Some hours ago GeoHot released his unlock answer to the latest baseband of Apple’s iPhones. Now with BlackRa1n jailbreaking of firmware 3.12 and with BlackSn0w unlocking of baseband 05.11.07 is a hitch for almost everyone. Kudos fly out to notorious GeoHot.
» GeoHot: BlackSnow is live…
George Hotz – by now almost any iPhone user should know that guy – hacked the latest baseband firmware 05.11.07. The unlock will be named BlackSn0w, well …
That means all carrier or SIM locked iPhones around the globe running this latest firmware can be used with different SIM cards from different carriers. Thus making holidays no roaming fee horror show.
Information about the unlock procedures will be released on BlackRa1n.com on Nov 04, 2009. Until then, enjoy GeoHot’s video proof:
Kudos fly out to GeoHot. Standing work, dude. But why the hell is there always Snow, Rain, Snow, Rain. Why no sunshine, guys?
GeoHot fixed some minor things with his BlackRa1n Jailbreak application. Download BlackRa1nh here.
** Update — RC2 is out **
Fixed 3G issues
Tethered jailbreak for 3.1 OOTB ipt 8GB and new 3GSes
Fixed Icy issues
Both Windows and Mac
If you used RC1 with success, no need to rerun
Today notorious GeoHot released a standing new jailbreak tool called BlackRa1n. BlackRa1n is currently only available for Microsoft Windows. It is supposed to jailbreak any 3.x based iPhone or iPod touch. No matter if you’ve jailbroken before or not.
BlackRa1n is fairly self explaining and straight forward designed. It’ll bring your iPhone or iPod Touch automatically into Recovery Mode.
Sadly currently BlackRa1n does not hacktivate your iPhone. So you still need a valid subscription with an Apple licensed carrier or a factory unlocked iPhone.
Kudos fly out to GeoHot. Standing work again.
GeoHot today posted a photo of a jailbroken iPod Touch running iPhone OS 3.1. He eventually made it. As of now there is no more information available, but it is likely that this is the approach he and the Chronic Dev Team were talking about.
What has happened so far
Some irritation is going on in the Apple hacking community. On the one hand GeoHot today announced that there will be a tool that will allow jailbreaking all iPhones and iPod Touchs, but as he wished to perform further tests he didn’t tell anything about the procedure.
The Chronic Dev Team on the other hand who seem to have been working together with GeoHot now released the technical details about this hack. Sadly as there is no GreenPois0n tool available as of now, the technical details are most likely useless for 99,9% of all iPhone and iPod users.
Reasons are unknown why the Chronic Dev Team released the information before a tool has been finished. But it seems GeoHot is not amused by taking these steps.
Update 2009, Oct 19th: GeoHot and the Chronic Dev Team tell they have independently found the bug that allows for jailbreaking the 3.1 firmware.
Enduser compatible information
According to mFX.ch (german only) the forthcoming GreenPois0n jailbreak tool will not require to bring the iPhone into DFU mode. The GreenPois0n will be released on the PirateBay*.
External Links
» GeoHot on the universal 3.1 jailbreak…
» Chronic Dev Team on 3.1. jailbreak progress…
» GreenPois0n site (only dummy page atm)…
» TheiPhoneWiki with technical details…
* for legal reasons here in Germany we cannot link directly to the PirateBay.
Update July 5th, 2009: GeoHot now also provides a Mac OS X version of the jailbreak tool. Windows and Mac versions ready for download at purplera1n.com…
That’s it with the 3.0 firmware and the iPhone jailbreaks. Apple has been beaten again. This time by GeoHot. Although the iPhone Dev Team seems to have their programs already prepared they preferred to wait with the release of an updated PwnageTool. GeoHot did not wanna wait and decided to release a Windows based jailbreak tool for the iPhone 3Gs called PurpleRa1n.
Status
All three iPhone generations can now be activated, jailbroken and unlocked with the current firmware 3.0. Currently for the iPhone 3Gs there is only a Windows version available that is under strong beta testing. Anyway you can give it a try. The security whole that gets exploited in the iPhone 3Gs is well known as the 24k bug that has been found in january in the iPod Touch 2nd generations.
After jailbreaking, the iPhone Dev Team’s UltraSn0w should unlock your baseband.
Our recommendations
By now you know we are the conservative ones. We recommend: wait a couple of days. PurpleRa1n is still beta. But can hacks ever become stable? ;-)
More information to be found here:
» GeoHot accounces jailbreak for iPhone 3Gs…
» iPhone Dev Team confirm unlock of iPhone 3Gs…
» Get iPhone 3Gs jailbreak tool (PurpleRa1n.exe) here…
GeoHot posted a picture showing that he managed to run custom commands on iBoot. This seems to be the first major step for a jailbreak. Moreover GeoHot also managed to find the key for the Ramdisk while MuscleNerd of the iPhoneDevTeam obviously has already found the vfdecrypt key.
All this is good news. Anyway aswell as GeoHot and the DevTeam will have lots of work to do. Don’t expect anything soon, since GeoHot also found a new security addition called ECID, which obviously gets generated by Apple’s servers and which seems to be unique to every iPhone. Every restore seems to have to be validated by Apple’s servers. And this is bad news.
» Running custom commands on iBoot…
» Ramdisk key found…
» ECID signature layer found…
We’ve recently reported that exploits can be applied to the baseband bootloader 5.8 to install any bootloader. Now a working exploit has been released via Cydia.
As we have not tested this program we strongly recommend not to try this for two reasons: first it seems this package is in violation of Apple’s copyright, as it distributes a bootloader and second the script seems to have issues. In quite a few cases downgrading did not work, although everything seems to have applied properly. Don’t use untested exploits. Sideeffects and damaged basebands might be the result.
George Hotz – well known to the iPhone scene as GeoHot – has put some efforts into analyzing the behaviour of the bootloader 5.8 that is running in many iPhone 3G’s. He found the signature checking of the bootloader is buggy. By exploiting this bug we are now able to up- and downgrade the bootloader. Sadly many of nowadays iPhone 3G’s contain bootloader 5.91. which added an RSA check that GeoHot could not circumvent yet. Read his whole article here.
By the way: this seems to be the same exploit the iPhone Dev Team used and released to be able to be used for manipulating (read our news here). Anyway GeoHot did standing work again. Kudos to you, dude.