Quote:
Originally Posted by yifanlu
AFAIK, the tar bug is the last exploit we have. We have many payloads for this exploit, but nothing else.
|
You are kidding, right? Or trolling? I choose to take your bait once again:
The tar bug that
ixtab uses is dependent on the busybox file installed on the main partition. As we discussed on the IRC channel, mine does not depend on that file, and may survive repairing the busybox file that
ixtab's exploit depends on. Must we expose all the details now, after you mildly chastised
ixtab for releasing his details while the MP3 exploit still worked? I see no point in arguing over definitions here, to the point of guaranteeing that amazon is sure to patch both
ixtab's and my methods.
There was a discussion about releasing my method as a universal jailbreak that works on both the Touch and the K4NT, unlike the current Touch-only version. But that would reduce its probability to remain viable after
ixtab's method goes away (especially since you claim to not know any other exploits).
And besides, even if my exploit gets burned along with
ixtab's, we will still have unlocked fastboot mode (as documented by
rastik), and how can you NOT call that an exploit when it allows us to install whatever we choose on our kindles?
And even if all of the above methods stop working, there is another way that has been tested and documented. You just need to know where to look.
Plus, if your "stack smash" still works, I can (probably) use it with my (untested) shellcode that defeats ASLR. This line of research was put on hold when you announced your MP3 exploit. Of course, that would require mutual cooperation. What are the chances of that?