Shulou(Shulou.com)06/02 Report--

This article introduces the relevant knowledge of "analyzing Fugu's open source jailbreak tools for iOS devices based on Checkm8 vulnerabilities". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Supported Devic

The current version of Fugu only supports iPad Pro (2017) and iPhone 7 (iOS 13-13.3.1).

Project acquisition

The majority of researchers can use the following commands to clone the project code locally:

Git clone https://github.com/LinusHenze/Fugu.git project build

Note: the majority of researchers can also download the precompiled version of Fugu directly from the Release page of this project.

Before building Fugu, make sure that Xcode and Homebrew are installed.

Then use Homebrew to install llvm and binutils:

Brew install llvm binutils

Next, open the Fugu project in Xcode, select Fugu as the target, and build the project. After the build is complete, Xcode will generate the Fugu project and a Shellcode directory in the build directory, and then we can start using Fugu.

Tool use

I suggest you run Fugu with no parameters and check all the available options.

If you want to jailbreak your Apple device, you can run the following command directly:

Fugu iStrap

You may need to run this command several times to enable Fugu successfully. If you have tried four or five times without success, please adjust the device to enter DFU mode and try again.

This command will send a kernel boot loader and iDownload (a program that can be used to send files or execute commands to Apple devices) to your Apple device.

Install Sileo, SSH, and MobileSubstrate

Note: jailbreak is risky, operation should be careful, please back up all the files before operation, such as the damage to the equipment caused by the operation, please bear the user's own responsibility.

Make sure that libusbmuxd is installed on your device. If not, you can install libusbmuxd through Homebrew and use the following command:

Brew install libusbmuxd

After installing usbmuxd, start your Apple device and enter jailbreak mode. At the same time, make sure your device is connected to your macOS device through USB.

Next, install Sileo using the following command:

Python install_sileo.py

After running the script, you will download all the components required to install Sileo and complete the installation of Sileo. After the installation is complete, you will see the Sileo icon in the application bar. At this point, SSH will run in the background, please make sure that the root/mobile password has been changed.

The component Fugu consists of the following components:

1. Fugu:macOS applications, which can exploit security vulnerabilities in your Apple device through checkm8 vulnerabilities and upload iStrap, iStrap loaders and iDownload.

2. IStrap loader: a piece of Shellcode code that repairs iBoot and loads iStrap after iBoot.

3. IStrap: the kernel boot loader, which is displayed when the Apple device starts, fixes the kernel, injects startup parameters, and injects Shellcode into the kernel.

4. IDownload: programs running on Apple devices will be installed during the boot process. The program listens on port 1337 and provides the user with an interface similar to Bash.

License agreement

The development and release of this project (except third-party code) is in accordance with the GPL v3 open source license agreement.

This is the content of "analyzing the open source jailbreak tool for iOS devices based on Checkm8 vulnerabilities in Fugu". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.