Jailbreak iPhone, iPod Touch, iPad

Now we have some estimations regarding the release of the iOS 5.1 untethered jailbreak. Pod2g noted that it is at least a month away.

ETA for 5.1 JB: no clue! We’re going to set pieces of the puzzle together this week. We could have issues… Could be 1 month maybe 2…

I know 1 month seems long, but it’s short to work on a project like this when it’s a hobby and you’ve other things to do as well.

Last week, pod2g reported that the Chronic Dev-Team has all the exploits required to release an untethered jailbreak of iOS 5.1 for all devices, including iPad 3, iPad 2 and iPhone 4S. However it would take some time to put it together into a useable release.

This week Gareth Wright reported that Facebook’s app for iOS has a security vulnerability through which malicious users can access login credentials saved in a .plist file of the app. With a copy of that .plist file malicious users could automatically log into the affected user’s Facebook account on another device. Reportedly, the vulnerability also exists on Android devices.

Wright describes several different ways in which your login credentials could be obtained by a malicious user, including hidden applications installed on shared PCs, customized apps, or modified speaker dock that could copy your plist.

According to Facebook, the issue only affects jailbroken or lost devices, as it requires physical access or installation of a custom app on the device. But Wright and The Next Web pointed out that simply plugging into any device would be sufficient for malicious users to gather these files.

The Next Web has confirmed that Dropbox for iOS is also vulnerable to this issue. Given that two such high-profile apps as Facebook and Dropbox are vulnerable to credential theft, it is likely that other apps are also affected by the issue.

As many reports note, this method of gathering login credentials is not actively utilized in a malicious manner, and users can protect their data for the time being by not plugging their devices into shared computers and charging stations.

The Chronic Dev-Team has released CDevReporter, their new tool that lets you help find jailbreak vulnerabilities, for Windows.

You can download the Mac and Windows versions of CDevReporter here:

• cdev_reporter-mac-1.0_beta.zip
• cdev_reporter-win-1.0_beta.zip

More information is available in our recent post “Want untethered iOS 5 jailbreak? Help hackers to find new exploits!“.

Semi-tethered jailbreak is already available for some devices for both iOS 5 and iOS 5.0.1. But we all want untethered jailbreak and we want jailbreak for iPad 2 and iPhone 4S. So why not help hackers to find new exploits and vulnerabilities?

The Chronic Dev-Team has a released a tool to collect crash reports from iOS devices in order to find vulnerabilities that could lead to an untethered jailbreak.

The idea is very simple. When your iPhone, iPad or iPod Touch crashes it sends data to Apple (you can turn it this off though). Apple uses these reports to update iOS in the future. By the way, it also uses them to fix exploits found by jailbreakers. P0sixninja says that Apple closed several exploits they have found in IOS 5 beta before the final version of the software was released.

In order to find more vulnerabilities as fast as possible, the team has developed a tool which will copy the crash reports from your device and analyze them to locate potential exploits. The tool will also remove the crash reports from your device and modify your iTunes installation to prevent uploading of that diagnostic information to Apple.

Read the rest of this entry »

Apple has recently released iOS 5.0.1. It is still tethered jailbreakable. However if you want untethered jailbreak or unlock – you should stay away from 5.0.1

Earlier this week pod2g reported that a code signing bug found in iOS 5.0 will make it easier for hackers to develop a full jailbreak for iOS 5 firmware version. That bug might have been closed in iOS 5.0.1. UPDATE: According to pod2g the bug is still present, but harder to exploit because another exploit found by Charlie Miller is fixed in iOS 5.0.1.

Also, MuscleNerd via twitter has warned iOS users that there is no downgrade from iOS 5.0.1 to iOS 5.0 yet and he recommends to wait until downgrade mechanism is available.

Jailbreakers and unlockers should avoid today’s 5.0.1 until a flow for downgrading to 5.0 is developed.

Downgrade flow needs to be modified for AP “nonce” http://is.gd/b3G0io … saved SHSH blobs are not enough to downgrade to 5.0

Today Comex revealed in his Twitter that he found a way to drastically decrease the time it takes to jailbreak and learned how to utilize unionfs and thus get rid of the Cydia’s ‘Reorganizing FileSystem’ process.

New approach will reportedly be used in his next jailbreak for iPad 2.

If you want to know more details on Comex’s new approach, check his long tweet.

Earlier Musclenerd stated that it won’t be necessary to move Apple apps anywhere if unionfs will be used. That also means that apps will keep their entitlements and thus simplify the sandboxing problem.

Apple reportedly asked Toyota to remove from Cydia its exclusive theme created by Toyota’s advertising company Velti for promotion of its new vehicle and available for jailbroken iPhones.

Scion, a brand of vehicles manufactured by Toyota, recently developed a custom iPhone theme specifically for jailbroken devices, submitting it to us for hosting in Cydia.

As far as we know, Apple is strongly against jailbroken devices but this advertising campaign may somehow help to legitimize the jailbreak community and also place it in direct competition with Apple’s own iAds network. Apple apparently heard about the campaign and has asked Toyota to pull it.

I received a call from our contact at Velti this evening as well as an email asking me to please take the theme out of Cydia. On the phone, he explained Apple had contacted Toyota and requested they remove the theme and stop the advertising campaign. They (Velti) in turn contacted me relaying the message. The reason Velti listed for the removal request of the theme emailed through our dev portal was “Toyota’s making us take it down” Toyota had agreed to do so to “maintain their good relationship with Apple,” our Velti contact told me on the phone.

Jay Freeman (better known as Saurik) has reported that he added a new feature to Cydia, the jailbreak application store. “Cydia Theme Center” provides easer search of for Retina and non-Retina themes. Right now, you will find a selection of free and paid themes popular in Cydia, as well as themes selected by the employees of MacCiti and ModMyi. Soon Cydia user also will be able to vote their favorites into Theme Center. Freeman has predicted that the feature would be really popular. After release of Theme Center he posted to Twitter: The second feature to use my Whole Package Index, the “Cydia Theme Center”, went up an hour ago, and 15,000 people have already tried it! ;P

Last week we reported that the well-known hacker Geohot might call his next jailbreak tool rubyra1n. Now guts from Dev Team hit that they know something about Geohot’s effort to bring a proper untethered jailbreak to iOS 4.2.1.

A recent tweet from MuscleNerd confirms the rumors: “I hear geohot does have an untether actually! Though not for all devices”.

Apple has reportedly disabled its jailbreak detection API through iOS 4.2 software update. The API helped third-party mobile device management (MDM) applications to check for unauthorized modifications of system files. Apple’s jailbreak detection API provided MDM applications direct access to iOS system information and was able to ask the operating system directly if it had been jailbroken. Jailbreak exploits typically change a number of operating system files, and exploit one or another low-level OS features to let users directly load their own or third-party applications.

“We used it when it was available, but as an adjunct,” says Joe Owen, vice president of engineering at Sybase, which offers the Afaria device management software. “I’m not sure what motivated their removing that….”