Print 30 comment(s) - last by bfellow.. on Oct 12 at 9:54 AM

Two bootrom exploits, two jailbreak solutions; only one can survive

Today was supposed to be the big day for GeenPois0n, an iOS 4.1 jailbreak tool based on the SHAtter exploit. However, Geohot dropped in to steal the show yesterday with the release of his own Limera1n tool.

The problem comes from the fact that Geohot's Limera1n tool uses a different bottom exploit than the one that was supposed to be released today based the work of the Chronic Dev Team and the iPhone Dev Team. Since Apple likely wouldn't release a new hardware revision for current generation devices to block the bootrom exploit, it would be useable until Apple releases its next generation iOS devices.

Instead of releasing two separate bootrom exploits in short succession, giving Apple the opportunity to kill both of them at once when the latest crop of iOS devices are released, the Chronic Dev Team has made the decision to delay its SHAtter-based exploit and instead release a new tool based on Geohot's implementation according to Redmond Pie.

The Chronic Dev Team states:

Thanks to the irresponsible antics of geohot, we will have to delay the release of greenpois0n (new ETA = as soon as possible), so that we have time to clean up his little mess and integrate the exploit he uses in limera1n into greenpois0n. This way, we can save SHAtter for future devices that may still be vulnerable to it.

We know that this is not what some people want to hear, but due to geohot needing to feed his ego (as usual) and revealing his limera1n exploit, we do not have any other responsible options.

The Chronic Dev Team seems especially peeved that Geohot's Limera1n is simply a beta release and has plenty of bugs in it, and that it was seemingly released a day before GreenPois0n just to steal the spotlight. In addition, Geohot's jailbreak only works on Windows-based machines -- for now.

But the good news is that a jailbreak solution for the iPhone 4 and iPod touch 4G is now available, albeit in less than optimum form. If you want to take your chances and use Geohot's solution, you can grab it here (Windows-only). However, it may be a safer bet until GreenPois0n is updated to take advantage of Geohot's exploit.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Call me crazy but...
By Motoman on 10/10/2010 3:02:42 PM , Rating: 5
...I reckon that the next time I'm buying a phone, I won't buy one that I have to hack in order for it to work as I would want it to.

RE: Call me crazy but...
By Brandon Hill on 10/10/10, Rating: -1
RE: Call me crazy but...
By B3an on 10/10/2010 5:45:07 PM , Rating: 3
That's true but other smartphone OS's are not as locked down and far more capable by default. With iOS jailbreaking is really needed to make the phone useful for some people.

RE: Call me crazy but...
By Brandon Hill on 10/10/2010 7:22:35 PM , Rating: 2
Far more capable of what? I don't mean to keep prodding, but I'm honestly curious as to what makes the other phones more capable out of the box?

Prior to iOS 4.x, I would agree with you, but now I'm not so sure when compared to Android OS and webOS.

I've been using a Sprint EVO 4G side-by-side with my iPhone 4 for a few months now, and with the exception live weather data and other widgets on the home screen courtesy of HTC Sense, I don't really find it THAT much more capable in day to day use.

RE: Call me crazy but...
By Motoman on 10/10/2010 7:39:35 PM , Rating: 3

The ability to buy apps from wherever you want.

Antenna works.

Can use whatever media manager you want.

Just a few thoughts there.

RE: Call me crazy but...
By Motoman on 10/10/2010 7:40:48 PM , Rating: 2
Oh, and forgot the most important feature any phone can ever have...a physical keyboard.

RE: Call me crazy but...
By bbomb on 10/10/2010 8:48:13 PM , Rating: 2
Android 2.1 doesnt have Flash in it.

RE: Call me crazy but...
By MGSsancho on 10/10/2010 11:04:49 PM , Rating: 2
it has Flash Memory chips like any other phone =P

RE: Call me crazy but...
By Motoman on 10/11/2010 12:17:40 AM , Rating: 2 what point did I say anything about Android? At any rate, if a phone that I thought I wanted didn't support Flash, then I would no longer think I wanted it...regardless of the OS or anything else.

RE: Call me crazy but...
By vol7ron on 10/11/2010 11:17:26 AM , Rating: 2
Is "far more capable" really being debated?

1. Tethering

2. Unrestricting 3G - you know, those media files that will only download on WiFi because they're over 10MB

3. Task Manager - S.ucker Jobs says OSs done right don't need a task manager. He's right. iOS needs a task manager. There are a lot of processes that sit dormant in the background waiting to die. When I can free up memory and kill the application, I notice a huuuuge improvement in battery life over a fresh install.

4. Apps that can modify phone settings - I don't know if I would be able to live w/o a 5 column 5 row springboard anymore.

iOS was only a small improvement over iPhone OS 3, but in my opinion it is still lacking in major ways.

RE: Call me crazy but...
By theapparition on 10/11/2010 11:10:32 AM , Rating: 2
Then I guess it's a good thing Android 2.2 has been released?

Including the EVO that Brandon was initially talking about.

RE: Call me crazy but...
By kake on 10/11/2010 3:52:16 AM , Rating: 2
Brandon, I'm curious as well. The app store for the iPhone is very well stocked. Flash is beginning to become seriously overrated (and underneeded) as far as video sites go. The antenna issue is a bit of a non-issue, and any issue people have with a physical keyboard is not going to ever be resolved with Apple. Pretty much anything you need comes preloaded or is available. Gentleman, what is the problem with the iPhone?

To note, I do not own a single Apple product. I have, however, used extensively an iPhone 3G and 4, as well as a current MacBook Pro. Each of these products I find exceptionally easy to use, good looking, and thoughtfully built. I just happen to be 'poor', willing to build my own Core i3 media center, and not need web access on the job (phone-wise).

RE: Call me crazy but...
By BruceLeet on 10/11/2010 7:10:41 AM , Rating: 4
Gentleman, what is the problem with the iPhone?

It's all a bit of tug of war for all ego's involved. There is actually nothing wrong with anything.

Lord Jobs doesn't want his magical devices tampered with.

Devs/hackers want to show they are good at writing code and/or breaking it.

And the consumers, who in the end want to feel CONTROL over a device they paid for.

RE: Call me crazy but...
By theapparition on 10/11/2010 11:18:55 AM , Rating: 2
Gentleman, what is the problem with the iPhone?

As stated, the lack of customization of the platform is a huge downside of the iPhone. Simple things like the unified notification tray make the Android platform much easier to use.

But to answer your question in another way, the iPhone is like a Toyota. Sure, there's been a few issues in the media lately, but there's not anything particuarly wrong with most Toyotas. But at the same time, for the same price or less (phone wise) you can also buy Mercedes or BMW or Ferrari. So why settle for that Toyota when you could do a lot better for less money.

RE: Call me crazy but...
By Donkey2008 on 10/11/2010 2:54:11 PM , Rating: 2
And they say iPhone owners are self absorbed. Yikes.

To use your logic, most iPhone owners are out driving their Toyotas. They go offroading (ever see an FJ?) or go street racing, yet still drive their daily commutes to work effectively. By contrast, most Android owners have their BMWs or Mercedes parked in the garage and they are too busy "customizing" the radio to ever bother with actually driving it. People actually use iPhones instead of just customizing the desktop 90% of the time.

I cannot count how many times a supreme Android owner has showed me how their phone makes "transformer" sounds or how cool their animated wallpaper is. Heck, on at least 10 occasions I have had an Android owner show me how it plays Youtube videos "because it has Flash and iPhone doesn't", without even realizing their own ignorance of the capabilities of iPhone. At least when an annoying iPhone owner is showing me a new app they installed, it has some use other than eye candy.

Sorry, but this whole "open platform" thing has yet to pan out. If and when it does, Android will have a better platform, but for now the iPhone provides much more useful experience for the average user. If you are a high-level user, jailbreak your iPhone in 5 minutes and you have an open source market equal, if not better, than the current Android market.

RE: Call me crazy but...
By Chocobollz on 10/12/2010 4:33:02 AM , Rating: 2
If you are a high-level user, jailbreak your iPhone in 5 minutes and you have an open source market equal, if not better, than the current Android market.

Good, and 5 minutes later, Steve Jobs wakes you up from your dream.

RE: Call me crazy but...
By bfellow on 10/12/2010 9:54:22 AM , Rating: 2
If Justin Long jailbreaks his phone, then obviously every "I'm a Mac" person should jailbreak theirs!

Before anyone says otherwise...
By CZroe on 10/10/2010 6:17:21 PM , Rating: 4
Before anyone says otherwise, let me point out a few things:
First of all, the race was on even before GreenPois0n's release date was announced. In fact, they announced it specifically to pressure Geohot to not release his. Behind the scenes, Geohot had offered Chronic Dev his exploit and they turned it down, despite there being good reason to use it instead of SHAtter (I'll get to that). In the best interest of everyone else, he threatened to release his first so that they would not waste the SHAtter exploit. That's what prompted them to rush and announce a release date. Rest assured: We wouldn't have had EITHER jailbreak this weekend if it were not for Geohot's pressure. This did not come from nowhere.

Now, here's what happened: Chronic Dev had been working on their exploit for months. Geohot was sitting on his until the time was right. Though different, they were both bootrom exploits that would be blocked in future devices once Apple updated the bootrom in response to each. This is why it made sense to release each at the right time. During this period of SHAtter being developed into Greenpois0n, there was no real reason to release one before the other except that SHAtter was further developed, so it didn't yet make sense to release Geohot's Limera1n exploit yet.

Here's what changed: Though the bootroms can only be updated on new devices, iBoot is based on the same code and can be updated. Apple recently updated the iBoot in the iOS4.2 beta and they clearly patched the flaw Geohot's exploit relies on DESPITE it not being released/used yet. This means that Apple is already aware of the issue and the fixed bootrom is already on the way in new devices. The advantage of a bootrom exploit is that it can continue to be used on all existing devices regardless of the iBoot/iOS updates. They are "pwned for life." That means that there is no advantage to holding Geohot's Limera1n exploit any longer. If SHAtter were released this weekend instead, then Apple would patch BOTH exploits in the next bootrom EVEN IF GEOHOT'S EXPLOIT WAS NEVER USED. This is what the vast majority of people are leaving out of the story.

RE: Before anyone says otherwise...
By CZroe on 10/10/2010 6:17:55 PM , Rating: 4
Now, as for the accusations of him "stealing" Comex's exploit, understand this: Comex has never called him a theif or his actions "stealing." Also, people keep saying that it is a new/unreleased exploit when it isn't. Basically, there are two exploits needed for an untethered Jailbreak. The first is code execution with escalation and the second involves getting it to persist after a reboot. When Comex's "Jailbreakme" exploit launch recently, there was the code escalation "PDF browser" exploit to initially Jailbreak the device and then an "untether" trick where the code gets loaded in the frame buffer during boot (the corruption on the Apple logo screen) in order to persist. Apple patched the PDF part of the exploit and left the untether part of it alone because, well, they had already patched the only exploit known to use it. That said, they almost certainly would have patched it too in the next major iOS revision. Comex's untether exploit is open source and documented. People keep saying he has a "new" exploit that he shared with Geohot in confidence but this is NOT the case. He simply adapted it to the latest iOS version. Geohot himself expressed surprise that it wasn't patched yet. WHICHEVER exploit was released first deserved to use Comex's untether trick because it should be used while it still can, considering that Apple was already aware of it and will fix it very soon. Comex himself expressed some disappointment that it was used without his approval, but he NEVER said that Geohot "stole" anything. All "thief!" accusations come from others who are either every bit as confused as the unwashed masses or are expressing sour grapes at being out-played by Geohot.

So, why did Chronic Dev insist on releasing SHAtter first when that would burn TWO exploits even if Geohot never released anything? The only conceivable reason is because it was nearly ready and they didn't want to waste the untether trick on Geohot's only to release their first JB as a tethered JB. Both are short-sighted reasons that negatively impact the community and harm Cydia developers by causing them to miss out on many potential customers who are stuck with unjailbreakable devices... not to mention the people themselves stuck with a device they can't use as they please. It was good for the devs, good for the users, and good for the legitimacy of the growing market. Aren't they supposed to be fighting for their legal legitimacy against Apple? Geohot did NOT want to be tasked with this exploit (he "retired," remember?) and offered it to them for them to use in Greenpois0n but they refused, forcing his hand. If they had accepted, all it would have meant was a delay in Greenpois0n and another "thanks Geohot!" in the readme.txt file, yet people mischaracterize this as Geohot trying to steal the limelight from them.

Please don't have the same knee-jerk reaction and realize that this is for the best. There are a many reasons why Geohot's actions were the right course of action and not one supporting Chronic Dev. Yes, it would be frustrating to have to let go of most of your work and then use it to make someone else's better in such short notice, but that's not what this is about and exploiting the exploits effectively should be TOP priority.

*this message was split because Dailytech thought it was SPAM!*

RE: Before anyone says otherwise...
By bbomb on 10/10/2010 8:53:43 PM , Rating: 1
This is all a dick measuring contest over software that is offered for free that Apple will eventually kill.

By chagrinnin on 10/11/2010 12:00:07 AM , Rating: 2
By alexton108 on 10/10/2010 8:57:30 PM , Rating: 2
We love Geohot's great work and 100% support their decision to release the first jailbreak for Iphone 4.1.
It's good to know that we also have another secret weapon for the next major Apple iOS. Thanks Geohot and Chronic Dev.

By malibu on 10/10/2010 11:25:10 AM , Rating: 2
Well, I can tell you limera1n worked on my 3GS, 4.1 unit just fine.

I am a nobody in all of this, but I find it odd and amusing that geohot is taking so much heat over this. In my opinion, unjustly. He did say he would release it on the 1 year anniversary of blackra1n, and he did. It does work as advertised, and it tool less than 30 seconds to do.

I find it odd that the other product is constantly being delayed, and when geohot delivers, half of the community comes down on him.

RE: limera1n
By aegisofrime on 10/10/2010 12:06:01 PM , Rating: 2
I can't comment on the ethical or moral aspects of geohot's actions, but personally I'm wondering what does greenpoison have that limera1n doesn't have... They both jailbreak iOS 4.1, they are both untethered, and geohot is going to be fixing bugs while Chronic Dev is rushing to use his exploit...

RE: limera1n
By vol7ron on 10/10/2010 12:44:50 PM , Rating: 2
I agree, Blackra1n was supposedly buggy at first. I'm still using it because I find backups to be tedious and haven't had problems on 3GS.

I think they're just mad they're not in the "limelight". Generally when something is buggy, it is because it requires some sort of special special install (like tethered installation). However, there was a supposed speed/performance increase in the bug fixes of blackra1n.

I think Chronic Dev Team is wise in not releasing another hole, for a just-in-case scenario. If they really want George to not do this, they should do something to bring him aboard. Otherwise, work quicker for the fame.

Besides, with all the greenpois0n trojans/viruses now floating around (possible Apple employees creating havok?), the team should consider a rename.

Moving on from the trivial
By Tony Swash on 10/11/2010 5:30:16 AM , Rating: 3
I know some people get jolly excited about jail breaking and all, but its pretty trivial stuff compared to the big picture, the giant technological revolution which is rapidly unfolding and which is the result of what we currently call smart phones.

Brian S Hall runs an amusing and though provoking blog called "the smartphone wars"

Its here:

Here is his most recent post which his "Smartphone top 10: predictions on how the smartphone will change you in the next 50 months" Meant to be provocative and somewhat amusing - although he is serious about the dramatic nature of the impact of smart phones - what do you guys think of his predictions?

The smartphone is changing everything, mostly through destruction but also, to a far lesser extent, by creation; creation of new businesses, new modes of content, new forms of learning, connecting, seeking, finding. Here's my top ten predictions for how the smartphone will change -- you -- over the next 50 months:

1: You will have a child. This child will never use anything made by Microsoft.

2: You, your friends and loved ones will have 'contests' over who is verifiably least knowledgeable about popular trends and celebrities

3: As many times as you use your smartphone to 'check-in' today, you will do the reverse in 50 months. Your smartphone will always auto-check you in, you will periodically set it to check-out of some place, location (or group).

4: You will spend more on content for your smartphone than you do on cable/satellite television. On the plus side, you will not pay for any content you do not want.

5: You will have at least one friend whose job seems to your 2010 self as a type of ongoing, continuously updated smartphone game.

6: 90% of the information we provide and/or access dailiy via our smartphones will touch Facebook.

7:The majority of your voice calls will be video calls.

8: You will periodically tease yourself into seeing how long you can go without checking your smartphone. In reality, this will prove fruitless and you'll devise more odd ways of keeping it out of sight, hearing and mind. Think of it like how you will try and ignore a big bowl of M&Ms placed next to you on your desk. How long can you go without having some? It will be like that.

9: You will utilize a variety of hyper-local business listings and similar data that is curated by prisoners.

10: You will drive a car that has a high-level of integration to your smarpthone and enables you to easily text, call, search and update while driving

Bonus: You will never again go inside a bank with one exception:

finalizing your parents' estate

RE: Moving on from the trivial
By Alexstarfire on 10/11/2010 10:40:02 PM , Rating: 2
1. Dumb
2. Dumb, and already done with some people
3. Makes no sense.
4. The only point that might turn out to be true. It's a little over 4 years from now and I don't know how 4G will change things during that time period.
5. I don't really understand. Could be, but probably not.
6. Doubtful.
7. I know that won't happen. Video calls have been around for years and is hardly ever used. That won't change. Hell, if anything the reverse seems to be true. We'd rather have less direct contact, which is why text messaging took off.
8. Could be, will depend on the person. I use my phone for several things around my house and while my phone isn't necessary for them, it's a big help.
9. Makes no sense either.
10. Very doubtful.

More amusing predictions than anything else. I think that's what he was going for though.

Funny typo
By PrinceGaz on 10/10/2010 10:23:51 PM , Rating: 2
The problem comes from the fact that Geohot's Limera1n tool uses a different bottom exploit than the one that was supposed to be released today based the work of the Chronic Dev Team and the iPhone Dev Team


RE: Funny typo
By MGSsancho on 10/10/2010 11:07:41 PM , Rating: 2
Be careful when you do when your trying to exploit a bottom, possibly NSFW

speaking of jailbreaking
By tastyratz on 10/11/2010 9:58:07 AM , Rating: 2
the ps3 has been jailbroken for awhile now with tons of new development since I submitted articles. Any reason its gotten 0 exposure here on DT? Sony pay for ad time?

“And I don't know why [Apple is] acting like it’s superior. I don't even get it. What are they trying to say?” -- Bill Gates on the Mac ads
Related Articles

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki