION RATE EVER IN HISTORY!!!" So let's all help! Go update, everyone!
14
48
324
2.............
(and, while you wait, how about reading a bit on the iOS boot chain?)
אחלה קריאה ליום כיפור ;-)
גמר חתימה טובה, צום קל ו/או בתיאבון!
14
76
318
PSA: DO NOT OVERWRITE AAPL'S OWN BINARIES, E-V-E-R in ANY jailbreak. This will cause a boot loop because they're used during startup (before re-jailbreaking).
For
#LiberiOS
: You can just set the PATH, and/or (recommended) - run /jb/makeMeAtHome.sh followed by zsh.
24
90
297
To all icon/GUI contributors - no need.
@horatiohno
has developed a simple but beautiful UI. That's the one I'm using. (As soon as I can get my head around loading UIViews programmatically, that is. Popping kernels is easier than UI for people like me *Sigh*). Update later today.
22
50
308
Took buying another 10.1 TV to make up for one I foolishly botched, but the
#TvOS
#Jailbreak
is finally done! Details, download coming soon.
34
136
301
My auto-blocker has gotten sensitive as of late and filtered out the wrong people (sorry
@nullriver
!) but with constant wen eta spam, helpful “suggestions” on how to JB and people either pasting or forging my DMs publicly(!) , I’d rather have it err on the side of caution.
33
21
280
New year's resolution: Conclude both the
#MOXiI
Trilogy and (fashionably late)
#Android
#Internals
in 2018.
Looking forward to see what MacOS 14, [i/Tv]OS 12 (ok, WatchOS 5 too..) and Android P(optart?) all bring.. It's gonna be interesting :-)
Have a stupendous 2018, people!
27
23
285
The
#iOS
#Entitlement
#Database
is back - updated for iOS15.2: 32% more daemons,(nearly)double the entitlements, and support for array entitlements, and for those poor underprivileged, unentitled binaries.
👋 to my
#MOXiI
readers @ 17.x.x.x who I'm sure will find it useful
8
61
291
Because those who can, do!
And those who can't, are querulous, alleging that it's their bugs which were stolen.
Congratulations,
@PanguTeam
!
iOS 12 Jailbreak on iPhone XS by
@PanguTeam
! Bypass PAC mitigation on the new A12 chip. That's amazing!!!👏👏👏
118
973
2K
11
31
257
I am not getting back two hours of my life I spent debugging my JB due to a bug in Saurik's Cydia Impactor - which blindly signs all Mach-Os in IPA, not just the actual one specified in the Info.plist. Worked around it.. :-P Thanks to
@Andywiik
and
@nullpixel
for testing! :-)
24
50
261
Clarification: The nature of kernel exploitation often makes re-jailbreaking in a jailbroken device unstable ==> JBs likely won't be "compatible" or be runnable together. But all are semi, so if they're well designed you can reboot your i-Device anyway and choose which one to use
23
45
252
Let X:=iOS ver (TV=x-0.1,Watch=x-7.1)
If x<10.2.1 →∃JB∴STAY
If 10.2<x<10.3.3→STAY
If 10.3.2<x set x=10.3.2 now
P.S: PLEASE stop DM nagging
54
118
249
So... what we now is for someone to make a portable dongle with a Raspberri Pi, running Linux + Python or libIMobileDevice, and a USB host connector, to connect an A5-A11 iDevice to, and run the exploit to provide an on-the-go tethered boot :-)
12
34
250
Hey people: Please kindly retweet if you appreciate
@xerub
's awesome work on iOS boot chain and want the rest of the SEP firmware keys :-)
8
240
241
#QiLin
to be updated (with
#LiberiOS
/
#LiberTV
) very soon, w/APFS root remount&more. Not sure yet if Liber* will need dev cert.
For the impatient : use
setKernelSymbol(“_kernproc”, address_from_jtool-S);
and rest works fine, as shown by
@jaakerblom
,
@simone_ferrini
and others.
6
61
238
Sign of Twitter popularity: Lamers trying to hack your Twitter account when you're asleep.
Two factor authentication, people.
21
21
233
The once and future FAQ to end all should-I-update/wen-eta nagging/begging. Please read carefully and spread the word/retweet.
24
89
227
The man behind this (
@key2fr
) is a veritable genius and the best hardware hacker I’ve had the pleasure of knowing. And his cables don’t just work - they’re works of art!
This is a MUST for serious JB Research, like
@CorelliumHQ
but on a real i-Device !
And now you can debug your demoted iPhone over JTAG/SWD with the Bonobo Cable and OpenOCD ! !
21
133
485
5
33
235
@forbes
’
@iblametom
more accurate than others who spun the P0 report in sensational articles with “reason to give up” “insecure” iOS..
Makes you wonder, though - How could project zero have missed that Android was also targeted, Tsk tsk..
Put things in perspective:
- These aren't new 0-days. They've all been patched over time, hence why 5 chains used.
- Apple actually strives for security/privacy. Others make a business from flouting the latter.
- What, Android is more secure? *Cough* CamScanner*Cough* 🤮
17
70
348
12
25
227
PSA: To all those who already got root on their I-Devices - now is a good time to
chown root /var/mobile/media/Downloads;
chmod 000 /var/mobile/media/Downloads;
to make sure AAPL doesn't nag or sneak up an update on you.
26
55
227
So, that Phœnix JB writeup (From *OS Internals Vol III 1.4): . Questions/Comments welcome at
14
107
218
My
#Android
#Internals
book (leaked irresponsibly by WikiLeaks
#Vault7
) is now free, But please get officially from
7
183
222
Best
Treadmill
Jogging
Distraction
Ever!
7
40
222
Never again.
You're staying right where I want you - 11.1.
15
18
205
I’m glad I’m saving the best for last - and the best just got better -
#MOXiI
volume II will now not only tear down XNU - but also iBoot and the IOS boot ROM - all the way to the source!
It will take a while longer, but I promise it will ABSOLUTELY be worth the wait!
7
44
201
@sachin5949
@nullriver
For what ? Just to say I did it, and join the ranks of failbreaks? Like AAPL says - it’s not about doing it first - it’s about doing it right.
Besides it ain’t Christmas .. yet :-)
10
20
171
#APFS
#Internals
- Documented the *right* way -
Full *illustrated* specification - coming in
#MOXiI2
vol II
Also: please try out FSleuth for
#MacOS
/
#iOS
and
#Linux
(see pdf for links) and expect full/commercial version from
@Technologeeks
very soon!
3
71
209
JLUtil: The plutil(1) clone I use in
#MOXiI
to process MacOS/*OS binary property lists - with lots of enhancements over the original, including basic bplist16 support - for MacOS, *OS, Linux -
4
64
200
@TheNotchSucks
@nullriver
@Andywiik
That's up to
@Saurik
. I've been trying to reach him so we could enable it. I have a workaround I want to discuss with him.
4
53
169
The only offset you need to change for SockPuppet to work on A12 and A12X (at least on my 12.1.x) is task’s bsd_info (0x368) , and then you can plug in
#QILin
. Exploit seems super reliable so far.
Great job by
@NedWilliamson
and another free JB engine from Google Project Zero.
15
35
201
Quick tutorial/writeup on getting unrestricted debugging on jailbroken (liberated) iDevices:
1
50
194
#QiLin
users: first, thank you for using it!
Second, new version now autodetects all symbols on all devices (no more hardcoding addresses or offsets, and doesn’t need setKernelSymbol workaround)
Third, if you want any specific features/functions added, I’ll be happy to oblige!
5
27
194
#iOS13
only supports 6S and later, meaning:
- Standard page size of 0x4000 will simplify public JBs (no need to code for 0x1000), if/when.
- Apple can't close end-of-line 12.x (12.4?) update window for 5S, 6
- 6S will remain only KPP-based device. All others use KTRR.
8
37
187
Venit tempus eius (1/2):
#MOXiI
FINALLY available in PDF. You can now get any or all three of my
#MacOS
/
#iOS
#Internals
in the way they were planned to be read: Full color, fully searchable!
Pay (US): $75, PYPal: $85 (-$25 if you have paper ed)
DM or Email moxii
@u
.know.where
8
38
188
My guess is - someone @ AAPL acted hastily in pulling DMCA. Someone else obviously realized mistake & quickly corrected it. End of story.
No need to flame, swear, or spread idiotic conspiracy theories unnecessarily. If you must lash out, help me nag them for XNU sources already
2
21
189
AAPL has at least 8 unique serial numbers in every i-Device's components. All they'd have to do is buy back their dev-fused devices on the open market, figure out time/date and employees in charge, and plug leak. Kind of ironic as
@tim_cook
is known for his supply chain prowess..
New: The rare and expensive prototype iPhones that hackers use to research Apple’s most sensitive code.
A deep-dive into the obscure world of "dev-fused" iPhones, the gray market sellers who trade them, and the hackers who use them.
7
177
403
1
10
179