Skip to content

fatgrass/jailbreakme-unified

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

110 Commits

DOCS

DOCS

 
 

analytics

analytics

 
 

assets

assets

 
 

modules

modules

 
 

payloads

payloads

 
 

unittests

unittests

 
 

.htaccess

.htaccess

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

RULES.md

RULES.md

 
 

SUPPORT.md

SUPPORT.md

 
 

fuckoff.html

fuckoff.html

 
 

index.html

index.html

 
 

modular.js

modular.js

 
 

new.html

new.html

 
 

serve.py

serve.py

 
 

style.css

style.css

 
 

testmacho

testmacho

 
 

Repository files navigation

Jailbreak Me 13.37

A webbased jailbreak solution unifying existing jailbreak me solutions and new ones.

Created by Sem Voigtländer

Please read RULES.md as well

Support

  • 8.4.1 & 9.3 up to 9.3.3 & 11.3.1 & 12.0 - 12.0.1 (64-bit)
  • 3.1.2 up to 4.0.1 & 8.4.1 and 9.1 up to 9.3.4 (32-bit)

Read more: https://github.com/MTJailed/jailbreakme/blob/master/SUPPORT.md

How it works

Using ModularJS various modules are loaded at runtime.

These modules can be divided into the following stages:

1. Identification

  • Uses an information leakage (not vulnerability) in WebGL to detect the GPU of the victim device
  • Uses the browser agent to define what browser and firmware to exploit
  • Uses size and resolution constraints to detect the specific victim device
  • Uses various debugging information about the hardware environment using window.performance or window.navigator
  • Uses benchmarking algorithms and hashing to identify and track the victim device.

2. Eligibility

  • Using the identification information the victim is checked against various constraints, such as whether the victim is a mobile device or a desktop.

3. Strategy selection

  • Based on the eligibility constraints and identity the exploit strategy will be selected for the victim device and loaded.

4. Payload retrieval

  • The strategy will load the payload(s) for the victim device, on iOS this can be for example Cydia, on desktops for example a remote administration tool.
  • The payload is aligned so it can be used later when the exploit has created an executable region.

5. Exploitation

  • The exploit is started and carefully sets up read/write primitives in the browser memory.
  • Once r/w is gained an executable region is created and the payload is aligned / copied into it.
  • The exploit jumps to the shellcode and starts executing it

6. Post-Exploitation

  • Various tools and capabilities could be setup after successful completion of the exploit, such as a telnet client to gain a shell on the victim from the browser.

Credits

About

Framework for iOS browser exploitation to kernel privileges and rootfs remount

racecondition.win

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 93.6%
  • Python 3.4%
  • HTML 2.2%
  • Other 0.8%