Much to the joy of the jailbreak community, the Dream Team - comprising p0sixninja, Pod2g, MuscleNerd and a number of other prominent iOS hackers - have been responsible for the last two major jailbreak releases. At this year's Hack in The Box (HITB) conference in Amsterdam, the team discussed several topics of interest, including Absinthe and Corona. The video below depicts the discussion for the first part where the team of hackers talk about Corona.
The second part - which covers Absinthe and other topics - is likely to be released sometime this weekend. The video presentation seems a bit hard to follow, particularly if you are a stranger to the technical terms. Nevertheless, it is a great opportunity to hear what the experts have to say about the future of jailbreaking tools and what is on offer.
As iDownloadBlog notes, all those geeks and jailbreak users who are familiar with the tools and eager to learn more, are invited to head over to the developers' official site to view slides and presentation materials in great detail. You can check back to view the Part 2 of presentation video in the next few days.
Meanwhile, here is the official translation of the presentation overview, courtesy of iClarified:
"GreenPois0n Absinthe was built upon @pod2g's Corona untether jailbreak to create the first public jailbreak for the iPhone 4S and iPad 2 on for the 5.0.1 firmware. In this paper, we present a chain of multiple exploits to accomplish sandbox breakout, kernel unsigned code injection and execution that result in a fully-featured and untethered jailbreak."
"Corona is an acronym for "racoon", which is the primary victim for this attack. A format string vulnerability was located in racoon's error handling routines, allowing the researchers to write arbitrary data to racoon's stack, one byte at a time, if they can control racoon's configuration file. Using this technique researchers were able to build a ROP payload on racoon's stack to mount a rogue HFS volume that injects code at the kernel level and patch its code-signing routines."
"The original Corona untether exploit made use of the LimeRa1n bootrom exploit as an injection vector, to allow developers to disable ASLR and sandboxing, and call racoon with a custom configuration script. This however left it unusable for newer A5 devices like the iPad2 and iPhone 4S, which weren't exploitable to LimeRa1n, so another injection vector was needed."