I sure have, but I have not jailbroken an iPhone. Well I hadn't imagined how a jailbreak on iOS might work either. Will it patch system files, programs, and drivers on disk persistently? Well that seems it would be the simplest way to keep the jailbreak, now that's some extra integrity checking to bypass as well. Do these jailbreakers have a number of exploits for writing to kernel memory? It's likely they would want to read it as well, but it's not always required. It seems old parts of the Darwin kernel are open source, which if it hasn't been drastically changed in every way, makes it a lot easier to understand the kernel and find problems. It would be interesting to see how these older released exploits work. How do you even do a syscall on iOS?
A bigger challenge I think would be new gen gaming consoles, this would be awesome. There does exist exploits for these I believe, but they are private and public ones get patched, then you can't play online or downgrade updates easily. Maybe it would be easier to stay on an older version and make your PlayStation think your on the latest version, maybe this is what those who have it do.
On windows, there are many problems you can run into by directly manipulating kernel structures, but that doesn't mean it cant be done safely, especially on things outside of something like win32k which is a mess. Hooking things won't get you in trouble, unless for example you're hooking integrity checked functions or data regions on Windows and get patchguarded. Which doesn't run everywhere on the windows kernel and can be maliciously disabled, not even ntoskrnl executable sections are fully protected by PG.
A bigger challenge I think would be new gen gaming consoles, this would be awesome. There does exist exploits for these I believe, but they are private and public ones get patched, then you can't play online or downgrade updates easily. Maybe it would be easier to stay on an older version and make your PlayStation think your on the latest version, maybe this is what those who have it do.
On windows, there are many problems you can run into by directly manipulating kernel structures, but that doesn't mean it cant be done safely, especially on things outside of something like win32k which is a mess. Hooking things won't get you in trouble, unless for example you're hooking integrity checked functions or data regions on Windows and get patchguarded. Which doesn't run everywhere on the windows kernel and can be maliciously disabled, not even ntoskrnl executable sections are fully protected by PG.