Chronic Dev Team is almost done with a much anticipated untethered jailbreak for iOS 5 and iOS 5.0.1. Team member and French hacker pod2g just released a video showing off the jailbreak. It looks to be near-complete and functioning properly. Take a look:
pod2g even created a blog, where he plans to post the most recent news about his progress:
Today I succeed in jailbreaking my iPod 3G. The exploit is user-land, rely on a user ROP payload and a kernel write anywhere exploit.
I can’t give much details right now, but here are the next steps :
- upgrade the iPod 3G to iOS 5.0.1
- do the same on iPhone 4 / iOS 5.0.1
- then iPad 1 & iPod 4G
At every step, the exploit code needs certainly to be reworked, but I really don’t know right now. Next, I’ll return to the research for iPad 2 and iPhone 4S. I don’t know if I gonna release first for other devices or not. I’ve to think about it. Feel free to give your opinion.
UPDATE: Apple latest firmware is iOS 5.1.1. Apple has stopped signing all other firmwares, including iOS 5.0.1, iOS 4.3.3 and iOS 4.3.5. This means you can NOT restore to 5.0.1/4.3.3/4.3.5 any more (both original and custom), unless you have saved your SHSH keys for it.
If you have decided to perform an untethered jailbreak and unlock, you need to get the following information:
What type of device do you have (iPhone 3G/3GS/4, iPod Touch 3G/4G, iPad 1/2, Apple TV)?
Do you need unlock (if your iPhone locked to one carrier and you want to use it with another)?
The answer is NO, if the device is not iPhone, if it was purchased as factory unlocked and can be used with any cellular carrier (f.e. in Canada, France, etc).
If the answer is YES, you need to find out your modem version (Setting-General-About-Modem).
What firmware version do you have? Take a look at Setting-General-About-Version. For example it could be iOS 4.3.3.
What operating system do you use on your desktop (Windows, Mac OS)?
How to perform jailbreak, when you do NOT need an unlock
For iPhone 3G the latest is iOS 4.2.1. You can perform jailbreak with any utility. For iOS 4.2.1 you can also use them or GreenPois0n (Windows, Mac OS).
iPad 2 jailbreak is available only for iOS 4.3.3 via JailbreakMe and and iOS 5.0.1 via Absenthe.
iPhone 4S jailbreak is available for iOS 5.0 / iOS 5.0.1 via Absenthe.
iOS 4.3.3
Apple stopped signing iOS 4.3.3, so you cannot update to iOS 4.3.3 without SHSH keys saved (in advance some time ago). If you have iPhone 4, iPhone 3GS, iPad 1, iPod Touch 3G or iPod Touch 4G that run iOS 4.3.3 – use JailbreakMe or RedSn0w to untether jailbreak your device.
If you have saved SHSH keys for iOS 4.3.3 you can use PwnageTool (Mac OS) or Sn0wBreeze (Windows).
iOS 4.3.4/4.3.5
For iOS 4.3.4/4.3.5 only tethered jailbreak is possible with redsn0w. Tethered means that each time you restart your device you will have to connect it to a computer and run redsn0w. The untethered iOS 4.3.5 jailbreak is possible only for iPhone 3GS with old bootrom. You can detect your bootrom version using this tutorial.
iOS 5
To jailbreak and unlock iOS 5 use latest version of redsn0w 0.9.9 or sn0wbreeze 2.8. You can jailbreak tethered or semi-tethered.
The untethered iOS 5 jailbreak is possible only for iPhone 3GS with old bootrom. You can detect your bootrom version using this tutorial.
iOS 5.0.1
For iPhone 4/3GS, iPad 1, iPod Touch 3G/4G an untethered jailbreak is available for iOS 5.0.1. For untethered jailbreak use the latest redsn0w 0.9.10 or Corona – package from Cydia to untether currently installed tethered jailbreak.
Tutorial how to untether installed tethered jailbreak is available here.
For iPhone 4S and iPad 2 use Absenthe.
For tethered iOS 5.0.1 jailbreak you an use redsn0w 0.9.9 and sn0wbreeze 2.8.
iOS 5.1 / iOS 5.1.1
For now only tethered jailbreak is available for iPhone 4/3GS, iPad 1 and iPod Touch 3G/4G for iOS 5.1 and iOS 5.1.1.
We are receiving more and more questions about JailbreakMe supporting particular iOS version and device. Here is a useful table that shows which firmwares can be jailbroken by JailbreakMe and which are not supported. Take a look:
iH8Sn0w released Sn0wBreeze 2.8b7, which adds jailbreak support for the latest iOS 5 beta 7 firmware.
Sn0wBreeze creates custom firmware and allows users to preserve baseband for unlock (ultrasn0w doesn’t work with iOS 5 yet). This new version also adds hacktivation and removes UDID developer check. This means that you can try iOS 5 without developer account from Apple.
You can download Sn0wBreeze 2.8b7 for Windows here.
sn0wbreeze v2.8b7 – Release Notes
———————————
* Now jailbreaks iOS 5 beta 7.
* Still removes UDID Developer check + Beta timer.
* Still has the ability to hacktivate.
* Still preserves the baseband (as always!).
———————————
Tethered?
———————————
* iPhone 3GS (old bootrom)…..NO
* iPhone 3GS (new bootrom)….YES
* iPhone 4 (GSM)…………..YES
* iPhone 4 (CDMA)………….YES
* iPod Touch 3G……………YES
* iPod Touch 4…………….YES
* iPad 1G…………………YES
———————————
** REMEMBER TO BOOT WITH “iBooty” **
———————————
The iPhone Dev-Team has released RedSn0w 0.9.8b3 which can perform a tethered jailbreak on iOS 4.3.4. This means that you will have to connect your device to a computer and run redsn0w each time you restart.
For the convenience of kernel hackers like @comex and @i0n1c, we have a new redsn0w 0.9.8b3 that supports a TETHERED jailbreak for iOS 4.3.4 on all devices that have 4.3.4 except the iPad2. The vast majority of people will want to stay back at 4.3.3 because that’s where the untethered jailbreak is! There are no new features in 4.3.4 – only fixes for jailbreak exploits.
Also, this is a good time to remind everyone (since we’re still seeing confusion about this): iPad2 owners with a baseband (3G or CDMA) cannot currently use saved blobs to go back to 4.3.3 once the signing window is closed. This is unlike every other device, so don’t be confused! iPad2 owners with basebands should stay away from all updates to maintain your jailbreak!
This jailbreak works with iPhone 3GS, iPhone 4, iPad 1, iPod Touch 3G and iPod Touch 4G. It does not work with iPad 2.
You can download RedSn0w 0.9.8b3 from here: (Mac, Windows)
Apple has released iOS 4.3.4 to block the PDF exploit used by comex in JailbreakMe utility. JailbreakMe can wireless jailbreak all devices on iOS 4.3.3.
iOS 4.3.4 Software Update
Fixes security vulnerability associated with viewing malicious PDF files.
iH8Sn0w has released a new version of Sn0wBreeze 2.8 b4 with iOS 5.0 beta 3 jailbreak support. Sn0wBreeze is a so-called PwnageTool for Windows, an application that creates a custom ipsw with jailbreak preserving old baseband.
The jailbreak is tethered for iPhone 4, iPhone 3GS (new bootrom), iPad, iPod Touch 3G and iPod Touch 4G. Jailbreak is untethered for iPhone 3GS with old bootrom.
---------------------------------------------
sn0wbreeze v2.8b4 -- For iOS 5.0 b3(9A5259f)
---------------------------------------------
* Intended only for developers (as usual).
* Hacktivation is disabled (again).
* MAKE SURE YOU UPDATE TO iTunes 10.5 BETA 3!
---------------------------------------------
Supported Devices/Tethered?
---------------------------------------------
iPhone 3G[S] (old bootrom) [UNTETHERED]
iPhone 3G[S] (new bootrom) [TETHERED]
iPhone 4 (GSM) [TETHERED]
iPhone 4 (CDMA) [TETHERED]
iPod Touch 3G [TETHERED]
iPod Touch 4 [TETHERED]
iPad 1G [TETHERED]
---------------------------------------------
Those wondering, the jailbreakme exploit
cannot be integrated into applications
such as PwnageTool/redsn0w/sn0wbreeze.
---------------------------------------------
redsn0w seems to be having sandbox errors
due to it using the old b1 kernel.
I and many others have not seen any issues
with sn0wbreeze related to AppStore apps.
If you prefer to use redsn0w, I am sure
@MuscleNerd is working on a fix.
---------------------------------------------
Download --> http://is.gd/sb28b4
---------------------------------------------
// iH8sn0w
iOS 5 beta 3 is jailbreakable by RedSn0w 0.9.8 b1. DevTeam hacker MuscleNerd has confirmed that the RedSn0w 0.9.8 b1 jailbreak works on recently released iOS 5 Beta 3. All you have to do is to point it to a downloaded iOS 5 beta 1 firmware ipsw.
Today’s 5.0b3 can be jailbroken with last month’s redsn0w http://is.gd/6eek4Y (point it at 5.0b1 IPSW..devs only please!)
RedSn0w 0.9.8 b1 jailbreak works on all devices, exect iPad 2. This means you can get a tethered jailbreak on Windows and Mac OS for iPhone 3GS, iPhone 4, iPod Touch 3G, iPod Touch 4G and iPad 1.
You can download RedSn0w 0.9.8 b1 for Windows and Mac OS here.