Best products from r/jailbreak

To add on adamrgolf, some currently famous usages of NFC are

• Nintendo Amiibo figures
  
  
• Some fitness machines (my personal fitness has them, from TechnoGym)
  
  
• Wireless paying. This includes both Apple Pay and its knockoffs (google pay, samsung pay etc) but also wireless paying with bank card. The latter is, last I heard, not very common in Murica but over here in The Netherlands it is super super common and stores even want you to use it in favor of your own security.
  
  
• Adding WiFi networks (instead of typing the security pass). Some routers support this
  
  And here and here are some more examples. NFC is a really awesome technology because it's super easy to use, tags are really cheap (8 for 10 bucks on amazon) and these kind of tags can hold all kinds of data from web addresses to share to the aforementioned data of Nintendo Amiibo figures if you can find their decryption keys (they are uhm.. "available" on the internet if you know what I mean)

tomf64 has explained it well. I'd like to add a little more to that, however. All the links he has given use Theos as the build system, and Logos for some nice syntactic sugar that Dustin Howett was kind enough to grace us with.


However, to be an effective developer, one must understand what is going on behind the scenes. For that, I'd suggest to pick up a nice book for learning Objective-C. Programming in Objective-C by Steve Kochan is a great book to start, in my opinion.


Once you're through with that, use Google to find and read one of the tens of thousands of "Get Started With iOS Development" tutorials (Like this one). The concepts taught there will be really easy to pick up, assuming you have a fair understanding of Objective-C. Write a few little apps for yourself, make sure your fair understanding expands to the hows and whys of everything.


Writing a tweak is a different beast altogether. It requires some knowledge of programming patterns (usually Apple engineers', you'll see them with experience), some guess work, and a lot of patience. You'd also do well to know how the Objective-C runtime works. Tweaks rely on the openness provided by it to get the job done. This is a great article to get you started, after which Apple's own Runtime Reference teaches you how to use everything.


If you have gone through all of these the articles provided by tom will suddenly make a lot more sense that they did before. The point of this comment is not to intimidate you, but I have seen a lot of newbie devs jump right into tweak making without having their basics clear. Then they're simply like a fish out of the water. Feel free to ask me anything more you may want.

EDIT: Actual line breaks. Whoops.

If you don't have any prior knowledge with programming, I'd first recommend learning Python. If you do have programming knowledge, then jump straight into ObjC. I read these 3 books and my Objective-C knowledge grew so much. I highly recommend reading these books.

Book One

Book Two

Book Three

I'd recommend reading these books in the order I listed them.

After you have read those books, you'll want to get friendly with theos. Theos is what you will use to make your tweaks. Learn how to install/use it here: http://iphonedevwiki.net/index.php/Theos/Getting_Started.

Now, you can look at open source tweaks. There is a great place to see a lot of them: http://iphonedevwiki.net/index.php/Open_Source_Projects.

Once you are comfortable, get started writing tweaks!

Always feel free to PM me if you need any help or have a question. :)

Hey there!

Thanks so much! \^_^ This will really help a lot. I've had lightning cables in the past that just got wrecked because of… whatever reason they got wrecked. I don't even know why, but this definitely will help a lot! Thank you!

Do you think that I could use tape to do it instead? I'm rather scared of the springs, because they're kind of sharp.

I've also been looking at angled and braided cables. They look like they could potentially be worth it. What do you think?

By the way, this seems like your first post. It's fine posting links here! Great first post by the way! :)

I prepare for my medical classes using those books:

Campbell Biology (10th Edition), truly an amazing piece of work would really encourage reading it, clear explination of concepts that people seem to forget when they progress further into the subjects

Chemistry: The Central Science (13th Edition), perfect referal in case you forget vital concepts of chemistry, works out well but fails in the orgainc chemisty

And for further reference we need to also buy even though some of the fact are outdated Organic Chemistry with Mastering Chemistry and Solution Manual (8th Edition), I found that this has a really sturdy and "enjoyable" methods(yes I enjoy what I study), and this is just half of it.

Now personally I have a "side job" that is paying me off really well and I couldn't even complain about it, but for most students they need even more books for "reference", education should be for free, I personally will not lie and straight out tell you that I upload these books on several websites, some in my session rely on much older books to study. I do support the fact that people should be rewarded for their efforts, yet not take it out on people, I really think the governments should fund & pay them instead.

Just learning a couple of languages won't do if your only concern is learning how to exploit. Learning how operating systems work is equally important if not more, though learning a programming language is an obvious first step.

• Start with C then C++ and finally Objective-C. If learning C seems boring/hard take a look at Python first as you'll need it anyway for scripting.
  
  
• Then you'll have to learn ARM/ARM64 to reverse engineer stuff.
  
  Now, I don't know if these are absolutely necessary but they are helpful anyway.
  
  
• Learn and use Linux/BSD the hard way™, using OS X or Windows won't get you too far IMO (I'd actually include easy distros like Ubuntu into that category). Though OS X is almost a necessity to know how iOS works and interact with it, also important since the two have so much in common.
  
  
• You can buy a book to get a general knowledge about binary exploitation, for that you can use this. It's outdated now so I don't know the current state of affairs, you can substitute it for a more modern book.
  
  
• You'll have to get an iOS specific book. Though again it's outdated.
  
  
• Take a look at these tools. Libimobiledevice is awesome
  
  
• After all that you can use some Wargames/CTFs for practicing your skills, e.g http://overthewire.org, http://wechall.net, http://io.smashthestack.org, https://exploit-exercises.com. Though you can ignore this step I guess
  
  
• Start from old iOS, iOS 4 or 5 seem sweet spot.
  
  Also check out http://winocm.moe/research/2013/09/20/resources-for-getting-started/, I might have repeated what she said.
  https://www.theiphonewiki.com/wiki/Up_to_Speed is also useful. However The iPhone Wiki again, is outdated.

Thank you!

It's great to know that you're interested in Security Research — while I can't say for sure about how it might be done academically, I wholeheartedly recommend these resources:

• The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
  
  
• macOS and iOS internals
  
  
• Any write-ups you can find online. I enjoyed reading Ben's machswap writeup and Siguza's classic v0rtex one. This repository also seems to contain references to good stuff.

It’s a RUNSY 5,800mAh. I’ll leave a link below.

But yeah, honestly don’t get ones that are only 2,000mAh, get one with at least 5,000mAh. The bigger the battery, the better (to however much you can afford). Honestly, my RUNSY case still works like a charm, but I’ve had an issue with my first one. If you have one that has something wrong with it, shoot them an email and they’ll send you another one.... so long as it’s reasonable (saying something like “I wanted a darker black colour” wouldn’t be sufficient enough).

But yeah, using a battery pack definitely has more benefits than just being able to charge your device when you need it... like it can actually extend your battery lifespan.

I wonder... if I kept it at 100% for two years, you think Apple would want to buy it back, kind of like when a vehicle hits 1,000,000km?

Purchased off Amazon (https://www.amazon.ca/gp/aw/d/B06XDBRRW9?psc=1&ref=ppx_pop_mob_b_asin_image).

A quality 3rd party iPhone 6S battery + tools needed to open it is about 20 bucks on Amazon and it's really easy to replace.

follow the iFixit guide and maybe buy the dual suction cup tool because it has a hard limit on how far apart the cups can split so you don't tear the LCD ribbon cable.
https://www.amazon.com/Kaisi-Opening-Electronics-Compatible-Cellphone/dp/B014LZEAY6/ref=sr_1_5?s=electronics&ie=UTF8&qid=1543386545&sr=1-5&keywords=suction+cup+tool+phone

I like to use the phone enough to warm up the entire battery so that the adhesive strips are easier to remove.
enjoy refreshed battery life! The extra costs possibly spent on the suction cup tool is worth the peace of mind knowing that you'll keep your JB.

• the mic isn't a small pin hole mic on the display but a full external mic, (running from the back). The MIC wire that comes with the unit is really LONG with wire, so routing needs to be thought out and excess bundled up somewhere, but does allow for good placement / testing. In my case the best result was on the steering column pointing at the driver, so I didn't need a long run of wire, (but I tried the B pillar, the visor / center top console etc), but steering wheel was best/most sound isolated.
  
  
• Yes, so that they can brand the unit with the official green "works with carplay" they had to have Apple certify it. The unit was supposed to release in February, but "according to Alpine", it was Apple that held up the certification's, (I suspect Apple telling Alpine they had to change things for better experience) but who knows for sure....
  
  
• the VSS is used so that the software can predict the relative position of the car when GPS signal is lost, (ie if on a road heading north at 50km, and you lose GPS for 30 seconds) you can use the vehicle speed to approximate position (assuming you don't go off roading all of a sudden) and then when GPS comes back, the adjustment "jump" is very small from approximation to GPS position. In my intial testing, I didnt even hook up the external GPS and the unit was dead on all the time, so I really think VSS was overkill.
  
  
• I also did the parking bypass to a switch, but the restriction is very minimal. Basically you cant get into the setup menus (like to tweak display, or mic gain, etc) while driving. Most of these settings you do not modify once the car is setup anyways, but in my case you just FLIP this switch on/off whenever you need access and its maintain for the duration of ignition. There are toggles modules you can buy on amazon etc specifically to do the flip/timing automatically, (they are like $40-60) but really are not worth it since the restriction is so minimal. CarPlay, since its only an overlay is given fullview all the time, ie (using NGXPlay you could install youtube or game consoles and they would not be blocked ever).
  
  
• the AUX is audio and video but the VIDEO part is locked out to the parking brake above, but audio is not. I would probably buy something like this https://www.amazon.ca/Bluetooth-LDream-Receiver-Handsfree-Charger/dp/B01D8GB11Y/ref=pd_sbs_107_18?_encoding=UTF8&psc=1&refRID=59JHF9HBFFRVHR265RKG which you could hook up to audio on the AUX port, and it would give you A2DP and HPF support on the unit and be still wireless, but then the screen is pretty useless. But a cheap bluetooth support option.

Smart covers work with the iPad mini. Look in the settings app under general for the "Lock / Unlock" option that will "Automatically lock & unlock your iPad when you close & open the iPad cover". I just bought a rooCase for my iPad mini retina a month ago & it works great. I like it much better than the official Apple smart covers & it cost a lot less. You can also set up Activator actions like SmartClose when closing the smart cover.

To go along with what /u/xXCallMeGreenyXx said, you should definitely learn Objective C before attempting tweaks. I'd personally suggest [this] (http://www.amazon.com/Programming-Objective-C-Edition-Developers-Library/dp/0321967607) because it starts from the basics.


Feel free to PM me though, if you need any help. :)

I personally have no experience, but I've heard good things about iOS hackers handbook. It's most likely not current but it might be a good start.

I've used a Logitech PowerShell for RetroArch. It works great with all of the cores I've tested (SNES, GB, GBA, N64) and the built-in battery is nice. Plus it's MFi compatible so it works with much more than just RetroArch and other emulators.

It's not the Chromecast but if you have a Firestick just buy this app for $3 directly off the amazon store it works fucking nice. app link! I'm mirroring my iPhone 6 ios 9.3.3 currently and it works without an issue.

I would definitely take a look at The iOS Hacker's Handbook. It's an excellent resource for understanding the fundamentals of jailbreaking.

You can always buy a jailbreak. Exploit brokers like zerodium pay out 1.5 million dollars for remote jailbreak 0-days.

Side note: *OS Internals Volume III by Jonathan Levin is a good source for people interested in learning about previous techniques used in jailbreaks

Yeah true, even Apple's adapters and cables are overpriced. Maybe try this one: https://www.amazon.com/AmazonBasics-Micro-USB-Lightning-Adapter/dp/B072Y118FF

Maybe this book would be of some help? I just ordered this for myself and from what I've heard about it, it's a very good book to learn about how iOS works & how to defeat it.

[Book](iOS Hacker's Handbook https://www.amazon.com/dp/1118204123/ref=cm_sw_r_cp_api_C0VCybEAQFC95)

Are these different? Like better or worse or something?

https://www.amazon.com/Black-NFC-Stickers-NTAG213-Tagstand/dp/B00KSR0636

And if you still have a 5/5s you can buy a very nice controller for only $7 and not have to deal with frustrating touch controls. It's plug n play with GBA4IOS.
Logitech PowerShell Controller with Battery for iPhone 5/5S and iPod Touch 5th Generation - Black https://www.amazon.com/dp/B00FHREO8K/ref=cm_sw_r_cp_api_HRE6xbHKXAK3K

Grab this http://www.amazon.com/Hacking-The-Art-Exploitation-Edition/dp/1593271441/, read it, then play with the debugger and IDA.

Ok, after doing a google search, I found this link for AirReceiver https://www.amazon.com/x9F99-x65B9-x513F-AirReceiver/dp/B00L5HQRGS
Note that this is not perfect and doesn't support everything an apple tv supports. If wifi speed is not very good, mirroring doesn't go very smoothly. DRM content such as amazon video or netflix won't work, but these are already supported by fire tv natively. I use it mostly for videos from Safari, or just music playback.

Some of the well known jail breakers are writing a book on that right now, but it isn't finished.

http://www.amazon.com/iOS-Hackers-Handbook-Charlie-Miller/dp/1118204123

Then you didn't search enough
https://www.amazon.com/Programming-Objective-C-6th-Developers-Library/dp/0321967607

http://www.amazon.com/x9F99-x65B9-x513F-AirReceiver/dp/B00L5HQRGS

Read iOS Hackers Handbook http://www.amazon.com/dp/1118204123), and this http://www.idownloadblog.com/2011/09/13/i0n1c-exploit-report/).

iOS has numerous amounts of security mechanisms in place

1. KASLR (Kernel Address Space Layout Randomization) - this randomizes the location of the kernel in the device. It makes it extremely hard to guess where the kernel is located therefore making it harder for exploits to target the kernel
   
   
2. App Sandboxing - Each app downloaded is 'sandboxed' which basically means its in its own cell. Apps cannot communicate/look at files without explicit permission from Apple, and even if Apple did give explicit permission (permission to camera roll, etc) it wouldnt be a big security risk either way
   
   
3. KPP (Kernel Patch Protection) This is the by far one of the hardest security mitigations implemented by Apple - Basically once the phone boots, KPP is then kicked up into Exception Level 3 and it acts as a guard for some major parts of the Kernel. Basically if something is modified at the kernel level, the phone will panic and reboot
   
   
4. AMFI (Apple Mobile File Integrity) This basically checks to make sure that the code written is verified and signed by Apple. We can use ROP to work around with this. Basically ROP is using Apple's own code to write an exploit.
   
   These are some of the basics and there are lots of good resources out there. I will link some of them below.
   
   https://xerub.github.io/ios/kpp/2017/04/13/tick-tock.html - KPP
   
   https://www.theiphonewiki.com/wiki/Main_Page - iPhone Wiki
   
   https://www.amazon.com/MacOS-iOS-Internals-III-Insecurity/dp/0991055535 - iOS internals
   
   http://newosxbook.com/index.php - iOS internals and code

This might be a good starting point, but I have no idea how outdated the information is. There's another book that was released last year but I can't remember the name of it.

Edit: Found it

/u/modalbony

>What exactly do you mean by watching it to see CPU? I'm quite familiar with Top -u, but is there a way to view just that processes CPU? I kind of want to watch it through my computer while browsing and see what happens.

You need to get its PID first. My favorite way to do that is with System Status from the App Store, which lists running processes with PIDs (although you can't kill them or anything).

Then use:

top -pid PID

To see just that process's stats.

>Does that Jetslammed tweak have anything related to this or help this?

Jetslammed can change a launchdaemon's HighWaterMark RAM limit, the limit of sustained RAM usage at which Jetsam automatically kills the daemon.

http://newosxbook.com/articles/MemoryPressure.html

The HWM can also be changed manually, but, in the end, it doesn't really help that much unless a daemon is only dying due to exceeding its HWM.

It can still be killed for other reasons if the system is low on memory.

It doesn't actually keep discoveryd from EVER being killed, so it doesn't really solve the issue of very large hosts (>300 KB) files causing random website disconnects due to discoveryd dying, leading to DNS failure.

It really just fixes it so that you can have Wifried and a small ad blocking hosts file at the same time since Wifried + even a small hosts file (like Light UHB) will cause discoveryd to use about 9-10 MB, exceeding the 8 MB HWM limit for a long period of time, causing discoveryd to be automatically killed, causing Wifried to re-initialize Wifi, causing random Wifi disconnects, which is even more problematic than even a DNS failure.

Wifried with Jetslammed raises the HWM for discoveryd to 12 MB from 8 MB, preventing the HWM killing of discoveryd with Wifried + small ad blocking hosts file. A large hosts file will exceed even this new limit, but, in that case, where discoveryd uses 20 MB or more, it will be killed by the system anyway for other reasons not related to the HWM.

>So do I have the correct Light UHB? Is that the one you use? I guess I might try reinstalling and maybe see. Haven't had an issue since its crash and (haven't checked today) haven't seen it anywhere near the top when running "top".

I use Light Untrusted Hosts. I've watched discovery's PID for about a month now. It's not being jetsam killed anymore even if I load a LOT of tabs and really stress it out. It never goes over 8 MB (the HWM) for any sustained period of time (even 8 MB requires A LOT of DNS activity), and never reaches enough RAM usage that the system would think to kill it to free memory (10-20 MB). Gamed (the GameCenter daemon) uses more memory than discoveryd with Light UHB . . .

>-unrelated- I love learning about all this stuff and your fountain of knowledge so far. Mind if I asked where you learned so much? I've been learning a lot about daemons lately, especially locationd and backboardd. I'm just curious as to where I can learn more about this stuff, learn how to read crash logs as so far it's just from the little experience I have, etc. I just can't find any good resources..

I've used OS X since it was in beta, and iOS is secretly just OS X in disguise with a TouchUI, a few processes missing, and a few processes added.

This book has been helpful to me in understanding jailbreaking, although it is a bit dated:

http://www.amazon.com/iOS-Hackers-Handbook-Charlie-Miller/dp/1118204123

Also a bit dated, but you may like it if you have a Mac:

http://www.amazon.com/Learning-Unix-OS-Going-Terminal/dp/1449332315/ref=sr_1_1?s=books&ie=UTF8&qid=1418694791&sr=1-1&keywords=OS+X+unix

This wiki is also good. Many devs post on it:

https://theiphonewiki.com/wiki/Main_Page