General Saurik's comments about Pangu and Taig

Discussion in 'Jailbreaks and iOS Hacks' started by dlmart2, Dec 1, 2014.

  1. dlmart2 macrumors 6502a

    Joined:
    Nov 2, 2007
    #1
    So, I believe the only comment I made on the "safety" of Pangu was to point out that 1) the team contacted me and was working with me (using an official bootstrap from me, and then to coordinate untether bug reports and upgrades), 2) was upfront about exactly who was involved (attaching their identities to the project) and 3) was being backed (indirectly) by a large company (Alibaba owns a company which owns 25PP); #2 and #3 meaning anything even semi-malicious in the application would be "really really dumb". To expand on #3 some: it seems pretty clear that Pangu is a separate entity publishing a binary that they believe in, with a critical air gap between the development of the tool and 25PP. I can see 25PP willing to "do stuff" that I seriously doubt Pangu would do in the Windows part.
    I did not for Pangu8 do any kind of analysis of the actual software bundle, something I was explicit about. I have also not done any analysis of the software from TaiG. This work is something normally done by people such as MuscleNerd (or comex, or iH8Sn0w), which is why you always see them making these statements about "I pulled apart the jailbreak and it looks good to me"; honestly, reverse engineering an even slightly-obfuscated Windows executable is not something I have any experience doing, and even pulling apart the untether portion of these projects is something I would feel a little uncomfortable making firm statements about: you should never wait for my analysis of these things as this is not my expertise.
    But, as I've stated before, I don't think "trust" comes down to these explicit checks: a real back door would not be something obvious, but would be a subtle bug left in the software that the original developers knew how to exploit. I thereby turn to high-level thoughts, as I think that's the only way to model something as squishy as "trust". I can point out that they are not using an official Cydia installation bootstrap, and the one they are using is slightly broken (for example, it claims to have system-cmds installed, even though the package is missing /sbin/reboot). It also is not at all clear who worked on the jailbreak (though some people have posted their suspicions related to the secret author of the untether), making it impossible to use a strong public identity with a known history record as a way to build trust.
    As for TaiG itself, all we really know is that it is by some of the same people as Kuaiyong, which itself is owned by Qihoo 360 (whose public perception in China versus that of Alibaba is then relevant); but, the ownership of TaiG itself is unclear: while the team seems to be affiliated with Qihoo 360, this organization might be an entirely separate company (FWIW, they seemed to claim to be a new entity last year, but I might easily not have had all of the information). It should be noted that these are the same people who lied to evad3rs on iOS 7, claiming their application would be free of piracy (something evad3rs cared about in a way that Pangu does not), and then bundling an app in evad3r's jailbreak that suddenly at launch was filled with pirated applications, forcing evad3rs to pull their remote disable. The app itself also seems to be directly controlled by TaiG, which is more awkward.
    Of course, in all likelihood, everything is fine. Even though the identities behind TaiG are unclear, it is itself still an entity trying to build a brand, and has hopefully learned something from their previous miscalculations (which is likely why Cydia is included by default in this jailbreak: to help build back some community trust). MuscleNerd also hopefully knows what he is doing. I used the tool myself a few times this weekend, and other than "bootstrap is modified" (the extent to which I have yet to check) and "doesn't include a package identifier for the untether" (meaning upgrading it will be confusing), I only got one failure that required me to restore (which at this stage in the firmware life cycle, and for a 1.0.1, is not to be unexpected). There are enough people using it to hopefully catch "phoning home" issues.
    So, if you are really wanting to know "saurik's opinion", here it is: I am not the person who can answer the question of whether to trust this tool or not, and you might be better off asking people like MuscleNerd, who has apparently decided to sign off on it not doing anything malicious. That said, my squishier trust analysis leaves me a little wary: I'd love for TaiG to be more upfront about who did this work, to use official Cydia bootstraps, and to coordinate more with respect to bug reports. This reasoning is not, I realize, entirely "practical", and I am known to sometimes make software judgements on painful moral grounds (such as the few years post-Cycorder where I refused to use ffmpeg, and seriously carried a DVD player around to peoples' houses to avoid using software those developers had written; I also am somewhat "crippled" as I do not allow myself to use IDA, etc.).
    As for the "wifi issue", I am still under the impression from Mario Ciabarra, of Intelliborn, whose epic technical analysis I have no reason to doubt, an analysis which also "held up" against a few other people scrutinizing the behavior, that 8.1.1 does not fix that issue. I have not yet decided whether I will be sticking with 8.1 on the device I finally use as my actual phone or upgrading to 8.1.1. If I decide not to upgrade to 8.1.1, it is quite possible it is for reasons that are obscure or that other people should ignore, even if in the end they are related to feeling slightly better about having a binary from Pangu on my device rather than a binary from TaiG. (Also, it is highly possible that you will see a technical breakdown of this bug from me, as I might require that of myself before letting myself rely on the software.)
    Certainly, though: my "keeping quiet" on this matter is not "strange": as I said, I did not make any solid comments about Pangu. Also, this software was released the day after Thanksgiving (which was also the day after my birthday) while I have been out of town (which seriously caused me to be going to a random Apple Store in San Diego Saturday afternoon buying an iPod touch I could use to test the software, which I then had to do using a Windows emulator; oh: if you find TaiG being stuck at 30% or 40% while running in an emulator, it seems to be using a race condition as its core trick to install software on the device, and the emulator running slower can screw it up: if you seriously just let it sit there, maybe even for 20-30 minutes, it might "click"; note that it has to "click" twice, at 30% and 40%).
     
  2. dlmart2 thread starter macrumors 6502a

    Joined:
    Nov 2, 2007
    #3
    Summary of context: People are afraid of the big bad Chinese Taig. They were once afraid of the big bad Chinese Pangu. Pangu is now safe because other JB groups said so. People demanded that some trusted JB'ers validate Taig. MuscleNerd (trusted JB'er) said it was good to go. People didn't accept it and wanted Saurik to say it was safe.. hence his reply.
     
  3. bushido Suspended

    bushido

    Joined:
    Mar 26, 2008
    Location:
    Germany
    #4
    In other words the jailbreak community has gotten lazy and tired of working on it so Chinese people had to take over to get things done
     
  4. Syndicate0017 macrumors 6502

    Joined:
    May 3, 2013
    #5

    Hmmm...we must have read different things. I see no correlation between your statement and Saurik's quoted statement above.
     
  5. dlmart2 thread starter macrumors 6502a

    Joined:
    Nov 2, 2007
    #6
    lol right. I'm wondering what was he reading. [confused]
     
  6. rick snagwell macrumors 68040

    rick snagwell

    Joined:
    Feb 12, 2011
    Location:
    oceanside, ca
    #7
    i do.

    jailbreaking used to be free. now company are outsourcing it to get paid for doing it. was way better when we had our own finding the holes and making the tool. i miss geohot/comex/pod2g.
     
  7. Syndicate0017 macrumors 6502

    Joined:
    May 3, 2013
    #8
    Saurik's comments about Pangu and Taig


    Jailbreaking is still free (at least for now). It's something people want so a market has developed for it. At any rate, the quote from Saurik I read above did nothing to substantiate those statements being referred to as "in other words." His statement was regarding whether or not people should trust this Jailbreak. His response to those wanting this information? I guess. Nothing glaringly obvious wrong with it. Some JB devs have signed off on it and I'm not going to waste my time reverse engineering an executable.
     
  8. dlmart2 thread starter macrumors 6502a

    Joined:
    Nov 2, 2007
    #9
    It is free (to the end user). But look at it this way.. if not for the money being paid to hackers on the back end, we may have never seen a jailbreak for iOS7 and iOS8.
     
  9. bushido Suspended

    bushido

    Joined:
    Mar 26, 2008
    Location:
    Germany
    #10
    I actually didn't even read it. Too much text without breaks
     
  10. Syndicate0017 macrumors 6502

    Joined:
    May 3, 2013
    #11

    LOL. Well that settles that. All good, friend. :) Being facetious is often overlooked on the Internet.
     
  11. Skizzy macrumors regular

    Skizzy

    Joined:
    Feb 4, 2013
    #12

    Bingo.
     
  12. pdaholic macrumors 6502a

    pdaholic

    Joined:
    Jun 22, 2011
    #13
    There's so much drama around these jailbreaks that I don't know who to believe (stealing exploits from training sessions!?!). I'm just happy the Chinese folks are doing so well; I figured I would be waiting a long time to jailbreak my new iPhone 6+ given prior jailbreak releases for new hardware, but in less than a month of ownership, there are two jailbreaks available. Amazing.
     
  13. thadoggfather macrumors 604

    thadoggfather

    Joined:
    Oct 1, 2007
    #14
    thought the same with my 6. jumped ship to 6+ as soon as they came in stock post-pangu.

    It's only going to get better.

    I like saurik's confession his own obscure reasons for maybe staying 8.1, preferring pangu binary to taig binary at least he's honest

    It is true he didn't reverse engineer pangu either, but still, I think we all like hearing Saurik's point of view
     
  14. dlmart2 thread starter macrumors 6502a

    Joined:
    Nov 2, 2007
    #15
    Sauria did not say he was staying on 8.1, he is undecided.

     

Share This Page