iOS 6, 6.0.1 Untethered Jailbreak for iPhone 5 Update: Ex-Chronic Dev-Team Member P0sixninja Tweets Hope Yet @MuscleNerd Calls Interpretations Misleading
iPhone 5, iPhone 4S, iPad 4, iPad mini or other non-jailbroken device owners, now it has been a long two months since the release if the iPhone 5 and iOS 6. The wait has seemed to some like an eternity as we each day hope to see evidence that an iOS 6 or 6.0.1 untethered jailbreak is truly on its wayto us. As emotional as the wait is for many, it can be easy to get worked up when something even loosely related surfaces regarding the coveted iOS 6 untethered jailbreak. Last weekend the jailbreak community got a little taste of false hope as tweets by former Chronic Dev-Team member Joshua Hill aka, @p0sixninja resulted in a near online, with several blogs communicating information which was, unfortunately according to @MuscleNerd, misleading.
Though the Greenpois0n Absinthe developer, Joshua Hill, tweeted a progress report on his iOS 6 and 6.0.1 untethered jailbreak for iPhone 5 and other unjailbroken devices, complete with Cydia support, it seems a few under-informed blogs or "casual readers" as @MuscleNerd deemed them, got a bit too excited and began claiming that the much anticipated jailbreak release was just around the corner.
Though @MuscleNerd did a good job of clearing up the misconceptions for those who asked him, I figured I'd take a minute to fill you in on what's really going on with the iOS 6 and 6.0.1 jailbreak for iPhone 5, and remind readers not to believe everything you read--even in my posts. Rather, fact check, follow the Devs, and make sure you are not being misled. Trust me, the world of jailbreaking in one vast and full of so many cryptic, little-to-never seen terms, even I find myself tripping around them--though I try my best to school myself up before posting a piece and inciting mass frenzies.
So, for those of you who didn't see the tweets, here is what went down.
Late Friday night, @p0sixninja tweeted something that sparked the interest of many, as it seemed to contain traces of both hope and despair and definitely related to the elusive iOS 6 untethered jailbreak for iPhone 5. Here's what he said:
"The current status of an iPhone5 jailbreak is grim. I'm working on something bigger and few people share with me anymore..."
After posting this, the former Chronic Dev-Team member's page became peppered with questions and comments from both friends and fans alike.
One such question came from tweeter, @l33tdawg, Co-Founder / Director of biatch&dawg Custom Clothing--the company which created t-shirts and other merchandise for the recent security convention, Hack in the Box, featuring some favorite Dev Team members like @pod2g, @MuscleNerd and @planetbeing.
@l33tdawg directed this question @p0sixninja's way:
"What can be bigger than an iPhone 5 jailbreak?"
To which @P0sixninja posted this reply--one which has become the center point of the controversy.
@l33tdawg BootROM and decryption keys for A5/A5X/A6/A6X
— Joshua Hill (@p0sixninja) November 10, 2012
Well, as soon as this was tweeted, things started to go nuts in the blogosphere as jailbreaknation.com proportedly became the first of several blogs to tap out an article, @MuscleNerd claims misconstrues the facts about @p0sixninja's post. Here is what jailbreaknation.com posted concerning the tweet:
"P0sixninja from the Chronic Dev Team just tweeted out some good news regarding the untethered iOS 6 jailbreak... he stated that he had found the "BootROM and decryption keys for A5/A5X/A6/A6X... He even states at the end that finding a few more addresses is essentially all that is left in the process."
Though this blog post somewhat represents what was tweeted, it reads into the facts, leading people to believe the process is further along than it actually is. In order stop the supposed miscommunication by jailbreaknation.com, @MuscleNerd soon took to Twitter posting the following tidbits:
"Lots of tweets today about a 'bootrom exploit' being found.Bootrom hasn't even been dumped since 2010, let alone crashed or exploited."
When asked by jailbreak hopefuls why the information was wrong, @MuscleNerd tweeted this:
"[Misinformation] happens a lot with the smaller news blogs nowadays. One gets it wrong then dozens replicate it and self-refer to each other"
It appears the big guy was probably right, as if you look on the web now there are several blogs with updated information mimicking the one at jailbreaknation.com.
Adding further to this, @MuscleNerd noted likely the reason for the miscommunication is simple:
"Slow news day"
To gain a clearer picture of just where Joshua Hill aka, @p0sixninja, is with his iOS 6 jailbreak, I decided to request a chat with @MuscleNerd, to which he complied.
Now, keeping in mind that @p0sixninja and @MuscleNerd have recently been in a back-and-forth spat on Twitter concerning some old water-under-the-bridge, I was truly expecting this chat to be full of trash talk about @p0sixninja. What I found, however, was nothing of the sort. Concerning the "bootROM" tweets and blogs saying @p0sixninja had a BootROM @MuscleNerd said:
"It's not even what he [@p0sixninja] said actually (though it's easy for casual readers to not see it)...he said he's "working on" trying to get both the access to the aes engine (keys) and also the bootrom dump. Those are two different things, and he's not got either of them yet."
This information was also confirmed the next day as @p0sixninja tweeted:
"I never said I had a bootrom exploit. I said I was trying to get bootrom code so we could find one"
So, at this point you may be asking, "Where are we in jailbreak progress?"
Well, this is where we are--closer, but no cigar.
Of course I love hearing some kind of update from the Devs as much as you do--though the vagueness of it all can also be quite frustrating at times. When I asked if the news was at all hopeful, this is what @MuscleNerd told me:
"The nice thing about the aes keys is that once you have access, you can prove to the world you have access by just tweeting a few of the keys. We anyone with xpwntool can verify that the keys are correct, without knowing how he got access to the aes crypto engines specifically....that bit about the keys is great...being able to prove without needing a video or lots of words...just 48 bytes and which img3... then everyone can independently confirm that yep they're correct and so must have an iBoot working exploit"
If this all sounds like Greek to you, let me break down what exactly it all means.
Basically, if @p0sixninja finds those decryption keys, then he could tweet those out over Twitter. This would signal to other developers that he is claiming to "have something". Developers like @MuscleNerd and others could then check to confirm those codes are correct and this basically would prove he has actually exploited a device without having to produce any photo-shopped pictures, or shaky videos as "proof".
For those who have followed the jailbreak scene for a while, you probably know this is pretty typically the way the Devs let one another, and the community, know they are on to something. Still, as @MuscleNerd noted,
"He hasn't gotten that far yet."
According to @p0sixninja, he is trying some new avenues for his work, though there are challenges these days which were not present in past jailbreaks. Here is what the former Chronic Dev-Team member tweeted concerning those challenges:
"Unfortunately, I'm working on my own and trying to exploit some stuff in a way that's never been done before."
In addition, the greenpois0n leading developer also noted this obstacle:
"If you have an iOS vulnerability, don't sell it to ZDI. You can make a lot more and give back to the community by contacting Chronic-Dev!!"
As I wrote in an earlier post, Devs have a much harder time obtaining vulnerabilities these days as many of them are sold off to companies for some quick cash, which often gets handed over to Apple. As @p0sixninja tweeted, ZDI is just one such "company that pays people for vulnerabilities and gives it to the company (Apple)"
Still, Joshua Hill aka, @p0sixninja, continues to work hard, and despite his somewhat erratic and bristly tweeting style, he does appear to be actively working, and yesterday tweeted that he is "making some good progress".
So what is the moral of this story? Well, simply put, work is being done on the iOS 6 and 6.0.1 untethered jailbreak. Be patient, and don't believe everything you read. Follow the Devs and you can't go wrong. As far as the blogs I mentioned earlier, I mean no harm to them or their reputations. As @MuscleNerd told me,
"The thing about this stuff is it's all very arbitrary concepts and terms, not seen elsewhere...so it's easy to get it wrong sometimes".
This is true and honestly, early in my writing I communicated a lot that wasn't exactly "up to par" either. Still, I love the jailbreak community and am anxious to see an iOS 6 and 6.0.1 untethered jailbreak for iPhone 5 and other non-jailbroken devices surface. As such, I continue to educate myself on the scene and share what I know with all of you.
Like this article?
or like her Facebook Page for latest stories and updates.
iOS 6 Untethered Jailbreak Coming? iPhone Dev Team Member @Planetbeing Produces A Tethered Jailbreak for iPhone 5
Thursday night, Twitter had some interesting developments to offer in iOS 6 untethered jailbreak for iPhone 5 news.
As I reported earlier last week, during the HITB conference in Malaysia, several members from both the Chronic Dev Team and the iPhone Dev team discussed progress being made in jailbreaking iOS 6 for iPhone 5.
In addition, Mark Dowd, founder of Azimuth Security, along with colleague Tarjei Mandt, presented and insightful lecture on kernel security in iOS 6. Afterward, he tweeted that he would be sharing his findings with members of the Chronic and iPhone Dev teams such as @pod2g and @planetbeing. As a result of his contributions, Dowd has now been offically welcomed in to the iOS securty hacker's "in" club and may be a name we'll hear a lot more about as the iPhone 5 untethered jailbreak story unfolds. here is what he tweeted last Friday:
Around the same time, @planetbeing was found tweeting,
"Boarding the flight to hop back over the Pacific, laptop filled with 3 half-baked exploits I'm too jetlagged to finish. :) #HITB2012KUL"
Later that evening, the iPhone Dev-Team released their latest version of redsn0w which included an untethered iOS 6 jailbreak for 3GS with full Cydia support, plus a downgrade for A4 devices from any iOS 5x to any other iOS 5x with saved SHSH blobs but still no word of jailbreaks for iPhone 4S and iPhone 5.
Several days passed, and all was silent on the jailbreak front. That is, until Wednesday night when things suddenly began looking up.
Between 8 and 9pm EST @planetbeing posted a tweet which instantly garnered much attention from those hoping for an iOS 6 untethered jailbreak for iPhone 5.
Here is what he had to say:
"Upgraded the #failbreak with a kernel exploit so tweaks actually work on iPhone 5. :D Almost a full tethered JB, though need dev account"
Of course the tweet lines were then flooded, as people asked numerous questions about the exploits discovered as well as if they would be released to those with a developer account. Here is a excerpt of the questions asked and responses by @planetbeing:
@besweeet was the first to jump on the tweet, asking @planetbeing,
"Since @planetbeing practically has a working tethered iPhone 5 jailbreak, why not release it for those who DO have dev accounts? I guess you'd run into the problem of people charging to jailbreak people's phones, which would happen regardless, as it always has and always will. "
@planetbeing then responded,
"@besweeet These exploits are valuable for discovering new ones in the future, so it's nice to keep them and release only the good ones."
Moments later, @orbyorb jumped in asking the following two questions,
" 'Good' meaning single use without further applicability to other avenues of attack?" or "Single use meaning an exploit only does 'privilege escalation' discretely, not 'one exploit that totally pwns the kernel.'"
To which @planetbeing responded,
"All vulnerabilities are "single use" after you release them."
Following up with this retort, @orbyorb tweeted,
"What about @comex's Incomplete Codesign or IOSurface? Those lasted a while IIRC..."
"One wouldn't want to gamble away having an easy untethered JB just to have something half-baked right away."
To which @orbyorb consented,
" But of course. I did not mean to be impatient, just wondering what is more useful withheld than eventually harnessed. :)"
@planetbeing explained further,
" It depends. The only class of one-exploit-is-enough bugs we've encountered is in bootloader. Historically, we've released them."
To which @orbyorb replied,
"Very true. The cognitive gears are turning now. :)"
Moments after this conversation, @planetbeing once again set to his cryptic tweeting, posting this item:
"Working on a new idea now. Man, I've not got to play GW2 in two weeks and counting."
To which a few hopeful jailbreak fans and hackers responded with the following:
"Thank you for working so diligently on this."
"Great! You're going to make so many people happy I'm already excited"
"The news you guys have brought forth about the iPhone 5 jailbreak is better than Christmas!!! I'm fiending!!! "
"Awesome work! thanks to you and all of the other members of the iphone dev team. you guys continue to f***ing run sh**! "
" Thanks 4 u hard work on Untethered JB brother!!!!"
"Thank you for your status update! It's really nice to hear that you have some success with the upcoming jailbreak :) "
"How can we get in touch to send some stuff as add-on to your idea?"
"I'm willing to spend my Dev account to complete your jailbreak."
In addition to these fan responses, @planetbeing also received a response from Chronic Dev teammate @pimskeks which seems promising:
" Don't worry I'll help you out."
So there you have it for now. Though it's no iOS 6 untethered jailbreak for iPhone 5 yet, with the excitement, exploits found and willingness to aid in the community, I think we can safely say that the iPhone 5 jailbreak is well on its way.
Stay tuned for more developmentsand keep your fingers crossed. I will post updates as they come.
If you didn't get a chance to see @planetbeing, @pod2g, @MuscleNerd and @mdowd discuss their current work with iOS 6 exploits, check out the recording of the Malaysia HITB panel conversation here
Like this article? Follow the author on Twitter for latest stories and updates -- @cammywrites
To read previous related iOS 6 Untethered Jailbreak for iPhone 5 stories, see:
iOS 6 Untethered Jailbreak For iPhone 5 Foreshadowed As Absinthe Developer Pod2g Tweets Kernel Security and Exploits
The demand for an iOS 6 untethered jailbreak for iPhone 5 is reaching a fever pitch, as each day a new photo or video clip appears on Twitter teasing jailbreak hopefuls with the possibility that the coveted jailbreak may soon become available.
Though, up till last week, lead developers such as @MuscleNerd and @pod2g remained incredibly mum on the subject of an iOS 6 untethered jailbreak for iPhone 5 and its possible release date, some encouraging tweets have arisen recently which lead me to believe the jailbreak may be closer than we think.
Just this weekend, the iPhone Dev-Team released their latest version of redsn0w including an untethered jailbreak for 3GS devices and full Cydia support for iOS 6. This seems to suggest the iPhone and Chronic De. teams are working far harder than they are telling to crack iOS 6 kernel security and bring us the jailbreak we crave.
Still, cracking the iPhone 5 is no easy job, as we saw during the countless attempts and fails of Twitter sensation TeamDr1zzle. Last weekend, @MuscleNerd made a statement however, that was very telling in a panel conversation in Malaysia. When asked if he thought an iOS 6 jailbreak was in the works, @MuscleNerd responded,
"Jailbreaking is more sophisticated now, as it is a chain of multiple exploits, one after another. I think it's much more complicated for a random third party to adapt --without a lot of insight-- to adapt these jailbreaks for their own use, but again I don't believe that it's not happening, I believe it probably is happening."
The comment suggest that though the task at hand is a formidable one, it is a challenge many may be taking on, even as we speak.
In addition, just days before @pod2g, a member of the chronic development team and maker of the absinthe jailbreak tool, was found tweeting this hopeful tidbit:
Meanwhile, iOS 6 kernel security was a hot topic at this year's HITB 2012 security convention, as more than one hacker eluded to vulnerabilities discovered. I addition, Mark Dowd and Tarjei Mandt presented on issues in kernel security as the highlight of their presentation featured a compromised iPhone 4S running Cydia. Though Dowd was clear to affirm an iOS 6 jailbreak was still a long way off, the discussions and presentations given clearly suggest the work is well on its way.
As the conference week cam to a close, more signs emerged or an eminent jailbreak as tidbits of light were shed in the dark corners of Twitter. Small beams which seem to point to a forthcoming release of an iOS 6 untethered jailbreak for iPhone 5
Just take a look at a few of the ominous conversations to which I am referring:
So there you have it. Take them for what they are worth...which may not be much, but at least they are a step in the right direction. One thing is sure; though the Dev-Team would like us to think they aren't working on an iOS 6 untethered jailbreak at all, chances are it's much closer than we think. These guys just know when it's time to work to lay low and get the job done.
Will an iOS 6 Untethered Jailbreak Be Discussed in HITB 2012 iOS Panel? Live Stream Recording
If you are an iOS 6 untethered jailbreak hopeful wondering what developments are taking place in that arena, the live stream of Hack in the Box's iOS panel discussion, featuring well known jailbreak developers @MuscleNerd, @pod2g, @planetbeing and @mdowd, is the stream you need to watch.(Stream recording posted below)
Hack in the Box annual intercontinental security conference began on Tuesday, and featured some of the greatest minds in the hacking community.
The day involved some interesting devleopments as Pirate Bay founders Peter Sunde and Fredrik Neij managed to be MIA, just before their scheduled 3pm presentation slot. However, it also featured the notorious teenage hacker, Pinkie Pie's second hacking feat with Google Chrome.The young hacker managed to created and full exploit for Google Chrome in Pwnium, and if confirmed today, will become the recipient of Google $60,000 prize for the exploit.
In addition, Mark Dowd and Tarjei Mandt presented an interesting talk concerning progress in hacking iOS 6 securities, and even showed conferenced attendees a demo of a kernel mode exploit in iOS 6 which resulted in running Cydia (You can view Dowd and Mandt's presentation slides here).
This was exciting news, as the jailbreak community has been in an uproar this week over 3 unknown hackers who believe they hold the key to an untethered jailbreak for iOS 6.
In a tweet submitted nearly a month ago, well-known Chronic Dev. Team member @pod2g, informed followers that he was not currently working an exploit for iOS 6:
About the iOS 6 JB : I'm not working on it ATM, sorry. I'm focusing on my job. Maybe discussions at #WWJC will generate ideas (?).
- pod2g (@pod2g) September 25, 2012
Last week, however, after the stir created by unknown hackers TeamDr1zzle, is seems the Chronic Dev. team may have changed their minds as @pod2g tweeted to followers that an untethered iOS 6 jailbreak was in the works, though not to expect anything to soon:
Thursday should feature more conversation to pique the interest of iOS 6 jailbreak hopefuls as a 1:30 am panel discussion on iOS/OS X security will ensue, featuring well-known jailbreak developers, @MuscleNerd, @pod2g, @planetbeing and @mdowd.
If you are interested in knowing more about what is happening on the exploit scene right now, this will be a panel to watch.
UPDATE: See the recording of the live stream below:
© 2014 iDigitalTimes All rights reserved. Do not reproduce without permission.