iOS hacker Umang Raghuvanshi just released a root filesystem remount for iOS 11.2.6 and above. Here’s what this means for the jailbreak community.
Table of Contents
Apple’s stringent filesystem mitigations now have a bypass
Umang Raghuvanshi, a member of the AppTapp Dev Team, has finally released a rootfs remount for iOS 11.
Unlike existing methods, this bypass is persistent or, in simpler terms, untethered. It retains all changes a jailbreak tool makes to the root filesystem on an Apple device.
Essentially, it deletes the stock iOS snapshot and then renames the modified snapshot exactly like the stock snapshot to ensure persistence throughout reboots.
Here’s what the Indian hacker posted on his Twitter account.
My write-up on remounting the rootfs on iOS 11.2.6+: https://t.co/CDQKEu5gsV
Also contains a PoC by @Pwn20wnd.
— Umang Raghuvanshi (@umanghere) June 14, 2018
For the uninitiated, iOS 11.3 and above versions roll back all changes performed in the filesystem. All firmware versions beginning with iOS 11.3 have this mitigation in place.
This bypass prevents that from happening. Had this bypass been tethered or impersistent, all tweak changes would have “evaporated” after a reboot.
The older method relied on maintaining two snapshots of the filesystem whereas the latest one need only maintain one snapshot.
Tweak developer Pwn20wnd also implemented a proof-of-concept exploit based on this bypass. Umang tested it and confirmed that it works successfully on the target firmware versions.
As far as compatibility goes, the remount works on all versions above iOS 11.2.6. It may also support iOS 11.4 and 11.4.1 but these versions lack an exploit.
Here’s the full list of compatible versions –
- iOS 11.2.6
- iOS 11.3
- iOS 11.3.1
Moreover, users who own 16GB devices will no longer need to free up disk space on your devices thanks to the modest requirements of this bypass.
According to Coolstar, a root filesystem remount is the only missing component of the upcoming iOS 11.3.1 jailbreak.
Other jailbreak developers, too, like Jonathan Levin and George, will be able to utilize this remount for LiberiOS and Osiris.
Umang also has a few things in store for iOS 12, which, of course, he will release somewhere down the line.
Hopefully, a fully functional jailbreak based on this filesystem remount will be released within a few weeks.
But until that happens, you should prepare your iPhone or iPad for the upcoming iOS 11.3.1 jailbreak.
For more jailbreak news and updates, follow us on Facebook and Twitter.
hello, you do not have any advice to give me that houdini walk, because it is restarted,
No, you just need to keep trying again and again. Try leaving your phone idle for 10 minutes.
The question is, will JB work on OTA 11.3.1?
Thank you, Sir.