Steffan Esser hat es erneut geschafft das aktuellste iOS erfolgreich mit einem untethered Jailbreak zu versehen. In einem Video beweist er, dass der Jailbreak funktioniert und entsprechend auch nach dem Neustart des iDevices bestehen bleibt. Esser benutze hier den selben Exploid, den er bereits beim iOS 4.3 untethered Jailbreak verwendete.
Leider hat Esser bisher nicht vor den Jailbreak zu veröffentlichen. Zumindest nicht in den nächsten Tagen. Dennoch dürfte das DevTeam sowie das Chronic DevTeam sich hierdurch inpirieren lassen. Wir sind gespannt.
Bisher müssen eingefleischte Jailbreak Fans auf die komplizierte tethered Jailbreak Methoden zurück greifen.
Video von Steffen Essen: Untethered iSO 4.3.1 Jailbreak auf einem iPod Touch 4G
Originale Beschreibung von Esser
Meanwhile everyone should have noticed that my prediction became true and Apple released iOS 4.3.1 in order to fix the PWN2OWN vulnerability in Safari.
It was very unlikely that Apple also fixed the kernel vulnerability I used for my untether exploit. Mainly because the kernelcache binary is about 8-10 MB in size and the likelihood that Apple finds the same vulnerability in that short amount of time was very low.
However you never know until you try it. So this morning when I woke up and saw that Sn0wbreeze 2.4 beta was released I thought it would be fun to create a new video.
Unfortunately Sn0wbreeze does not work with my iPad 1 and so I had to test with my iPod 4G.
In the video you can see how I switch off the iPod, then restart it, show the version, show that it is tethered and has the multitasking gestures, i show that you can buy ringtones and then I show cydia and the ninja jump game from last time.
Because several people misunderstood me in the past:
a. I repeatedly stated that I will not release a jailbreak tool – I will only give out the untether. I did not try yet, but if it is feasible the untether could be a cydia package.
b. While the vulnerability I use is in the iPad 2 kernel my untether will NOT SUPPORT the iPad 2, because there is no way to install it there (bootrom exploits fixed). – however Comex is working on that part.
c. I am not giving out any ETA again, because the Jailbreak community is simply nuts. Last time I gave an ETA and even before that had passed I got constantly insulted by people that were demanding an immediate release. Sorry guys the more you insult people with the knowledge to actually do what YOU WANT the less motivation there is to use our free time to give it to you.
d. The only reason why I did not finish the untether before the ETA was due to unexpected work overload in my real job. It had nothing todo with the untether being too hard or unreal.
e. I don’t know why the dev team has not released a redsn0w that does tethered jailbreak for 4.3.1 – I would prefer that to be available, cause sn0wbreeze obviously does not work 100% yet.
f. If you want to learn more about iPhone kernel hacking/exploitation you should come to SyScan Singapore at the end of April.http://syscan.org/index.php/sg/program