News

iOS 6, 6.0.1, 6.1 Untethered Jailbreak For iPhone 5: More Exploits Discovered But Are We Any Closer?

Jailbreak Updates

By Cammy Harbison on January 20, 2013 1:59 AM EST 0

Photo: ibtimes.uk.com
Photo: ibtimes.uk.com

Well, this week held yet more exciting treats for eager followers of the iOS 6, 6.0.1 and 6.1 untethered jailbreak for iPhone 5/4S progress as Tuesday @pod2g posted his first blog entry in over 4 months stating that he was back. Of late he'd been quite preoccupied with the launch of his own company, 2G Labs, which debuted his first Official App store app, podDJ, but now he is prepared to return to the security research front. Here is what he had to say:

Follow Us

"You reader certainly know that I have not been really present in the security field since a few months now. The reason of this was the creation of my company, 2G Lab, focusing on 2 different areas: development and security research. Now that our first application, named podDJ is out to the AppStore, we will focus on both subjects."


Photo: YouTube
Photo: YouTube

 

This of course was quite exciting to all of is awaiting an iOS 6, 6.0.1, 6.1 untethered jailbreak for iPhone 5, 4S, iPad Mini and other non-jailbroken devices as it seemed now; perhaps @planetbeing would finally get the boost he needed to finish the work at hand.

Three days went by of nearly unbearable silence by the devs, as secretly, I was left to wonder what those fellows might be up to all that time.

Well, on Friday evening it seemed @planetbeing finally came up for air posting this one simply message that needless to say got folks rather excited:

"Made some nice progress today with @pod2g. I think I'll try to reward myself with a nap."

Of course seeing this post made me smile as all along I felt fairly certain those two were up to something good. The next day @pod2g was kind enough to fill us in a bit on just exactly how good the progress made was:

 "Oh yeah! 2 new vulnerabilities in a day, chance was with us. But we still miss that initial code execution for a public jb "

Right on the tails of this post came a response from jailbreak community member Aaron Ash which served to sweeten the deal:

"I have some ideas for initial code exec, I couldn't test everything, but you might be able to (check IRC). "

Well, seeing the closest thing to a definitive note of progress by the leading developers working to jailbreak iOS 6, it didn't take long for the Twittersphere to start buzzing with questions and comments and requests to help in the process.

After seeing the overwhelming response coming from the folds of their Twitter followers, @planetbeing, at this point, took a moment out to visit the smaller Reddit jailbreak community, where he could describe in more than 140 characters, what exactly the progress report meant in terms or ETA for the iOS 6 untethered jailbreak for iPhone 5/4S and other non jailbroken devices.

Here is what he had to say:

"Pod2g discovered a vulnerability and told me about it and I tried to integrate it into my existing jailbreak code to replace one of the ones we don't want to burn. I discovered I couldn't get his to work due to some miscommunication, but in the process of trying to get his to work, I discovered a new vulnerability for doing the same thing. I did get THAT one to work and it's now integrated with the rest. Unfortunately, as pod2g says, neither bug has to do with initial code injection, which we currently don't have duplicate/backup vulnerability for at all."

What this means in essence is, though it's a step in the right direction, still the search for the critical piece they hope to find soon is still very much underway.

So, you may be asking, what does this mean for the ETA on the iOS 6, 6.0.1 or 6.1 untethered jailbreak for iPhone 5. Is it very near, or are we still looking at weeks or even months?

As you know the Devs refuse to give any particulars about when releases will take place, and over the years they have given some pretty convincing reason why this is their practice. One of them was posted on Reddit about this time last year when they were working on the iOS 5x jailbreaks.

If you've never read it, it is a post riddled with explanation and humor, typical to most communication we see from @planetbeing, and it serves as something fun to feast our eyes on while waiting to hear the next update on an iOS 6, 6.0.1, 6.1 untethered jailbreak for iPhone 5 and other non-jailbroken devices.

Photo: YouTube
Photo: YouTube

______________________________________

Why We Can Never Give ETAs for Jailbreaks - by @planetbeing

_______________________________________

"The problem with giving any definite ETAs is that there can always be problems that crop up that blindside us that will take an unknown amount of time to solve (if they are even solvable). Let me give you a little timeline about this sandbox issue, for example ..."

"Generally, constructing jailbreaks takes a lot of time researching issues: how, conceptually, are we going to break Apple's protections and mitigations against it. Then, to figure out what precise techniques will we use to implement our ideas. Those take an unknown amount time and may actually be impossible..."

 

"Then, after those are figured out, time can be spent coding the jailbreak, which takes a more predictable amount of engineering time. Unfortunately, sometimes while coding, you happen to discover the method you thought would theoretically work, even a method you tested before, might have unforeseen difficulties because you made some incorrect assumptions..."

"When we're at the research stage, we can't give an ETA because we don't even know if it's going to be possible. When we're at the engineering stage, we can't give an ETA because heaven forbid we find that we've made a mistaken assumption and need to go back to the research stage..." 

I started to actively participate on January 6th ... to figure out the sandbox issues ... The following five days has been one of the more irritating weeks of my life..." 

"On day 1, pod2g and I both independently came up with a way to circumvent the sandbox that would've been nice and simple. Unfortunately, later that day we discovered we misread the sandbox profile and it would not be possible. 

The next day was spent trying to see if any clever variation of the first idea could get around the sandbox: no. Then we were messing around and found a small vulnerability in the sandbox, a one millimeter hole in a huge wall if you will, and it seemed like it could be weaponized to get around the sandbox so we can break out. Eventually, I came up with the plan that formed the basis of what we have right now, but it needed three different pieces to make work. I managed to furnish the first piece myself pretty quickly, but the other two were not forthcoming. 

The next few days were filled with brilliant ideas by brilliant people that would work if only such-and-such were true. Every day, it was two steps forward and one step back. Then pod2g made a suggestion on how the second piece could be obtained and Saurik managed to find it fairly quickly going off his suggestion.

The day before, we thought we had finally gotten it: The idea had gotten past basic testing, so we made a few tweets on progress. Then later we found out, crushingly, that there was a weird behavior that prevented our method from working in practice. The next day was us scrambling to figure out a variation of the idea that would work, which required finding other candidates for the idea's prerequisites. Saurik managed to figure some stuff out that gave us a little more invaluable wiggle room in finding the prerequisites and I managed to find something that would work. I created a proof of concept and it worked!

The result is basically building a program that aims a tiny bullet to shoot out of the one millimeter hole in our sandbox, having it bounce off of a few different surfaces (that we were lucky to find) to adjust our aim and have it go down the exhaust port of the Death Star, and instead of blowing it up, bounce off a few more surfaces inside the Death Star to get to the control room, and have the bullet bounce off buttons and levers to aim the Death Star at the sandbox wall to blow it up.

We don't think there's any more issues and we are starting to engineer it, but we don't really want to say we don't think there's any more issues because one or more might crop up. So basically, we've had really significant progress, but we can't give an ETA."

__________________________________

Hopefully you can note his humor while also getting a pretty good idea of why ETAs are not given and why it's really fruitless to ask. Though I will say, personally I've been proud of my followers this week as I think only one or 2 asked me for an ETA on the iOS 6, 6.0.1 or 6.1 untethered jailbreak for iPhone 5. Still, it's safe to say more will ask soon enough and this would make a great post to direct them to.

In the meantime, be encouraged that these amazing pals have indeed teamed up once again and are hard at work cracking the iOS 6 system but at this point, when the jailbreak will arrive is unknown--even to them.


Like this article? Follow Cammy on Twitter @cammywrites 

or like her Facebook Page  for her latest stories and updates.

___________________________________

Read More:

iOS 6, 6.0.1 or 6.1 Untethered Jailbreak For iPhone 5/4S Update: Interview with Planetbeing Reveals Plans for Future Jailbreaks 

Will iOS 6, 6.1 Untethered Jailbreak for iPhone 5 / 4S Release Date Happen? iPhone Dev-Team Member Speaks Out On Doubts, Fears, and Speculations (01/11/12)

iOS 6, 6.1 Untethered Jailbreak for iPhone 5/4S Release Date Draws Nearer As iPhone Dev Team Member Reveals Working 6.0.2 Untethered Jailbreak (01/09/12)

Jailbreak iOS 6 News: Absinthe Creator To Resume Work On Untethered Jailbreak While Sending A Message To Apple ( 01/05/12)

iOS 6, 6.0.1 or 6.1 Untethered Jailbreak For iPhone 5 Release Date Discussion Prompted By 'Hackulous' Shut Down  (01/01/12)

© 2014 iDigitalTimes All rights reserved. Do not reproduce without permission.

Join our conversation

  • Print
  • 0
Facebook Activity