Author Topic: Bootrom exploits  (Read 2792 times)

Offline Android+iPhone

  • Member
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Bootrom exploits
« on: October 09, 2010, 02:32:43 AM »
My question is if SHAtter or geohot's new limera1n is Bootrom than will that mean you can port to 3rd and 4th generation devices?

Offline fenix

  • Member
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: Bootrom exploits
« Reply #1 on: October 09, 2010, 03:38:55 AM »
I will be chuffed to bits if we get android on the iPhone 4.  It'll be the best Smartphone on the market then, either iOS or Android.  All we need some really hard work to get Android for iPhone 4 as good as some of the custom android roms such as CM6.  I really hope we will be dual booting in a couple of months time :)

Offline shaheen

  • Member
  • Posts: 30
  • Karma: +0/-0
    • View Profile
Re: Bootrom exploits
« Reply #2 on: October 09, 2010, 07:09:43 AM »
possibly booting, but very shittily. they would have to write new drivers for everything.
abcdefuckyoughijklmnopqrstuvwxyz

Offline alex

  • Dev
  • Member
  • Posts: 259
  • Karma: +5/-0
  • iDroid too slow? Deal with it.
    • View Profile
Re: Bootrom exploits
« Reply #3 on: October 09, 2010, 09:49:52 AM »
No, it is very unlikely. The exploits are tethered bootrom with a kernel patch to untether the device.
#iphonelinux - General iDroid/openiBoot help and support | #idroid-dev - Contact a developer here | #iX - help and support for iX, an Ubuntu distribution for the iDevices | #iOS - all iOS and iPhone support goes here

All located on irc.osx86.hu

Offline Rekoil

  • Administrator
  • Member
  • *****
  • Posts: 261
  • Karma: +1340/-0
    • View Profile
  • iDevice: iPhone 3GS (old bootrom), iPod Touch 1G
Re: Bootrom exploits
« Reply #4 on: October 09, 2010, 10:36:34 AM »
No, it is very unlikely. The exploits are tethered bootrom with a kernel patch to untether the device.
Actually alex, it seems as though limera1n is an untethered bootrom exploit which would indeed be usable in this project. The reason for geohot releasing limera1n on monday is that he wants greenpois0n to use his exploit and keep theirs for later devices (as the details of theirs are still unknown). This is because he believes Apple already knows how to fix his exploit (meaning it'll be fixed in future hardware revisions of 4th gen hardware anyway), he fears Apple might patch both bootrom exploits in the same hardware revision if greenpois0n releases SHAtter + userland hack on monday.

So the best news will be if on monday greenpois0n release is postpwned for a later date :)
« Last Edit: October 09, 2010, 10:40:17 AM by Rekoil »
32gb factory unlocked iPhone 3GS with early bootrom and shsh for all available firmwares

Offline ddominator

  • The Dominator
  • Global Moderator
  • Member
  • *****
  • Posts: 957
  • Karma: +11/-0
  • Sold his soul to Google
    • View Profile
    • Unofficial iDroid News Blog
  • iDevice: iPhone 2G 3.1.3
  • iDroid Version: MoJo 1.0.4.1
  • Jailbreak: redsn0w 0.94 FTW!!!
Re: Bootrom exploits
« Reply #5 on: October 09, 2010, 10:53:47 AM »
Based on the tweets from comex, limera1n is tethered but will be untethered because of the same userland exploit used by greenpois0n.
Help Google takeover the world. Use Android on your mobile devices, use Chrome Browser, use Chrome OS!!!

Offline Rekoil

  • Administrator
  • Member
  • *****
  • Posts: 261
  • Karma: +1340/-0
    • View Profile
  • iDevice: iPhone 3GS (old bootrom), iPod Touch 1G
Re: Bootrom exploits
« Reply #6 on: October 09, 2010, 11:01:27 AM »
Based on the tweets from comex, limera1n is tethered but will be untethered because of the same userland exploit used by greenpois0n.
Hmm, well even if it's tethered, its still usable on 3GS which is unlikely to get another hardware revision now, better to save SHAtter for when there won't be any more hardware revisions of the current A4 devices so as to maximise compatibility. If Chronic-Dev teams release goes as planned without replacing SHAtter with limera1n then we will be burning 2 bootrom exploits instead of just one.
32gb factory unlocked iPhone 3GS with early bootrom and shsh for all available firmwares

Offline ddominator

  • The Dominator
  • Global Moderator
  • Member
  • *****
  • Posts: 957
  • Karma: +11/-0
  • Sold his soul to Google
    • View Profile
    • Unofficial iDroid News Blog
  • iDevice: iPhone 2G 3.1.3
  • iDroid Version: MoJo 1.0.4.1
  • Jailbreak: redsn0w 0.94 FTW!!!
Re: Bootrom exploits
« Reply #7 on: October 09, 2010, 11:07:34 AM »
Is it really a bootrom exploit?

But yeah I hope limerain can jailbreak the ipt2G MC models...
Help Google takeover the world. Use Android on your mobile devices, use Chrome Browser, use Chrome OS!!!

Offline Rekoil

  • Administrator
  • Member
  • *****
  • Posts: 261
  • Karma: +1340/-0
    • View Profile
  • iDevice: iPhone 3GS (old bootrom), iPod Touch 1G
Re: Bootrom exploits
« Reply #8 on: October 09, 2010, 11:10:47 AM »
Is it really a bootrom exploit?

But yeah I hope limerain can jailbreak the ipt2G MC models...
It can, that much is known, same for all models of iPhone 3GS. But yes, it seems you are right, it gets untethered in userland, the tethered bootrom exploit is just the injection vector, which means we get tethered OiB using either exploit (but limera1n for more devices, so any tool designed by us will likely use limera1n if I get to have my way :P)
32gb factory unlocked iPhone 3GS with early bootrom and shsh for all available firmwares

Offline ddominator

  • The Dominator
  • Global Moderator
  • Member
  • *****
  • Posts: 957
  • Karma: +11/-0
  • Sold his soul to Google
    • View Profile
    • Unofficial iDroid News Blog
  • iDevice: iPhone 2G 3.1.3
  • iDroid Version: MoJo 1.0.4.1
  • Jailbreak: redsn0w 0.94 FTW!!!
Re: Bootrom exploits
« Reply #9 on: October 09, 2010, 11:14:16 AM »
Is it really a bootrom exploit?

But yeah I hope limerain can jailbreak the ipt2G MC models...
It can, that much is known, same for all models of iPhone 3GS. But yes, it seems you are right, it gets untethered in userland, the tethered bootrom exploit is just the injection vector, which means we get tethered OiB using either exploit (but limera1n for more devices, so any tool designed by us will likely use limera1n if I get to have my way :P)

Well then rekoil as Nickp666 asked, startporting OIB to 3GS!!! LOL

But on topic: yes I believe I can jailbreak my iPod Touch 2G 4.1 MC model (stupid Apple update).
Help Google takeover the world. Use Android on your mobile devices, use Chrome Browser, use Chrome OS!!!

Offline Rekoil

  • Administrator
  • Member
  • *****
  • Posts: 261
  • Karma: +1340/-0
    • View Profile
  • iDevice: iPhone 3GS (old bootrom), iPod Touch 1G
Re: Bootrom exploits
« Reply #10 on: October 09, 2010, 11:19:58 AM »
It's a shame both the dev teams are so fucking proud. They will never back down to geohot even though we all know geohot always gets his way (because he doesn't care about anything other than his own ego).

I hope the greenpois0n team can man up and wait with releasing their exploit until the next hardware revision.
32gb factory unlocked iPhone 3GS with early bootrom and shsh for all available firmwares

Offline iPwnUK

  • Member
  • Posts: 206
  • Karma: +1/-0
  • *Insert Witty Comment Here*
    • View Profile
Re: Bootrom exploits
« Reply #11 on: October 09, 2010, 10:20:30 PM »
So, an update:

Limera1n was released earlier, and then taken down, then comex allowed geohot to use the userland exploit to allow it to be un-tethered. I'm guessing that it will be officially re-released soonish.
Also, the SHAtter exploit is now being put on hold and greenpois0n is apparently going to use geohot's exploit so as to not waste two boot level exploits in one go.

Seems this thing is starting to work out better than I thought after all, and the best for this project, or so it seems. although i believe that even geohot's exploit is still tethered at boot level, which would mean that openiboot would be tethered if I'm not mistaken... still, its a start!
« Last Edit: October 09, 2010, 10:22:52 PM by iPwnUK »
--------------iPhone 3G with--------------
iOS 4.1, Android 2.2.1 & PSFreedom

---iPhone 4 with Jailbroken iOS 4.1----
-------Game Center ID - iPwnUK--------

Follow @iDroidProject on Twitter for latest updates!

Offline ddominator

  • The Dominator
  • Global Moderator
  • Member
  • *****
  • Posts: 957
  • Karma: +11/-0
  • Sold his soul to Google
    • View Profile
    • Unofficial iDroid News Blog
  • iDevice: iPhone 2G 3.1.3
  • iDroid Version: MoJo 1.0.4.1
  • Jailbreak: redsn0w 0.94 FTW!!!
Re: Bootrom exploits
« Reply #12 on: October 09, 2010, 10:38:48 PM »
Fail though as this does not work on MC models...
Help Google takeover the world. Use Android on your mobile devices, use Chrome Browser, use Chrome OS!!!

Offline iPwnUK

  • Member
  • Posts: 206
  • Karma: +1/-0
  • *Insert Witty Comment Here*
    • View Profile
Re: Bootrom exploits
« Reply #13 on: October 09, 2010, 10:51:51 PM »
no, apparently it doesn't work on the iPhone 3G, iPod touch 2G, or the newer bootrom 3GS, or so I've heard from twitter posts :/
--------------iPhone 3G with--------------
iOS 4.1, Android 2.2.1 & PSFreedom

---iPhone 4 with Jailbroken iOS 4.1----
-------Game Center ID - iPwnUK--------

Follow @iDroidProject on Twitter for latest updates!

Offline Rekoil

  • Administrator
  • Member
  • *****
  • Posts: 261
  • Karma: +1340/-0
    • View Profile
  • iDevice: iPhone 3GS (old bootrom), iPod Touch 1G
Re: Bootrom exploits
« Reply #14 on: October 09, 2010, 10:55:43 PM »
no, apparently it doesn't work on the iPhone 3G, iPod touch 2G, or the newer bootrom 3GS, or so I've heard from twitter posts :/
It should work on new 3GS, just needs fixed patches from what I understand.
Quote from: limera1n.com
known bugs
3GS new bootrom is broken, fix pending
32gb factory unlocked iPhone 3GS with early bootrom and shsh for all available firmwares