Jay Freeman (saurik)
@saurik
Followers
430,862
Following
140
Media
52
Statuses
1,425
I developed Cydia for jailbroken iOS devices and am now (theoretically) in charge of technology for @OrchidProtocol ; I am also a local politician in California.
Isla Vista, CA
Joined May 2007
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Pedro Sánchez
• 363246 Tweets
Wizkid
• 265484 Tweets
woozi
• 172384 Tweets
#CDTVライブライブ
• 165064 Tweets
#SixTONES_音色
• 88836 Tweets
The Gift
• 71013 Tweets
Humza Yousaf
• 69051 Tweets
Thiago Silva
• 61891 Tweets
#Fes蓮ノ空オープニングライブ
• 60223 Tweets
Don Jazzy
• 48349 Tweets
CGPJ
• 47335 Tweets
Mufasa
• 36020 Tweets
billie
• 33628 Tweets
Matisse
• 27461 Tweets
#キュウゴー
• 26634 Tweets
Akuma
• 19972 Tweets
#アンメット
• 19299 Tweets
Uzbek
• 18223 Tweets
Blue Ivy
• 15605 Tweets
BINGLING BETTER OR WORSE
• 15255 Tweets
Kiara
• 11910 Tweets
鈴木千裕
• 10217 Tweets
Last week, I discovered (and reported) a critical bug (which has been fully patched) in
@optimismPBC
(a "layer 2 scaling solution" for Ethereum) that would have allowed an attacker to print arbitrary quantity of tokens, for which I won a $2,000,042 bounty.
215
895
6K
Substrate 0.9.7000 is my most well-tested update ever, verified to work on iOS 3.0, 4.3.1, 5.1.1, 6.1.3, 7.1.2, 8.0, 9.0.2, 10.1.1 (mach_portal), 11.1.2 (Extender), and 11.3.1 (unc0ver). I expect it will fail anyway :(. If you want to try it, add to Cydia.
522
969
4K
Hi
@tim_cook
. iOS is the *only* major platform which not only pulls VPN apps from its market but also requires users to "enroll" and pay $100 a year to use the VPN APIs locally. As far as I'm concerned, you are directly supporting authoritative regimes :/.
259
1K
4K
(I have now spent over a decade working on Cydia and fighting against Apple's harmful platform control. In these years, I have never once reached out to either Steve Jobs or Tim Cook... until today... and I seriously managed to type "authoritaTIVE" instead of "authoritaRIAN" ;P.)
349
427
3K
Cydia just joined the legal battle against Apple: "A new lawsuit brought by one of Apple's oldest foes seeks to force the iPhone maker to allow alternatives to the App Store, the latest in a growing number of cases that aim to curb the tech giant's power."
102
586
3K
About two weeks ago, Apple made a change to their provisioning service to require a different authentication scheme for "free" Apple accounts (they return an error that mentions upgrading to "Xcode 7.3"); this broke Cydia Impactor for users without a paid Apple Developer account.
152
325
2K
For those who dare to experience
@qwertyoruiopz
's "unstable/glitchy" beta jailbreak IPA for iOS 10.0-10.1.1, Cydia Impactor 0.9.35 is ready!
209
826
2K
Truly, jailbreaking should have stopped during the iOS 9 era, if not before; there is a reason essentially all of the reasonable developers left long ago and the community is largely now run by bullies. Everything that we do now just digs jailbreaking a deeper hole, full of fail.
203
291
2K
A few days ago, Epic Games filed a lawsuit against Apple, challenging the idea that the Apple App Store--with its high fees and limitation on promotion of anything that isn't an Apple product or payment mechanism--is the only way to distribute apps on iOS.
61
419
2K
Cydia Impactor 0.9.43—an update *for Windows only*—fixes the "Peer certificate cannot be authenticated with given CA certificates" error :(.
275
329
1K
I am the only commissioner at the
#CALAFCo
(California Association of Local Agency Formation Commissions) 2019 Annual Conference here representing the United Federation of Planets! I was a bit saddened to not see a regional round table for the Alpha Quadrant :(.
#Halloween2019
🎃
173
118
1K
In the mean time, I owe nobody anything and nothing I have would help anyone anyway (and particularly won't help anyone trying to support A12). I really wish everyone would just forget Cydia exists and move on with their lives; anything would be better than dealing with all this.
147
167
1K
So far, I've only had a few days to work on A12 Substrate (something I couldn't even start doing until a few weeks ago, when I was given the first jailbreak build useful for testing with). I do not understand why anyone thinks I am able to spend all of my time on this anymore :(.
82
134
1K
Today, Cloudflare made WARP, their VPN service with an unlimited free tier, available to everyone; it only has clients for iOS and Android, but the protocol they are using seems to be off-the-shelf Wireguard, so you can connect from macOS! Run this script:
38
238
1K
Apple insists they had no choice but to pull VPN apps in China, as they "follow the law wherever they do business".
However, restricting the Network Extensions API (needed for custom VPN protocols that can bypass a firewall) is above and beyond reasonable.
51
200
1K
I just spent an hour using an iPhone to take videos of iPhones taking video of an iPhone (with a fifth iPhone to take a video of the rest) to verify this: the iPhone 11 Pro Max on iOS 13 has an additional 50-66ms of latency in its camera preview vs. the iPhone XS Max on iOS 12.4.
54
139
1K
FWIW, it is entirely possible that someone, using techniques I find "sloppy"--the kind of stuff that led to the iOS 11 stability issues (lots of kernel data patches to do stuff like mark processes as being actively debugged) can make A12 work easily--_I_ have no interest in that.
151
153
1K
I believe in Free Software and have published most of my work open source under LGPL/GPL/AGPL (notably including Cydia, Cycript, WinterBoard, ldid, and now my work on Orchid). I'm glad to see Richard Stallman leave, and hope this starts a new era for the Free Software Foundation.
Richard M. Stallman has resigned as FSF president and from the board of directors:
169
2K
3K
45
167
1K
Substrate 0.9.5000 has been released, with support for iOS 7 and ARM64. (For extensions to work on ARM64, they must be recompiled to ARM64.)
789
2K
1K
Cydia Impactor 0.9.39 fixes the SSL certificate verification error seen while signing IPA files on Windows. It also includes Cydia Extender.
103
335
1K
In June of 2019, Facebook suspended my Cydia app, removing its access to Facebook login and locking users out of their Cydia accounts, which required a slow (on both sides: Facebook and I each were taking months to respond to the other ;P) back and forth of interrogations to fix.
54
87
1K
Does anyone else find it strange that both Apple and Google not only allow but in fact require privacy policies for apps to be hosted on external websites, meaning that to view an app's privacy policy you must connect to their server and already subject yourself to their logging?
47
152
914
Regardless, in early September of 2020, I was able to get Facebook to reinstate the Cydia app... though they made it sound tenuous enough that I waited until now--when I'm finally feeling confident-ish--to reactivate the button, in case anyone still has reason to log in to Cydia.
57
63
903
I am once again at
#DragonCon2016
in Atlanta! I'm on two panels and also giving a talk. See:
52
125
813
Due to a largely-unrelated conversation I had last week, I actually looked at my Twitter notifications. What I saw: a large number of spectators arguing, in language foul enough that the Twitter app has to give me "may contain offensive content" warnings, about what I'm doing :/.
57
87
813
In particular, harassing me and everyone around me via every communication channel you can figure out to contact me is _not_ going to make me somehow care _more_ about doing this: all you are doing is making me deeply regret having returned. I gain nothing from doing any of this.
22
67
796
Back in 2016, I was elected to the board of a small special district in California--a new government I helped create for Isla Vista, the college town next to UC Santa Barbara (where I studied Computer Science twenty years ago and never left)--we meet twice a month for ~2-3 hours.
62
68
789
I think
@PanguTeam
's iOS 9.3 jailbreak is indirectly DoS'ing Apple's servers from so many users sideloading the IPA.
54
346
792
For more detail, I'll highly recommend reading our complaint: "This lawsuit seeks to open the markets for iOS app distribution and iOS app payment processing to those who wish to compete fairly with Apple, and to recover the enormous damages Apple caused."
35
133
799
The Copyright Office granted DMCA exemptions for jailbreaking: smartphones, tablets & other all-purpose mobile computing devices, smart TVs!
44
717
775
_If_ (yes: "if") I ever release A12 Substrate, it will not only be because I found a good way to achieve the goal that I consider "stable", but it will also be because I have, at least momentarily, come to enjoy the process of working on it again; that might _never_ come to pass.
42
67
757
@Pwn20wnd
@i0sd3v
@r4m3n_n00d13s
Given that I had complete control over what package manager I used at the time, as well as complete control over the architecture of the software stack, I could have *easily* designed Cydia to let it not be open source; I did not do that, because I wanted Cydia to be open source.
30
77
726
PSA:
@PanguTeam
's iOS 9.2-9.3.3 jailbreak is 100% free, as is Cydia Impactor; do NOT pay any website $20 for either.
36
306
708
If you are waiting to jailbreak your iOS 8.0-8.1 device until things are "stable enough": we now seem to be ready! ;P
http://t.co/XRUU74p7i8
102
816
717
I rebooted an iPhone 6S running iOS 9.0.2 jailbroken with Pangu9 almost 1100 times today: 85% of boots worked, 0.4% took 10 minutes to fail.
103
390
691
(Cydia Extender isn't what many are assuming; and it seems to require a paid developer account to install, which I failed to notice? *sigh*)
93
156
685
At
#BlackHat2016
, Apple just announced a new Security Bounty program and has promised to prioritize pushing updates.
31
298
650
It maybe should be made more clear that, while I was actively killing myself--stealing time and racking up stress--to build a stable iOS 11 jailbreak for two or three months at the end of 2017 and beginning of 2018, I finally quit entirely in early 2018 due to developer toxicity.
16
76
658
I did not promise to anyone--including Sam Bingner, the only person I've been talking to at all--that I would be able to finish A12 Substrate ASAP; in fact, what I told Sam Bingner was that I was really busy due to a product launch for my day job, and he said he wouldn't rush me.
33
60
645
Reminder: I have had a "day job" since mid-2017. People seem to still be operating under some expectation that my life revolves around jailbreaking: it doesn't, and I frankly regret that it ever did; if I could give "past Jay" advice, it would be "don't waste your life on Cydia".
16
58
639
In 2016, I ran for 3rd District County Supervisor in Santa Barbara (and lost). I've been told (after) that, had I run for California State Assembly District 37, I might've had institutional support! Some days, I dream about the bills I could've floated ;P.
43
69
646
I will be giving a talk about the bug at
@EthereumDenver
, Friday, February 18th: 9:40am MST on the Infinity Stage. My talk will be live-streamed, presumably to the
#ETHDenver
YouTube channel: Look out for "Attacking an Ethereum L2 with Unbridled Optimism"!
10
69
649
It is absolutely ludicrous to me that people are assuming that I would do this work _at all_ much less that I should _already have finished it_... "best case" I would never have expected to have had this done by now, as I honestly think this will be more than three weeks of work!
23
51
613
When Apple did this, I'd just arrived in Florida for a wedding (one of a dear friend and where I was a groomsman); even so, I stayed up ludicrously late the night before the ceremony rehearsal to understand the issue and try to triage how much it would hurt to fix Cydia Impactor.
4
26
613
As
@i0n1c
noted, a kernel patch (on CS_RESTRICT) is the simple fix for Substrate on iOS 8.3;
@taig_jailbreak
should have an update out soon.
65
521
601
Cydia now allows self-service refunds within one day of purchase if the package has been uninstalled; also: the Store is now up for 9.2/9.3.
46
289
580
The TaiG 8.1.3-8.x Untether, version 2.1.2, supports Substrate! This package is available as an update in Cydia (from our Cydia repository).
99
459
585
Anyone claiming "substrated handles kernel patches" has no clue what they are talking about: the reason I disagreed with jailbreakd was because it entrenched specific and _pervasive_ kernel data patches to do something as basic as code injection; Substrate doesn't do any of that.
7
61
578
Which should remind all of us of another lawsuit currently ongoing with Apple: their attempt to crush
@CorelliumHQ
, the company which launched an iPhone virtualization service to enable security research without jailbreaks and automate testing of iOS apps.
10
105
584
I actually am very interested in doing this work; but, as I have stated before, I also now have a day job where I'm in charge of technology for a company that absolutely must release its product within the next few weeks. I just can't take weeks off right now to work on Cydia :(.
3
33
567
Cydia 1.1.17 fixes the "cannot identify your device" error on iOS 8.3. (No: this is not a Substrate update; TaiG says they are fixing that.)
109
397
550
(If myacinfo were to be deactivated entirely, that would also affect the deployment tools used by larger companies such as Facebook and Google, something Apple might enjoy rather than shy away from; if I were
@FastlaneTools
, I would be paying close attention to what is going on.)
33
34
553
Cydia 1.1.19, now released, no longer runs as root (even momentarily!), which means that Cydia Substrate is now able to modify Cydia itself.
78
436
559
Cydia Impactor (unlike, say, ReProvision) is intended to run on stock desktop platforms (macOS, Windows, and Linux); to support this new authentication scheme will require spending some time—I'd guess well over a week?—reverse engineering Apple's code to achieve interoperability.
4
23
544
#ifihadglass
I would jailbreak it and modify the software (obviously). As Google actually sold me one; I did my part.
http://t.co/GGYtCjV42Z
93
1K
536
Honestly, I am not sure Substrate for iOS 11 was a "healthy" achievement; I still enjoy working on Impactor (and have some major updates that I want to release), but it just doesn't seem possible anymore to have fun on Substrate :(. That said, I _am_ quite proud of its stability.
15
39
524
I want to make certain a big thank you goes out to
@rpetrich
,
@Surenix
, and
@kylematthews
, without whose help Cydia 1.1.9 would have sucked.
371
594
524
(Note: right now, Apple chose to only target people without paid Developer accounts; but they know as well as we that this is merely a speed bump; so, I wonder if they might intend to fully deprecate myacinfo due to security issues and are using free developers to derisk impact.)
9
28
516
iOS 9 changed the 32-bit pagesize on 64-bit CPUs from 4096 bytes to 16384: all 32-bit binaries must now be compiled with -Wl,-segalign,4000.
48
380
520
(I then told myself I shouldn't be working on this at the wedding unless I had a fast fix (which I didn't), was being swamped with an audit deadline at work I needed to hit, frankly hate having to wade into the "eta wen" posts, and honestly wanted to see what other people found.)
2
18
522
This community operates under a broken concept of software that "anyone can update anything": no, if you are able to update something like Substrate, you can also rewrite it from scratch: jailbreaks and code injection tools are the result of hard research, not engineering effort.
12
43
501
Cydia 1.1.18 fixes a bug introduced in 1.1.17 that would cause SpringBoard to lock up if it was killed by a user with the iOS task switcher.
124
265
496
Now with
@planetbeing
,
@pimskeks
, and
@PanguTeam
watching Behind the Scenes of iOS Security by
@radian
(from Apple).
8
125
492
(FWIW, I am actually impressed with the "creative workaround" (a plugin for Apple Mail) that
@rileytestut
came up with for
@altstoreio
's AltServer (which is largely based on the open source code for Cydia Impactor's core, ldid!) and am interested to see what he does for Windows.)
3
25
487
After the Cydia 1.1.17 update, some users saw blank pages under Manage Account; this was due to load, and is fixed: I've made it 20x faster.
114
221
471
WinterBoard 0.9.3912 (just released) runs on iOS 7 and seems compatible with ARM64; theme artists are encouraged to report any crashes/bugs.
298
941
466
In case anyone is using libplist to parse plist files for security scanning, here are some fun parser differentials.
26
120
464
(Alternatively, I could drop support for Linux—which honestly feels like "defeat" :(—to only support macOS and Windows, in which case I spend my time ripping apart iTunes to figure out where it is storing its keys on Windows; but this would be easy for Apple to repeatedly break.)
5
23
461
In its most recent complaint, Apple continues to insist that
@Pwn20wnd
's usage of Corellium's product to help test and more rapidly develop the Unc0ver jailbreak for iOS 12 was an "unlawful end", entirely ignoring the USC Section 1201(f) interop exemption.
Shoutout to
@CorelliumHQ
for giving me access to their amazing platform. This means that I will now be able to test unc0ver on any device running any firmware with extended debugging capabilities!
98
143
2K
3
53
459
Regardless, I'm simply not in a position to dedicate time to this until mid-December; and I also do not have much good advice for users, other than to annoyingly note that if you buy an Apple developer account, Cydia Impactor works and you can install apps on hundreds of devices.
9
26
456
The usual strategies for influencing politics involve convincing individual politicians to agree with you while campaigning the voters to elect politicians sympathetic to your cause; however, there is another option: getting a political party to add your goal to their "platform".
40
53
440
Yet, in October of 2018, when I was contacted by Sam Bingner--someone I find reasonable--saying Substitute was never stable and suggesting he could offload a lot of the pain I didn't want to deal with (including "dealing with other people") so I could release Substrate, I agreed.
3
35
431
As people still seem confused: to fix Substrate on iOS 8.3,
@taig_jailbreak
(not me) will update the jailbreak kernel patch (not Substrate).
67
429
432
With the jailbreak now seemingly "stable enough", vendors selling products via Cydia are now allowed to mark products as iOS 8.3 compatible.
58
313
420
If anyone else wants to do this work, I am *not* a gatekeeper: if there were a "walk-through" of GrandSlam, people like me can easily support it; the only existing references I've found are presentations by Vladimir Katalov (the CEO of
@ElcomSoft
...) and work by InflatableDonkey.
7
19
411
(On jailbroken iOS—or apparently on "a jailbroken Mac", where you disable SIP and patch amfid, similar to how we jailbreak iOS... I wonder how much longer it will be before we need exploits for that :/—one can directly use Apple's AuthKit to get the right authentication headers.)
2
19
409
Cydia vendors can now mark their products as iOS 8 compatible. (The jailbreak platform itself is now stable enough to make this reasonable.)
73
456
407
The reason jailbreaks end up getting built surrounding it is not because "it has taken over functionality the jailbreak somehow should do"; it is because "it turns out that most of the stuff that the jailbreak was doing was not only unnecessary, but actually somewhat harmful" :/.
12
35
394
I do provide a way for jailbreaks to "slip in" kernel patches (what some people call "unrestrict"); nothing critical relies on this: these are only for sandbox backwards compatibility and to make setuid work. I do not like _any_ of these patches and never used them on my devices.
2
33
389
Apple Developer was under maintenance for 2 hours this morning. I think they sped up their API (feels a lot faster)!
32
98
382
Just finished watching the epic Pangu 9 Internals talk by
@windknown
and
@WangTielei
of
@PanguTeam
at
#BlackHat2016
.
12
97
383
For those still upset: TaiG's last post on Twitter is very obsolete; on Weibo they say they are working on an update.
http://t.co/ujj354ZHm6
61
210
360
With Cydia 1.1.19 now out, TaiG has released version 2.3 of their iOS 8.1.2-8.4 untether, fully removing that awkward setreuid kernel patch!
59
255
370
My talk at
#SpartaHack
started at 12:30am (yes: at night) and at 6:00am there were still people asking questions ;P.
25
68
374
To anyone who responds "Apple isn't a monopoly": the actual test of "monopolization" is merely having a "significant and durable market power", not a 100% share; anti-competitive behaviors--such as "tying" and "refusal to deal"--can clearly apply to Apple.
12
51
363
I've spent 7 weeks working on Cycript: structs, variadics, multi-line editing, all of UIKit, Java, Android, ES6-ish!
34
128
357
(To be clear: Cydia now allows developers to mark products as compatible with 9.2/9.3; until each developer does, you can't just buy stuff.)
22
145
334
Watching Ken Arnold, the developer of curses (!), on a panel at
#RoguelikeCel
(an event co-organized by
@brittagus
).
18
51
333
A long time ago, I built a way to link Cydia directly to packages in third-party sources, but it was not documented.
53
143
316
San Bingner, using the awesome emulator environment from
@CorelliumHQ
, helped me verify my guesses here were correct (debugging into a call to pmap_cs_associate), but I just don't have the time right now to spend reverse engineering and attempting to understand this new logic :(.
2
33
305
Even if I did, to be very frank about it: I find working on stuff for jailbreaking neither important (as I used to for the large, stable, untethered jailbreaks, with the goal of fighting copyright law: an era that is long over) nor fun (due to the horrible developer toxicity) :/.
2
36
308
I did this as I was having a subtle-yet-annoying feeling of motion sickness using the iPhone 13 Pro Max camera that I have never experienced with an iPhone before and wanted to be 100% sure I wasn't making it up; a 100ms input latency was already "pushing it": 166ms is "too far".
11
21
303
It really sucks that I can't give a talk at a hackathon without the organizers getting harassed, or be on a panel for an unrelated topic (as I was today) without the moderator getting dogpiled with "jailbreak ETA?", or even comment on a forum without the thread being hijacked :(.
8
26
301
When
@i0n1c
built a tool to detect malware installed on iOS devices, his application was pulled from the App Store; in a post, he noted Apple's notice "basically says: we do not want our users to have the impression iOS could have security holes. go away".
2
46
296
I give talks at college hackathons on data sovereignty and software freedoms; it's too common to learn Stallman had given a prior talk, but turned the audience off of Free Software with his sexist/problematic mindset. We have a lot of work to do now to get back people we've lost.
3
28
286
For A12, it (surprisingly to me) turned out Pointer Authentication Codes were not a problem; however, Apple built a new layer of codesign--"physical map codesign" (pmap_cs_*, largely missing from the XNU codebase)--as part of their "Page Protection Layer".
1
34
283
If what you need is context on what the DMCA is, why I care, why you should care, and what we did, watch this video.
19
147
277
What Apple does is cultivate a "chilling effect" on certain kinds of research: when
@0xcharlie
showed how easy it was to slip exploit code through iOS App Store review, he was banned from the Apple Developer program, so others would be too scared to probe.
7
71
293
So yeah: I don't know if anyone else will agree with me that security events should not allow companies using USC Section 1201--or similar laws around the world: the US got this included in a WIPO treaty--to speak at their events, but if so: poke a conference organizer for me? ;P
15
18
286