Posts tagged Jailbreak

The Chronic Dev Team Releases C-Dev Reporter to Help Discover iOS 5 Vulnerabilities

0
5 months ago
by Shay in , , , , , , , , , , ,

The Chronic Dev Team has recently published a blog post titled “Weapons of Mass Exploitation” where they provide an update on the untethered jailbreak for iOS 5. It was more of a call to action, asking the jailbreak community to help send in device crash reports via a tool they released called the C-Dev Reporter. The crash reports would help the Chronic Dev Team discover a vulnerability in iOS, which they could use to help release a jailbreak.

In the past, the Chronic Dev Team released GreenPois0n, which was a popular jailbreak tool for iOS 4.2.1. A few months back, they announced that they had discovered 5 new vulnerabilities in the iOS 5 beta and recently a bug in iOS 5 that could possibly help in developing an untethered jailbreak on iOS 5.

The Chronic Dev team has given the following update on the untethered jailbreak for iOS 5:

During my JailbreakCon talk in September, I was excited to announce that the Chronic Dev team had already discovered 5 different exploits for use in our upcoming jailbreak. Unfortunately, that announcement was a bit premature, because in the subsequent weeks, Apple found & patched a (critical) few of those exploits, between the beta versions we used for testing and the final release of iOS5 on October 12.

Sadly (and trust us, we are much more sad about this than any of you could possibly be), this has prevented us from being able to release a new jailbreak as quickly as we wanted to. As I hinted at earlier this week on Twitter, I was initially disheartened to think that so many of the countless hours we’ve worked on this jailbreak seemingly went right down the drain.

Not to mention, these are by no means the first exploits that have been “lost” by Chronic Dev (or any other iOS hacking teams) in this manner. In fact, these are just a few in a long-running series of exploits that were patched by Apple before we hackers could make use of them in a free jailbreak for you, our loyal fans.

They then went on to explain the method Apple uses to find vulnerabilities:

One of the primary challenges in working with userland exploits is that, every time any program crashes on your iPhone, a “crash report” is generated and instantly sent back to Apple. As you can imagine, while we’re working out all the kinks in the exploitation of a vulnerability, we may need to crash any particular program thousands & thousands of times.

It’s possible to change your iTunes settings to stop sending this diagnostic information back to Apple, and of course everyone in Chronic Dev has made this change on all our development machines. However, even this is not always 100% effective at preventing Apple from obtaining our data. For instance, if one of us is at a friend’s house and plugs our iPhone up to his or her computer (even just to charge it), it’s very likely that computer is set up to send all our valuable data & crash reports right back to Apple.

Chronic Dev team have released a new tool called C-Dev Reporter, which uses a similar method to help find the vulnerabilities:

All this program requires from you is to attach your iOS device to your computer and click a single button!

At this point, the program copies all the crash reports off your device (which, under normal circumstances, would be sent right back to Apple), and instead sends this data to a secure, private server hosted by your friendly Chronic Dev team. Next, our program proceeds to neuter your copy of iTunes, simply by changing your settings to prevent your computer from sending any further diagnostic information from your device to Apple.

Using this agglomeration of your crash reports and our ninja skills, Chronic Dev will be able to quickly pinpoint vulnerabilities in various programs by using the same techniques Apple currently employs. At the very least, your data will help point us in the direction of which applications are the most vulnerable, so we can focus our time & energy on these with laser-like intensity. And, of course, this will also prevent Apple from accessing all your valuable data, just so they can then turn around and use it against you.

You can download C-Dev Reporter using this link. As mentioned before, the idea of the new tool is to help in identifying new vulnerabilities and in turn result in a jailbreak for future iOS software updates, but it appears to be a long term solution. The news should come as a disappointment to iOS device users who have been eagerly waiting for an untethered jailbreak and in case of iPhone 4S and iPad 2 users a jailbreak for iOS 5.

As of now, it looks like Dev team who have jailbroken iPhone 4S are the only hope when it comes to releasing to jailbreak for iPhone 4S and iPad 2.

Source: Chronic Dev Team (blog)

TinyUmbrella v5.01.00 Released – Save iOS 5.0.1 SHSH Blobs

0
6 months ago
by Shay in , , , , , , , , , , , , , , , , ,

Even for those of you who aren’t jailbreakers,  TinyUmbrella is a great little app that allows you to save your iPhone, iPod touch or iPads SHSH blob files locally. Some of you may be wondering what SHSH blobs are and what the purpose of saving them might be. It is quite simple, if you have your blob files stored locally, you can downgrade your iDevice to an earlier version of iOS; useful if your iPhone gets hit with a bug in the latest version of iOS, or an app you can’t live without stops working.

If you are running iOS 5.0.1, you might want to head on by TinyUmbrella’s official website and grab the latest version: it’s been updated to save the latest version’s SHSH blob files. @notcom (the developer of Tiny Umbrella) did mention one caveat though: Even though you can store an iPhone 4S’s blob files locally with the new version of Tiny Umbrella, there’s no known way to restore them – so don’t expect to be downgrading your iPhone 4S anytime soon.

Even though there is still no working solution for restoring 5.x on iPhone 4S I have released a 5.01.00 so you can at least save 5.0.1 SHSH. I have added tentative support for at least saving 5.0.1 SHSHs for iPhone 4S but as of now we are unable to use them fully. As soon as more information is available I will update.

Still, we recommend saving them as they might come in handy in the future and they only take a few seconds to save!

For those of you who are not on an iPhone 4S and managed to save your iOS 5.0 SHSH blob, you can downgrade from iOS 5.0.1 to iOS 5.0. To do so, follow the steps here.

Download Tiny Umbrella v5.01.00

  • Download Tiny Umbrella v5.01.00 (Mac)
  • Download Tiny Umbrella v5.01.00 (Windows)

Downgrade iOS 5.0.1 To iOS 5.0 With Saved SHSH

3
6 months ago
by admin in , , , , , , , , , , , , , , , , , , ,

Apple recently released iOS 5.0.1 and the jailbreak community has been advised to not upgrade. Pod2g recently found an exploit that may help to provide an untethered jailbreak and this exploit is patched on iOS 5.0.1. If you like many are seeking to use an untethered jailbreak, it would be wise to stay on iOS 5.0 because thats where the untethered jailbreak will be. For those of you who accidentally upgraded or unknowingly upgraded to iOS 5.0.1 you may be wondering how to downgrade back to iOS 5.0. In this case, you may downgrade if you have an SHSH previously saved. To do so, follow the procedure outlined below:

Required Files and Software

Downgrade iOS 5.0.1 To iOS 5.0 With Saved SHSH

  1. Connect your iPhone to your computer and open TinyUmbrella.
  2. Click on Save SHSH (the iOS 5 SHSH will only show if you have it saved previously). Once saved, close TinyUmbrella.
  3. Open RedSn0w 0.9.9b8 and go to Extras > SHSH Blobs > then click Submit (it will open a window). Here, browse to the Saved SHSH file (which is in the directory C:/User/Acount Name/.shsh folder. (the saved SHSH file for iOS 5.0)
  4. After submitting it, you will see the Blobs Submission Report.
  5. Now click on Stitch, give it the same SHSH file (which you previously submitted) and give the SHSH file, then the iOS 5.0 IPSW file. Wait for it to complete.
  6. Now open TinyUmbrella and go to the Advanced tab. Here, check all the boxes and then close it.
  7. Now restore the Stitched IPSW file with iTunes in DFU mode.

Voila – you’re done! At this point we would recommend staying on iOS 5.0 and waiting for further news from the jailbreak community devs.

For those of you who do NOT have an SHSH file saved, you are currently out of luck. If you are on iOS 5.0.1, your current option is to jailbreak utilizing RedSn0w 0.9.9b8 or Sn0wbreeze 2.8b11. This jailbreak will be a tethered jailbreak, which means that you will have to connect your iOS device to your computer and “just boot” utilizing the software for every time you need to boot. You can download BigBoss’s Semi-Tether package from Cydia to help ease the pain of a tethered jailbreak. The Semi-Tether allows you to boot your iOS device and use all the stock applications until you can “just boot” with your computer as opposed to being stuck on the boot logo. As of right now, it is a decent alternative to allow you to use your iOS device for main functions.

Stay tuned for more jailbreak news and info by following us on Facebook, Twitter, and subscribing to our RSS feed.

Jailbreak iOS 5.0.1 On An iPad, iPhone, or iPod Touch via RedSn0w

2
6 months ago
by Shay in , , , , , , , , , , , , , , , ,

Apple released iOS 5.0.1 this week and there’s already a way to jailbreak it. But there are a few things to keep in mind before you jailbreak your iPhone, iPod touch, or iPad.

Some Quick Notes before jailbreaking:

  • This is a tethered jailbreak, which means you’ll need to connect your device to a computer and run the software again anytime you need to reboot.
  • You might not want to update to iOS 5.0.1 at all if you’re holding out hope for an untethered jailbreak. An exploit was discovered in iOS 5.0 which may be used in a future untethered jailbreak tool, but if you update now there’s no good way to roll back to iOS 5.0 so you may not be able to use the new tools once their available.
  • There’s currently no public jailbreak for an iPhone 4S or iPad 2. MuscleNerd revealed that he has successfully jailbroken the devices but needs to work to package the jailbreak for a public release.
  • The process is a bit more complex if you have a carrier unlocked device. You may want to wait to make sure that ultrasn0w is updated to support iOS 5.0.1 and you’ll need to preserve your older baseband before upgrading to iOS 5.0.1.

Finally, for now performing a tethered jailbreak requires you to manually select an older IPSW file. If you used iTunes to update your device to iOS 5 you should still have the correct IPSW on your computer. If not, you can download the iOS 5.0 IPSW for your device from the following links:

Alright, if you’ve read the notes carefully and you would still like to jailbreak, here’s how you can do so after updating it to iOS 5.0.1.

  1. Make sure you’re running iTunes 10.5 or higher for Windows or Mac. ( It’s probably a good idea to use iTunes to backup your device before you get started as well)
  2. Make sure you’re running iOS 5.0.1 on your device. You can do this by connecting to iTunes and following the prompts to update your software, or by going into the settings on a iOS 5.0 device, choosing General, and then tapping the Software Update option to check for updates.
  3. Download Redsn0w 0.9.9b8 or higher for Windows or Mac from the iPhone Dev Team.
  4. Unzip redsn0w to a folder on your computer, open that folder, and run redsn0w. In Windows you do this by double-clicking the redsn0w.exe file.
  5. Choose the “Extras” option from the main menu.
  6. From the following screen hit the “Select IPSW” option and navigate to the folder where you’ve stored your iOS 5.0 IPSW file. Future versions of redsn0w may make this step unnecessary.
  7. Click OK to dismiss the message.
  8. Click Back to return to the main menu.
  9. Make sure your iPhone, iPod touch, or iPad is turned of (press and hold the power button until the “slide to power off” image appears on the screen, and then slide your finger across to turn off your device).
  10. Select the Jailbreak button to start the jailbreak process.
  11. A message will appear letting you know that the kernel is being patch.
  12. Select your options from the following screen. At the very least you’ll probably want to install the Cydia store.
  13. Hit the Next button.
  14. Hit the Next button again and then follow the on-screen instructions to enter DFU mode. In case you miss them, here’s what you need to do. While your device is turned off and connected to your computer:
    • Press and hold the power button for 3 seconds.
    • Without lifting your finger from the power button, press and hold the home button for 10 seconds.
    • Release the power button, but not the home button. Continue to hold that one for another 15 seconds.
  15. That’s almost it. Redsn0w should do the rest for you and apply the jailbreak. But you’re not quite done yet, because you still need to perform your first tethered boot.
  16. Go back to the Redsn0w main screen, select the Extras option, and click “Just boot” and follow the on-screen instructions.” (You may also want to select “Choose IPSW” again first and select your iOS 5.0 IPSW file. Redsn0w didn’t recognize my build the first time I tried booting without taking that step).

Voila! Now you’re done! You should see the Cydia icon on your home screen.

If you ever need to reboot your device, you’ll need to connect your device to your computer and run Redsn0w’s “just boot” utility again. Otherwise you will be unable to boot at all. Alternately, you could install a jailbreak tweak called SemiTether from the Cydia Store. It will allow you to reboot your device and use your phone without tethering — but you will not have access to most of the device’s functions, so it’s a temporary fix at best.

If you have any questions or comments, share them below and remember to follow us on Facebook, Twitter, and subscribe to our RSS feed for the latest jailbreak news and info.

Sn0wbreeze v2.8b11 Released – Supports iOS 5.0.1

0
6 months ago
by Shay in , , , , , , , , , , , , , ,

iOS 5.0.1 was Apple’s answer to the battery problems plaguing iOS 5. Although, it has been reported that iOS 5.0.1 doesn’t seem to be fixing the problem at all. iOS 5.0.1 also plugs up some important jailbreak exploits that hackers are working on using to develop the untethered jailbreak for iOS 5. Since it plugs up those exploits, Pod2g recommended not upgrading so that you can remain on the firmware that will support the untethered jailbreak when it comes out. If, however, you’re too late and you’ve installed iOS 5.0.1 and are having trouble downgrading, you can still have a tethered jailbreak for your device. iH8sn0w tweeted just a few minutes ago that sn0wbreeze has been updated to jailbreak iOS 5.0.1.

This jailbreak tool only supports Windows and is not for Mac. Mac users can use redsn0w to jailbreak their iOS 5.0.1 device; Windows users can choose between this tool or redsn0w. Like I mentioned in the last news article that I wrote about sn0wbreeze, I feel that sn0wbreeze is an easier tool to use because of the pictures and better directions which take you step by step. This is a great way for new jailbreakers to understand how jailbreaking works. It seems more simple than redsn0w. While redsn0w has less steps involved, it doesn’t really explain anything, you generally need to read a guide to learn how to use it, or have previous experience. Yet with sn0wbreeze you can be totally new to jailbreaking and understand what it’s telling you to do because of the visuals.

Whats New in Version 2.8b11?

  • Supports iOS 5.0 (9A334)/5.0.1 (9A405)
  • Fixed iBooks sandbox crashing issues (as of 2.8b9).
  • Fixed location services issues with iPhone 3GS users running the iPad baseband (as of 2.8b9).
  • Re-added iPad baseband install option to iPhone 3GS.
  • Tethered devices are booted via iBooty which is extracted to the Desktop after running sn0wbreeze.

Download Sn0wbreeze 2.8 b11

Old bootrom iPhone 3GS’s can still have the untethered jailbreak. Anything newer is still tethered. The whole pastie by iH8sn0w can be read below:

===============================
sn0wbreeze v2.8 [BETA 11]:
===============================
* Supports iOS 5.0 (9A334)/5.0.1 (9A405)
* Fixed iBooks sandbox crashing issues (as of 2.8b9).
* Fixed location services issues with iPhone 3GS
users running the iPad baseband (as of 2.8b9).
* Re-added iPad baseband install option to iPhone 3GS.
* Tethered devices are booted via iBooty which is
extracted to the Desktop after running sn0wbreeze.
===============================
Tethered?
===============================
- iPhone 3GS (old bootrom)…NO
- iPhone 3GS (new bootrom)..YES
- iPhone 4 (GSM)…………YES
- iPhone 4 (CDMA)………..YES
- iPod Touch 3G………….YES
- iPod Touch 4…………..YES
- iPad 1G……………….YES
===============================

************************************************
** iPhone 3GS iPad baseband (06.15.00) users: **
************************************************
- Re-flash the iPad baseband via sn0wbreeze
if you restore(d) to a stock 5.0 firmware.
************************************************

Now available at: http://iH8sn0w.com

// iH8sn0w

Stay tuned for more info!

Source: iH8sn0w

Apple Publicly Releases iOS 5.0.1 – Jailbreakers Should Stay Away

2
6 months ago
by Shay in , , , , , , , , , , , , ,

Apple recently released iOS 5.0.1 (build number (9A405). iOS 5.0.1 is available for the iPhone 4S, iPhone 4, iPhone 3GS, iPod Touch 3G, iPod Touch 4G, iPad, and iPad 2. According to the release notes, iOS 5.0.1 includes the following bug fixes and improvements:

  • Fixes bugs affecting battery life
  • Adds Multitasking Gestures for original iPad
  • Resolves bugs with Documents in the Cloud
  • Improves voice recognition for Australian users using dictation
  • Contains security improvements

It also fixes the ipad 2 smart cover security flaw which was discovered in iOS 5. As mentioned previously, iOS 5.0.1 has supposedly fixed the battery life issues as well. It is currently available via the computer or OTA as well. For those of you who prefer to update via the computer, you can hit the download links below:

Download iOS 5.0.1

MuscleNerd of the iPhone dev team has warned jailbreakers and unlockers to avoid upgrading to iOS 5.0.1. He just tweeted:

Jailbreakers and unlockers should avoid today’s 5.0.1 until a flow for downgrading to 5.0 is developed.

As previously mentioned, the exploit pod2g discovered was one specifically to help untether iOS 5. Updating to iOS 5.0.1 would prevent you from performing the untethered jailbreak for your iOS device, so we’d recommend against it.

Jailbreakers Warned To Avoid Upgrading To iOS 5.0.1 By pod2g

1
6 months ago
by Shay in , , , , , , , , , , , ,

We recently reported that ex-Chronic Dev Team member pod2g tweeted out that he found an untether bug for iOS 5. Other than the information given previously, it is unknown on how far he’s gotten as well as when we can expect public release. Although he’s remained MIA for the last couple of months or so, he seems to be actively keeping us updated on what’s in store. Eight hours ago, he tweeted out a warning to those who want to update to iOS 5.0.1 upon release.

According to his tweet, iOS 5.0.1 will close an iOS security bug found by Charlie Miller that makes exploits dramatically easier to tackle. This would imply that a jailbreak for iOS 5.0 versus iOS 5.0.1 could come quicker. Pod2g clarified in a later tweet that it wasn’t a matter of iOS 5.0.1 never being jailbreakable, it will just be more difficult and will take longer.

So for us end users, what should we do? Below is the grant scheme of things:

iOS 5.0 Users

Remain on this firmware and do not update to iOS 5.0.1. After iOS 5.0.1 releases, Apple will close the signing window for this firmware and won’t allow downgrades. With SHSH not being an option anymore, you may have to wait longer for a jailbreak if you’re on iOS 5.0.1.

iOS 5.0.1 Beta Users

Downgrade back to iOS 5.0. As the above, the signing window will be closed when iOS 5.0.1 is publicly released, leaving you no choice but to update up, not downgrade.

iOS 4 Users

Hang tight. Many of you are most likely on iOS 4 still due to unlocks and baseband issues. Breaking those just to update iOS 5 would be unwise. Information as it comes will be posted to give better clarification in this regard. However, if unlocks and basebands are not an issue for you and you’re able to update to iOS 5, I strongly would. Just as the above, the signing window will close when iOS 5.0.1 releases.

Ultimately, it is your decision whether to take action on what has been stated. However I would take in consideration all the factors on the table and base your decision upon your own personal situation. Stay tuned for more information as it surfaces!

Source: pod2g

Go to Top