Building on the previous Jailbreak for Dummies post, I thought I'd share this story with you guys, maybe it might help newbies understand jailbreaks better. This story revolves around a bootrom exploit/vulnerability that is known as 0x24000 Segment Overflow a.k.a. 24kPwn, that was first discovered on the iPod Touch 2G.
Perhaps it's best explaining what a bootrom is before we begin, and I'll try and do this without breaking your brains:
The bootrom is essentially some codes that runs at startup, and it's job is to check on the status of the boot image. The boot image is the entire iOS that is to be 'booted'. Actually a boot image consist of more than just the iOS, but no need for the extra confusion. So before booting the iOS, the bootrom checks it to make sure it's not corrupted and it's an iOS version authorized by Apple.
Now back to the story.
Hackers @pod2g and @MuscleNerd discovered a hole in the bootrom, and this hole is referred to as 24kPwn. Using this hole, a dedicated group of hackers bypassed the checks and made it possible for unauthorized firmware to be loaded, blessing us all with a beautiful untethered jailbreak.
What makes bootrom exploits cool is that it can only be fixed by a hardware revision. In other words can't be fixed by any form of software update. So if your device's bootrom has an exploitable vulnerability, it's there forever on that device. Just like an underground passageway into a castle. No matter who the king is, or how many guards you have, the passageway is there unless you reconstruct the castle.
So just like that the iPod Touch 2G became a device that can forever be jailbroken. However, by releasing this jailbreak, Apple is now aware of the existence of this hole and can then work on patching it.
Now what happened was the bootrom used on the 3GS dates back a couple of month before the release of 24kPwn. Apple had no idea of it beforehand and could not fix it in time. So when sale of the 3GS began, there was cheers of joy as hackers and jailbreakers realize that the exploit lives on!
Seven months after the release of the exploit, Apple updated the bootrom of new iPhone(s) 3GS and... R.I.P 24kPwn. This resulted in two types of iPhone 3GS (no, I'm not talking about black vs. white 3GS): the old-bootrom and the new-bootrom. Until today, right up till the latest version of iOS, iOS 6, the old-bootrom iPhone 3GS is forever untethered.
Beautiful story isn't it? Now if you're the owner of an iPhone 3GS, let me show you how to quickly check if your device is using the old or new bootrom.
Checking if your 3GS has the old or new bootrom
Once you're there, scroll down and look for a line named Model. If that begins with MC, then what you have is new-bootrom 3GS. If it begins with MB, then congratulations, you have an old-bootrom 3GS and can forever enjoy being jailbroken. Now take your phone to iPhone 5 owners and rub it in their face; "I've got all this customization from jailbreaks, and you've got what? One extra row of icons? Ha ha".
If you have a 3GS, give this a shot. You have a 50% chance of having either a new or old bootrom 3GS. There's nothing to lose anyway.
0 comments:
Post a Comment
Leave a question or comment.