Poll: coordinated investigation effort

nixkalo · 01-14-2016, 02:53 PM

Hi,
Besides my K4NT, now I have a PW3 with 5.6.5. While waiting for BranchDelay to release his JailBreak, I couldn't find a place where efforts are coordinated in order to find new JB vectors, internal useful commands, ...

So I thought about a new thread for that, but also found potential reasons not to do it like:

Making public new JB exploitable vectors can help lab126 close them so we cannot resort to them in future versions
The idea is good, but a thread is not the right tool, better use the wiki

So I'm asking your opinion about the idea.

This is an example of the kind of info we could consolidate:
Everyone says that 5.6.5 and 5.6.1.1 are "equally jailbreakable", but the gpl sources from amazon show some differences.
gtk/gdk-pixbuf/io-png.c was modified with changes from

Code:

longjmp (png_save_ptr->jmpbuf, 1);

to

Code:

longjmp (png_jmpbuf(png_save_ptr), 1);

A search shows that such changes were in order to "make the png loader compatible with libpng 1.5"
Could this be used to jailbreak via a carefully crafted PNG file ?. Most probably not; but I'd advise anyone that still has 5.6.1.1 NOT
to upgrade to 5.6.5 until a JB is made public.

Branch Delay · 01-14-2016, 04:57 PM

http://cgit.freedesktop.org/fontconf...b01cd7d5121507 may exist on 5.6.1.1. The code was removed in the version on 5.6.5. It may have been stealth fixed from 5.6.1.1 to 5.6.5 and may still be present. I didn't bother looking due to 5.6.5 not being vulnerable.

Would be trivial to exploit if present. Left as an exercise to the reader.

View Poll Results: Should we have a thread to coordinate investigation efforts?
Yes, please!	3	50.00%
Good idea, but a thread is not the right tool	1	16.67%
Better not, some things are better handled privately	2	33.33%
Voters: 6. You may not vote on this poll

01-14-2016, 02:53 PM	#1
nixkalo Member Posts: 21 Karma: 10052 Join Date: Aug 2009 Device: hanlin V3, K4NT, PW3	Poll: coordinated investigation effort Hi, Besides my K4NT, now I have a PW3 with 5.6.5. While waiting for BranchDelay to release his JailBreak, I couldn't find a place where efforts are coordinated in order to find new JB vectors, internal useful commands, ... So I thought about a new thread for that, but also found potential reasons not to do it like: Making public new JB exploitable vectors can help lab126 close them so we cannot resort to them in future versions The idea is good, but a thread is not the right tool, better use the wiki So I'm asking your opinion about the idea. This is an example of the kind of info we could consolidate: Everyone says that 5.6.5 and 5.6.1.1 are "equally jailbreakable", but the gpl sources from amazon show some differences. gtk/gdk-pixbuf/io-png.c was modified with changes from Code: longjmp (png_save_ptr->jmpbuf, 1); to Code: longjmp (png_jmpbuf(png_save_ptr), 1); A search shows that such changes were in order to "make the png loader compatible with libpng 1.5" Could this be used to jailbreak via a carefully crafted PNG file ?. Most probably not; but I'd advise anyone that still has 5.6.1.1 NOT to upgrade to 5.6.5 until a JB is made public. Last edited by nixkalo; 01-14-2016 at 03:16 PM. Reason: Verified the info about io-pnc.c

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Anyone want to trade effort?	rogue_ronin	Workshop	1	10-26-2009 11:07 AM
iLiad Effort for DJVULibre and more?	bobj	iRex Developer's Corner	2	06-26-2008 03:26 PM

01-14-2016, 04:57 PM	#2
Branch Delay Connoisseur Posts: 95 Karma: 1699999 Join Date: Aug 2015 Device: Voyage	http://cgit.freedesktop.org/fontconf...b01cd7d5121507 may exist on 5.6.1.1. The code was removed in the version on 5.6.5. It may have been stealth fixed from 5.6.1.1 to 5.6.5 and may still be present. I didn't bother looking due to 5.6.5 not being vulnerable. Would be trivial to exploit if present. Left as an exercise to the reader.

Advert