« Exploit
Guys »

Clarification

There has been some confusion in the comments.

This exploit is in the 2.1.1 iBoot / iBEC / iBSS
So when DevTeam releases their tool, there would be two methods, since they can very easily make it work on 2.2 and beyond. For 2.1 users, it can be fully automated. Their RedSn0w tool would be able to use the md librarry to tell the device to go to recovery mode, and from there, it can be Pwned. For people on 2.2, it is still ridiculously easy. The only difference is, it would have to be QuickPwn style. You would need to be told to hold home and power for X amount of seconds, etc. etc, and it would also need a 2.1.1 ipsw so it can upload the 2.1.1 iBSS, so that the exploit can be utilized. Please note that I am not involved in RedSn0w development, but have already came across the exploit myself, I just did not know how to utilize it properly. The main point here is that it is gone in 2.2, but a tool they make can easily upload a 2.1.1 iBSS to DFU since it would be considered legit Apple code. It was something that was most likely for testing a certain extra something that is included, and was not removed, nor were any signature checks or anything placed upon it :)

I cannot give enough props to the DevTeam for pulling this off, and I am eagerly awaiting their method of bypassing the bootrom signature check, as well as how they were able to actually utilize the exploit :D

This entry was posted on Wednesday, January 14th, 2009 at 2:42 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Viewing 25 Comments