Amongst UnthreadedJB constantly tweeting their signature “We R Not #FAKR” and videos showcasing a jailbreak demo, they still have time to release a new jailbreak method of some sort. This time, however, it is a bootrom exploit. Yet, not exactly.
Announced on Twitter, UnthreadedJB released this new tool just hours ago. The caveat is that it is compatible with Linux only, working particularly well with the Gentoodistro.
A bootrom exploit is at that hardware level and cannot be patched through a software update. The last bootrom exploit was limera1n, which was used to jailbreak A4 devices and lower by Geohot. Perhaps if UnthreadedJB is real, it can extend to the iPhone 5 and perhaps the iPhone 5C and iPhone 5S that are expected to be announced onSeptember 10th. A fingerprint sensor couldn’t keep a jailbreak away.
On a discussion thread on Reddit, user FourXeroTwo dissected this new tool.
This Tool is NOT a jailbreak. This Tool is a proof that they indeed have a bottom exploit. This tool will ONLY put your device in pwnedDFU mode, which is exactly what the tool claims to be doing (read the log). pwnedDFU can only be achieved with an hardware exploit.I have an i4 and others posted that this uses a modified version of SHatter (Chronic Dev’s never released, though well documented, A4 exploit) that supposedly works on all devices. It your turn to test this on non-A4 devices. And report here ofc.This exploit allows to inject the jailbreak data and at least inject it again after the phone is powered off to boot tethered. All that is needed now is time, the necessary kernel patches and other data to perform a jailbreak are already in place. At least for 6.1.3/4 the patches from evasi0n should work with no or only minor changes.The biggest step now would be to create a proper tool.And obviously other exploits are to make this an untethered jailbreak, thought I am onlyassuming here that this exploit will result in a tethered jailbreak. The original SHatter exploit(s) was only tethered and I do not know how much this exploit is different from SHatter.
Developer Winocm also confirmed the rebuilt SHAtter exploit on the same thread.
After a bit of analysis and sleep depirvation, this looks like the first public implementation of the SHAtter vulnerability. As far as I know, it was never published in its entire form.The usual rules for SHAtter would apply. This program puts your device into a pwned DFU state, much like limera1n.
At least one user has got it right after several times, posting this screenshot:
Meanwhile the progress bar on UnthreadedJB.com has increased by 25 percent. It seems to me that UnthreadedJB can’t do much on their own but likes to work off of other jailbreak developers releases. In their last release, they rebuilt Evasi0n for iOS 4.3.5 through iOS 5.1.
You can download this semi-jailbreak at UnthreadedJB.com if you wish to do your own testing. And if you are wondering, there is no solid evidence that this supports A5 or higher devices.
Does this change your perception of UnthreadedJB and who is behind all of thismasquerade?
While we are on the subject of bootrom exploits, famed iOS developer Joshua Hill hinted that he may one of his own.
However this was quickly dismissed by MuscleNerd and himself. These two developers have been at each other’s throats in the past.
0 comments :
Post a Comment
Share your ideas with us .. let us know your thoughts about this .