Jailbreak iPhone, iPod Touch, iPad

The ‘dream team‘ of iPhone hackers has made more progress on the A5 jailbreak with planetbeing just announcing that they’re out of Apple’s sandbox.

And we’re out of the sandbox with @saurik’s invaluable help! (well, at least there’s a PoC) Turning out more complex than X-Gold 618.

pod2g also mentioned progress in twitter:

@planetbeing escaped from the sandbox with the help of @saurik. Thanks to their awesome work, there should be nothing left blocking for the A5 jailbreak. Now it should be a matter of days. Still no precise ETA of course.

Now that the team has been successful in breaking out of Apple’s sandbox (which lets them run unsigned code) they’ll focus their attention on writing the Mac OS X and Windows software utilities.

“Now it should be a matter of days” means that jailbreak utilities will be released very soon, maybe next week.

It looks like iPad 2 and iPhone 4S untethered jailbreak will truly be a team effort. Recently another hacker Saurik joined the team and made “some major contributions” yesterday.

Last week Pod2g announced that Planetbeing, MuscleNerd, and P0sixninja joined his effort to release an untethered iOS 5.0.1 jailbreak of the iPhone 4S and iPad 2 (A5 CPU devices).

Today, MuscleNerd noted that the team has received some major contributions from saurik:

props to @saurik for major contributions to the A5 version of @pod2g’s untether yesterday! (still no ETA, but moving forward)

Pod2g also thanked planetbeing for his help in escaping from the sandbox.

And greetings to @planetbeing for the coding + research. Really great stuff to escape from the sandbox.

Good news, that means that there is progress and we might see utility sometime this month.

UPDATE:
Pod2g has also addressed the request that the untethered jailbreak be released to developers. He previously revealed that there is a working jailbreak that requires a developer account.

Sorry, we can’t release the A5 for the developers, the exploit used have to be kept secret. I know this is unfair.

Pod2g has recently announced that Planetbeing, MuscleNerd, and P0sixninja have joined his effort to release an iOS 5.0.1 untethered jailbreak for the iPhone 4S and iPad 2.

@planetbeing, the legendary hacker behind iPhone Linux and lot of jailbreaks has joined the A5 research! The famous @MuscleNerd, the leader of the iPhone Dev Team, who did a lot of tests for Corona and whom integrated it and made it simple in redsn0w is willing to help also. And last, but not least @p0sixninja, the leader of the Chronic Dev Team, and my partner for years on iPhone security research has started to code and fuzz the Apple sandbox.

That means that we now have a dream team to create a public release of the A5 jailbreak.

Several day ago pod2g posted information why the A5 jailbreak had not been released yet. The key reason being that the exploit used for A4 devices (called limera1n) doesn’t work on A5 devices. The untethered iPhone 4S and iPad 2 jailbreak that we have seen on videos and photos was created relying on having a developer account.

We are sure that planetbeing, MuscleNerd, p0sixninja and pod2g is just a great team. Hopefully they will find necessary exploit and implement it fast, because Apple might release 5.0.2 or 5.1 and fix untathered.

Untethered jailbreak for iOS 5.0.1 has already been released. While there is no reason not to update to iOS 5.0.1, there might be some users who would like to stay on iOS 5 and have untethered jailbreak there too.

Famous hacker Joshua Hill (nickname p0sixninja) has recently posted via twitter that an untethered jailbreak for iOS 5 will be released soon after testing.

@p0sixninja: 5.0 untether will be coming soon, we still have some testing and bugs to work out

Hacker pod2g is currently busy working on iOS 5.0.1 untethered jailbreak. He has recently posted an interesting update:

The jailbreak is near ready for prime time (excluding 4S and iPad 2).

For now the jailbreak is tested on all devices, including iPhone 4, iPhone 3GS, iPad 1, iPod Touch 3G and iPod Touch 4G. iPad 2 and iPhone 4S status is “work in progress”.

pod2g has also published a new video demo of iOS 5.0.1 untethered jailbreak for iPhone 4:

http://www.youtube.com/watch?v=qdF58anFtiQ

UPDATE: official ultrasn0w with iOS 5.0.1 released!

This tutorial is for those users of locked iPhone 3GS and iPhone 4, who updated to iOS 5.0.1 and realized that ultrasn0w unlock doesn’t work there.

Indeed DevTeam have not updated software unlock utility ultrasn0w to work with the latest iOS 5.0.1. There are two workarounds, that will make ultrasn0w work on 5.0.1.

Read the rest of this entry »

Chronic Dev Team is almost done with a much anticipated untethered jailbreak for iOS 5 and iOS 5.0.1. Team member and French hacker pod2g just released a video showing off the jailbreak. It looks to be near-complete and functioning properly. Take a look:

pod2g even created a blog, where he plans to post the most recent news about his progress:

Today I succeed in jailbreaking my iPod 3G. The exploit is user-land, rely on a user ROP payload and a kernel write anywhere exploit.

I can’t give much details right now, but here are the next steps :
- upgrade the iPod 3G to iOS 5.0.1
- do the same on iPhone 4 / iOS 5.0.1
- then iPad 1 & iPod 4G

At every step, the exploit code needs certainly to be reworked, but I really don’t know right now. Next, I’ll return to the research for iPad 2 and iPhone 4S. I don’t know if I gonna release first for other devices or not. I’ve to think about it. Feel free to give your opinion.

The Chronic Dev-Team has released CDevReporter, their new tool that lets you help find jailbreak vulnerabilities, for Windows.

You can download the Mac and Windows versions of CDevReporter here:

• cdev_reporter-mac-1.0_beta.zip
• cdev_reporter-win-1.0_beta.zip

More information is available in our recent post “Want untethered iOS 5 jailbreak? Help hackers to find new exploits!“.

Semi-tethered jailbreak is already available for some devices for both iOS 5 and iOS 5.0.1. But we all want untethered jailbreak and we want jailbreak for iPad 2 and iPhone 4S. So why not help hackers to find new exploits and vulnerabilities?

The Chronic Dev-Team has a released a tool to collect crash reports from iOS devices in order to find vulnerabilities that could lead to an untethered jailbreak.

The idea is very simple. When your iPhone, iPad or iPod Touch crashes it sends data to Apple (you can turn it this off though). Apple uses these reports to update iOS in the future. By the way, it also uses them to fix exploits found by jailbreakers. P0sixninja says that Apple closed several exploits they have found in IOS 5 beta before the final version of the software was released.

In order to find more vulnerabilities as fast as possible, the team has developed a tool which will copy the crash reports from your device and analyze them to locate potential exploits. The tool will also remove the crash reports from your device and modify your iTunes installation to prevent uploading of that diagnostic information to Apple.

Read the rest of this entry »

Apple has recently released iOS 5.0.1. It is still tethered jailbreakable. However if you want untethered jailbreak or unlock – you should stay away from 5.0.1

Earlier this week pod2g reported that a code signing bug found in iOS 5.0 will make it easier for hackers to develop a full jailbreak for iOS 5 firmware version. That bug might have been closed in iOS 5.0.1. UPDATE: According to pod2g the bug is still present, but harder to exploit because another exploit found by Charlie Miller is fixed in iOS 5.0.1.

Also, MuscleNerd via twitter has warned iOS users that there is no downgrade from iOS 5.0.1 to iOS 5.0 yet and he recommends to wait until downgrade mechanism is available.

Jailbreakers and unlockers should avoid today’s 5.0.1 until a flow for downgrading to 5.0 is developed.

Downgrade flow needs to be modified for AP “nonce” http://is.gd/b3G0io … saved SHSH blobs are not enough to downgrade to 5.0