Apple TV What Makes Apple TV3 UnJailbreakable?

1984world

macrumors 6502
Original poster
Aug 26, 2008
456
11
Just curious as to why they can jailbreak every other device, but not this one? Does it have a different file system, something specific in the hardware, etc.?

Just seems it's been out awhile, and these guys seem to be able to turn a box of milk into a camero with their computer skills, yet can't seem to get this one done.

Any ideas?
 

cyber16

macrumors 6502
Jan 12, 2013
488
26
It's a combination of the newer CPU & much less of a filesystem surface to work with in finding an exploit. The ATV2 can rely on a hardware exploit whereas the ATV3 does not have the same
 

1984world

macrumors 6502
Original poster
Aug 26, 2008
456
11
They haven't found exploits to allow the jailbreak.
I understand that part, but why (how?) can they find exploits for both newer and older devices than the Apple Tv3 but not specifically it?

Meaning, I get what the next poster said about the hardware exploits, but what makes it so hard to find the software ones when they seem to find these exploits everywhere else?
 

1984world

macrumors 6502
Original poster
Aug 26, 2008
456
11
I guess you are just not comprehending my question. No worries.
 

dhlizard

macrumors G4
Mar 16, 2009
10,213
118
The Jailbreak Community
I guess you are just not comprehending my question. No worries.
I understand your plea.

But that does not change the fact that the exploits just are not present.

Since you seem to represent that the best hackers have failed in some way, I challenge you to figure out a method to inject a jailbreak into the modified A5 chip.
 

SnowLeopard2008

macrumors 604
Jul 4, 2008
6,772
8
Silicon Valley
The reason that jailbreaks exist for devices newer than Apple TV 3 is because more people own/use those newer devices. Apple doesn't sell as many Apple TV 3s as iPhone 5s, iPad 4s, iPad minis, iPod 5th, etc.
 

TC25

macrumors 68020
Mar 28, 2011
2,201
0
I guess you are just not comprehending my question.
It is impossible to comprehend the incomprehensible.

----------

The reason that jailbreaks exist for devices newer than Apple TV 3 is because more people own/use those newer devices. Apple doesn't sell as many Apple TV 3s as iPhone 5s, iPad 4s, iPad minis, iPod 5th, etc.
The presence or absence of exploits in a device is not a function of sales.
 

1984world

macrumors 6502
Original poster
Aug 26, 2008
456
11
I understand your plea.

But that does not change the fact that the exploits just are not present.

Since you seem to represent that the best hackers have failed in some way, I challenge you to figure out a method to inject a jailbreak into the modified A5 chip.
I have no idea how to create an actual jailbreak. My comments were not made as a challenge or whatever. I was curious as to the actual reasons (not just "its been discussed" or "it has different firmware") why it was so difficult to jailbreak. When people seem to be able to mod nintendo, sony, apple products, etc. and the jailbreakers continuously jailbreak new devices, new chips, new firmware, I was just curious as to what made the ATV3 so special that nobody seemed to be able to break it. ie. ATV 1 and 2 were done, iphones have all been done, but this one device seems so elusive. I would think it would be a goldmine for someone to jailbreak.
 

BumpyFlatline

macrumors 68030
Apr 11, 2012
2,666
0
I have no idea how to create an actual jailbreak. My comments were not made as a challenge or whatever. I was curious as to the actual reasons (not just "its been discussed" or "it has different firmware") why it was so difficult to jailbreak. When people seem to be able to mod nintendo, sony, apple products, etc. and the jailbreakers continuously jailbreak new devices, new chips, new firmware, I was just curious as to what made the ATV3 so special that nobody seemed to be able to break it. ie. ATV 1 and 2 were done, iphones have all been done, but this one device seems so elusive. I would think it would be a goldmine for someone to jailbreak.
In lay men's terms, the iOS isn't as "robust" or as "big" as the iOS on all the other devices. The hacks used for a jailbreak don't work on the atv3 because the areas were these hacks "attack" simply don't exist on the atv3. The hackers referred to the atv3 as "not having as large of an attack surface".

This is what dhlizard means when he says the hacks "simply don't exist". He's absolutely right. The hacks used for evasion and absinthe can't be used on the atv3 because the areas of the iOS where these hacks occur "simply don't exist" on the atv3 firmware.

Edit: I just realized I misquoted dhlizard. I'm not gonna fix it because the larger point remains. I hope this helps.
 

1984world

macrumors 6502
Original poster
Aug 26, 2008
456
11
In lay men's terms, the iOS isn't as "robust" or as "big" as the iOS on all the other devices. The hacks used for a jailbreak don't work on the atv3 because the areas were these hacks "attack" simply don't exist on the atv3. The hackers referred to the atv3 as "not having as large of an attack surface".

This is what dhlizard means when he says the hacks "simply don't exist". He's absolutely right. The hacks used for evasion and absinthe can't be used on the atv3 because the areas of the iOS where these hacks occur "simply don't exist" on the atv3 firmware.

Edit: I just realized I misquoted dhlizard. I'm not gonna fix it because the larger point remains. I hope this helps.
Yes, that is alittle more clarifying. Thanks for the well laid out respone.


:)
 

Leetut

macrumors newbie
Jul 27, 2012
17
0
There isn't a jailbreak because no one is working on the atv3 that's the only reason, if the evaders were interested in jail breaking it it would be jailbroken!
Anyway why don't you just install XBMC on your iPhone / iPad / or mac, and just AirPlay it to the atv3?
 

dhlizard

macrumors G4
Mar 16, 2009
10,213
118
The Jailbreak Community
There isn't a jailbreak because no one is working on the atv3 that's the only reason, if the evaders were interested in jail breaking it it would be jailbroken!
Do you really know which of the hackers have worked on the ATV3 ?

I am aware of some who have (core members of the jailbreak community), and as already stated, the exploits to support a jailbreak just are not there.

Your claim is incorrect !
 

gngan

macrumors 68000
Jan 1, 2009
1,824
70
MacWorld
In lay men's terms, the iOS isn't as "robust" or as "big" as the iOS on all the other devices. The hacks used for a jailbreak don't work on the atv3 because the areas were these hacks "attack" simply don't exist on the atv3. The hackers referred to the atv3 as "not having as large of an attack surface".

This is what dhlizard means when he says the hacks "simply don't exist". He's absolutely right. The hacks used for evasion and absinthe can't be used on the atv3 because the areas of the iOS where these hacks occur "simply don't exist" on the atv3 firmware.

Edit: I just realized I misquoted dhlizard. I'm not gonna fix it because the larger point remains. I hope this helps.
This is as good as it can get. Even if you were to put it into a more technical explanation, I am sure OP would be clueless about it.
 

1984world

macrumors 6502
Original poster
Aug 26, 2008
456
11
This is as good as it can get. Even if you were to put it into a more technical explanation, I am sure OP would be clueless about it.

I dont do actual jailbreaks, but im not retarted. What i would and wouldnt understand you have no idea.
 

gngan

macrumors 68000
Jan 1, 2009
1,824
70
MacWorld
I dont do actual jailbreaks, but im not retarted. What i would and wouldnt understand you have no idea.
No one ever said you are a retard. It's normal for someone that doesn't do programming/hacking to understand the technical aspect of JB. If you are into programming/hacking then you would not be asking it here because there are better website for it. So the explanation given to you is as good as it gets.

Let's explain the famous jailbreakme website. Here is how it is done. This comes from another site that explains about it. Do you understand?

First, the process uses the PDF Compact Font Format vulnerability (CVE-2010-1797). To our surprise, it's a simple stack-based buffer overflow. With this vulnerability, an overly long CFF charString entry ends up with attacker-controlled $pc. Many people think of Return Oriented Programming (ROP) as a rather immature technique to use for complicated jobs. But the jailbreakme shellcode uses ROP to execute more than a total of 150 API calls. This means non-executable memory is not a defense against these kinds of memory corruption attacks. Looks as if the current ROP technique for iPhone exploitation is very mature and stable.

The ROP payload actually abuses an undisclosed kernel vulnerability residing in an IOSurface component from Apple. It seems that the vulnerability allows a normal process to have access to kernel memory with write privileges. After it modifies kernel space data to circumvent security checks, it calls “setuid(0)” to get root access. So, the game is pretty much over at this point. The Safari process at this point has root user privileges, and it can do whatever it wants.

After this exploitation phase, it drops the “installui.dylib” shared library, loads it, and executes the “iui_go” function from the library. This allows some UI text to be displayed on the user's screen to ask whether to go forward with jailbreaking. Then it downloads the “wad.bin” file from the jailbreakme site and extracts necessary files like “install.dylib” from there, and then executes the “do_install” function from there, which will do the typical jailbreaking process. All these operations are possible because the Safari process has root access acquired using the kernel bug.

The jailbreaking phase involves something like moving some system directories and modifying essential system files like “/etc/fstab”. Also it directly accesses the “/dev/kmem” device to patch kernel flags or code. And finally it installs the “Cydia" installer package and restarts SpringBoard using the “uicache” command.

The whole lesson here is that it is extremely easy to modify PDF payloads provided by the jailbreakme site, to make it do more operations than it was originally intended to do. The attack will surface soon, and it could be devastating, because we don't have any practical defense mechanisms against this type of attack on iPhone. We'd better try not to click any suspicious links on our iPhone browser from now on. And we'd better not check any PDF attachments delivered through iPhone mail until we have the fix. I hope the patch will be out soon, and I recommend that everyone install the patch when it's out.
 
Last edited:

PeteJames

macrumors regular
Sep 11, 2010
133
0
England
I'm wondering whether to just keep on waiting or to buy an apple tv or some cheaper android device. I only really want for XBMC to watch sky sports and 3pm kick off football matches. Is there an android alternative that can do this as well or better than atv2 for a much lower cost? I would also like airplay but can sacrifice this is it's worth it. Atv2s are now going for £220. I'd be really annoyed if I got one and then atv3 was jailbroken within a few weeks or even 2 months - left with an outdated gadget that is probably worth 1/4 of what you paid for it. Not ideal. On the other hand I could be left waiting for a year or more. Then I would be equally annoyed that I hadn't bought one. Probably damned if I do and damned if I don't. :mad:
 

throAU

macrumors 603
Feb 13, 2012
5,284
2,276
Perth, Western Australia
Its because apple is now shipping code without (or rather, with less) serious memory management bugs in it.


I've been saying jailbreaking may go away for a little while now... and the reason is mostly due to apple overhauling their development tools and the new additions to objective C. Specifically: ARC - automatic reference counting.


Short version (without getting into too much developer type detail): memory management on objective C is a lot harder to screw up now, with ARC (compiler manages memory for you automatically) and the new compiler toolchain (LLVM/clang - clang generates far better diagnostic messages than GCC - warning of potential unsafe code and possible bugs, also).

Memory management bugs are typically how software is hacked.

No memory management bug = a lot less likely to find an exploit.


This is one of the things that most end users will have no idea about and just don't appreciate changes under the surface of OS X Mountain Lion and onwards, and iOS6 onwards.

They look mostly the same, but internally the code has been heavily cleaned up - mostly helped by the new compiler and new objective C feature: ARC.

It's also a major reason I am so "pro" mountain lion and onwards. The new technology under the hood (so to speak) is a huge win for security.

Also the ATV3 is probably more secure than an iPhone or iPod because it is more purpose built and less versatile. All the content that typically hits it is off the app store, and so it's harder to throw maliciously crafted data at it. It doesn't even do PDF or web browsing for example so there's 2 programs that will never be exploited straight up....
 
Last edited:

BumpyFlatline

macrumors 68030
Apr 11, 2012
2,666
0
I'd be really annoyed if I got one and then atv3 was jailbroken within a few weeks or even 2 months - left with an outdated gadget that is probably worth 1/4 of what you paid for it. Not ideal. On the other hand I could be left waiting for a year or more. Then I would be equally annoyed that I hadn't bought one. Probably damned if I do and damned if I don't. :mad:
I highly doubt the ATV3 is getting jailbroken any time soon, if ever. I wouldn't hold my breathe. Either buy an ATV2 or some other device.