Latest Tweets:

Kuaiyong: the short version

It’s 4am, hi! Scratch that, 4:30.

I promised I would put something on tumblr. I won’t share my speculations on the exact cause until Apple has taken a whack at it, but @chpwn @tapbot_paul and I have sent them a report on our attempt to reverse engineer kuaiyong’s DRM circumvention for iOS. It appears they own a few dozen iTunes user accounts and buy the apps for these accounts. They then write something over USB which fools the iDevice into passively accepting signed apps which belong to these accounts as if they belong to the account which owns that iDevice. Apple engineers certainly know a lot more about their own USB protocol and DRM system than I do, so hopefully the details we sent them will help them quickly narrow down the exact problem.

As for the question of whether kuiayong is “safe”: I have not seen any deliberately user-hostile code in what it installed; it’s just mildly allergic to debuggers. However, it has an open-ended update system and a EULA that clearly states they can do anything they want at any time. If you go on their site they have another EULA that says they reserve the right to force ads and charge money in the future. (I autotranslated all of this but the intent is clear.) Additionally, the User ID forging technique seems to be a bit glitchy, as many pirates have reported strange problems with the App Store after using kuaiyong. On top of that, you can be sure that someone will come out with unambiguously user-hostile imitationware, so don’t just go around installing whatever. Same advice as always.

And just to crush your hopes, no, I don’t think this is a jailbreak vector. It only works with things that are properly signed. This means no random malware and no cydia. Sorry! :)

  • 0xabad1dea

  1. hankbao reblogged this from abad1dea
  2. abad1dea posted this