I'd love to know how many hours were needed to develop this exploit from start to finish, and how many dead ends the researcher ran into along the way.
Just writing the blog post and generating all the images for it must've taken many days.
I have followed iOS JB for years and keep up with exploit dev and mitigation/defense.
The usage of source code and avoiding deep assembly documenting helped a lot. You are still looking at several man days of deep work on understanding the driver and stack.
KASLR was the only real mitigation to bypass. That could have been a difficult part worth it's own discussion. Bypassing ASLR typically requires an info leak.
I think 3-4 weeks of one person's effort is a good guess. +/- 1wk depending.
If others don't know, the K is for kernel. I had guessed that it was, but decided to look it up. I figure this may save others some time.
It looks pretty neat, conceptually. It loads the kernel into a random location in memory on boot. I haven't looked into how random it is, but it's a good idea.
Just writing the blog post and generating all the images for it must've taken many days.