Page 2 of 2

Re: Habemus Libertam!

PostPosted: Thu Dec 21, 2017 8:17 pm
by Dimachete
Some users have tried forks. I for example tried coolstars fork. Do we have to prepare some how or get rid of any files installed by these forks?
Coolstars fork installed ssh. Should I remove?

A: There are so many forks by so many two bit GitHub cloners who do so blindly, I can't tell you which are good and which are bad. Generally, Ian Beer's exploit isn't reliable when run more than once (on rare occasions, twice), so you'll have to decide fork vs. mine. At any rate, I modify / only to "/jb" and not anywhere else in filesystem.

Re: Habemus Libertam!

PostPosted: Thu Dec 21, 2017 8:51 pm
by Dimachete
I already decided to use yours that’s why I want to get rid of anything that could conflict. I guess everything should be the same but the ssh client was dropbear.

Re: Habemus Libertam!

PostPosted: Fri Dec 22, 2017 7:52 am
by Wingzero
Have you tested debugserver already? I have been trying to make it work. Now with your help(jtool --sign platform), I can finally launch debugserver, but when it tries to listen to any port from outside IP, it will exit. If It just needs to listen to localhost:port, it will be fine. I'm not sure what's the issue. But since there is no arm64 LLDB, we still need debugserver to be able respond to mac LLDB.

Re: Habemus Libertam!

PostPosted: Fri Dec 22, 2017 9:12 am
by Roman
You are super, Morpheus! can't wait to get that 11.1.2 jailbroken!!

Re: Habemus Libertatem!

PostPosted: Mon Dec 25, 2017 4:50 am
by firecracker
I just ran LiberTV 1.1 on my ATV4, got the we're done here message, thank you!.

You're welcome

Are automatic updates now disabled without me having to manually SSH in to my ATV? Also are they disabled after reboot in a non-jailbroken state?

Yes. Check your AppleTV's /etc/hosts - you'll see 127.0.0.1 mesu.apple.com # added by Libertas.

So that's persistent.

Re: Habemus Libertatem!

PostPosted: Tue Dec 26, 2017 11:13 am
by septium
Does corerupt-style shellcode injection work in LiberIOS 1.0 for sandboxed apps?
What about lldb + re-entitled debugserver?

Re: Habemus Libertatem!

PostPosted: Tue Dec 26, 2017 12:18 pm
by morpheus
Yes on both.

Re: Habemus Libertatem!

PostPosted: Wed Dec 27, 2017 1:44 am
by something
Thanks for the jailbreak Mr. Levin. I successfully ran the app on one device and have a question regarding execve. If I attempt to build a custom binary (something similar to the core rupture tool, reads mmap from a process and dumps contents) I am unable to launch it since kernel kills the binary with
Code: Select all
Sandbox: hook..execve() killing <unsigned>[pid=955, uid=0]: only launchd is allowed to spawn untrusted binaries
. I assume execve call is executed by bash to launch the binary. Is it correct to assume an additional step is to be delivered by Cydia (or an additional functionality still to be released) to allow bypassing of such restriction? If I am wrong, could you please point me to the right direction?

Kind Regards.

please post in right forum and read FAQ