What changes in a jailbroken kernel? What changes in a jailbroken kernel? ios ios

What changes in a jailbroken kernel?


All the "modern" kernel patches are based on comex's patches.

the main things which are being patched are:

  • security.mac.proc_enforce
  • cs_enforcement_disable (kernel and AMFI)
  • PE_i_can_has_debugger
  • vm_map_enter
  • vm_map_protect

Oh, and there are sandbox patches too. If you wanna read more about all these patches I suggest you take a look at iOS Hacker's Handbook.

Edit:I just came up with a simple idea to check if the device is jailbroken, but I'm not sure if Apple allows the use of these functions:

  1. allocate some memory using mach_vm_allocate()

  2. change the protection of that page via mach_vm_protect() to VM_PROT_READ | VM_PROT_EXECUTE | VM_PROT_COPY

  3. Since the stock iOS doesn't allow VM_PROT_EXECUTE from inside your app this will fail, check the return value of mach_vm_protect(), when not jailbroken, but succeed if the device is jailbroken.


About a year ago, saurik wrote a comment on Hacker News with a list of the "'best practice' patches that jailbreaks install by default". I'd suggest reading that comment for all the details, but here is a preview of what he says (with lots of explanation that I snipped out):

  1. AFC2: allows you to access, over USB, all of / as root instead of just /var/mobile/Media as mobile.

  2. fstab / rw: makes / be mounted read-write.

  3. fstab /var suid dev: allows setuid executables and device nodes on the user data partition.

  4. codesign: allow code that has not been signed by anyone to execute.

  5. codehash: allow processes with "corrupt" pages of code to execute.

  6. rw->rx: supports changing a page of memory from writable to executable.

  7. rwx: allows memory to be marked for write and execute at the same time.

  8. sandbox: allow processes to access files that are outside of their sandbox based on Unix permissions rather than the normal sandbox rules.

  9. crazeles: a ludicrously complicated hack by planetbeing that neuters the FairPlay DRM checks that cause iBooks to refuse to operate correctly on jailbroken devices.