iPhone 4S, iPad 2 / 3 / mini, iPod touch 5 (A5) jailbroken for life!

BOOM! Well-known iPhone hacker iH8sn0w has just posted a new tweet announcing that he has discovered a new way to untether jailbroken A5(X) devices for life. These devices are iPhone 4S, iPod touch 5, the iPad 2 / 3 and iPad mini.

iH8sn0w posted A5 AES keys from iPhone 4S running iOS 7.0.4:

However, this is not a bootrom exploit:

A follower replied him that iBoot exploit can be patched easily but iH8sn0w responded to this by noting that they can be patched provided that they are released publicly.

Saurik, Cydia's creator, comment on the subject:
For informational purposes (as many people reading might not appreciate the difference), to get the encryption keys you only need an "iBoot exploit", not a "bootrom exploit". It is easier to find iBoot exploits (being later in the boot sequence, it has a larger attack surface: it has to be able to parse filesystems, for example), and they do afford more power over the device than an untethered userland exploit (in addition to letting you derive firmware encryption keys, you can boot custom kernels, and you might be able to dump the bootrom itself), but they are software updatable as part of new firmware releases from Apple and may have "insane setup requirements" (like, you might pretty much need an already-jailbroken device to actually setup the exploit). You thereby wouldn’t see an iBoot exploit used for a jailbreak (unless everyone is out of ideas for a very long time): instead, you’d see it hoarded away as a "secret weapon" used by jailbreakers to derive these encryption keys, making it easier to find and implement exploits on newer firmware updates for the same device (especially kernel exploits, where even if you have an arbitrary write vulnerability you are "flying blind" and thinking "ok, now where should I write? I can’t see anything… :’(").


blog comments powered by Disqus
Octofinder Blog Catalog