iOS iCloud Bypass using Setup.App Patches  / Emoji Crashes (Explained)

In this video I've decided to explain the underlying concepts behind the Setup.App application, how it works and why people search for glitches in it. A couple days ago there were some glitches found in iOS 11 that allowed you to close the Setup.App and get a couple seconds of SpringBoard. This time was different: Normally on iOS 10, 9 or 8, if you managed to crash Setup.App, nothing useful really happens, the SpringBoard (Apps menu) does show, but only for 1 second and you can't open any application due to the way Setup.App is designed to block SpringBoard while it runs. On iOS 11, you are able to start an application if you're fast enough, which means you're able to use the device to do various things including to open FaceTime and if the device hasn't been restored, you'll be able to see the email of the previous owner.

Filling text boxes inside the Setup.app with emojis is another known practice on YouTube and everyone tells you that you only get 1-2 seconds of SpringBoard but nobody explains WHY, so I've decided to do that. 
This video's purpose is to make you understand how Setup.App works, where you can find documentation about it and what happens then the device shows the activation screen.

The icloud activation screen is part of the Setup.App, so knowing how Setup.app works, helps you a lot to understand how to attack it.

Speaking about patching: If you patch the Setup.App (in a CFW for example) or you remove it completely, you will need an iBoot Exploit or a Bootrom exploit to push the CFW because Apple has introduced verification points across the restore as a mitigation for the older Jailbreaks that used to be deployed via CFW. Since Setup.app also handles the activation, if you put your hands on an exploit and you restore the CFW, you will bypass iCloud but it is only a temporary bypass, the device is still locked on Apple's servers and you can do nothing about that. It will never have SIM Card support and if you restore it with a clean Firmware, it will get locked again. 

So, as you can see, if you're iCloud locked and you're interested into unlocking the device, at least partially, Setup.App is a great entry point, but it is not the complete chain.
 



==Resources==
Documentation about Setup.App
More documentation about Setup.App
iCloud DNS Bypass Method
Important info about CFW iCloud Bypass
KeenLab's Presentation at MOSEC
iOS 10.3.1 / 10.3.2 Cydia Alternative (TweakBox) | Kodi, NDS4iOS, EveryCord, Snapchat++ & More
New Jailbreak Team for iOS 11
Stefan Esser to RELEASE 32-Bit Kernel Bugs

GeoSn0w

About GeoSn0w

C#, C, Objective-C Programmer | Beginner iOS Security Researcher | Content Creator | Web Developer I like to bring the latest news from the iOS / iDevice / Jailbreak battlefield to you in a beautiful manner :) I hope you like the site. If you do, don't forget to check out my channel :)

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>