UnjailME – Sandbox escape tool for iOS 11.2-.11.2.5 firmware

While jailbreakers are focused on iOS 11.1.2, some hackers are working quietly on iOS 11.2. Here’s a new sandbox escape IPA file released for iOS 11.2-11.2.2.

What is UnjailME? 

UnjailME is a proof of concept sandbox escape tool for iOS 10-11.2.5. It is developed by Sem Voigtländer, the lead security researcher of Coffeebreakerz.

This tool utilizes the Bluetooth vulnerability released yesterday by Rani Idan of Zimperium zLabs. Here are a few of its features –

  • FTP access (sandboxed)
  • Sandbox escape proof of concept
  • User interface

hacker

Surprisingly, Apple patched Idan’s vulnerability in iOS 11.2.5 firmware.

Despite Apple’s patch, unjailme still supports that version which speaks volumes about Sem’s hacking capabilities.

  • Warning – Do not try this tool if you are not a developer or power user. It will not harm your device but it’s useless for the average user in its present form.

Is it an iOS 11.2-11.2.5 jailbreak?

Since unjailme is based on Zimperium’s exploit, it can only escape the sandbox restrictions imposed by iOS.

Powerful features such as root access, remounting the filesystem, setting nonce, etc are unavailable as of yet.

liberios

Although it’s a not a full jailbreak, it can potentially become the next v0rtex injector. The upcoming versions of this tool will include the following features –

  • Unsandboxed FTP access (planned)
  • Remote SSH access with dropbear client (planned)
  • Springboard code injection
  • launchd daemon

Download UnjailME

Requirements

  • iPhone, iPad, or iPod touch
  • iOS 10-11.2.5 firmware
  • A computer running Windows, macOS, or Linux
  • Cydia Impactor
  • Internet connection
  • FTP client

How to use UnjailME on iOS 11.2-11.2.2

Install the IPA file

Step 1 Launch Cydia Impactor.

impactor

Step 2 Download the UnjailME IPA file using the link above.

Step 3 Sideload it on your device by dragging it onto Cydia Impactor’s window. Once it prompts you to enter your credentials, type in your Apple ID username and password.

Step 4 Wait for it to install the app on your device. Once the app is on your home screen, go to Settings > General > Profiles and Device Management and trust this app under your Apple ID.

Trigger the vulnerability

Step 5 Launch the proof of concept application from your home screen.

Step 6 Enable Bluetooth from the Control Center. This step is essential because this proof of concept relies on the “bluetoothd” daemon.

Step 7 Press escape sandbox to trigger the vulnerability. Wait and let it complete the exploitation.

unjailme

Step 8 Use the in-app FTP credentials and connect to WinSCP from your computer. Alternatively, you can start an FTP session on-device using App Store applications such as FTPManager and Documents by Readdle.

Step 9 You can remotely browse the files present in the UnjailME directory using FTP protocol.

Uninstallation

Step 10 Turn off Bluetooth from the Control Center.

Step 11 Delete the application.

Step 12 Restart your device.

The developer intends to release a more powerful version in the near future. He has already set the stage for a full-fledged iOS 11.2.5 jailbreak.

If you want to support him, you can donate to him via Paypal to support his security research.

For more jailbreak tools and downloads, follow us on Twitter and Facebook.

38 Comments

  1. tony March 6, 2018
    • iOS Expert March 7, 2018
      • aidan March 17, 2018
        • iOS Expert March 17, 2018
  2. Reza March 1, 2018
    • iOS Expert March 1, 2018
  3. luis antonio March 1, 2018
    • iOS Expert March 1, 2018
      • luis antonio March 1, 2018
        • iOS Expert March 1, 2018
  4. Khaled March 1, 2018
    • iOS Expert March 1, 2018
  5. Khaled March 1, 2018
  6. Kamal March 1, 2018
    • iOS Expert March 1, 2018
  7. Frank March 1, 2018
    • iOS Expert March 1, 2018
  8. Miro March 1, 2018
    • iOS Expert March 1, 2018
      • Reza March 1, 2018
        • iOS Expert March 1, 2018
  9. Isue March 1, 2018
  10. Aidan I’m so stuid February 28, 2018
    • iOS Expert February 28, 2018
      • Aidan February 28, 2018
        • iOS Expert February 28, 2018
          • Aidan March 1, 2018
      • Aidan March 1, 2018
        • iOS Expert March 1, 2018
          • Aidan March 1, 2018
          • iOS Expert March 1, 2018
          • Aidan March 1, 2018
          • iOS Expert March 1, 2018
          • Aidan March 1, 2018
          • iOS Expert March 1, 2018
    • Charles March 1, 2018
      • Aidan March 1, 2018
      • Aidan March 1, 2018

Leave a Reply

Share40
Tweet