Apple is currently ahead of the cat-and-mouse which Steve Jobs spoke about just ahead of the iPhone firmware 1.1.1 update. I guess he knew that his engineers were about to give a body blow to some of great work done by the iPhone hacking community since the launch. However, so far the iPhone hackers have done well to figure out a way to downgrade the firmware to 1.0.2 and also get the phone part of the functionality (make and receive calls, send and receive SMS and mails too) to work with either TurboSIM method or iPhoneSIMFree’s software-only unlocking method.
In the last few days the iPhone hacking geniuses have also achieved couple of milestones in their objective to jailbreak the iPhone firmware 1.1.1 filesystem which will ultimately help in installing the unauthorized third-party applications.
Apple changed the encryption methodology for the iPhone by using 128-bit encryption with the 1.1.1 firmware update which resulted in breaking the old process of jailbreaking which had helped in installing the unauthorized iPhone applications.
So lets look at the progress made so far by the iPhone hacking community and what it means to the ultimate objective of jailbreaking the iPhone firmware 1.1.1 filesystem. The two milestones that have been achieved so far are mentioned below:
Discovery of a TIFF buffer overflow exploit:
iPhone hackers have taken a cue from the PSP (Sony PlayStation Portable) cracking efforts to discover a TIFF buffer overflow exploit that can cause MobileSafari on the iPhone software/firmware 1.1.1 to crash which essentially means that arbitrary code can be written to the device.
However, with the buffer overflow methodology one needs to figure out a way to invoke a jailbreak for it to be useful which some iPhone hackers are currently not too optimistic. The other issue is that the methodology as the name suggests "TIFF buffer overflow exploit" is a security flaw.
We have seen that Apple has been quick to patch such buffer overflow exploits; as the unlocking techniques that made use of a buffer overflow to unlock the iPhone to use any SIM were made defunct by Apple’s iPhone software/firmware 1.1.1 update, and in some cases like the anySIM solution by the iPhone Dev Team has even caused disablement of the phone functionality.
So it is quite safe to assume that such buffer overflow methodology will be dealt in a similar fashion in the future by Apple.
Access to iPhone 1.1.1 filesystem:
The latest milestone has been iPhone hackers "dinopio" and "Edgan" using symbolic links before doing a 1.1.1 upgrade to gain access to the entire 1.1.1 file tree. This method allows the writing of files to the private/var/root directory, where the iPhone stores files that are specific to the user rather than the operating system.
Though this is promising it should be noted that it is another way (hackers way) of getting write access to the private/var/root directory and also the fact that the ability to read the filesystem using this method is yet to yield any results.
Ambrosia SW apparently has been using similar write access with Apple’s own API and they can still perform the same basic routine under firmware 1.1.1. (One of the reasons they have not been able to get their iToner application working with the latest firmware has been due to a mysterious new signing mechanism used for ringtones that allows some tracks to play, and disallows others, without any clear differentiation.)
However, if the hackers are able to trigger code execution in private/var/root via the loading of a plug-in used by one of the iPhone’s applications, it could lead to a real solution for running unauthorized third-party applications.
It will be interesting to see if these milestones could ultimately help in achieving the objective of jailbreaking the iPhone firmware 1.1.1 filesystem.
Stay tuned @ iPhone Hacks for the latest on iPhone hacking post firmware 1.1.1; the cat-and-mouse game isn’t over yet.
You might be interested in checking out articles in the following top Categories: