backtop


Print 30 comment(s) - last by bfellow.. on Oct 12 at 9:54 AM

Two bootrom exploits, two jailbreak solutions; only one can survive

Today was supposed to be the big day for GeenPois0n, an iOS 4.1 jailbreak tool based on the SHAtter exploit. However, Geohot dropped in to steal the show yesterday with the release of his own Limera1n tool.

The problem comes from the fact that Geohot's Limera1n tool uses a different bottom exploit than the one that was supposed to be released today based the work of the Chronic Dev Team and the iPhone Dev Team. Since Apple likely wouldn't release a new hardware revision for current generation devices to block the bootrom exploit, it would be useable until Apple releases its next generation iOS devices.

Instead of releasing two separate bootrom exploits in short succession, giving Apple the opportunity to kill both of them at once when the latest crop of iOS devices are released, the Chronic Dev Team has made the decision to delay its SHAtter-based exploit and instead release a new tool based on Geohot's implementation according to Redmond Pie.

The Chronic Dev Team states:

Thanks to the irresponsible antics of geohot, we will have to delay the release of greenpois0n (new ETA = as soon as possible), so that we have time to clean up his little mess and integrate the exploit he uses in limera1n into greenpois0n. This way, we can save SHAtter for future devices that may still be vulnerable to it.

We know that this is not what some people want to hear, but due to geohot needing to feed his ego (as usual) and revealing his limera1n exploit, we do not have any other responsible options.

The Chronic Dev Team seems especially peeved that Geohot's Limera1n is simply a beta release and has plenty of bugs in it, and that it was seemingly released a day before GreenPois0n just to steal the spotlight. In addition, Geohot's jailbreak only works on Windows-based machines -- for now.

But the good news is that a jailbreak solution for the iPhone 4 and iPod touch 4G is now available, albeit in less than optimum form. If you want to take your chances and use Geohot's solution, you can grab it here (Windows-only). However, it may be a safer bet until GreenPois0n is updated to take advantage of Geohot's exploit.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Before anyone says otherwise...
By CZroe on 10/10/2010 6:17:21 PM , Rating: 4
Before anyone says otherwise, let me point out a few things:
First of all, the race was on even before GreenPois0n's release date was announced. In fact, they announced it specifically to pressure Geohot to not release his. Behind the scenes, Geohot had offered Chronic Dev his exploit and they turned it down, despite there being good reason to use it instead of SHAtter (I'll get to that). In the best interest of everyone else, he threatened to release his first so that they would not waste the SHAtter exploit. That's what prompted them to rush and announce a release date. Rest assured: We wouldn't have had EITHER jailbreak this weekend if it were not for Geohot's pressure. This did not come from nowhere.

Now, here's what happened: Chronic Dev had been working on their exploit for months. Geohot was sitting on his until the time was right. Though different, they were both bootrom exploits that would be blocked in future devices once Apple updated the bootrom in response to each. This is why it made sense to release each at the right time. During this period of SHAtter being developed into Greenpois0n, there was no real reason to release one before the other except that SHAtter was further developed, so it didn't yet make sense to release Geohot's Limera1n exploit yet.

Here's what changed: Though the bootroms can only be updated on new devices, iBoot is based on the same code and can be updated. Apple recently updated the iBoot in the iOS4.2 beta and they clearly patched the flaw Geohot's exploit relies on DESPITE it not being released/used yet. This means that Apple is already aware of the issue and the fixed bootrom is already on the way in new devices. The advantage of a bootrom exploit is that it can continue to be used on all existing devices regardless of the iBoot/iOS updates. They are "pwned for life." That means that there is no advantage to holding Geohot's Limera1n exploit any longer. If SHAtter were released this weekend instead, then Apple would patch BOTH exploits in the next bootrom EVEN IF GEOHOT'S EXPLOIT WAS NEVER USED. This is what the vast majority of people are leaving out of the story.




RE: Before anyone says otherwise...
By CZroe on 10/10/2010 6:17:55 PM , Rating: 4
Now, as for the accusations of him "stealing" Comex's exploit, understand this: Comex has never called him a theif or his actions "stealing." Also, people keep saying that it is a new/unreleased exploit when it isn't. Basically, there are two exploits needed for an untethered Jailbreak. The first is code execution with escalation and the second involves getting it to persist after a reboot. When Comex's "Jailbreakme" exploit launch recently, there was the code escalation "PDF browser" exploit to initially Jailbreak the device and then an "untether" trick where the code gets loaded in the frame buffer during boot (the corruption on the Apple logo screen) in order to persist. Apple patched the PDF part of the exploit and left the untether part of it alone because, well, they had already patched the only exploit known to use it. That said, they almost certainly would have patched it too in the next major iOS revision. Comex's untether exploit is open source and documented. People keep saying he has a "new" exploit that he shared with Geohot in confidence but this is NOT the case. He simply adapted it to the latest iOS version. Geohot himself expressed surprise that it wasn't patched yet. WHICHEVER exploit was released first deserved to use Comex's untether trick because it should be used while it still can, considering that Apple was already aware of it and will fix it very soon. Comex himself expressed some disappointment that it was used without his approval, but he NEVER said that Geohot "stole" anything. All "thief!" accusations come from others who are either every bit as confused as the unwashed masses or are expressing sour grapes at being out-played by Geohot.

So, why did Chronic Dev insist on releasing SHAtter first when that would burn TWO exploits even if Geohot never released anything? The only conceivable reason is because it was nearly ready and they didn't want to waste the untether trick on Geohot's only to release their first JB as a tethered JB. Both are short-sighted reasons that negatively impact the community and harm Cydia developers by causing them to miss out on many potential customers who are stuck with unjailbreakable devices... not to mention the people themselves stuck with a device they can't use as they please. It was good for the devs, good for the users, and good for the legitimacy of the growing market. Aren't they supposed to be fighting for their legal legitimacy against Apple? Geohot did NOT want to be tasked with this exploit (he "retired," remember?) and offered it to them for them to use in Greenpois0n but they refused, forcing his hand. If they had accepted, all it would have meant was a delay in Greenpois0n and another "thanks Geohot!" in the readme.txt file, yet people mischaracterize this as Geohot trying to steal the limelight from them.

Please don't have the same knee-jerk reaction and realize that this is for the best. There are a many reasons why Geohot's actions were the right course of action and not one supporting Chronic Dev. Yes, it would be frustrating to have to let go of most of your work and then use it to make someone else's better in such short notice, but that's not what this is about and exploiting the exploits effectively should be TOP priority.

*this message was split because Dailytech thought it was SPAM!*


RE: Before anyone says otherwise...
By bbomb on 10/10/2010 8:53:43 PM , Rating: 1
This is all a dick measuring contest over software that is offered for free that Apple will eventually kill.


By chagrinnin on 10/11/2010 12:00:07 AM , Rating: 2
By alexton108 on 10/10/2010 8:57:30 PM , Rating: 2
We love Geohot's great work and 100% support their decision to release the first jailbreak for Iphone 4.1.
It's good to know that we also have another secret weapon for the next major Apple iOS. Thanks Geohot and Chronic Dev.


"It looks like the iPhone 4 might be their Vista, and I'm okay with that." -- Microsoft COO Kevin Turner

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki