今日推荐:Www.6090Sf.Com【六零九零搜服网】,6090sf.com是目前国内最好的网通传奇私服发布网,本站目前拥有各种网通线路的传奇私服开机预告信息.各种网通合击传奇私服、1.76、1.80、1.85、1.89、1.90、1.923、1.95、1.99、英雄合击、变态合击、轻变、微变、超变、复古、仿盛大、元素、无英雄、靓装等全部版本,6090SF拥有多站内嵌同步显示,上千关键词排名、价格低、效果好。找传奇私服?找变态传奇私服发布网?就上Www.6090sf.Com
最近发布的iPhone 4越狱方法可谓是新颖和简单,几乎不用太多复杂的步骤,用户仅仅需要使用iPhone内置的Safari浏览器访问http://www.jailbreakme.com,根据提示即可轻松越狱,享受自由的iPhone。可以说这真的是一个令人兴奋的消息,很多iPhone用户估计已经通过这种方法成功越狱,但是值得思考的是,仅仅是用Safari访问一个网页就实现了iPhone的越狱,这不得不引起大家的深入思考,iPhone的安全性到底如何呢?
以下是Comex的一段说明的翻译(当然部分保留了原文),其中讲述了实现越狱的原理,让我们了解一下吧。
有一点是肯定的,很多黑客和安全专家对最近发布的iPhone 4越狱软件的工作原理非常感兴趣。那么,我Comex是怎么做到的呢?还有,我想更多人好奇这个漏洞怎样才能不被一些心怀不轨的非iPhone越狱用户利用。我发布这个信息的目的是为了让苹果尽快的修复这个漏洞——不妨回忆一下,自从1.1.1时代的破解开始,黑客们就可以在越狱后自由的修补iPhone 的漏洞了——这个漏洞利用了Safari的.TIFF文件漏洞。
I’m sure many other hackers and tinkerers like me are wondering how the iPhone 4 Jailbreak (released yesterday) was accomplished. Furthermore, I feel that people are most interested in how this exploit could be maliciously used against NON-JAILBROKEN iPhone users. I’m spreading this information with the hopes that the exploit will be promptly patched — as you will recall, with one of the original iOS jailbreaks (version 1.1.1, I believe), the jailbreakers actually took the liberty of patching the jailbreak exploit after the jailbreak was performed. This jailbreak was also accomplished through Safari, and the way it handled .TIFF files.
现在,开始讲解:
Now, on to the dirty stuff…
Chpwn解释过Comex利用CFF字体溢出漏洞来越狱, 就是在一个FlateDecode数据流中的一个字体文件漏洞。关于FlateDecode,请英文好的同学看这里的解释www.2cto.com:
@chpwn has explained that @comex uses the CFF font stack overflow to jailbreak, which is essentially a font file placed in a FlateDecode stream.
如果你将jailbreakme.com复制到本地服务器上,就能够分析出这个网络软件和它的工作原理了。本质上,这个软件就是利用JS查看你的设备型号,然后对应载入相应的PDF文件,最后利用字体漏洞越狱。相应的文件可以在http://www.jailbreakme.com/_/下载到。
If you copy jailbreakme.com to a local server, you can dissect the small web-app and see how it works. Essentially, the site checks for your device’s user-agent, and loads the correct PDF file for the exploit from http://www.jailbreakme.com/_/ through the Javascript function new Image()
可以使用二进制编辑器来打开这些PDF文件,越狱利用的漏洞支持所有数据,包括本文,使用zlib压缩后插入一个PDF文档中,最终通过返回一个字体文件来引起堆栈过载。
One can then open the PDF files with a hex editor, and examine them more closely. The jailbreak uses a FlateDecode stream (which allows any data, including plain-text, to be compressed with zlib and inserted into a PDF) to load a font file which in turn causes a stack overflow:
用GhostView打开,可以轻易的查看实施越狱的代码。使用这个办法越狱过的用户仔细看,高亮的地方应该很熟悉。
If you decode the FlateDecode stream with GhostView, you can see the actual code used to perform the jailbreak. I’ve highlighted a line that should be familiar if you’ve visited jailbreakme.com on your iOS device recently.
赞助连接:国内最优秀的传奇私服发布网-每日为您提供最新开的电信传奇私服开区信息.找新开传奇私服?上Www.11811445.Com
赞助连接:变态传奇私服
