Maximiliano Firtman's articles, notes and learning experiences for devs-firt.dev

Jailbreakme

Executing native code using the browser, how it works and the security problem behind

Maximiliano Firtman avatarby Maximiliano Firtman Twitter @firt About Newsletter

About 2 min reading time

#ios #retro

Today, August 1st, 2010, a new website (and trending topic) appeared that allow you to jailbreak your iPhone, iPod or iPad using iOS 3.1, 3.2 or 4.0: Jailbreak Me.

The main advantage of this new jailbreak method is that the process is done entirely from the browser, Safari on iOS. Therefore, it took my attention.

How can a website, with just HTML, CSS and JavaScript can execute a code that changes the operating system?

If you don’t know what jailbreak is: an operating system cracking method that allows the installation of not-allowed by Apple applications. Since July, 2010, jailbreaking is legal in United States but not authorized by Apple for the warranty (but you can always restore your original OS).

I analyzed the JavaScript source code from Jailbreakme to understand the process. It has an excellent solution to detect which iOS device is using different JavaScript techniques, including execution of SunSpider JS benchmark that I can talk about it in other post.

After detecting the device and OS version, the part doing the jailbreak is just a PDF file. A PDF file? Yes, the jailbreak is done using just a PDF inside an invisible iframe, so I believe that this website is using a PDF security vulnerability for all iOS versions. Here is the code:

var a = document.createElement("iframe");  
a.setAttribute("src", page);  
a.style.position = "absolute";  
a.style.opacity = "0.000001";  
a.style.width = "100px";  
a.style.height = "100px";  
a.style.zIndex = "-9999";  
document.body.appendChild(a);

The page object has the URL of any of these PDF files found on http://www.jailbreakme.com/_/

So, there is no magic behind this website, just a vulnerability on the PDF viewer. However, the website is very clever, and has a great implementation of JavaScript and CSS extensions on WebKit to deliver a great visual experience.

I don’t have more information about the PDF itself up to now, because this security problem can lead also to some potential problems for iOS. I mean, any website can now jailbreak your device without your consent! Or maybe install something else on the device. I’m pretty sure that Apple will update the OS to solve this vulnerability but, until now, we have time to test over this security hole over Safari on iOS.

You can access the FAQ of the website, or jailbreak your own iOS device pointing Safari to http://www.jailbreakme.com if you want to test it by your own responsability.

If you liked this article, you can support me by a PayPal donation, or buying me a coffee. You can subscribe to my newsletter to get updates (no spam).

Written by Maximiliano Firtman. He is a mobile + web developer, trainer, speaker, and writer. He has authored many books, including High Performance Mobile Web published by O’Reilly Media. He is a frequent speaker at conferences worldwide and he has been widely recognized for his work in the mobile-web community. He teaches mobile, HTML5, PWA and performance workshops for top companies around the world. He published several online courses on Mobile App Developmement, Progressive Web Apps and Web Performance at many online publishers, such as ked Learning/Lynda, Frontend Masters and O’Reilly Learning. Twitter: @firt

This article was first published in mobilexweb.com blog no longer mantained. Public comments were available at the time, and they were removed when re-published.

Half typewriter, half computer

© Maximiliano Firtman (@firt)

firt.dev contains a collection of writings, thoughts, notes and learning experiences for web and mobile app developers authored by Maximiliano Firtman.

Contact me: hi@firt.dev Personal Website Buy Me A Coffee