Jailbreak iPhone, iPod Touch, iPad

Looks like it is possible to make any A5(X) device jailbreakable once and forever. Well, at least this is what iH8sn0w tweeted yesterday. What this all means is that your iPhone 4S, iPad 2, iPad 3, iPad mini, Apple TV 3G, and iPod touch 5G can be jailbroken literally for life.

Here’s what iDownloadBlog writes:

“So looks like all my A5(X) devices are fully untethered and jailbroken for life now. ” iH8sn0w, the developer behind Sn0wBreeze and other jailbreak apps, tweeted this afternoon. The comment has caused quite a bit of excitement, as we haven’t seen anything like this in jailbreaking since LimeRa1n.

There’s no information as to how all this stuff works. All we know is that the hacker used a “powerful iBoot exploit.”

Unfortunately (or fortunately, who knows?), iH8sn0w plans not to release the exploit and keep it private, as he says, “for development of future jailbreaks.”

Popular hacker MuscleNerd has denied rumors that a bootrom exploit has been found for the iPhone. Earlier today, he tweeted:

There is no A5+ bootrom exploit, by anyone. Not even a bootrom dump. Nothing.

Speculation that a bootrom exploit may have been found began after p0sixninja tweeted that he would be releasing something bigger than a jailbreak.

The bootrom exploit can devices permanently vulnerable to a tethered jailbreak regardless of iOS version. The last bootrom exploit was limera1n found by Geohot which supported A4 devices like iPhone 4 and below.

Well known iPhone hacker p0sixninja has teased the upcoming release of some ‘amazing things’ on Twitter that are bigger than a jailbreak.

Last night he tweeted:

I got a lot of amazing things coming to you all soon. think bigger than jailbreak

In March, p0sixninja revealed that he had found the exploits necessary to release a new jailbreak; however, as expected, he decided to hold those back for iOS 7 or iOS 7.1.

His new announcement hints at something better than a jailbreak which suggests that perhaps he has found a bootrom exploit. The last bootrom exploit was limera1n found by Geohot which supported the iPhone 4, iPhone 3GS, iPod Touch 4G, iPod Touch 3G, and iPad. The exploit made those devices permanently vulnerable to a tethered jailbreak.

iH8Sn0w released Sn0wBreeze 2.9.13 that still supports untethered jailbreak of iOS 6.1.2. Version 2.9.13 fixes several issues and bugs found in earlier sn0wbreeze releases.

Sn0wbreeze 2.9.13 supports iPhone 3GS, iPhone 4 and iPod Touch 4G. It does not work with A5/A6 devices, like iPad 2, iPad 3, iPhone 4S, iPhone 5, etc.

Sn0wbreeze can be used to create a custom firmware with jailbreak and preserve iPhone modem (baseband) version for unlock. It can also be used to upgrade iPhone 3GS modem version to 06.15.

You can find the release notes below. You can download the latest version of Sn0wBreeze from here.

Our step-by-step tutorials:

• iPhone 4
• iPhone 3GS

What is New?

• 2.9.13: Ugh. More rootfs bug fixes.
• 2.9.12: Finally fully fixed iPhone3,2 limera1n payload injection issues.
• 2.9.12: Fixed root filesystem partition re-sizing issues on 5.x.x/6.x.x.= (again :p).
• 2.9.11: Fixed bug with Cydia having “compatibility-issues” with the untether package on 6.1.2.
• 2.9.10: Added Apple TV 2 iOS 5.2 sandbox fix. (thanks @nitoTV!)
• 2.9.10: Added iOS 6.1.2 support for 3GS/A4 devices (as usual).
• 2.9.9: Fixed issue with device not showing up in iTunes/xcode.
• 2.9.9: Fixed bug when building iPhone3,2 (iPhone 4 GSM-Rev2) IPSW.
• 2.9.9: Apple TV 2 bug fixes.
• 2.9.9: Now adds evasi0n untether directly to Cydia (for future updates).
• Added 5.2/6.0.x/6.1 untethers provided by evad3rs
• Added iOS 6.1 support for iPhone 3GS, and A4 devices.
• Fixed Hacktivation issues on 6.0.x.
• Fixed some iFaith mode bugs.

The iPhone Dev-Team has released RedSn0w 0.9.12b2. New version has some bugfixes and additional question about jailbreak mode for A4 devices.

Redsn0w allows owners of A4+earlier devices to install rocky-racoon two different ways:

• Backup/restore method similar to Absinthe and cinject.
• Traditional limera1n-based ramdisk install. It is much faster, especially for users with lot’s music, movies, apps on the device.

Redsn0w 0.9.12b2 will ask owners of iPhone 3GS, iPhone 4, iPod Touch 3G, iPod Touch 4G and iPad 1 what jailbreak mode they would like to use.

Starting with version 0.9.12b2, redsn0w will now explicitly ask users with limera1n-able devices whether they want to inject rocky-racoon using the DFU ramdisk method or the backup/restore method (the ramdisk method is better for those with lots of media on their device that would create very large backups, and it’s required for those with unactivated iPhones). If you’ll always want to use limera1n, you can select that in the Preferences pane. It also fixes an iBooks issue on old-bootrom 3GS iPhones, and provides more useful error messages when things go wrong.

RedSn0w 0.9.12b2 supports untethered iOS 5.1.1 jailbreak for all devices:

• iPhone 3GS
• iPhone 4
• iPhone 4S
• iPad 1
• iPad 2
• new iPad 3
• iPod Touch 3G
• iPod Touch 4G

You can download RedSn0w 0.9.12b2 here.

iOS 5.1.1 untethered jailbreak tutorial using Redsn0w is available here.

The iPhone Dev-Team has released updates to RedSn0w and PwnageTool that bring support for the iOS 5.1.1 untethered jailbreak.

RedSn0w 0.9.12b1 supports untethered iOS 5.1.1 jailbreak for all devices:

• iPhone 3GS
• iPhone 4
• iPhone 4S
• iPad 1
• iPad 2
• new iPad 3
• iPod Touch 3G
• iPod Touch 4G

PwnageTool 5.1.1 allows to create custom firmware and preserve modem version for unlock with ultrasn0w or Gevey. PwnageTool 5.1.1 supports all A4 devices:

• iPhone 3GS
• iPhone 4
• iPad 1
• iPod Touch 3G
• iPod Touch 4G
• Apple TV 2G

You can download RedSn0w 0.9.12b1 here and PwnageTool 5.1.1 here.

iOS 5.1.1 untethered jailbreak tutorial using Redsn0w is available here.

Official DevTeam comments:

RedSn0w
redsn0w allows owners of A4+earlier devices to install rocky-racoon two different ways:

• backup/restore method similar to Absinthe and cinject
• its traditional limera1n-based ramdisk install. If you have a lot of media on your A4 device (music, movies, TV shows, etc), then the ramdisk method is preferrred because it avoids any possibility of later problems related to syncing to iCloud (including Photo Stream and Music Match). The ramdisk method is not available for A5 devices or later because limera1n can’t be used. If you’d like to use redsn0w’s ramdisk method, just be sure to put the A4 device in DFU or Recovery mode before starting redsn0w (otherwise it will immediately start to use the backup/restore method).

We’ve also added a new redsn0w feature specifically for those who got in on the SAM unlock: you can now include your SAM tickets as part of your initial ramdisk jailbreak of iPhone4 or earlier, or alternatively you can upload your SAM tickets to any device after its been jailbroken. redsn0w accepts either the individual SAM activation ticket plist file, or the entire zip file created by redsn0w’s “Backup” button. As usual, redsn0w continues to cover all of its previous jailbreaks and untethers (so redsn0w-0.9.12b1 covers everything from 5.1.1 all the way back to 4.1).

PwnageTool
PwnageTool also avoids any possible sync issues, but again it applies only to A4+earlier devices. If you unlock your iPhone with ultrasn0w or a commercial method, you must use PwnageTool to avoid updating your baseband otherwise you’ll lose the unlock. PwnageTool will also jailbreak+untether the AppleTV2,1 5.0_2B206f (unless you customize the IPSW further, you’ll have just basic SSH access to the device).

Pod2g has recently announced that Planetbeing, MuscleNerd, and P0sixninja have joined his effort to release an iOS 5.0.1 untethered jailbreak for the iPhone 4S and iPad 2.

@planetbeing, the legendary hacker behind iPhone Linux and lot of jailbreaks has joined the A5 research! The famous @MuscleNerd, the leader of the iPhone Dev Team, who did a lot of tests for Corona and whom integrated it and made it simple in redsn0w is willing to help also. And last, but not least @p0sixninja, the leader of the Chronic Dev Team, and my partner for years on iPhone security research has started to code and fuzz the Apple sandbox.

That means that we now have a dream team to create a public release of the A5 jailbreak.

Several day ago pod2g posted information why the A5 jailbreak had not been released yet. The key reason being that the exploit used for A4 devices (called limera1n) doesn’t work on A5 devices. The untethered iPhone 4S and iPad 2 jailbreak that we have seen on videos and photos was created relying on having a developer account.

We are sure that planetbeing, MuscleNerd, p0sixninja and pod2g is just a great team. Hopefully they will find necessary exploit and implement it fast, because Apple might release 5.0.2 or 5.1 and fix untathered.

MuscleNerd has announced in Twitter that iOS 5 has been successfully jailbroken using old good LimeRa1n exploit. Cydia and SSH is working without any problems.

iOS5 jailbroken on ipt4g: http://is.gd/7GxIcK http://is.gd/BwPvfh via limera1n + tethered boot..not too many surprises

Cydia works fine too from quick testing (I installed SSH) http://is.gd/oADWEo

It is currently tethered, that means jailbreak is gone after reboot. Hopefully i0n1c will be able to port his untether to iOS 5. Anyway great news for all jailbreakers!

These are step-by-step instructions on how to jailbreak iOS 4.2.1 on iPhone 3GS, iPhone 4, iPad, iPod Touch 2G, iPod Touch 3G, iPod Touch 4G using Greenpois0n for Windows. Tutorial for Mac OS X users is available here. All the steps are the same for all devices, we will cover iPhone.

Greenpois0n has been updated to support the iOS 4.1 and iOS 4.2.1 firmware. Use Limera1n if you want to jailbreak iOS 4.0, iOS 4.0.1, iOS 4.0.2.

Remember: Greenpois0n recommends a clean restore before continuing.

Unlockers: do not update to iOS 4.1 or iOS 4.2.1 if you need the unlock. Ultrasn0w does not support that baseband yet. The only exception is the iPhone 4. Experienced users can also try update to iOS 4.2.1 without upgrading your baseband by using TinyUmbrella. Start TSS Server->Start iTunes->Plug in your iPhone->Restore 4.2.1->Error 1013->Put phone into DFU Mode->Launch Greenpois0n.

We are not authors of this app. We do not promise that everything will go well, use this tutorial at your own risk.

Read the rest >>>>

These are step-by-step instructions on how to jailbreak iOS 4.2.1 on iPhone 3GS, iPhone 4, iPad, iPod Touch 2G, iPod Touch 3G, iPod Touch 4G using Greenpois0n for Windows. Tutorial for Mac OS X users is available here. All the steps are the same for all devices, we will cover iPhone.

Greenpois0n has been updated to support the iOS 4.1 and iOS 4.2.1 firmware. Use Limera1n if you want to jailbreak iOS 4.0, iOS 4.0.1, iOS 4.0.2.

Remember: Greenpois0n recommends a clean restore before continuing.

Unlockers: do not update to iOS 4.1 or iOS 4.2.1 if you need the unlock. Ultrasn0w does not support that baseband yet. The only exception is the iPhone 4. Experienced users can also try update to iOS 4.2.1 without upgrading your baseband by using TinyUmbrella. Start TSS Server->Start iTunes->Plug in your iPhone->Restore 4.2.1->Error 1013->Put phone into DFU Mode->Launch Greenpois0n.

We are not authors of this app. We do not promise that everything will go well, use this tutorial at your own risk.

Step One
Open your web browser and download the latest Windows version of GreenPois0n from here.

Step Two
When prompted save the download to your desktop.

Step Three
Double click the downloaded gp_win_rc5_b2.zip file then drag the greenpois0n.exe file to the desktop. Double greenpois0n.exe from the desktop to launch the application

Step Four
Connect your iPhone to the computer, power it off. Then click the large Prepare to Jailbreak (DFU) button in greenpois0n app.

Step Five

You will now be instructed on how to place your iPhone into DFU mode.

You will be asked to press and hold the sleep button (power button) for 3 seconds.

Now continue holding sleep button and and press home for 10 seconds.

Release sleep button and continue holding the home button. Do not release the Home button at this point!.

Step Six
Once your iPhone is successfully in DFU mode you may click the Jailbreak button. You need to continue holding the home button.

Step Seven

Greenpois0n will now jailbreak your device.

Click the Quit button once the software application has completed. Now you can release the Home button.

You’ll notice some text scrolling on your device.

Step Eight
After the iPhone restarts you’ll see a new Loader application on your Springboard. Press to launch it.

Step Nine
Select Cydia then press the large Install Cydia button that appears. Now Cydia will be downloaded from internet, so you need internet connection through wi-fi or edge/3g.

Step Ten
Once Cydia has installed successfully you can remove Loader by pressing the Options button then the large red Remove Loader.app button.

Step Eleven
Restart your iPhone and run Cydia. Let it do all the necessary updates.

You’re done!

Update:To change the boot logo back to Apple: install “Apple Boot Logo” from Cydia, then go to Settings-BootLogo and select Apple Logo.