async_wake – Proof-of-Concept iOS 11.1.2 Kernel Exploit

ELooks like some solid progress is being made towards an iOS 11.1.2 jailbreak. Today, a new proof-of-concept was released specifically for iOS 11.1.2 firmware.

What is async_wake?

async_wake is an adaptation of Abraham Masri’s “get uid: 0” project. It is developed by Benji, who is a newcomer on the jailbreak scene.

It’s just a PoC at this point and should not be mistaken for a full-fledged jailbreak, should you so believe.

jailbreak

It utilizes the following bugs and chains everything together to get root access.

  • CVE-2017-13865
  • CVE-2017-13861
  • CVE-2016-7612
  • CVE-2016-7633

You can’t modify root with this project alone as a we still require a working KPP bypass. However, you can edit /var without getting a kernel panic.

This will allow you to run some basic tweaks and customize your device’s resolution thanks to temporary root access. Apart from that, there’s not much else it can do.

Compatibility

All 64-bit devices including the iPhone X are supported at the moment.

Earlier, only a handful of models were compatible due to missing offsets. The developer promptly fixed this issue by swithcing over to an “offsetless” approach.

iPhone 

  • iPhone 5s
  • iPhone 6/6+
  • iPhone 6s/6s+
  • iPhone SE
  • iPhone 7/7+
  • iPhone 8/8+
  • iPhone X

iPad

  • iPad Air
  • iPad Air 2
  • iPad Pro
  • iPad mini 2
  • iPad mini 3
  • iPad mini 4

iPod touch

  • iPod touch 6

Firmware

Firmware support is for iOS 11.1.2 only. However, this doesn’t mean iOS 11.1.1 and older iOS 11 versions are incompatible.

The reason behind this is that this PoC only contains exploits for iOS 11.1.2 right now.

Download async_wake

How to use async_wake on iOS 11.1.2

Sideload IPA

A developer has converted the XCode project into an IPA file. You can download this IPA file using the link given above.

The installation procedure is standard – grab the IPA and sideload it with Cydia Impactor.

Step 1 Open Cydia Impactor.

Step 2 Drag the async.ipa to Impactor.

Step 3 Enter your Apple ID details.

Step 4 Once the installation process is complete, run the exploit from your home screen.

async wake

Step 5 The exploit will successfully get root access (tfp0 patch) on your device once you get a white screen.

If you don’t like the sideloading method, you can try the XCode method.

XCode Project

Since it’s a proof-of-concept, you will need to make prior preparations and compile it manually. Here’s how you can compile and run it as an XCode project.

  • Call get_root() method
  • Store the uid (user ID)
  • Call setuid(old_uid)

You will now get root access without running a jailbreak!

Is it worth installing?

It is meant only for power users and developers. If you don’t understand what I am talking about above, please don’t try anything until I give you the all clear.

async_wake still requires a lot of work to achieve a jailbreak but it looks like things are moving in the right direction.

With that being said, the developer is looking into a way to turn it into a semi-jailbreak like Houdini.

Jailbreak update

If you do end up trying it, don’t forget to post a screenshot of tweaks running on your iPhone X. Good luck!

For more iOS 11 jailbreak news and updates, follow and like us on Twitter.

5 Comments

  1. Lauryn August 31, 2018
  2. bigrich December 23, 2017
    • iOS Expert December 23, 2017
  3. oto December 16, 2017
    • iOS Expert December 16, 2017

Leave a Reply