Jailbreak iPhone, iPod Touch, iPad

Recently Vupen, which is a French security firm, posted an advisory that contained information about two critical security vulnerabilities in Apple’s iOS. After a while hacker comex used these flaws to create a jailbreak, which is now widely known and available on JailbreakMe.com.

But according to Reuters, yesterday Apple decided to react and its spokeswoman Natalie Harrison revealed that the company is currently investigating Vupen’s advisory. So it looks like these exploits are going to be fixed soon!

Here’s what hackers tweeted about new Apple firmwares 4.0.1 for iPhones and 3.1.2 for iPad:

DevTeam:

As with *any* new FW, jailbreakers + unlockers must avoid this upcoming 4.1 update until our tools are updated

3GS, ipt3G, iPhone4 users (regardless of current FW or JB status) should backup 4..0 SHSH blobs http://is.gd/dskh9 soon

MuscleNerd:

Obviously avoid today’s 4.0.1 update until JB tools are updated. Luckily, no baseband change so ultrasn0w lives on

each FW version has unique blobs. But using http://is.gd/dskh9 you can get 4.0 blobs on PC while you stay at 3.1.2

Hah for those iPhone3G or ipt2g(non-MC) users at 4.1beta1: use redsn0w from 2 wks ago to JB http://is.gd/dstU3

Comex:

3.2.1 and 4.0.1 out. if you want an unlock, DO NOT UPDATE. No, the jailbreak is not ready yet.

by the way, there is absolutely no reason to update to 4.0.1. it only improves the formula for _displaying bars_, not actual signal

Planetbeing:

There’s no baseband update, so signal strength or radio performance cannot have improved.

Hey guys, I recommend any iPhone 4 users who need jailbreak or unlock use http://3.ly/zN58 to back up their SHSHs NOW, and not upgrade.

iH8sn0w:

WARNING: 3.2.1 for the iPad is out. It KiLLS the Spirit Exploit. 4.0.1 is out too (not for the iPad though)

Finally the jailbreak for iPad, iPhone and iPod Touch from the Dev Team is available for download. It’s free and untethered and it’s called “Spirit”. The jailbreak supports every iDevice with firmware version 3.1.2, 3.1.3 or 3.2.

If you have iPhone 3GS or an iPad you should backup your SHSH blobs before using the jailbreak. ECID SHSH or SHSH blob is a unique signature given to every Apple mobile device. When you decide to restore the firmware on your iPhone, iPod Touch or iPad, Apple servers checks this signature.

As you know, if a new firmware is released it becomes impossible to restore the older firmware from iTunes. But Cydia creator tuned up a new server and now it mimics Apple’s verification server and saves your older SHSH blobs so that you can restore back your device to the older firmware. Without having your SHSH blobs saved you may accidentally update new firmware and then you not only lose your jailbreak but also won’t be able to restore the older firmware to re-jailbreak your device.

This is also important because there is a big possibility that Apple will soon find out what exploit is used by the jailbreak and then it will be patched in the form of new firmware.

You can save your SHSH blob in three ways. Here is a guide to make it using AutoSHSH.

1. Download AutoSHSH. (Latest version is here).



2. Start AutoSHSH and plug in you iPhone/iPod Touch/iPad in recovery mode (only one device at a time). Recovery mode launches when you turn off your device and hold down the “Home” button when connecting the USB cable. Then you must see “Connect to iTunes” message and logo on your device.



3. In AutoSHSH click on “Grab my SHSH Blobs Automatically”. When the app will grab the signature you must choose whether you want to save it locally or not. Do not forget where you saved the signature. In the end of the procedure AutoSHSH will also upload it to saurik’s server.

If you have some problems with using AutoSHSH to save your blobs, write it in comments or try saurik’s method or Firmware Umbrella instead.

Now, when you saved you SHSH blobs, you can make the jailbreak. It is recommended for you to sync your device with iTunes beforehand. Then use the following guide:

1. Download “Spirit” (link for Windows, link for Mac OS X).
2. Plug in your device (it will be instantly recognized).
3. Hit the “Jailbreak” button.

That’s all!

Additionally here is a video tutorial for jailbreaking:

Please note that Spirit is not a carrier unlock so it won’t allow you to use unauthorized wireless carriers. The jailbreak is also “sort of beta”, so it may be buggy. DevTeam notifies that some apps in Cydia that are NOT designed for iPad may crash your system and require you to restore so be careful.

Recently MuscleNerd, the member of DevTeam, reported the presence of an interesting security bug in Safari for the iPhone. It will probably allow a quick remote jailbreak of iPhone or iPod Touch simply by connecting the device to an external website created for this purpose.

The bug was discovered by two hackers Ralph Phillip and Vincenzo Iozzo, who won the prize of $15 000 during CanSecWest. Their initial idea was to use a web portal to do the exploit of the SMS database and retrieve it’s content.

A few hours ago we wrote about new group of hackers who claimed to have found a new exploit for the iPhone 3GS and iPod Touch with new iBoot. With this Gull1Hack utility you should be able to perform the untethered Jailbreak even on new devices. Here is a new demo video:

What do you think? Fake?

A new group of hackers claim they found a new exploit for the iPhone 3GS and iPod Touch with the new BootRom. This means that jailbreak for iPhone 3GS (late models) and iPod Touch 2G (MC) and iPod Touch 3G will be available.

We just found an amazing Exploit in the Boot-System of the 3GS with the new Bootrom! This Exploit works on ALL iPhone and iPod Touches!

The tool will be called Gull1hack. The operation is very simple and the code is sent when the device is in recovery mode, just like Blackra1n and Redsn0w do. This jailbreak tool has been neither confirmed by Geohot nor from the DevTeam. Many users think this is fake. We’ll see.

Here’s a video with Gull1hack in action:

It looks like Apple has started banning iPhone hackers from the iTunes App Store.

A few day ago Sherif Hashim, the iPhone developer and hacker, tweeted that he had found an exploit in the latest iPhone OS 3.1.3, which could enable the unlock on 05.12.01 baseband for iPhone 3GS and iPhone 3G. Yesterday he has been banned by Apple for the so called “security reasons”. It seems that Apple is quite angry! Here is what Sherif gets when he tries to access App Store from his iPhone:

Sherif Hashim’s Tweets:

“Your Apple ID was banned for security reasons”, that’s what i get when i try to go to the app store, they must be really angry ))))

and guess what my apple ID was, “sherif_hashim@yahoo.com”, what a fool was me not to notice )), can’t help laughing, they are babies ))

Another iPhone hacker named iH8sn0w, the developer of Sn0wbreeze (PwnageTool alternative for Windows), tweeted saying he was also banned by Apple right after he released an exploit known as XEMN:

@sherif_hashim lol, they did that to my ih8sn0wyday[@t]googmail.com too. (right after I posted XEMN)…

For now Apple isn’t banning Jailbreakers – they’re banning people who actively work to find exploits in the iPhone software to create Jailbreaks for the rest of us.

Sherif Hashim has discovered an exploit which may allow unlock of the latest iPhone OS 3.1.3 baseband 05.12.01. Such unlock utilities for previous baseband versions were called blacksn0w, ultrasn0w и and yellowsn0w. MuscleNerd, the member of DevTeam, has already confirmed it is working. So the timing of the unlcok release is totally up to them right now.

Here is an official update from DevTeam:

“We’ve started to look at his crash but it’s a long road between any given crash and a fully working unlock, and we couldn’t put an ETA on it even if we wanted to. It’s not even guaranteed that an working unlock will come from this particular crash — it’s just too early to tell.”

Apple has updated the BootROM for the iPhone 3GS to iBoot-359.32. This software upgrade is reportedly not vulnerable to an exploit hackers previously used.

MuscleNerd, a member of the iPhone Dev Team, noted this is the first time ever that Apple has done a BootROM update in the middle of a product line, without a new hardware model. The Dev Team is a group of hackers who release tools used to exploit the iPhone OS. With the new iBoot hackers will not be able to use “24kpwn” exploit.

This means that anyone who will buy an iPhone 3GS these days, will not be able to jailbreak and unlock it, probably for a very long time.

Geohot published new photo, where we can see the file called “ipt3_jailbroken”. This means that he was able to unlock the iPod Touch 3G and run the Jailbreak. He said that this the same exploit works with in iPhone 3GS firmware 3.0 and 3.1 native.

It looks like we will see his new tool with classic buttons to run the Jailbreak in 10 seconds quite soon.