1

I've seen that in the latest iOS jailbreak, they use so called "spinners". What exactly is a spinner doing? And why?

Apparently it's "blocking the thread execution", but why does the exploit need that?

Anders
  • 64,406
  • 24
  • 178
  • 215
G. Ramistella
  • 113
  • 4

1 Answers1

0

I see a couple of different "spinners" when grepping the code. The one you reference appears to be unused:

static void spinner_empty(mach_port_t* arg)
{
    while (!*arg)
        ; //spin
}

static void spinner_nonempty(uint64_t* arg)
{
    while (*arg)
        ; //spin
}

spinner_empty looks like it waits until the mach_port_t that arg points to casts to true rather than false, and spinner_nonempty waits for the uint64_t arg points to to be 0. I have no idea what purpose these serve, as they appear to be unused right now.

There's also this one:

// in the end I don't use these, but maybe they help?

volatile int keep_spinning = 1;
void* spinner(void* arg)
{
    while (keep_spinning)
        ;
    return NULL;
}

#define N_SPINNERS 100
pthread_t spin_threads[N_SPINNERS];

void start_spinners()
{
    return;
    for (int i = 0; i < N_SPINNERS; i++) {
        pthread_create(&spin_threads[i], NULL, spinner, NULL);
    }
}

void stop_spinners()
{
    return;
    keep_spinning = 0;
    for (int i = 0; i < N_SPINNERS; i++) {
        pthread_join(spin_threads[i], NULL);
    }
}

In this case it looks like they may simply be there to slow down execution, by having a large number of threads constantly spending as much time as possible doing nothing. The comment seems to indicate that they may not be necessary, but the author thinks perhaps slowing down the execution may give the exploit a higher chance of success.

AndrolGenhald
  • 15,436
  • 5
  • 45
  • 50