>work for apple
>bake buffer overflows into code
>66666666FFFFFFFFFFF88888888
>200k USD deposited into your account
>As for Apple, it announced yesterday that it was starting a new bug bounty program which could net hackers up to $200,000. The idea for the program, similar to those run by Google, is that hackers will find new security holes in Appleās platforms and then share them with Apple
>http://www.redmondpie.com/ios-9.3.4-jailbreak-on-iphone-6s-teased-by-a-developer/
wew
>>55941374
Speaking of buffer overflows I found a few in the main stack of iOS device SecureROMs. They seem to be pretty common. I wrote my own USB fuzzer and I've been going at it for a while now on everything from an iPhone 4s to a 6. Everything I've found in 32-bit devices looks to be easily exploitable and I plan on developing something similar to the SHA segment overflow exploit for A4 (SHAtter). 64-bit devices have some other weird shit going on with image validation, specifically the LLB image. I've had problems dumping the SecureROM from userland on 64-bit because of KPP and Secure Element. I've dumped the 5s SecureROM from iBoot but the 6 is giving me trouble even though I have an iBoot exploit for it. Haven't had enough money to play with newer hardware.
Oh well, I'm rambling. So how much are those fruity bastards paying for bootloader exploits (hard and soft)?
One other thing, anyone think it would be worth it to attack the heap of the SecureROMs or would I be wasting my time? I can already write over the DATA section on 32-bit. Even though I can I don't see an advantage to looking for heap vulnerabilities at this point. Anyone else experienced in iOS hacking wanna comment?
>>55943074
My only comment is, if Apples top offer is 200k, they are giving you the middle finger. Because. if you were to doa kickstarter to release a 9.x jailbreak, it would raise you -over- 200k, then you deliver the jailbreak genuinely. cydia friendly blah blah. and shift to Bahamas
>>55943815
then you submit a security patch for it under a pseudonym ;^)
call me when an iphone later than a 4 can POSSIBLY run Openiboot.
>>55941374
You're a fucking moron, OP.
>>55943848
This. No reason not to double dip.
>>55943815
The only problem with this would be that I'm wasting months of work on some tethered bullshit. If I ever release my exploits I'll be sure to package them in a useful GUI tool to take full advantage of their power. I'd never half ass it because iOS hacking is my one true love. The iBoot is the second stage bootloader while the SecureROM is the first. Exploits for either one will allow you to do essentially the same things. A SecureROM exploit is obviously the best because Apple can't patch it without an extremely complex hardware revision. Costs them assloads of money in R&D too. An iBoot exploit however can be patched in a single OTA update. iBoot exploits are now required to view the contents of the SecureROM since dumping from userland isn't really an option with KPP. This makes them extremely valuable for future research and iOS hardware exploitation.
>>55943878
I've been flashing custom Kernels on my 4s and 5 for a while now using my iBoot exploit. OpeniBoot was shit. I'd be more interested in downgrades to jailbreakable iOS versions or something like Whited00r. Unlike OpeniShit the Whited00r project provided useful features.
>>55943848
>>55943921
>thinks Apple would allow some basement dweller like me to tell them how to their jobs
U fokin wot m8?
>>55943815
could you do that without apple suing your ass and kickstarter or kickstarter shutting it down?