Stories with Tag iPad

• Tachy0n: The Last 0day Jailbreak

  permalink

  Posted: 2025-05-24 19:50:41

  Verbose tl;dr

  Tachy0n is a permanent, unpatchable jailbreak for all bootroms from checkm8-vulnerable devices (A5-A11 on iOS 14.x). Leveraging a hardware vulnerability, it modifies the Secure Enclave Processor (SEP) firmware, enabling persistent code execution even after updates or restores. This effectively removes Apple's ability to revoke the jailbreak through software updates. While powerful, Tachy0n is primarily a research project and a proof-of-concept, currently lacking the user-friendly tools of a typical jailbreak. It aims to lay the groundwork for future jailbreaks and serve as a secure platform for experimentation and research on Apple's security systems.

  Siguza's blog post, titled "Tachy0n: The Last 0day Jailbreak," details the culmination of a seven-year journey culminating in the development and release of a potent jailbreak exploit for iOS devices. The exploit, dubbed "checkm8," targets a vulnerability within the BootROM, a piece of read-only memory responsible for the earliest stages of the device's startup process. Due to its location in the BootROM, this vulnerability is immutable by software updates, making it exceptionally powerful and persistent across device iterations affected by the flaw. The blog post characterizes this vulnerability as a "game over" scenario for Apple, as patching it requires a physical hardware revision.

  The exploit itself leverages a weakness in the device's USB Device Firmware Update (DFU) mode, a low-level state used for restoring firmware. By carefully crafting a malicious data packet sent during this mode, Siguza managed to trigger a buffer overflow, effectively granting control over the secure boot chain. This vulnerability allows for the execution of arbitrary code on the device, effectively bypassing Apple's security mechanisms. The blog post provides intricate technical details about the exploitation process, including the specific vulnerability within the USB control transfer handling and the method utilized to gain code execution. It also touches upon the painstaking reverse engineering process involved in understanding the BootROM's inner workings.

  Siguza emphasizes the significance of this achievement, noting the rarity and difficulty of uncovering BootROM vulnerabilities. They also highlight the long and arduous process involved in developing the exploit, including the time spent understanding the complex interplay of hardware and software during the boot process. While acknowledging the potential misuse of such a powerful tool, Siguza expresses hope that its release will foster further research and contribute positively to the jailbreaking community, allowing for deeper exploration of the iOS operating system and unlocking functionalities restricted by Apple. The exploit is released under a somewhat restrictive license, limiting its use to specific devices and preventing direct commercial exploitation. This, according to the post, is a conscious decision aimed at minimizing the potential for malicious use while still providing researchers and enthusiasts with access to the exploit. The post concludes by suggesting that this exploit might represent the final userland 0day jailbreak due to the increasing complexity and security hardening of modern Apple devices.

  • Jailbreak
  • iOS
  • iOS jailbreaking
  • tachy0n
  • 0day
  • Exploit
  • Security
  • iPhone
  • iPad
  • Mobile Security
  • Vulnerability
  • hacking
  • siguza
  • checkra1n

  Summary of Comments ( 36 )
  https://news.ycombinator.com/item?id=44083388

  Verbose tl;dr

  Hacker News users discuss the Tachy0n jailbreak, expressing skepticism about its "last 0day" claim, noting that future iOS versions will likely patch the exploit. Some debate the practicality of the jailbreak given its limited scope to older devices and the availability of checkm8 for similar models. Others commend the technical achievement and the author's clear explanation of the exploit. Concerns about the potential for misuse of the exploit are also raised, alongside discussions about the ethics of disclosing such vulnerabilities. Several commenters point out the limitations of patching bootROM exploits, suggesting this won't be the truly "last" 0day. There's also interest in the potential for using the exploit for purposes other than jailbreaking, like device repair. Finally, a few users share personal anecdotes about jailbreaking and express nostalgia for the practice's heyday.

  The Hacker News post titled "Tachy0n: The Last 0day Jailbreak" generated a significant amount of discussion, with many commenters expressing a mix of nostalgia, technical curiosity, and concern.

  Several commenters reminisced about the "golden age" of jailbreaking, recalling the excitement and sense of community that surrounded it. They discussed the various tools and exploits used in the past, comparing them to Tachy0n and highlighting the evolution of jailbreaking techniques. Some expressed sadness that this might be one of the last opportunities for this kind of exploit due to increasing security measures implemented by Apple.

  A recurring theme in the comments was the technical discussion of the exploit itself. Commenters inquired about the specifics of the vulnerability, how it was discovered, and the implications for future iOS security. Some debated the ethics of jailbreaking and the potential security risks associated with it. There was also discussion around the difficulty of finding and utilizing such vulnerabilities in modern iOS versions.

  Some users expressed concern about the potential misuse of the exploit. They worried that the availability of such tools could lead to increased malware and security breaches. Others countered this argument, stating that jailbreaking primarily empowers users to customize their devices and bypass restrictions imposed by Apple.

  A few comments focused on the practical aspects of jailbreaking. Users asked questions about compatibility with different iOS versions and devices, the process of installing the jailbreak, and the availability of tweaks and modifications. Some shared their personal experiences with jailbreaking and offered advice to newcomers.

  Several commenters also discussed the cat-and-mouse game between Apple and the jailbreaking community, noting that Apple often patches vulnerabilities quickly after they are discovered. This led to discussions about the future of jailbreaking and the likelihood of similar exploits being found in the future.

  Finally, there was some discussion about the name "Tachy0n" itself, with users speculating about its meaning and significance in relation to the exploit.

  Overall, the comments on the Hacker News post reflect the complex and multifaceted nature of the jailbreaking community, highlighting the technical skills, ethical considerations, and nostalgic sentiment associated with this practice.

• Show HN: My iOS app to practice sight reading (10 years in the App Store)

  permalink

  Posted: 2025-03-23 21:25:08

  Verbose tl;dr

  "Notes" is an iOS app designed to help musicians improve their sight-reading skills. Available on the App Store for 10 years, the app presents users with randomly generated musical notation, covering a range of clefs, key signatures, and rhythms. Users can customize the difficulty level, focusing on specific areas for improvement. The app provides instant feedback on accuracy and tracks progress over time, helping musicians develop their ability to quickly and accurately interpret and play music.

  The Hacker News post titled "Show HN: My iOS app to practice sight reading (10 years in the App Store)" introduces an application specifically designed for musicians seeking to improve their sight-reading proficiency, a crucial skill for performing music accurately and fluently upon first encounter. The app, titled "Notes: Sight Reading Trainer" and available on the iOS App Store, represents a decade of development and refinement. It offers a comprehensive suite of tools and exercises tailored to various skill levels and musical preferences. The core functionality revolves around presenting the user with musical notation, which they must then interpret and, ideally, perform.

  The app boasts a wide range of customizable features, allowing users to tailor their practice sessions to their specific needs. This includes options for selecting the clef (bass, treble, alto, tenor), key signature, time signature, and note range, enabling focused practice on particular musical elements. Users can further refine their training by choosing specific rhythmic patterns or melodic intervals they wish to concentrate on, facilitating targeted improvement in areas of weakness. The app's flexibility extends to instrument choice, theoretically accommodating any instrument capable of producing the displayed pitches, although it's primarily geared towards melodic instruments.

  Beyond simply displaying notation, the app provides valuable feedback mechanisms. While the ideal usage would involve playing the notes on an instrument, the app incorporates a playback feature, allowing users to hear the correct rendition of the displayed passage. This auditory feedback serves as a valuable tool for self-assessment and reinforces the connection between visual notation and aural realization. Furthermore, the app tracks user progress over time, potentially motivating continued practice and providing a quantifiable measure of improvement in sight-reading ability. The post highlights the app's longevity in the App Store, suggesting a history of user engagement and ongoing development, implying a mature and well-tested application. Essentially, the app aims to be a versatile and effective digital tool for musicians of varying levels to hone their sight-reading skills conveniently on their iOS devices.

  • iOS
  • App
  • Music
  • Sight Reading
  • Music Theory
  • Education
  • training
  • App Store
  • Mobile App
  • Music Education
  • Ear Training
  • Music Practice
  • Software
  • iPhone
  • iPad

  Summary of Comments ( 116 )
  https://news.ycombinator.com/item?id=43456030

  Verbose tl;dr

  HN users discussed the app's longevity and the developer's persistence, praising the 10-year milestone. Some shared their personal sight-reading practice methods, including using apps like Functional Ear Trainer and various websites. A few users suggested potential improvements for the app, such as adding support for other instruments beyond piano and offering more customization options like adjustable clefs. Others questioned the efficacy of pure note-reading practice without rhythmic context. The overall sentiment was positive, acknowledging the app's niche and the developer's commitment.

  The Hacker News post about the "Notes: Sight Reading Trainer" iOS app, which has been on the App Store for 10 years, generated several interesting comments.

  Many users commended the developer for the app's longevity and consistent updates over a decade. They praised the commitment to maintaining and improving the app in a rapidly changing mobile landscape. Some long-time users chimed in, attesting to the app's usefulness in improving their sight-reading skills. They appreciated features like customizable key signatures, clefs, and rhythms, highlighting the app's adaptability to different skill levels and learning goals.

  A common theme in the comments was the difficulty of creating and maintaining a successful app, particularly for a niche market like music education. Users expressed respect for the developer's perseverance and dedication to this specific area.

  Several commenters discussed the importance of sight-reading for musicians and shared their personal experiences using various tools and techniques to practice. This led to a brief discussion about different approaches to sight-reading pedagogy.

  Some comments also focused on technical aspects. One commenter asked about the development tools used, specifically inquiring about using SwiftUI and UIKit together. The developer replied, explaining their approach of integrating SwiftUI incrementally into the existing UIKit codebase, offering a practical example of managing a legacy codebase in the evolving iOS development ecosystem.

  A few commenters shared their own preferred methods for sight-reading practice, suggesting alternative apps or resources. This wasn't a dominant part of the discussion but offered a glimpse into the broader landscape of sight-reading tools available.

  Overall, the comments section reflected a positive reception to the app and appreciation for the developer's long-term commitment. The discussion provided a mix of personal experiences, technical insights, and pedagogical considerations related to sight-reading practice.

• Reverse Engineering iOS 18 Inactivity Reboot

  permalink

  Posted: 2024-11-17 21:50:26

  Verbose tl;dr

  iOS 18 introduces a new feature that automatically reboots devices after a prolonged period of inactivity. Reverse engineering revealed this is managed by the SpringBoard process, which monitors user interaction and triggers a reboot after approximately 72 hours of inactivity. The reboot is signaled by setting a specific flag in a system property and is considered a "soft" reboot, likely to maintain device state where possible. This feature seems primarily targeted at corporate devices enrolled in Mobile Device Management (MDM) systems, as a way to clear temporary states and potentially address performance issues resulting from prolonged uptime without requiring manual intervention. The exact conditions for triggering the reboot, beyond inactivity time, are still being investigated.

  This blog post by Naehrdine explores an unexpected reboot phenomenon observed on an iPhone running iOS 18 and details the process of reverse engineering the operating system to pinpoint the root cause. The author begins by describing the seemingly random nature of the reboots, noting they occurred after periods of inactivity, specifically overnight while the phone was charging and seemingly unused. This led to initial suspicions of a hardware issue, but traditional troubleshooting steps, like resetting settings and even a complete device restore using iTunes, failed to resolve the problem.

  Faced with the persistence of the issue, the author embarked on a deeper investigation involving reverse engineering iOS 18. This involved utilizing tools and techniques to analyze the operating system's inner workings. The post explicitly mentions the use of Frida, a dynamic instrumentation toolkit, which allows for the injection of custom code into running processes, enabling real-time monitoring and manipulation. The author also highlights the use of a disassembler and debugger to examine the compiled code of the operating system and trace its execution flow.

  The investigation focused on system daemons, which are background processes responsible for essential system operations. Through meticulous analysis, the author identified a specific daemon, 'powerd', as the likely culprit. 'powerd' is responsible for managing the device's power state, including sleep and wake cycles. Further examination of 'powerd' revealed a previously unknown internal check within the daemon related to prolonged inactivity. This check, under certain conditions, was triggering an undocumented system reset.

  The blog post then meticulously details the specific function within 'powerd' that was causing the reboot, providing the function's name and a breakdown of its logic. The author's analysis revealed that the function appears to be designed to mitigate potential hardware or software issues arising from extended periods of inactivity by forcing a system restart. However, this function seemed to be malfunctioning, triggering the reboot even in the absence of any genuine problems.

  While the author stops short of providing a definitive solution or patch, the post concludes by expressing confidence that the identified function is indeed responsible for the unexplained reboots. The in-depth analysis presented provides valuable insights into the inner workings of iOS power management and offers a potential starting point for developing a fix, either through official Apple updates or community-driven workarounds. The author's work demonstrates the power of reverse engineering in uncovering hidden behaviors and troubleshooting complex software issues.

  • iOS
  • iOS 18
  • Reverse Engineering
  • Inactivity Reboot
  • Mobile
  • Operating System
  • Kernel
  • Debugging
  • Software
  • Apple
  • iPhone
  • iPad
  • Firmware
  • Root Cause Analysis
  • Troubleshooting
  • Inactivity
  • Reboot
  • Security
  • Exploit
  • Vulnerability
  • Mobile Operating System
  • Kernel Debugging
  • Firmware Analysis

  Summary of Comments ( 169 )
  https://news.ycombinator.com/item?id=42167633

  Verbose tl;dr

  Hacker News users discussed the potential reasons behind iOS 18's automatic reboot after extended inactivity, with some speculating it's related to memory management, specifically clearing caches or resetting background processes. Others suggested it could be a security measure to mitigate potential exploits or simply a bug. A few commenters expressed concern about the reboot happening without warning, potentially interrupting ongoing tasks or data syncing. Some highlighted the lack of official documentation on this behavior and the author's reverse engineering efforts to uncover the cause. The discussion also touched on similar behavior observed in other operating systems and the overall complexity of modern OS architectures.

  The Hacker News post titled "Reverse Engineering iOS 18 Inactivity Reboot" sparked a discussion with several insightful comments.

  One commenter questioned the necessity of the inactivity reboot, especially given its potential to interrupt important tasks like long-running computations or data transfers. They also expressed concern about the lack of user control over this feature.

  Another commenter pointed out the potential security implications of the reboot, particularly if a device is left unattended and unlocked in a sensitive environment. They suggested the need for an option to disable the automatic reboot for specific situations.

  A different commenter shared their personal experience with the inactivity reboot, describing the frustration of having their device restart unexpectedly during a long process. They emphasized the importance of giving users more control over such system behaviors.

  Several commenters discussed the technical aspects of the reverse engineering process, praising the author of the blog post for their detailed analysis. They also speculated about the potential reasons behind Apple's implementation of the inactivity reboot, such as memory management or security hardening.

  One commenter suggested that the reboot might be related to preventing potential exploits that rely on long-running processes, but acknowledged the inconvenience it causes for users.

  Another commenter highlighted the potential negative impact on accessibility for users who rely on assistive technologies, as the reboot could interrupt their workflow and require them to reconfigure their settings.

  Overall, the comments reflect a mix of curiosity about the technical details, concern about the potential drawbacks of the feature, and a desire for more user control over the behavior of their devices. The commenters generally appreciate the technical analysis of the blog post author while expressing a need for Apple to provide options or clarity around this feature.