Now, Android phones can also give Apple jailbreak. On March 5, a Twitter user claimed that he successfully runs Android 10 on Apple iPhone 7.
Jailbreak is not unusual, but the innovation this time is to use an Android phone to give jailbreak to Apple and run Android on the Apple phone.
This product is called "Project Sandcastle" -- the Apple system is a bounded sandbox, and Sandcastle gives you an opportunity to create new things in infinite imagination.
Jailbreak is down, Correllium is still there
As long as the history of the iPhone, so long as jailbreak.
The early 2007 iPhone came out, and jailbreak appeared within a few days. One of jailbreak's souls, the open source software store Cydia, even appeared 5 months before the App Store.
Why was jailbreak so popular?
Unlike Android, iOS is a “prison” with a high wall, but the early system experience is poor and severely restricted, such as the inability to change the ringtone of incoming calls, custom wallpaper, system UI, and Bluetooth mutual transmission freeze.
In addition, the App Store software is not as playable as Android, and many software needs to be paid for download, which is not very suitable for many users.
After jailbreak, these problems will be easily solved. The application can interact with iOS at the bottom layer. The user gets the highest permission of the mobile phone and can add, delete, adjust or enhance the operating system functions.
Ten years later, jailbreak is a very simple matter. JailbreakMe, redsn0w, evasi0n and other tools are installed on the computer, and the phone is connected, and the rest is left to it.
But the jailbreak rivers and lakes are gradually dying, especially after the father of Cydia, Jay Freeman (Saurik), announced the official closure of a ten-year-old open source store in 2018.
It should be noted that Cydia has not disappeared. Users can still download software that they have purchased in the past on Cydia, but it is forbidden to purchase software from BigBoss sources.
There are several reasons for the industry to end. The first is Apple's efforts. The battle between Apple and jailbreak geeks has never stopped. On the one hand, they upgraded the system to fill loopholes, improve and enrich the functions and product experience, and on the other hand, they also divided this group through various rewards and recruiting hackers.
The second is the formation of mobile ecology, APP blowouts, and business model changes from most paid downloads to free downloads and value-added service charging methods.
Third, due to the above reasons, jailbreak has become more cumbersome and unnecessary, jailbreak users have begun to decrease, and the return of geeks' interests has also been hit.
According to statistics, in 2011, Cydia users exceeded tens of millions, and nearly 250,000 US dollars in revenue each year. Seven years later, Jay Freeman said, "This service makes me lose money, and I have no enthusiasm to maintain it."
Correllium is one of the few remaining entrepreneurial teams. The company was founded in 2017 and is located in Delray Beach, a city in southeast Florida. The main product is an iOS virtual machine (emulator) Corellium, which is also the source of the company name. .
Correllium has 7 registered employees on LinkedIn, and the two co-founders David Wang (@planetbeing) and Chris Wade (@cmwdotme) are the earliest generations of iPhone jailbreakers.
Ten years ago, they joined many other iOS engineers for more than a year to port Android to the earliest iPhone.
Ten years later, on the basis of virtual machines, Correllium released a new flashing tool, Project Sandcastle, in less than a month.
The product is currently in beta. By using the checkra1n tool to implement jailbreak, Project Sandcastle allows you to install Android on iPhone 7 or iPhone 7 Plus.
The user only needs to prepare an Android phone with this tool installed and rooted, and set the iPhone or iPad to DFU mode (firmware forcible level upgrade mode), and Project Sandcastle can complete its work "auto-magically".
Project Sandcastle has many "firsts", such as the first successful crack of iOS 13, the first support for jailbreak for Android, and the first tool that can run on Linux.
In addition to Linux, it currently runs on Mac, but does not yet support Windows.
Of course, Project Sandcastle is not a perfect jailbreak flashing tool. Correllium said that the Android system can only run on iPhone7 and iPhone7 Plus old devices, and only adapts to some basic hardware options.
In addition, the mobile phone is still stuck. jailbreak only has a temporary effect, it will not work after the phone restarts.
However, the last problem has often occurred in the past, and now Android can jailbreak, at least for users, it has become more flexible and convenient.
Epic loopholes and jailbreak risk
Project Sandcastle is cracked based on the Checkm8 bootrom vulnerability.
The vulnerability was announced on Twitter in September 2019 by an iOS researcher @ axi0mX and called it "a rare vulnerability for decades" and "EPIC JAILBREAK" (epic jailbreak). He named the vulnerability "Checkm8", which is checkmate.
Bootrom is a read-only memory that contains the first code to be loaded at system startup.
When an iOS device starts to load the initial code, BootRom cannot write and can only read. With the vulnerability of checkm8, the ROM that could not be written can be read and written.
And because this vulnerability is on the hardware, Apple can't fix it even after updating iOS.
The checkm8 vulnerability exists in Apple devices equipped with A5, A6, A7, A8, A9, A10, A11 series processors, affecting the iPhone 4S from 2011 to iPhone 8, iPhone X in 2017.
However, Apple has patched this vulnerability since A12, so iPhone Xs, iPhone XR, iPhone 11 series, and 3rd generation iPad Pro devices are not affected.
Jailbreak is a behavior that facilitates parallelism with risk. The security risks caused by it include being unable to update the Apple system and applying the latest security patches, so it is more vulnerable to attacks by hackers and malware, resulting in the theft of user privacy information or loss of funds.
In August 2015, the well-known vulnerability platform WooYun revealed a jailbreak plug-in that grabs red packets. This plug-in caused the leak of the Apple ID of 220,000 domestic jailbreak devices.
The Checkm8 vulnerability is even more dangerous. On the one hand, if a user loses their phone, criminals can use this loophole to bypass Apple's iCloud account lock and steal user information. When the loophole was released, it also caused a public sensation. Some media claimed that it would affect hundreds of millions of devices.
However, there is no news of the incident that passed the vulnerability, because in fact, even if the device is jailbreaked, the files on the device are still encrypted.
In addition, improper checkm8 jailbreak operation can easily damage the mobile phone system. Because the vulnerability is permanent, it cannot be patched. Fixing any rom vulnerability requires physical modification of the device chipset, and no company can fix it without a callback or a large number of replacements.
And you can't go to the warranty yet, the equipment after jailbreak is not related to all warranty policies.
For jailbreak users, the risk lies in the theft of funds and information, and for jailbreak geeks, there is also the risk of being sued by Apple.
Correllium and Apple Corps have been involved in multiple legal disputes. In August 2019, Apple filed a lawsuit against Corellium, claiming that the company illegally copied the operating system, iTunes, and other user interface technologies running on Apple devices without Apple's official authorization, a copyright violation.
In late December, Apple revised the lawsuit and stated that jailbreak violated the Digital Millennium Copyright Act (DMCA), and Corellium was actually promoting jailbreak.
Corellium also issued two statements in November and December, denying DMCA violations and claiming that Apple is demonizing jailbreak and stifling developer innovation. "We have communicated with Apple in the past two years, and they have never hinted that Corellium is infringing copyright." According to media reports, Corellium said that Apple has encouraged the continued development of related technologies. Corellium also participated in a security reward that was invited only to invitees. plan.
It is undeniable that in the more than ten years that jailbreak co-existed with Apple, iOS has grown faster to become a safe and easy-to-use system today.
Many features of iOS originally appeared as jailbreak tools, such as night mode, control center, and context menu.
In addition to ulterior motives, one of the goals of most geeks studying jailbreak is to make iOS better and more secure.
