Saurik
@poisixninja Cydia for 4.2 is "final" and is only waiting for someone to demonstrate a jailbreak with working kernel patches. ;P
martes, 23 de noviembre de 2010
sábado, 13 de noviembre de 2010
sherif_hashim
@rumana178 this would take some time, but hopefully not very long :)
Rua17
@sherif_hashim Hi, can we expect an unlock solution for 2.10.04 after 4.2 launch?
Rua17
@sherif_hashim Hi, can we expect an unlock solution for 2.10.04 after 4.2 launch?
miércoles, 10 de noviembre de 2010
miércoles, 3 de noviembre de 2010
miércoles, 13 de octubre de 2010
MuscleNerd
For all new limera1n and greenpois0n jailbreakers: there is also unlock on the horizon for at least some of you in 4.2
lunes, 11 de octubre de 2010
Dev-Team blog
Limera1n surprise
After a few very dramatic days in the jailbreak community, geohot has come out of nowhere to release limera1n. It’s a bootrom-level jailbreak that works on the iPhone3GS, iPhone4, iPod touch 3G, iPod touch 4G, the iPad, and (technically) the AppleTV 2G.
DO NOT USE LIMERA1N IF YOU USE THE ULTRASN0W CARRIER UNLOCK — wait for PwnageTool to incorporate the limera1n exploit. This is so that you can avoid updating your baseband and losing the unlock (possibly forever).
Limera1n uses a different exploit than SHAtter, and in fact covers more devices. Although some may question geohot’s dramatic and competitive style, he obviously does have considerable skill pulling this together in just over a day (although he’s had the underlying exploit for months). Credit also goes to @comex, who provides the untethered aspect of limera1n via another one of his growing list of kernel hacks.
The release of limera1n has (thankfully!) averted the burning of 2 bootrom holes at once (both his and SHAtter). Releasing SHAtter now would be a complete waste of a perfectly good bootrom hole in light of limera1n, and so it can be held until Apple closes limera1n’s hole. While there’s no guarantee that Apple won’t also close SHAtter by then, it provides a ray of hope for devices after Apple’s bootrom respin. Meanwhile, look for an alternate implementation of the limera1n exploit in greenpois0n (and possibly other tools), where it should undergo more testing too.
Limera1n wasn’t tested very thoroughly and does have some issues. Geohot typically works these out in subsequent (and rapid) releases (there are already 3 beta versions of it as of Saturday night!). In the meantime, feel free to discuss any problems and their solutions in our comments section.
Update #1: Because the “untethered” part of this jailbreak comes from a userland hack from @comex, you should still backup your SHSH hashes for 4.1. Do this by either letting Cydia keep them (“make my life easier”), or using Tiny Umbrella. This way you can always come back to an untethered, jailbreakable 4.1 on your devices after Apple has closed their 4.1 signing window (they’ll close the 4.1 window once they push out their next firmware version). If you fail to do this and ever need to restore to 4.1 again, you can still jailbreak but it will be a tethered JB (you’ll need to connect to your computer to finish the booting process, each and every time).
And remember: you can backup your 4.1 SHSH hashes without even being at 4.1 or even being jailbroken, by using Tiny Umbrella.
After a few very dramatic days in the jailbreak community, geohot has come out of nowhere to release limera1n. It’s a bootrom-level jailbreak that works on the iPhone3GS, iPhone4, iPod touch 3G, iPod touch 4G, the iPad, and (technically) the AppleTV 2G.
DO NOT USE LIMERA1N IF YOU USE THE ULTRASN0W CARRIER UNLOCK — wait for PwnageTool to incorporate the limera1n exploit. This is so that you can avoid updating your baseband and losing the unlock (possibly forever).
Limera1n uses a different exploit than SHAtter, and in fact covers more devices. Although some may question geohot’s dramatic and competitive style, he obviously does have considerable skill pulling this together in just over a day (although he’s had the underlying exploit for months). Credit also goes to @comex, who provides the untethered aspect of limera1n via another one of his growing list of kernel hacks.
The release of limera1n has (thankfully!) averted the burning of 2 bootrom holes at once (both his and SHAtter). Releasing SHAtter now would be a complete waste of a perfectly good bootrom hole in light of limera1n, and so it can be held until Apple closes limera1n’s hole. While there’s no guarantee that Apple won’t also close SHAtter by then, it provides a ray of hope for devices after Apple’s bootrom respin. Meanwhile, look for an alternate implementation of the limera1n exploit in greenpois0n (and possibly other tools), where it should undergo more testing too.
Limera1n wasn’t tested very thoroughly and does have some issues. Geohot typically works these out in subsequent (and rapid) releases (there are already 3 beta versions of it as of Saturday night!). In the meantime, feel free to discuss any problems and their solutions in our comments section.
Update #1: Because the “untethered” part of this jailbreak comes from a userland hack from @comex, you should still backup your SHSH hashes for 4.1. Do this by either letting Cydia keep them (“make my life easier”), or using Tiny Umbrella. This way you can always come back to an untethered, jailbreakable 4.1 on your devices after Apple has closed their 4.1 signing window (they’ll close the 4.1 window once they push out their next firmware version). If you fail to do this and ever need to restore to 4.1 again, you can still jailbreak but it will be a tethered JB (you’ll need to connect to your computer to finish the booting process, each and every time).
And remember: you can backup your 4.1 SHSH hashes without even being at 4.1 or even being jailbroken, by using Tiny Umbrella.
jueves, 7 de octubre de 2010
p0sixninja
p0sixninja Things have progressed to the point where we don't expect anymore roadblocks. ETA for greenpois0n is 10/10/10 at 10:10:10AM
miércoles, 29 de septiembre de 2010
SHAtter - The iPhone Wiki
This is an unsigned code execution vulnerability that resides in DFU Mode of the S5L8930 bootrom.
Uses of this exploit have already involved uploading a pwned iBSS/iBEC to provide access to the AES engine and to run custom ramdisks.
Contents [hide]
1 Credits
2 Background Info
3 Vulnerability
4 Exploitation
Credits
vulnerability: posixninja (May 7, 2010)
research: posixninja, pod2g, also MuscleNerd
exploit: pod2g (September 9, 2010)
Background Info
In April 2010 pod2g wrote a USB fuzzer and tested every single USB control message possible on his iPod touch 2G. The fuzzer found 2 vulnerabilities:
a heap overflow caused by usb_control_msg(0xA1, 1)
a way to dump the bootrom using USB descriptors request
The team tested these two vulnerabilities on newer devices (iPhone 3GS, iPod touch 3G, iPad) and both were already fixed by Apple.
posixninja continued the fuzzing on these devices and found that with a particular sequence of USB messages it was possible to dump the BSS+Heap+Stack (on new gens only). Having a memory dump is really helpful to make exploits and it was also the first time we had this kind of dump. (Previous bootrom exploits like the 0x24000 Segment Overflow were done blind!)
Also, his first attempts to dump the memory resulted in rebooting the device. Interesting! We'll see after that this reboot is the base of the SHAtter exploit.
Research began to figure out why the device would reboot. posixninja found the reason and proposed different ideas to exploit this. He also reversed tons of assembly code of the bootrom in this period, giving a support discussion to the team. We're not talking about days, but months of work. So, major props to posixninja: SHAtter would not have been possible without the clever vulnerability he found and the research he did on the bootrom.
In the meanwhile, pod2g helped on the USB reversing side and found a way to have more control over the size of the USB packets sent. The finer-grained control of the packet sizes is the key of SHAtter.
posixninja and pod2g worked on exploiting the vulnerability for days. Every attempt was a failure because the idea to attack the stack and bypass the IMG3 control routines was just impossible. It took them weeks to understand why they failed and why they couldn't exploit it this way.
They both gave up in July and focused on other subjects.
Vulnerability
(details on the vulnerability soon to come)
Exploitation
(details on the SHAtter exploit soon to come)
Uses of this exploit have already involved uploading a pwned iBSS/iBEC to provide access to the AES engine and to run custom ramdisks.
Contents [hide]
1 Credits
2 Background Info
3 Vulnerability
4 Exploitation
Credits
vulnerability: posixninja (May 7, 2010)
research: posixninja, pod2g, also MuscleNerd
exploit: pod2g (September 9, 2010)
Background Info
In April 2010 pod2g wrote a USB fuzzer and tested every single USB control message possible on his iPod touch 2G. The fuzzer found 2 vulnerabilities:
a heap overflow caused by usb_control_msg(0xA1, 1)
a way to dump the bootrom using USB descriptors request
The team tested these two vulnerabilities on newer devices (iPhone 3GS, iPod touch 3G, iPad) and both were already fixed by Apple.
posixninja continued the fuzzing on these devices and found that with a particular sequence of USB messages it was possible to dump the BSS+Heap+Stack (on new gens only). Having a memory dump is really helpful to make exploits and it was also the first time we had this kind of dump. (Previous bootrom exploits like the 0x24000 Segment Overflow were done blind!)
Also, his first attempts to dump the memory resulted in rebooting the device. Interesting! We'll see after that this reboot is the base of the SHAtter exploit.
Research began to figure out why the device would reboot. posixninja found the reason and proposed different ideas to exploit this. He also reversed tons of assembly code of the bootrom in this period, giving a support discussion to the team. We're not talking about days, but months of work. So, major props to posixninja: SHAtter would not have been possible without the clever vulnerability he found and the research he did on the bootrom.
In the meanwhile, pod2g helped on the USB reversing side and found a way to have more control over the size of the USB packets sent. The finer-grained control of the packet sizes is the key of SHAtter.
posixninja and pod2g worked on exploiting the vulnerability for days. Every attempt was a failure because the idea to attack the stack and bypass the IMG3 control routines was just impossible. It took them weeks to understand why they failed and why they couldn't exploit it this way.
They both gave up in July and focused on other subjects.
Vulnerability
(details on the vulnerability soon to come)
Exploitation
(details on the SHAtter exploit soon to come)
martes, 28 de septiembre de 2010
Chronic Dev Team
To those asking about unlock: At this time, only the jailbreak is being worked on, as it requires the team’s full attention.
lunes, 27 de septiembre de 2010
Iphone_dev
SHAttered iPod touch 4G jailbreak http://is.gd/fv9Vi (test video only... wait for faster tool)
domingo, 26 de septiembre de 2010
iH8sn0w
iiH8sn0w: Boot-574.4 I'm happy for you and ima let you finish, but iBoot-240.4 had one of the best bootrom exploits of all TIME!
MuscleNerd
MuscleNerd: iTunes 10.0.1 confirmed safe for JB and unlock...doesn't break DFU mode, syncing, or loading of custom IPSWs
viernes, 24 de septiembre de 2010
martes, 21 de septiembre de 2010
Saurik wrote...
SebastienPage Jay Freeman (Saurik) September 21, 2010 - 3:37 am Reply I do not understand why people think I make money off of ads in Cydia: I run like three ads. 99.99% of the ads you see in Cydia, the ones that are posted on packages that I don’t host, have nothing to do with me: the money from those goes to the repositories. Also, I really seriously do make so much less money doing Cydia than I did consulting (which I could go back to doing at the drop of a hat) it hurts. If I calculated out my hourly right now I’m probably not even making minimum wage. I do this because I care about this movement, but I’m really getting tired of being berated by /everyone/ that I’m somehow in this for the money. I work on this project nearly all of my waking hours, whether it is something random and technical that no one even realizes I did (like the work I did today on the icon scraper that was affecting some packages) to talking to every single person I can at conferences that I go to, despite being sufficiently introverted that I’d rather go crawl into a ball and die in the corner. So, if you want to tell me “Cydia needs work on X”, by all means do so, but know that I probably either know of X and are working on it or after two years of deliberation believe X to be a mistake (in which case, X may in fact have been a feature of Cydia two years ago and has since been removed, such as “don’t respring until the app is closed”, which everyone wants but really causes all kinds of horrible problems). But, if you want to just sit around and whine that I’m somehow going out of my way to screw you out of your money, you are totally wrong and are just being mean and insulting, and if enough of you really want to believe that then this movement has failed and I should give up and go back to doing a real job for real money rather than wasting my life trying to push it forward . (Also: people seem to be mistaking “monopoly” with “community”, which is a pity. Cydia is open source, and there are now even more people who are working on improving it. Why people believe that instead of everyone working together to make a single thing great we should be spending all of our time fighting each other and fracturing our efforts is totally a weird concept to me.)
Chronic Dev Team
Statement on pod2g’s departure
adminseptiembre 21, 2010 03:09
This post is to clear up some confusion that seems to be in the comments of the other post in regards to pod2g’s departure.
Development on the jailbreak for iOS 4.1 will still continue as planned, and is still in progress. This internal team change will not affect the end user in any way at all.
Thank you for the concern, and your ongoing patience is appreciated.
Suscribirse a:
Entradas (Atom)