Jailbreak iPhone, iPod Touch, iPad

Popular hacker MuscleNerd has denied rumors that a bootrom exploit has been found for the iPhone. Earlier today, he tweeted:

There is no A5+ bootrom exploit, by anyone. Not even a bootrom dump. Nothing.

Speculation that a bootrom exploit may have been found began after p0sixninja tweeted that he would be releasing something bigger than a jailbreak.

The bootrom exploit can devices permanently vulnerable to a tethered jailbreak regardless of iOS version. The last bootrom exploit was limera1n found by Geohot which supported A4 devices like iPhone 4 and below.

iOS 7 has been jailbroken. Popular iOS developer Ryan Petrich has posted a screenshot which appears to show Activator running on iOS 7.

Earlier today Petrich tweeted saying, “System version too new?”. Alongside the tweet was the picture below. The picture shows the Springboard of an iPod touch with an Activator icon and a UIAlert window which reads:

System Version Too New
Activator has not been tested to work with this version of iOS. Some features may not work as designed.

Notably, this alert does not seem to be a UIAlert that could be generated from within a sandboxed application, suggesting that device may be jailbroken.

It’s unclear what expoit was used by Petrich. Last year Apple had closed comex’s developer account based exploit that had been used by hackers to root their iDevices for two years.

Hacker p0sixninja recently announced that he has “got a lot of amazing things coming to you all soon. think bigger than jailbreak ” It’s been suggested that he may have found a bootrom exploit.

Well known iPhone hacker p0sixninja has teased the upcoming release of some ‘amazing things’ on Twitter that are bigger than a jailbreak.

Last night he tweeted:

I got a lot of amazing things coming to you all soon. think bigger than jailbreak

In March, p0sixninja revealed that he had found the exploits necessary to release a new jailbreak; however, as expected, he decided to hold those back for iOS 7 or iOS 7.1.

His new announcement hints at something better than a jailbreak which suggests that perhaps he has found a bootrom exploit. The last bootrom exploit was limera1n found by Geohot which supported the iPhone 4, iPhone 3GS, iPod Touch 4G, iPod Touch 3G, and iPad. The exploit made those devices permanently vulnerable to a tethered jailbreak.

MuscleNerd, a popular hacker and member of the evad3rs, has revealed that the upcoming iOS 6.1 jailbreak will support all 22 device variations and likely the atv2.

@MuscleNerd is every other device supported?

@unicornhacker yes, every other 6.1 device variation will be supported. All TWENTY-TWO of them (omg!). Plus atv2 if it’s out in time.

Unfortunately, with the exploit that’s being used, the Apple TV 3 will not be supported.

@MuscleNerd @evad3rs_jb So those of us with atv3 still have to wait for a bootrom

@arovik not necessarily. Although atv3 uses far fewer services that can be tampered with, it’s not isolated. But it can’t use this next JB

iH8Sn0w released Sn0wBreeze 2.9.7 that brings support for tethered jailbreak of iOS 6.0.1. New version supports iPhone 3GS, iPhone 4 and iPod Touch 4G. It does not work with A5/A6 devices, like iPad 2, iPad 3, iPhone 4S, iPhone 5, etc.

Sn0wbreeze can be used to create a custom firmware with jailbreak and preserve iPhone modem (baseband) version for unlock.

You can find the release notes below. You can download the latest version of Sn0wBreeze from here.

What is New?
● Added 6.0 (10A403)/6.0.1 (10A523) support. (Only includes iPhone 3GS & A4 devices).
● The 6.0/6.0.1 is currently a tethered based jailbreak via iBooty (except for iPhone 3GS old bootrom users).
● SAM is built-in for iOS 6 hacktivations. (Hacktivated phones can reboot to a semi-tethered state after being activated [rather than just hang at the Apple Logo]). Kudos @sbingner!

Downgrading:
● Use iFaith mode after selecting/downloading the appropriate IPSW for your device. You will then be prompted to browse for SHSH blobs for the IPSW you have selected.
● Remember to enter a PWNED DFU state with sn0wbreeze’s iREB button in the top bar of sn0wbreeze prior to (SHIFT + Restoring) the custom signed IPSW!

iREB & iOS 6:
Due to some changes in iOS 6, the current public standalone version of iREB will NOT enter a proper PWNED DFU state for restoring to custom iOS 6 IPSWs. An update for the standalone version should come sometime this week. In the meantime, use the iREB tab located in sn0wbreeze’s top status bar to enter a proper PWNED DFU state.

A5(X)/A6(X) Support?:
As stated many times in the past, sn0wbreeze cannot be updated to work on A5(X)/A6(X) devices until a low level exploit in DFU or iBoot is found and made public.

A5(X)/A6(X) Baseband Preservation/Hacktivation?
For those running A5(X)/A6(X) devices and need to preserve your baseband, there is nothing you can do at the moment. For those wanting to hacktivate, the only advice I can give is to buy the carrier’s SIM (the one its locked to obviously) on ebay. The SIM does not have to be active with the carrier to activate the phone.

Known Bugs/Issues:
● Windows 8 users currently need to use this workaround to run sn0wbreeze.
● iPad baseband will fail to flash on iOS 4.0 –> iOS 4.2.1 restores.
● iPod Touch 2G 4.x.x restores fail.

The iPhone Dev-Team has announced an updated version of RedSn0w and an upcoming update to UltraSn0w for iOS 6 compatibility.

Version 0.9.15b3 fixes the redsn0w “error 2601” that Windows users were seeing using the Restore button. It also fixes a related Windows iTunes error 14 for stitched files. Note that if you have a baseband, you should probably avoid stitching and simply use redsn0w’s native Restore (not iTunes).

Those lucky recipients of new iPad minis and iPad4s on Friday can use this redsn0w to save your 6.0 blobs off to Cydia. First connect your new device and turn it on, then use redsn0w’s Extras->SHSH Blobs->New and point it at the 6.0 IPSW.

Expect an ultrasn0w compatibility update for iOS 6.0 by Friday (mostly useful for 3GS old-bootrom users who are currently enjoying the untethered 6.0 jailbreak!). Same baseband support as with 5.x.

Thanks to @iamgolfy for helping test the 2601 Windows fix!

You can download the latest version of RedSn0w from here.

The iPhone Dev-Team has updated RedSn0w 0.9.15 with some bug fixes for iPhone 3GS and iPad owners.

Version 0.9.15b2 fixes a few issues for 3GS owners: old-bootrom awesomeness is no longer forgotten directly after a restore, and iPad baseband upgrade/downgrade support is fixed (same production date cutoffs apply!). If your 3GS is currently tethered at 6.0 even though you have an old bootrom, just re-run redsn0w’s Jailbreak step (no need to restore). Don’t forget you can add some pizzaz with your own boot logo or a nerdy verbose boot.

Redsn0w 0.9.15 brought gives us possibility to do iOS 6 jailbreak and different downgrade options.

You can download RedSn0w 0.9.15b2 here.

The iPhone Dev-Team has announced RedSn0w 0.9.15b1 which brings numerous new features including iOS 6 jailbreak for old devices, ability to restore to older firmware, manipulating SHSH blobs and etc.

iOS 6 jailbrak is tethered for iPhone 4, iPhone 3GS and iPod Touch 4G, untethered only for old iPhone 3GS with old bootrom. Tethered jailbreak means that each time you restart your device you will need to connect it to a computer and run redsn0w.

iPhone 4S, iPhone 5, iPad 2 and iPad 3 are not supported.

We will create our step-by-step tutorials soon.

You can download RedSn0w 0.9.15b1 here.

The iPhone Dev-Team has released RedSn0w 0.9.12b2. New version has some bugfixes and additional question about jailbreak mode for A4 devices.

Redsn0w allows owners of A4+earlier devices to install rocky-racoon two different ways:

• Backup/restore method similar to Absinthe and cinject.
• Traditional limera1n-based ramdisk install. It is much faster, especially for users with lot’s music, movies, apps on the device.

Redsn0w 0.9.12b2 will ask owners of iPhone 3GS, iPhone 4, iPod Touch 3G, iPod Touch 4G and iPad 1 what jailbreak mode they would like to use.

Starting with version 0.9.12b2, redsn0w will now explicitly ask users with limera1n-able devices whether they want to inject rocky-racoon using the DFU ramdisk method or the backup/restore method (the ramdisk method is better for those with lots of media on their device that would create very large backups, and it’s required for those with unactivated iPhones). If you’ll always want to use limera1n, you can select that in the Preferences pane. It also fixes an iBooks issue on old-bootrom 3GS iPhones, and provides more useful error messages when things go wrong.

RedSn0w 0.9.12b2 supports untethered iOS 5.1.1 jailbreak for all devices:

• iPhone 3GS
• iPhone 4
• iPhone 4S
• iPad 1
• iPad 2
• new iPad 3
• iPod Touch 3G
• iPod Touch 4G

You can download RedSn0w 0.9.12b2 here.

iOS 5.1.1 untethered jailbreak tutorial using Redsn0w is available here.