xSellize: xNews

I got my first computer when I was about 8 and broke it one week later because I was tweaking some settings I was not supposed to tweak. My parents did not want me to waste time playing video games so I learned programming instead and was very interested in doing the low level stuff. But I guess I was at least 16 until I started so realize the wonderful things you can achieve by changing the code of other people. I guess I could have gotten earlier into the game, but I never had any kind of internet or mailbox access on my own before I was 17/18.

Dealing with iOS security is like dealing with any other security topic, with the difference that it is more challenging than PHP security or web application security which was my previous research topic. The other difference is that hacking iPhones and researching jailbreaking topics brings you in contact with the actual enduser that directly benefits from your work. This is something very different from other fields in security. Most of the time you only deal with application developers that do not really like that you find problems in their code, or with admins that have to upgrade to the newest version of a piece of software. I guess there are not many fields in IT security where the actual enduser has ever heard the name or nick of a person involved in finding a vulnerability or writing the actual exploit. Having experiences both I think I prefer an angry developer over an angry jailbreaker.

Whatever you have heard about why I am not releasing a jailbreak is most probably wrong. The jailbreak community tends to just pick random tweets and spin rumours or consipracy theories around them. As an example I get a number of request by email or twitter every day from people who want to pay money to get the jailbreak, because they heard I sell it. In fact I never said that I would sell my jailbreak, I merely discussed the fact that while the developers do all the work for free there are plenty of people who make a huge sum of money with every new jailbreak. There are the people that sell Cydia apps, the people that make iOS newsites and tutorials about JBing (including ads), the people who get paid for installing the free JB on someone's device, the people that weaponize the public exploit for malicious purposes, the people that just take eg the bootrom exploit and create expensive tools for law enforcement agencies from it, the security researchers that can only do research on jailbroken devices and sell consulting afterwards. I might have forgotten some other players that make money out of a free jailbreak, but I think you get the picture. People in the JB community seem to not understand that from my point of view spending months of work to perfect a JB and then releasing this for free is a waste. And of course they are angry when I tell pod2g about it because they fear I convince him to do something more valuable with his time.

Speaking of piracy. I am pretty sure that it would be possible to do a JB that will block the most common ways to install pirated applications on a device. But there is no way to stop pirates from reversing the JB and tweaking it. It might take them a while, because after all iOS JBs involve low level kernel code that can do all kinds of dirty tricks, but in the end they would figure it out. Maybe not fast enough until Apple closes the vulnerability and effectively kills the jailbreak. After all it would not be worth the hassle. Why would someone like Musclenerd or Pod2g spend days or weeks coding something like that, knowing that it would only last a few days.

Of course there are people that jailbreak because they want to have full control of their own iPhone, of course there are people that need a jailbreak to install the latest Cydia tweaks and of course there are people that jailbreak to do security research or whatever. But each of these groups highly overestimates their own size and importance. The vast majority of people have always jailbroken for pirating stuff or unlocking their phone. Whoever denies this is delusional. When you look at average people and their jailbroken iPhones you will see they have hundreds of Applications installed and Apple is lucky if they paid for a single one of it.
And yes there is also a group of people that say they only pirate apps and buy them later because there is no way to try an app before you buy it. I personally think that Apple could solve that legitimate request by offering such feature.
For me it doesn't matter what reason people jailbreak for, it has no influence on my decision to not waste months of my work just to enable other people to do what they want.

Well whenever a field develops over the years and more and more content for a specific topic is collected at some point the logical consequence is to write a book about it. Of course nowadays you can find a lot of information on the internet but this information is usually spread over hundreds of websites and sometimes important facts are not yet public at all. So the idea to create a book and collect all this information in one place allows someone new to the field to dig through it in a easier way. So in the long run this book will allow more people to get into iOS hacking in a faster way. However iDevices are not an easy target to attack and therefore it requires years of training or expericence to actually own them.
The problem with the JB community at this point is that they don't understand that in the long run this book might bring new people into the scene of jailbreaking iDevices. Most of the people in the JB community do not understand that. They believe it will help Apple to stop jailbreaking or they consider it an attempt to make big money out of the JB community. This kind of reaction shows how little they understand of what is going on, first everybody who wrote a book about a tech topic will tell you that there is no big bucks made by writing tech books. Especially not if there are six authors for one book. And the other misbelief is that Apple employs a bunch of stupid elephants that do iOS security. In reality the people working at Apple on iOS security topics are actually quite skilled and they have way better debugging tools than the JB community will ever have. The reason why they don't kill a JB one day after a release is most probably only of political nature. Apple only seems to close JBs fast if they could be used maliciously by drive by attackers. Aside from that they keep those vulnerabilities open for a while, because every sold device is a sold device.
Also by looking at the JB community they can gather intelligence about features their customers might want, which in the long run will increase their revenue even more. I don't think Apple is really too concerned about piracy due to jailbroken devices, because they know there is only a limited amount of money you can squeeze out of a person anyway.

Pirates are everywhere and they do not concern me. If you loose any sleep because of them, then good luck surviving in this world. I think the JB community suffers from something worse. It is “contaminated” by leeches that do not value other people's work at all and do not understand the amount of work required to create things. They believe they are entitled to get whatever they see and just need to cry out loud enough if they don't get it. They believe they own the iPhone JB developers and that they have to produce jailbreaks for them for all eternity or shut up. You can see how delusional these people are when you get messages like: “Without us you are nothing, we follow you on Twitter and we made you famous” and then there are messages like “unfollow him to teach him a lesson”. Everytime I see these messages I hope for mankind that these people do not really believe that. People are not getting famous because they have hundreds of thousands of followers on twitter, it is the other way around: they did (create) something people liked and this attracted followers. And if you consider yourself famous, because a few people on the internet know your name is up to you. I don't think one can consider himself famous until people on the street recognize your face and you have to hide from paparazzi. Anyway the amount of followers on twitter is only of concern to me because it is directly related to the number of people I have to ban manually.

I don't think it has anything todo with “hold such a situation”. In the beginning you are annoyed and cannot believe the amount of angry and demanding people, but once you get over that initial shock you just continue to do whatever you want. I can understand if Geohot hold the iOS 4.x jailbreak because of these people. Because getting this kind of response is a wake up call that tells you that these people are not worth that you donate your work to them for free. However Geohot and the Chronic Dev Team are/were also collecting donations – so they obviously got enough to keep them going.
I also think that a part of this whole situation is caused by certain jailbreak developers who write blog postings where they claim that they will work day and night to get the new jailbreak to them. This blatant lie is the kind of statement that will be loved by the crowd, while in reality work is only done when there is free time and the mood to do it. However telling the truth will make people dislike you and most probably donate less.

Oh I think I said everything I wanted to say for now and now I sit back with popcorn to await the criticisms' wave.