Jailbreak iPhone, iPod Touch, iPad

The iPhone 4S and iPad 2 jailbreak utilities are undergoing testing and polishing before the public release. According to ‘Dream Team’ member planetbeing:

We’re testing & fixing problems with the jb app (that @pimskeks finished the majority of at incredible speed). Still needs to be polished.

P0sixninja also tweeted it should not be much longer before the jailbreak gets released.

not much longer now

We hope to see the utilities soon, because more than a week ago there were tweetes that jailbreak should have been ready in few days.

iPhone Dev Team has posted a blog entry about upcoming public release. If you have iPad 2 or iPhone 4S go ahead and read it:

But we’re now near the final stages of testing the public version of the jailbreak.  Please allow time to clean up any remaining bugs in the jailbreak clients.Jailbreak programs:

To be as flexible as possible, the A5 version of the corona jailbreak will take multiple forms:

• Chronic Dev have incorporated the overall flow into a GUI that runs on your Mac or PC.  The goal is for the GUI to be enough for most cases.
• iPhone Dev have also incorporated the exact same flow into an alternative command-line interface (CLI). This will allow us to help users through individual steps of the jailbreak manually, to both help the user and help improve the overall flow.  Although the CLI will also allow the user to perform the entire jailbreak from beginning to end, we anticipate it will be more useful in debugging the occasional errors.  The CLI currently has over 20 individual options (in addition to the single “jailbreak” option) that should be useful during debug after the GUI release.
• Once all the bugs in the flow are worked out, we’ll also incorporate it into the redsn0w GUI (but still leave the CLI freely available too).  In order to maximize the chances of the jailbreak working for everyone, the redsn0w GUI will use native Apple iTunes libraries — this technique is slightly different than how the Chronic Dev GUI handles communications, and should provide nice combined coverage for all the odd computer configurations out there.

Firmware:

The supported firmware versions will be:

• iPhone4S: 5.0 (9A334), 5.0.1 (9A405) and the “other” 5.0.1 (9A406)
• iPad2: 5.0.1 (9A405)

iPhone4S owners looking to maximize their chances of achieving an eventual software-based carrier unlock should be staying at 5.0. Everyone else should be at 5.0.1.  If you’re an iPhone4S owner who already updated to 5.0.1, it’s too late to go back down to 5.0, but if you’re on 9A406 it is possible to downgrade the BB by going to the 9A405 version of 5.0.1 while the window is still open.

Support:

The overall flow used by the GUI and CLI to inject the A5 corona jailbreak has never been done before, and there may be unforeseen problems once it’s released to the public.  It’s very important for you to sync your data, photos, and music before attempting any version of this jailbreak.  We’ll be watching the comments section below for signs of any widespread problems, but please be aware that you jailbreak at your own risk!

When:

As mentioned at the start of this post: when testing has shown most of the bugs have been fixed!

It looks like iPad 2 and iPhone 4S untethered jailbreak will truly be a team effort. Recently another hacker Saurik joined the team and made “some major contributions” yesterday.

Last week Pod2g announced that Planetbeing, MuscleNerd, and P0sixninja joined his effort to release an untethered iOS 5.0.1 jailbreak of the iPhone 4S and iPad 2 (A5 CPU devices).

Today, MuscleNerd noted that the team has received some major contributions from saurik:

props to @saurik for major contributions to the A5 version of @pod2g’s untether yesterday! (still no ETA, but moving forward)

Pod2g also thanked planetbeing for his help in escaping from the sandbox.

And greetings to @planetbeing for the coding + research. Really great stuff to escape from the sandbox.

Good news, that means that there is progress and we might see utility sometime this month.

UPDATE:
Pod2g has also addressed the request that the untethered jailbreak be released to developers. He previously revealed that there is a working jailbreak that requires a developer account.

Sorry, we can’t release the A5 for the developers, the exploit used have to be kept secret. I know this is unfair.

Pod2g has recently announced that Planetbeing, MuscleNerd, and P0sixninja have joined his effort to release an iOS 5.0.1 untethered jailbreak for the iPhone 4S and iPad 2.

@planetbeing, the legendary hacker behind iPhone Linux and lot of jailbreaks has joined the A5 research! The famous @MuscleNerd, the leader of the iPhone Dev Team, who did a lot of tests for Corona and whom integrated it and made it simple in redsn0w is willing to help also. And last, but not least @p0sixninja, the leader of the Chronic Dev Team, and my partner for years on iPhone security research has started to code and fuzz the Apple sandbox.

That means that we now have a dream team to create a public release of the A5 jailbreak.

Several day ago pod2g posted information why the A5 jailbreak had not been released yet. The key reason being that the exploit used for A4 devices (called limera1n) doesn’t work on A5 devices. The untethered iPhone 4S and iPad 2 jailbreak that we have seen on videos and photos was created relying on having a developer account.

We are sure that planetbeing, MuscleNerd, p0sixninja and pod2g is just a great team. Hopefully they will find necessary exploit and implement it fast, because Apple might release 5.0.2 or 5.1 and fix untathered.

Untethered jailbreak for iOS 5.0.1 has already been released. While there is no reason not to update to iOS 5.0.1, there might be some users who would like to stay on iOS 5 and have untethered jailbreak there too.

Famous hacker Joshua Hill (nickname p0sixninja) has recently posted via twitter that an untethered jailbreak for iOS 5 will be released soon after testing.

@p0sixninja: 5.0 untether will be coming soon, we still have some testing and bugs to work out

Semi-tethered jailbreak is already available for some devices for both iOS 5 and iOS 5.0.1. But we all want untethered jailbreak and we want jailbreak for iPad 2 and iPhone 4S. So why not help hackers to find new exploits and vulnerabilities?

The Chronic Dev-Team has a released a tool to collect crash reports from iOS devices in order to find vulnerabilities that could lead to an untethered jailbreak.

The idea is very simple. When your iPhone, iPad or iPod Touch crashes it sends data to Apple (you can turn it this off though). Apple uses these reports to update iOS in the future. By the way, it also uses them to fix exploits found by jailbreakers. P0sixninja says that Apple closed several exploits they have found in IOS 5 beta before the final version of the software was released.

In order to find more vulnerabilities as fast as possible, the team has developed a tool which will copy the crash reports from your device and analyze them to locate potential exploits. The tool will also remove the crash reports from your device and modify your iTunes installation to prevent uploading of that diagnostic information to Apple.

Read the rest of this entry »

Watch saurik, p0sixninja and other members of the jailbreak community speak at MyGreatFest via videos posted by VIZBOXtv:

Hackers from the Chronic Dev Team recently announced that they have found 5 userland exploits in iOS 5. To us this means that it is very likely that an untethered jailbreak will be available for the upcoming firmware release.

P0sixninja made the announcement at MyGreatFest jailbreak conference held in London, England.

While this is a “record breaking number of exploits found”, userland exploits can be easily fixed via a minor software update. The exploits are kept in secret, so hopefully Apple won’t fix them before the expected iOS 5 launch next month.

The jailbreak is expected for all devices, including iPhone 3GS, iPhone 4, iPad, iPad 2, iPod Touch and even future iPhone 4S and iPhone 5.

The Chronic Dev-Team has announced via twitter an untethered jailbreak for iOS 4.2.1. This should work for iPhone 3GS (new bootrom), iPhone 4 and iPad. And it will not require saved iOS 4.2b3 SHSH keys.

The untether is demoed in the video below. It’s a result of a collaboration between @0naj, @p0sixninja, and @pod2g. P0sixninja has previously said it will not require iOS 4.2b3 SHSH blobs.

A small bug with wifi still remains. They will release utility as soon as they fix it.

Here is a video proof:

The new exploit is called SHAtter. It was developed by hacker pod2g a few months after hacker p0sixninja from the Chronic Dev Team discovered the crash. The same exploit can be used to jailbreak iPhone 4 and iPad with new firmwares. So iOS 4.1 and maybe even iOS 4.2 is not a problem any more. Soon we will see the utilities from DevTeam to perform the jailbreak.

The DevTeam published a video if a jailbroken iPod Touch 4G. Take a look:

According to the latest tweets from different hackers (MuscleNerd, pod2g and others) the exploit for iOS 4.1 has been already discovered:

Works on 4.1 (!) iBSS iv=c2c5416472e5a0d6f0a25a123d5a2b1c key=1fbc7dcafaec21a150a51eb0eb99367550e24a077b128831b28c065e61f894a0

I just successfully updated to 4.1 without a baseband update. PLEASE wait for 4.1.0 TinyUmbrella!!!

Crazy timing that @pod2g got latest exploit just as 4.1 went public (lots of work left…keep away from 4.1 for now!)

congrats to @pod2g for the latest exploit and also @p0sixninja who have been trying for months.

This means that the jailbreak and unlock for iPhone and iPod Touch is possible. However please be patient and wait for the utilities.