There has been an interesting development on the jailbreak front.
iH8sn0w, developer of popular jailbreak tools such as p0sixspwn and Sn0wbreeze, has just tweeted that he has discovered a new iBoot exploit, which should make the A5(X) devices jailbreakable for life.
Apple’s A5 and A5X chips power the following iOS devices:
- iPhone 4S
- iPad 2, iPad 3, original iPad mini*
- iPod touch 5G*
- Apple TV 3*
*Apple has used a different version of A5 chip in Apple TV 3, iPod touch 5G, iPad mini and the 32nm revision of the iPad 2. It is not clear if the exploit exists in this version of the A5 as well. It will be interesting to see if this can help in creating a jailbreak for Apple TV 3, which has been elusive since its launch.
Here’s the description of iBoot from iphonewiki:
iBoot is Apple’s stage 2 bootloader for all of the devices. It runs what is known as Recovery Mode. It has an interactive interface which can be used over USB or serial.
Update: I was wrong when I said iBoot was unpatchable, Alex has provided more details why these devices could be jailbreakable for life in the comments below (Thanks Alex!):
iBoot is patchable with iOS updates. If patched phones not already modified with jailbreak software will lose the possibility of a jailbreak when they update. But the device is jailbroken it puts in place a type of safeguard preventing overwrite of the iBoot component thus remaining jailbroken. It requires all updates to be built with third party software to put in place safe guard preventing removal of old iBoot. Kind of like baseband protection in redsn0w software.
iH8sn0w has clarified that it is not a bootrom exploit, but still a very powerful iBoot exploit.
So looks like all my A5(X) devices are fully untethered and jailbroken for life now. 🙂
— @[email protected] (@iH8sn0w) February 1, 2014
@Pacman4484 @AmaznSpoderman actually. iBoot exploits are just as powerful as bootrom exploits (restores, dump blobs, jailbreak, untether).
— @[email protected] (@iH8sn0w) February 1, 2014
This is a very significant development as we’ve seen something like this since the limerain exploit discovered by GeoHot back in October 2010 that made devices like the iPhone 3GS, iPhone 4 etc. jailbreakable for life. It could potentially also help in finding iBoot exploits for newer devices.
iH8sn0w seems to have used some kind of bruteforce mechanism to find the exploit. Not surprisingly, he plans to keep the details of the exploit private, so that it can be used for future jailbreaks. He plans to work on A6 chips next.
Kudos to iH8sn0w for discovering the exploit.
Do you have one of these devices? Let me know what you think of this development in the comments below.
We’ll let you know as soon as we’ve any further updates on this, so stay tuned here at iPhone Hacks or join our Facebook Fan page, follow us on Twitter, add us to your circles on Google+ or subscribe to our RSS feed.