QuickPwn vs ZiPhone

Posted on Friday August 29th, 2008 / 19:38

Ένα απο τα μέλη της Dev Team, με το username ‘planetbeing,’ δημοσίευσε στο προσωπικό του blog του ένα πολύ ενδιαφέρον άρθρο, σχετικά με τις ομοιότητες και διαφορές των μεθόδων QuickPwn και ZiPhone, το οποίο και πραγματικά αξίζει να διαβάσετε:


Jailbreak – Both utilities jailbreak – Payload medium

Primary jailbreak payload is placed into iPhone memory for both jailbreaks



ZiPhone uses, as the root filesystem device, a pseudo-device that provides a window to an arbitrary section of memory. This memory is not allocated or otherwise reserved by the operating system and hence will be used by other random processes in other random ways and will become more and more corrupted with every CPU clock cycle. The only safe way to use this is to mlock all memory used by the jailbreak binary as soon as possible, and then use data previously uploaded to flash. Anything else will cause either the jailbreak binary to crash at random moments or cause random data to be written to flash. I am not sure why Zibri elected not to implement ZiPhone in a safer fashion.

QuickPwn uses the same mechanism that Apple uses to send its update ramdisk. This memory is both allocated and reserved. It will not crash at random moments, or give you repeating BSD root errors. This is the way the XNU kernel is designed to use ramdisks.


ZiPhone hinges on a BUG in iBoot that was quickly fixed by Apple.

QuickPwn uses an iBoot FEATURE that Apple cannot remove without rewriting their own software and undergoing lengthy QA. Even if Apple did change the architecture, it would be straight-forward to simply mimic what they do and adapt to it. The reason QuickPwn can do this is because it relies on a hardware exploit to bootstrap into this phase. Apple cannot fix this problem without changing the manufactured hardware.


ZiPhone modifies an existing Apple ramdisk and ships it as a complete set.

QuickPwn contains all-original code and features a very tiny bootstrapper that allows it to use libraries and code that’s already on the iPhone.

Not only does ZiPhone’s distribution of Apple’s binaries violate copyright laws, it also takes up a large portion of room on the ramdisk that could be used for the payload. Keeping its existing algorithm, ZiPhone would never have been able to install Cydia, for example.

The maximum feasible ramdisk size is 32 MB; Cydia takes 13 and Apple’s library take up a significant amount. With some work, Zibri could possibly make it just under the 32 MB limit, but with the large number of files in Cydia, and the large size of the corruptible area of memory, corruption would be inevitable.

Συζήτηση στο forum: QuickPwn vs ZiPhone 

[Via linuxoniphone]

About Vasilis Ananiadis

Ο ζωντανός θρύλος της Ελληνικής blogόσφαιρας, ο αβυσσαλέος master του SEO, o πρίγκηπας των Social Media, ο τυφώνας των Web Startups, ο οργασμός της ιντερνετικής επιτυχίας. Τώρα και στο twitter: @vananiadis

Tags: , ,

Comments are closed.