Jailbreak iPhone, iPod Touch, iPad

Sadly pod2g has discovered that his untether does not work on the iPod 3G or iPhone 3GS, according to a recent tweet by the hacker.

Sad news. Just tested the untether on an iPod 3G. The kernel vulnerability don’t happen on this one. I think iPhone 3Gs is out too.

the iOS version don’t really matter. It’s about the hardware.

This means these devices can only be tethered jailboken.

This will be disappointing news for many although it’s possible a kernel vulnerability could yet be found for these older devices. For those wondering, pod2g reminds us that the old bootrom 3GS will be untethered jailbroken for life.

This week Gareth Wright reported that Facebook’s app for iOS has a security vulnerability through which malicious users can access login credentials saved in a .plist file of the app. With a copy of that .plist file malicious users could automatically log into the affected user’s Facebook account on another device. Reportedly, the vulnerability also exists on Android devices.

Wright describes several different ways in which your login credentials could be obtained by a malicious user, including hidden applications installed on shared PCs, customized apps, or modified speaker dock that could copy your plist.

According to Facebook, the issue only affects jailbroken or lost devices, as it requires physical access or installation of a custom app on the device. But Wright and The Next Web pointed out that simply plugging into any device would be sufficient for malicious users to gather these files.

The Next Web has confirmed that Dropbox for iOS is also vulnerable to this issue. Given that two such high-profile apps as Facebook and Dropbox are vulnerable to credential theft, it is likely that other apps are also affected by the issue.

As many reports note, this method of gathering login credentials is not actively utilized in a malicious manner, and users can protect their data for the time being by not plugging their devices into shared computers and charging stations.

The Chronic Dev-Team has released an update to its Absinthe jailbreak utility that brings support for Mac OS X 10.5 (Intel + PPC) and fixes several bugs.

@pimskeks announced the update:

#Absinthe 0.4 released greenpois0n.com/?p=173 – OSX 10.5 support (PPC+Intel). Re-jailbreaking not required. Changelog: pastebin.com/DdwGKstR

What’s New in Absinthe v0.4:

• Mac: added support for OSX 10.5, PPC and Intel CPU
• added consistency check on startup to make sure required files are in place
• Windows: fixed bug in payload generator that might cause a crash

You can download Absinthe for Windows, Mac OS X and Linux from here.

Here are our step-by-step tutorials:

• HowTo untether jailbreak iPad 2 with iOS 5.0.1 (Mac OS X)
• HowTo untether jailbreak iPhone 4S with iOS 5.0/5.0.1 (Mac OS X)
  

• HowTo untether jailbreak iPad 2 with iOS 5.0.1 (Windows)
• HowTo untether jailbreak iPhone 4S with iOS 5.0/5.0.1 (Windows)

iPhone Dev-Team released RedSn0w 0.9.9b9 with full iOS 5.0.1 support (no need to point to iOS 5.0 any more). New version also features support for SHSH and APTickets:

• native support for 5.0.1 (no need to point redsn0w at 5.0 IPSW or use command-line args).  Support automatically extends to all of redsn0w’s various functions: “Jailbreak”, “Just boot”, “Fetch blobs”, “Stitch blobs”, “Recovery Fix”
• iBooks fixed in 5.0 and 5.0.1.  This is a targeted fix that doesn’t remove entire sandbox mechanism.  5.x users already using redsn0w “Just Boot” can just use the new version without redoing entire jailbreak again
• 3GS old-bootrom owners can now create custom IPSWs without blobs
• ultrasn0w compatability update (i.e. same baseband requirements) for 5.0.1 will be available on Cydia Monday
• support for newer 8GB iPhone4 (which until now had problems with “Fetch blobs”).  Thanks to @JKjeepnJeff for loaning us one of these newer i4 units for testing!
• allows Windows users (not just OS X users) to use the “Custom” button to create IPSWs without baseband updates.  (Update: please wait for 0.9.9b9b for this!)
• accommodates APTickets in 5.x (until next Apple countermove).  APTickets are crypto-verified before submitting to Cydia, just like the main blobs.  Cydia server support for sending back the APTickets is upcoming.  For now, use stitched IPSWs for 5.x.  Due to APTickets, stitched 5.x IPSWs now require user to start in “Pwned DFU” mode
• Support added for stitching 4.x blobs to iPad2-GSM IPSWs.  Similar to @notcom’s TinyCFW but doesn’t require lots of RAM or a TSS-assisted restore. Won’t work for iPad2 5.x blobs (or iPhone4S at all) until a bootrom-level exploit is out
• top line now shows whether (and where) a redsn0w update is available, or if the version being run is the latest.  Uses DNS TXT record to alleviate any concerns about snooping
• no 5.1 beta support at this time (major apps like Cydia are not yet compatible)
• @pod2g has been doing a great job porting his 5.x untether…check his blog for updates!
• Owners of newer 3GS iPhones must not flash the iPad baseband.  The iPad baseband will not work on 3GS iPhones built later than 2011 week 35.  You have a week 35 or later device if your serial # starts with xx135.

Update #17b: Version 0.9.9b9b enables the “Custom” button for Windows users, and make the 3GS week 35 warning a more explicit part of the process.

You can download RedSn0w 0.9.9b9b here.

UPDATE: redsn0w updated to redsn0w 0.9.9b9d.

The Chronic Dev-Team has released CDevReporter, their new tool that lets you help find jailbreak vulnerabilities, for Windows.

You can download the Mac and Windows versions of CDevReporter here:

• cdev_reporter-mac-1.0_beta.zip
• cdev_reporter-win-1.0_beta.zip

More information is available in our recent post “Want untethered iOS 5 jailbreak? Help hackers to find new exploits!“.

Semi-tethered jailbreak is already available for some devices for both iOS 5 and iOS 5.0.1. But we all want untethered jailbreak and we want jailbreak for iPad 2 and iPhone 4S. So why not help hackers to find new exploits and vulnerabilities?

The Chronic Dev-Team has a released a tool to collect crash reports from iOS devices in order to find vulnerabilities that could lead to an untethered jailbreak.

The idea is very simple. When your iPhone, iPad or iPod Touch crashes it sends data to Apple (you can turn it this off though). Apple uses these reports to update iOS in the future. By the way, it also uses them to fix exploits found by jailbreakers. P0sixninja says that Apple closed several exploits they have found in IOS 5 beta before the final version of the software was released.

In order to find more vulnerabilities as fast as possible, the team has developed a tool which will copy the crash reports from your device and analyze them to locate potential exploits. The tool will also remove the crash reports from your device and modify your iTunes installation to prevent uploading of that diagnostic information to Apple.

Read the rest of this entry »

The iPhone Dev-Team has updated RedSn0w with support for jailbreaking iOS 5.0.1 beta which was recently released for iOS developers.

RedSn0w 0.9.9b8 recognizes 5.0.1 beta and you don’t have to “point at 5.0 IPSW” any more. Since the IPSW isn’t public, you’ll still need to provide it once to redsn0w (Extra -> Select IPSW).

Mac users can also create custom firmware and preserve baseband for unlock. However ultrasn0w doesn’t get updated for betas yet.

This is still a tethered jailbreak for all except old-bootrom 3GS users.

You can download RedSn0w from here.

UPDATE: to jailbreak ioS 5.0.1 beta 2, just point to iOS 5 or iOS 5.0.1 IPSW

The iPhone Dev-Team has released an update to their UltraSn0w unlock bringing support for iOS 5. Remember that NO new basebands are supported in this release. It only adds support for iOS 5 with old basebands.

Here is the list of supported basebands:

• iPhone 4: 01.59.00
• iPhone 3G/3GS: 04.26.08, 05.11.07, 05.12.01, 05.13.04, 06.15.00.

If have one of the above baseband version and need unlock you can upgrade to iOS 5 without updating your baseband using RedSn0w 0.9.9b5.

Ultrasn0w 1.2.4 is available in Cydia.

We’ve updated ultrasn0w to be compatible with iOS5, which came out a few days ago. While ultrasn0w 1.2.4 (available now in Cydia) doesn’t add support for any new basebands, the update is required for any ultrasn0w unlockers trying out iOS5 (it remains backwards compatible though, so you should be able to use it no matter what firmware you have).

The supported basebands for the iPhone 3G and 3GS are 04.26.08, 05.11.07, 05.12.01, 05.13.04, and 06.15.00. The baseband supported for the iPhone4 is 01.59.00.

Remember, the only way to get to iOS5 while preserving your ultrasn0w-compatible baseband is by using a custom IPSW. redsn0w now has the ability to create such a custom IPSW for you (at least on Macs…the same capability for Windows will be coming soon).

The majority of people who use ultrasn0w at iOS5 right now will probably be those with old-bootrom iPhone3GS devices, since they already have an untethered jailbreak via redsn0w. For everyone else, the iOS5 jailbreak is currently tethered and you need to “Just boot” tethered with redsn0w every time your phone reboots. That’s not always easy to do if your phone reboots while away from home!

Note: there’s a special “trick” that iPhone3GS owners with baseband 06.15 need for iOS5. During the new setup screens you see when you start iOS5 for the first time, you’ll be asked about Location Services. Be sure to select “Disable Location Services” when asked! Later on in the setup, you’ll have the chance to turn on Location Services again when asked if you want to use “Find my iPhone”. It’s fine to turn it back on at that point, if that’s your desire (or you can always go in and enable it in Settings.app).

Also, some iPhone3GS users with the 06.15 baseband may have tried to install iOS5 using a stock IPSW (even though you should never ever try to use a stock IPSW if you’re an ultrasn0w unlocker). If you did try this, your baseband is probably in an inconsistent state, and you’ll need to reflash the 06.15 baseband again (using redsn0w). Be very careful if you use redsn0w to reflash the iPad baseband — don’t interrupt the process! And please avoid using stock IPSWs in the future Unlockers should never go near stock IPSWs.

The iPhone Dev-Team has released RedSn0w 0.9.9b5 – an official tethered jailbreak for iOS 5. Users don’t have to point to downloaded iOS 5 ipws any more. Just run and jailbreak.

Currently only the Mac version has been made available. Windows version is coming soon. However Windows users can still jailbreak iOS 5 with Redsn0w 0.9.9.b4, – just go to “Extras” -> “Select IPWS” and select your iOS 5 ipsw file (can download here).

Good news for users who need carrier unlock (ultrasn0w or Gevey Sim). With RedSn0w 0.9.9b5 you can update to iOS 5 and preserve the baseband (modem) version for unlock:

The new “Custom IPSW” button on the Extras screen will create a custom IPSW without the baseband update for 4.3.3 or 5.0gm (iPhone3GS and iPhone4 only, for now). Remember not to accidentally restore to the stock IPSW after you create the custom one! The custom one begins with NO_BB_ (for “no baseband”).

You must enter “Pwned DFU” mode before trying to use the NO_BB_ IPSW with iTunes (and your hosts file cannot be pointing to Cydia’s servers due to the new blob nonce mechanism they’re using in iOS5).

We will update our step-by-step tutorials soon.

You can download RedSn0w 0.9.9b5 (Mac) and RedSn0w 0.9.9b4 (Windows) here.

PS: RedSn0w 0.9.9 is a bit different from 0.9.8 version. You can learn more about other new redsn0w 0.9.9 features here.
UPDATE: redsn0w 0.9.9b6 released, download here

UPDATE:
Here are links to our RedSn0w 0.9.9 iOS 5 jailbreak tutorials:

• Windows: iPhone 4, iPhone 3GS, iPad 1, iPod Touch 3G, iPod Touch 4G
• Mac OS: iPhone 4, iPhone 3GS, iPad 1, iPod Touch 3G, iPod Touch 4G

UPDATE: Apple latest firmware is iOS 5.1.1. Apple has stopped signing all other firmwares, including iOS 5.0.1, iOS 4.3.3 and iOS 4.3.5. This means you can NOT restore to 5.0.1/4.3.3/4.3.5 any more (both original and custom), unless you have saved your SHSH keys for it.

If you have decided to perform an untethered jailbreak and unlock, you need to get the following information:

1. What type of device do you have (iPhone 3G/3GS/4, iPod Touch 3G/4G, iPad 1/2, Apple TV)?
2. Do you need unlock (if your iPhone locked to one carrier and you want to use it with another)?
   The answer is NO, if the device is not iPhone, if it was purchased as factory unlocked and can be used with any cellular carrier (f.e. in Canada, France, etc).
   If the answer is YES, you need to find out your modem version (Setting-General-About-Modem).
3. What firmware version do you have? Take a look at Setting-General-About-Version. For example it could be iOS 4.3.3.
4. What operating system do you use on your desktop (Windows, Mac OS)?

How to perform jailbreak, when you do NOT need an unlock

For iPhone 3G the latest is iOS 4.2.1. You can perform jailbreak with any utility. For iOS 4.2.1 you can also use them or GreenPois0n (Windows, Mac OS).

iPad 2 jailbreak is available only for iOS 4.3.3 via JailbreakMe and and iOS 5.0.1 via Absenthe.

iPhone 4S jailbreak is available for iOS 5.0 / iOS 5.0.1 via Absenthe.

iOS 4.3.3

Apple stopped signing iOS 4.3.3, so you cannot update to iOS 4.3.3 without SHSH keys saved (in advance some time ago). If you have iPhone 4, iPhone 3GS, iPad 1, iPod Touch 3G or iPod Touch 4G that run iOS 4.3.3 – use JailbreakMe or RedSn0w to untether jailbreak your device.

If you have saved SHSH keys for iOS 4.3.3 you can use PwnageTool (Mac OS) or Sn0wBreeze (Windows).

iOS 4.3.4/4.3.5

For iOS 4.3.4/4.3.5 only tethered jailbreak is possible with redsn0w. Tethered means that each time you restart your device you will have to connect it to a computer and run redsn0w. The untethered iOS 4.3.5 jailbreak is possible only for iPhone 3GS with old bootrom. You can detect your bootrom version using this tutorial.

iOS 5

To jailbreak and unlock iOS 5 use latest version of redsn0w 0.9.9 or sn0wbreeze 2.8. You can jailbreak tethered or semi-tethered.

The untethered iOS 5 jailbreak is possible only for iPhone 3GS with old bootrom. You can detect your bootrom version using this tutorial.

iOS 5.0.1

For iPhone 4/3GS, iPad 1, iPod Touch 3G/4G an untethered jailbreak is available for iOS 5.0.1. For untethered jailbreak use the latest redsn0w 0.9.10 or Corona – package from Cydia to untether currently installed tethered jailbreak.

Tutorial how to untether installed tethered jailbreak is available here.

For iPhone 4S and iPad 2 use Absenthe.

For tethered iOS 5.0.1 jailbreak you an use redsn0w 0.9.9 and sn0wbreeze 2.8.

iOS 5.1 / iOS 5.1.1

For now only tethered jailbreak is available for iPhone 4/3GS, iPad 1 and iPod Touch 3G/4G for iOS 5.1 and iOS 5.1.1.

You can download all firmwares here.

Tutorials

Here are our step-by-step tutorials that will guide you through the jailbreak process:

iPhone 4S

UnTethered jailbreak iOS 5.0 / iOS 5.0.1:

• Absinthe (Windows)
• Absinthe (Mac)

iPhone 4

Tethered jailbreak iOS 5.1.1:

• RedSn0w (Windows)

Tethered jailbreak iOS 5.1:

• RedSn0w (Windows)
• Custom firmware and jailbreak using Sn0wBreeze (Windows)

UnTethered jailbreak iOS 5.0.1:

• RedSn0w (Windows)
• Custom firmware using RedSn0w
• Custom firmware using Sn0wBreeze (Windows)
• Custom firmware using PwnageTool (Mac)

Semi-Tethered jailbreak iOS 5:

• RedSn0w (Windows)
• RedSn0w (Mac OS)
• Sn0wBreeze (Windows)

Tethered jailbreak iOS 4.3.5:

• RedSn0w (Windows)
• RedSn0w (Mac OS)

UnTethered jailbreak iOS 4.3.3:

• RedSn0w (Windows)
• RedSn0w (Mac OS)
• PwnageTool (Mac OS)
• Sn0wBreeze (Windows)
• JailbreakMe (works without a computer)

Read the rest of this entry »