Skip to content

antoniofrighetto/Trident

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

92 Commits

Headers/IOKit

Headers/IOKit

 
 

Trident.xcodeproj

Trident.xcodeproj

 
 

Trident

Trident

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

Repository files navigation

Trident

This exploits the following two CVEs:

  • CVE-2016-4655: allow an attacker to obtain sensitive information from kernel memory via a crafted app
  • CVE-2016-4656: allow an attacker to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app

CVE-2016-4657 (WebKit exploit) is NOT included despite the name of the project being called Trident. Only kernel vulnerabilities are being exploited here.

The objective of the exploit is to gain root access over the device.

At this point it would be possible to jailbreak the device by applying more patches to the kernel (for sandbox, code signing enforcement and more).

iOS 9.3.5 is not supported as vulnerabilities have been patched in that version.

Supported devices:

  • iPhone4,1 (N94AP), iOS 9.3 (Eagle 13E233)
  • iPhone4,1 (N94AP), iOS 9.3 (Eagle 13E237)
  • iPhone4,1 (N94AP), iOS 9.3.1 (Eagle 13E238)
  • iPhone4,1 (N94AP), iOS 9.3.2 (Frisco 13F69)
  • iPhone4,1 (N94AP), iOS 9.3.3 (Genoa 13G34)
  • iPhone4,1 (N94AP), iOS 9.3.4 (Genoa 13G35)
  • iPhone5,1 (N41AP), iOS 9.3.2 (Frisco 13F69)
  • iPhone5,2 (N42AP), iOS 9.2 (Castlerock 13C75)
  • iPhone5,2 (N42AP), iOS 9.2.1 (Dillon 13D15)
  • iPhone5,2 (N42AP), iOS 9.3.2 (Frisco 13F69)
  • iPhone5,3 (N48AP), iOS 9.3.2 (Frisco 13F69)
  • iPhone5,3 (N48AP), iOS 9.3.3 (Genoa 13G34)
  • iPad2,1 (K39AP), iOS 9.2 (Castlerock 13C75)
  • iPad2,1 (K93AP), iOS 9.3.1 (Eagle 13E238)
  • iPad2,1 (K93AP), iOS 9.3.2 (Frisco 13F69)
  • iPad2,1 (K93AP), iOS 9.3.3 (Genoa 13G34)
  • iPad2,2 (K94AP), iOS 9.3.2 (Frisco 13F69)
  • iPad2,3 (K95AP), iOS 9.3.2 (Frisco 13F69)
  • iPad2,3 (K95AP), iOS 9.3.3 (Genoa 13G34)
  • iPad2,4 (K93AAP), iOS 9.3.2 (Frisco 13F69)
  • iPad3,1 (J1AP), iOS 9.3.4 (Genoa 13G35)
  • iPad3,2 (J2AP), iOS 9.3.2 (Eagle 13E238)
  • iPad3,3 (J2AAP), iOS 9.3.3 (Genoa 13G34)
  • iPod5,1 (N78AP), iOS 9.3.2 (Frisco 13F69)

Guide for finding offsets by angelXwind

References:
Original exploit disclosure by Lookout
OS X exploit by jndok

Thanks: Lookout, Pangu team, i0n1c, jndok, kernelpool, planetbeing, qwertyoruiop, winocm

I could feel
it coming back
I didn't know
was I built to last
I've come so far so fast
and it feels like a hundred years
am I dreaming'
is it gonna last
I could be
better still
than anything
I've done
I know ya think
You could do too
I know ya think
You feel it's true
Its the little things in life
that I feel

About

Apple iOS 9.2.1 (5,4) local root kernel exploit.

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C 58.3%
  • Objective-C 41.7%