Prolific hacker Luca Todesco has finally released a public version of the WebKit exploit aka web-based tool for re-activating the iOS 9.2-9.3.3 Pangu jailbreak. The new web-based JailbreakMe exploit reportedly resolves the certifications problems for those iOS users who are stuck on the last working jailbreak for iOS 9.
Todesco has updated the Pangu website to feature secure version of http aka "https" in order to prevent man-in-the-middle attacks. The hacker has also enabled the tool to use a modified version of Pangu's original code, besides implementing the offline caching of stored web pages through inbuilt HTML web app.
Among other noteworthy additions to the JailbreakMe tool, Todesco has enabled the Pangu's respring code to use a new version of Pangu 9.3.3 SDK, which comes with the unique privilege of saving on-device SHSH blobs and necessary data to downgrade devices. The SDK constitutes a tfp0 patch called "host-get-special-port" which allows a seamless process to downgrade any device with a working SHSH blob.
The JailbreakMe WebKit is apparently one part of the Trident or the three zero-day bugs which allowed arbitrary code execution when activated. However, the exploit was patched up in iOS 9.3.5 and hence Todesco's web-exploit works only till iOS 9.3.4.
- A 64-bit jailbroken device (iPhone 5s and later) which is running Pangu 9.2-9.3.3 tool
- An internet connection (required for first use)
How to reactivate Pangu 9.2-9.3.3 jailbreak with JailbreakMe exploit
- Make sure that your device has rebooted in non-jailbroken mode and it's not reactivated with the Pangu app.
- Launch Safari on your iOS device and navigate to the following URL: https://jbme.qwertyoruiop.com
Note:You need to use only the standalone Safari app as it will not work with in-app browsers. In-app browsing will only lead to blank screen and will not open the link.
- Hit the "go" button on the page and wait until the confirmation dialog pops-up on the screen saying, "doing it".
- Just follow the onscreen instructions to dismiss the pop-up dialog message and then press the screen-off/lock button on your device.
- The device may seem frozen while it resprings and you will not see any Apple logo or respring animation. However, it is advisable that you leave the device alone as this process works slower than the regular Pangu reactivation method.
- Wait until the device resprings and your device should be rejailbroken. You can now double-check to confirm if your installed jailbreak tweaks and apps are working fine.
- Now launch Safari again and open the tool's home page. Once you are on the page, hit the Share button at the bottom of the screen and choose "Add to Home Screen". Assign an appropriate name for it and then tap "Add" in the top-right. The page should now be seen as an icon on your Home screen, which will come in handy for offline use in the future.
Installing the patch
It is highly-advisable to patch up your JailbreakMe exploit from external threats or web attacks as the inherent vulnerability could be used against you while stealing confidential data from your device. Here's how you can install the patch on your Pangu 9.3.3 jailbreak:
- Open Cydia and go to the Sources tab
- Press the Edit button in the top-right and then tap Add in the top-left
- In the ensuing field, enter the following repo URL: https://jbme.qwertyoruiop.com/
- Hit the Add Source button to add Todesco's repo
- Wait until the source field populates and then find "jbmepatch" via Cydia's search tab.
- Select the package and press Install in the top-right. Finally, tap Confirm on the following page in the top-right corner to begin installing it.
- Wait until the installation is done and then hit "Restart Springboard" to respring and activate the patch.
- You can run the Todesco's tool again after the respring to confirm that the patch has not affected the tool in any way.