News: Pwn20wnd manages to install Cydia on A13 devices running iOS 13.3 with Azad’s recently released kernel exploit & a Quick Look at Dolphin’s December ’19/January ’20 progress report
Recently, the iOS jailbreaking scene has been on a roll first with the release of checkra1n for Linux and now, with extremely promising developments regarding an iOS 13.3 jailbreak for A12/A13 devices. Other than that, we’ll also be looking at the recently published Dolphin progress report for the last 2 months.
iOS Jailbreaking: Pwn20wnd manages to install Cydia on A13 devices running iOS 13.3 among other progress
On Friday, Brandon Azad of Project Zero released an exploit called oob_timestamp, which makes use of CVE-2020-3837 to execute arbitrary code with kernel privileges.
This exploit is compatible with every iOS device including the iPhone 11 (Pro) provided it’s running iOS 13.3 or lower although it needs some tuning before it can be run on a specific device/iOS version combination. As a result of its wide range of support, it has gained significant interest in the iOS jailbreaking community and pwn20wnd, who’s behind unc0ver together with other developers such as Sam Bingner, is currently hard at work creating a fully-fledged jailbreak for Apple A12/A13 devices running iOS 13.3 which aren’t supported by checkra1n.
As of right now, pwn20wnd has tweeted a series of tweets demonstrating recent progress and spreading important information which includes:
- The exploit needs to be adopted for every device/version so it’s very important to update to iOS 13.3 in order to jailbreak as soon as possible on your A12/A13 devices
- As of right now, iOS 13.3 is still being signed although this may not last for long since iOS 13.3.1 has been out for quite a while. Pwn20wnd states that support for other versions of iOS 13 (13.0-13.2.2 might take a long while)
- Thankfully, the kernel exploit is said to be very stable so there won’t be a replay of iOS 11.3.1’s VFS exploit which had a very low success rate
- Apple’s mitigations against his existing codesigning bypass have been bypassed on an iPhone 11 Pro Max on iOS 13.3
- Pwn20wnd states that this is the most significant part for an A12/A13 jailbreak
- Mounting the root filesystem as R/W and setting the boot-nonce on A13 is possible
- Cydia has been successfully installed on an Apple A13 device and work has now shifted to updating the Substitution Support package for tweak support.
- Offsets have been found for all arm64e iPhones (A12/A13) running iOS 13.3 and now, only offsets for arm64e iPads are left. Support for arm64 (A9-A11 in this case) is also being mentioned
It’s important to state that Apple A12-A13 (iPhone Xs/11 & newer iPads) devices are the priority so the initial release will probably only support these since older devices are already jailbroken with checkra1n. However, unc0ver for iOS 13.3 will eventually gain support for older SoC including the Apple A9-A11 thus providing a semi-untethered jailbreak as opposed to a semi-tethered jailbreak since it eliminates the need of a PC to run the jailbreak provided that unc0ver is signed.
Emulation: Quick Look At Dolphin’s December 2019/January 2020 Progress Report which brings ARM64 Windows support, improved Wii file system support and more
Moving onto Dolphin, which has an unofficial iOS port, the folks behind it are hard at work as usual and a progress report for the stuff that went on in December and January has been published.
This progress report, which is a fairly long yet entertaining read, mentions the following main points:
- Emulation of the GameCube/Wii memory management unit has been disabled by default since some titles generated more bloated code with it enabled and the performance difference was negligible
- Now, MMU emulation can be enabled/disabled from the Configuration window in the Advanced tab and it’s automatically enabled for games that need it
- This improves compatibility with titles such as Metal Gear Solid: The Twin Snakes & True Crime: New York City
- Furthermore, save states should now be cross compatible between x86-64 and ARM64 devices having official ports (Android and now Windows)
- Dolphin can now be built for ARM64 devices running Windows 10, such as the Lenovo Yoga C630
- At this point, no pre-built binaries are available so one must do the build process themself
- Support for Nunchuk Motion Passthrough has been added allowing for the addition of a second accelerometer allowing for a better experience in titles like Wii Sports
- Frame pacing has been improved especially in 30FPS titles
- Wii File System Functions have been made more accurate which makes Disney’s Bolt (a Wii game) work properly
- Using the PDEP and PEXT instructions is now avoided on AMD Zen CPUs as executing these instructions can take up to 289 cycles as opposed to just one on other CPUs since they’re implemented in microcode and not on the CPU itself.
You can read Dolphin’s December 2019/January 2020 progress report by following this link.
In the last few days, there have also been some homebrew releases for the PSVita, Switch and even the 3DS. These include an update to HBInjector (installs VitaShell as a system app) that bundles the latest version of VitaShell, 3DStris and an original homebrew game called Slink’s Adventure for the Switch.