Jailbreak iPhone, iPod Touch, iPad

MuscleNerd from the iPhone Dev-Team has posted some details on the upcoming untethered jailbreak from pod2g.

All info below is tentative and subject to last minute refinements

@pod2g’s 5.1.1 jailbreak+untether is working out great. All devices are covered except for AppleTV3,1, which currently has no path for jailbreaking.
- the initial 5.1.1 plan used a kernel exploit from @westbaer which unfortunately precluded use in iPod3,1 and iPhone2,1
- @planetbeing stepped up and provided a kernel exploit that covers both of those. Those two JBers are the bomb!

The 5.1.1 A5 JB is very similar to the A5 5.0.1 JB. @pimskeks has done a tremendous job supporting both 5.0.1 and 5.1.1 in absinthe

Similar to 5.0.1, there will also be a 5.1.1 CLI “cinject” binary and redsn0w version of the 5.1.1 JB+untether. Absinthe, cinject, and redsn0w will all provide the same JB in different fashions.
- timing is indeterminate. Plans are for this week, but a number of factors can influence that.

For those wishing to donate, we’ve set up a new 5.1.1 paypal URL: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=4U6DQGJ2NRVUN

Please don’t pirate AppStore apps (seriously, please do not).

Pod2g has announced the discovery of 2 new vulnerabilities in his quest to jailbreak the iPhone.

News: a productive week-end. Found 2 big vulnerabilities. 1 kernel land and 1 root land.

Too bad I have to be secret again…

Last week pod2g noted that a jailbreak of iOS 5.1 would take at least a month to complete. We’ll post more information about how these new vulnerabilities will affect that schedule as soon as we hear more.

If the kernel land vulnerability is exploitable this could provide a jailbreak for the device no matter the firmware.

Now we have some estimations regarding the release of the iOS 5.1 untethered jailbreak. Pod2g noted that it is at least a month away.

ETA for 5.1 JB: no clue! We’re going to set pieces of the puzzle together this week. We could have issues… Could be 1 month maybe 2…

I know 1 month seems long, but it’s short to work on a project like this when it’s a hobby and you’ve other things to do as well.

Last week, pod2g reported that the Chronic Dev-Team has all the exploits required to release an untethered jailbreak of iOS 5.1 for all devices, including iPad 3, iPad 2 and iPhone 4S. However it would take some time to put it together into a useable release.

A new unlock has been discovered that works for all iPhones and all 5.x firmware versions, all basebands are supported.

The method discovered by Loktar_Sun appears to exploit a logical bug in Apple’s server and can be performed on any jailbroken iOS device. His procedure involves using Sam Bingner’s SAM (Subscriber Artificial Module) package to perform a series of steps that unlocks your phone to use a specific SIM.

It has been confirmed working by iPhone Dev-Team member MuscleNerd who notes an update may be coming to SAM from @sbingner to make the procedure simpler.

We will post detailed step by step unlock instructions soon.

UPDATE: Tutorial is ready! You can find it here.

Pod2g has bypassed ASLR at bootup, making progress towards the public release of an iOS 5.1 jailbreak. ASLR is a security method that randomly arranges important data areas. This is one more step toward untethered iOS 5.1 jailbreak for all devices including iPhone 4S, iPad 2 and new iPad 3.

ASLR seems bypassed! Weird machines FTW. Time to ROP the payload.

Earlier this week pod2g revealed that the Chronic Dev-Team now has all the exploits required to release a userland jailbreak of iOS 5.1. It takes time to put them together in a public ready tool.

The iPhone Dev-Team has updated RedSn0w to jailbreak the iPhone 4S and iPad 2 on iOS 5.0.1.

Version 0.9.10b7 of redsn0w adds a collection of useful features: It finally implements the corona-A5 jailbreak for iPhone4S and iPad2 devices still at 5.0.1. It can also re-install that jailbreak for those who accidentally uninstalled the untether. When stitching an IPSW, it can now grab your blobs directly from Cydia. It now shows a lot more info about your device (for instance, whether your iPhone3G has the vulnerable baseband boot loader, or whether your iPhone3GS has the old exploitable bootrom. (And the next new feature to be added will be built-in restore support, to provide an alternative to iTunes restores.)

Previously you needed to use Absinthe to jailbreak the iPhone 4S and iPad 2.

You can download the new version of RedSn0w from here.

We will update our tutorials soon.

Famous hacker pod2g has announced that the Chronic Dev-Team now has all the exploits required to release a userland jailbreak for iOS 5.1.

News: we have all exploits required to do a new jailbreak. I’m working on bypassing ASLR at bootup.

Last month Pod2g said that the team only had a few pieces of a userland jailbreak. Now that the team has them all, it will still take some time to put them together in a public ready tool.

Since this is a userland jailbreak, it will be the first publicly available jailbreak of the iPad 3. I0n1c has demonstrated a jailbreak of the new device, however, he’s said he will not release his jailbreak to the public.

Famous hacker I0n1c has just announced the successful jailbreak of iOS 5.1 on the iPad 2. He posted several prove pictures on Twitter.

No details yet, no dates for utilities and etc. No info whether this is jailbreak is untethered or not.

The exploit is probably in the OS and might be used for the iPad 3 jailbreak as well. I0n1ic hints, “Anyway so maybe the iPad 3 will not be jailbroken tomorrow, but on Monday or whenever I get my iPad 3.”

Gevey has announced the Gevey Ultra S SIM interposer which unlocks iPhone 4S without the need for dialing 112 or jailbreaking. The makers claim to be using a new exploit that ‘fully unlocks’ the device.

Pre-Order ONLY (Shipping ETA Between March 3-March 7)

GEVEY Ultra S for GSM iPhone 4S

• No Need to Dial International Emergency Number 112
• Untethered Unlock with no Jailbreak Required
• Compatible with all GSM iPhone 4S SIM Cards (Does not work on CDMA iPhone)
• Complete Unlock with all 2G and 3G data services
• No SIM Card Cutting or Physical Modifications
• Works on iOS 5.0, 5.0.1
• Works on Baseband 1.0.11, 1.013, 1.0.14
• Guaranteed Better Reception than Previous
• Decreased Power Consumption

Gevey Ultra S is available for $54.99 here.

Take a look at video demonstration:

iH8sn0w has released new version of popular jailbreak utility Sn0wBreeze 2.9. Sn0wbreeze is used to create a custom firmware with jailbreak and preserve iPhone modem (baseband) version for unlock. New version 2.9 adds support for untethered iOS 5.0.1 jailbreak as well as support for all firmwares supported by previous versions of sn0wbreeze.

For now Sn0wBreeze 2.9 supports untethered jailbreak for iOS 3.1.3, 3.2.x, 4.0.x, 4.1, 4.2.1 – 4.2.8, 4.3 – 4.3.3 and 5.0.1. Supported devices are: iPhone 2G, iPhone 3G, iPhone 3GS, iPhone 4, iPad 1, iPod Touch 2G, iPod Touch 3G, iPod Touch 4G.

UPDATE: sn0wbreeze updated to 2.9.1

You can download Sn0wBreeze 2.9.1 here.

Here is official changelog:

sn0wbreeze v2.9 [Two year anniversary]

• Happy birthday sn0wbreeze!
• Brought back old firmware support in one release!
• GUI Improvements
• You can now build IPSWs with TinyUmbrella/iFaith blobs!
• Removes OTA Updates/badge on iOS 5.x.x+ devices.
• Added an IPSW Downloader
• Built-in iREB functionality updated from newest iREB r5 module.
• Custom Packages in Expert actually works now.
• All supported firmwares in this release are untethered.
• A5 devices are NOT supported at this time due to no public DFU/iBoot exploit.

Supported iOS Revisions:

• iOS 3.1.3
• iOS 3.2.x
• iOS 4.0.x
• iOS 4.1
• iOS 4.2.1 – 4.2.8
• iOS 4.3 – 4.3.3
• iOS 5.0.1
• iOS 4.3.4/4.3.5/4.4.x/5.0 support coming soon