Code Genocide

With the latest iPhone firmware update (2.2), Apple fixed several “security holes”, one of which broke KillExchangeLocks version 2.0.

The fix that broke things was CVE-ID:  CVE-2008-4229

Impact: Restoring a device from backup may not re-enable the Passcode Lock

Description: The Passcode Lock feature is designed to prevent applications from being launched unless the correct passcode is entered. A race condition in the handling of device settings may cause the Passcode Lock to be removed when the device is restored from backup. This may allow a person with physical access to the device to launch applications without the passcode. This update addresses the issue by improving the system’s ability to recognize missing preferences. This issue does not affect systems prior to iPhone OS 2.0 or iPhone OS for iPod touch 2.0. Credit to Nolen Scaife for reporting this issue.

http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html

The key parts here is the resoultion, “This update addresses the issue by improving the system’s ability to recognize missing preferences”, and the person to blame is Nolen Scaife for reporting this issue.

KillExchangeLocks version 3 does not implement the ideal solution as Apple has done a pretty good job on their fix. Instead of removing the passcode automatically like before, instead you now force the settings app to alow you to remove the passcode, as if you had setup a passcode without using Exchange.

This still times out every 24 hours like before, as Apple is actively querying the Exchange server every 24 hours to update and/or validate the security settings.

The up side is you should only have to run this part once, and you will always be able to remove the passcode.

Version 3 gives you the option if you want to modify your Auto Lock timeout.

The problem here is that the iPhone will over write any change if you go into the Settings app and click on the General tab (which shows your timeout setting).

Therefore this could need to be reset often, if you go into Settings -> General a lot.

I added some extra Time out levels for your convience.

You can now choose between: Never, 1 min, 2 min, 3 min, 4 min, 5 min, 10 min, 15 min, 20 min, 25 min, 30 min, 35 min, 40 min, 45 min, 50 min, 55 min, and 1 hour time out levels.

As I said before, this is by no means the ideal fix, but it is the only way I have found so far, and I figure this is better then having nothing.

If you really want a better fix in place, I would ask you to think about donating to this project as that would make it easier for me to work on this project then other paying projects. It is in no way required, but welcomed. If you wish to donate you can do so using PayPal.

KillExchangeLocks is available in Cydia under Utilities.

KillExchangeLocks is a simple free iPhone application that helps the fact that with the new 2.0 Exchange support you can get locked into having a passcode and auto-lock setting on your phone. Even manually changing the plist you will then be asked to set a passcode again at least once a day. Instead of updating your plist everyday, just simply click on KillExchangeLock and your plist will be set to not require a passcode and never auto-lock.

http://codegenocide.com/KillExchangeLocks.zip