The angst is definitely running high as people all over are asking the same question "When will the iOS 6 untethered jailbreak for iPhone 5 and iPhone 4S emerge?"
Now, you all know, I am prone to a bit of speculation from time to time, but I do my best to keep that separated from the facts--though I have to tell you, @MuscleNerd gives me a fair bit of heck for it, and as a result, I am trying to learn to hold back a bit more. Not so much because the things I say are necessarily outlandish, but rather because the interpretations thereof can be.
Soon after posting an article, I often find my words being twisted to such a degree, they are barely recognizable once re-purposed. Add to that the various misinterpretations of my conversations found on Twitter, and well, before long you've got a major mess on your hands. For example, according to several misinterpretations this weekend, it seems that I was @p0sixninja's newest jailbreak team member and that we would be releasing a jailbreak this Sunday. All I can say to that is, if y'all are counting on me to produce the iOS jailbreak, complete with Cydia support, the world just became a much darker place.
Though this is an extreme example of words being taken out of context, there are other ways conversations on Twitter with former Chronic Dev-Team member, Joshua Hill aka @p0sixnnja, have been quoted and misinterpreted by both followers and blogs.
This post is written, therefore, to clear yet another misconception which has made itself visible, in hopes of putting every-one's heads on straight--though I'm fairly certain even after this one has played out, someone will misunderstand something.
So, the good news is, a jailbreak is in the works--both on a bootROM exploit level and a kernel exploit level. Out of the two, the untethered kernel jailbreak is the most likely to surface the soonest (though note I did not say SOON, just soonest) as a couple weeks ago, @planetbeing tweeted a photo which got everyone worked up, while offering a little hope for a sometime in the future release of the iOS 6 untethered jailbreak for iPhone 5 ,complete with Cydia support. If you missed that post, you can check it out here.
At any rate, desperate jailbreak hopefuls are constantly vying for an update, and as such, that I've seen blogs producing 2 or 3 stories a day on the topic, with very little new being contributed. In most cases, bad information is being proliferated. Incidentally this is why I only post once every few days, though people on Twitter would likely prefer it was hourly for their convenience ;) This constant updating however, only feeds the untethered jailbreak angst iPhone 5 and 4S users experience as they wait and hope for the iOS 6 jailbreak to emerge.
So, in a piece I wrote a while back, I speculated that we may not see a jailbreak emerge till after Christmas, and as things are looking now, it appears I may have been correct. Over the last few days on Twitter, Joshua Hill has been kind enough to indulge some of my readers and answer a few questions they have had concerning the workings of a jailbreak. It was from one of these conversations, our most recent misconception emerges.
A reader of mine, @fearmotor, tweeted a question to me the number of exploits needed to render a fully untethered jailbreak. He had read a blog which said 4 was the magic number. Well, this I knew of was untrue, but I directed the question to Josh so he could answer it himself. This is what he said:
— Joshua Hill (@p0sixninja) November 21, 2012
After which, he also added,
"As it becomes harder to find exploits, or if Apple adds new protections, exploit must be chained together though".
In other words, two exploits are needed at the least, though many more will likely be needed. These rings true as it mirrors something @MuscleNerd mentioned in the HITB 2012 Panel discussion in Malaysia:
"Jailbreaking is more sophisticated now, as it is a chain of multiple exploits, one after another. I think it's much more complicated for a random third party to adapt --without a lot of insight..."
But even as Hill tweeted these words, blogs got busy interpreting them at will, assuming that every comment following his--even those from tweeters with no security background whatsoever--were legitimate. For example, in a recent blog post I was questioned about, this is what the author had to say, concerning bootROM exploits:
"One of the insightful Twitter conversations can be seen in the tweet below, which saw Hill put a few people in their place over the number of exploits needed to be found in a bootROM for an iOS 6 untethered jailbreak for life...This topic goes back to what we reported before about Hill not being involved in the iOS 6 jailbreak for iPhone 4S / 5, and the fact that he is working on something much bigger...The Twitter conversation also explains the reason why the old bootROM on 3GS is always untethered, and this would be the goal for the new iPhone 5 if something has changed hardware wise from the iPhone 4S bootROM, which is what Hill is looking for rather than a normal iOS 6 jailbreak that could be patched with a future update."
Basically, the writer thinks all bootROM exploits are untethered, and this conclusion was drawn off questions asked by a follower of @p0sixninja's--one which incidentally was never answered. Here is what the tweeter asked:
" So is that the reason the old boot rom 3GS is always untethered then? Having found 2 bootrom exploits? Probably more confusing."
Well, just to set the record straight, a bootROM exploit is not necessary tethered. In fact, @planetbeing tweeted something to that effect a couple weeks back:
"It's unlikely we'll see a tethered JB for later devices. They'll likely be untethered or nothing unless we find a bootrom bug "
Now, I'm not a security expert here (as you are all well aware), but based off conversations with various members of the iPhone and Chronic Dev Teams, as well as tidbits from the iOS 6 Hacker's Handbook, a bootROM exploit is generally tethered, though it can become untethered with some additional exploit patching.
A tethered bootROM exploit consists of one vulnerability being exploited, but it is powerful in that it happens at the hardware level, as opposed to software level. Therefore, it can only be patched with an update to hardware such as the change from iPhone 4 to 4S with the new A5 chip. Additionally, a bootROM exploit happens very early in the boot up process, and is the catalyst that allows additional exploits to be installed on the device. Once a bootROM exploit is found, untethered jailbreaks are produced with relative ease as the most important piece--an early boot-up exploit--remains in place, regardless of iOS updates.
However, without a bootROM exploit, there is much more work involved, as more and more exploits must be chained together to achieve the jailbreak. In addition, these non-bootROM exploits can be patched by new updates because they take place in software, not hardware. Thus the reason Devs warn against upgrading to new systems if one is currently waiting for a jailbreak.
Of course, this is only one of many false bits of information being spread about the web, so if you have a question about something you have heard, please feel free to tweet me or comment on my Facebook page. If it is a question I don't know the answer to, I'll do my best to find it, or ask "someone" else who may know.
As always, remain patient, don't pester and harass the Devs and know that though the wait may seem unbearable at moments, an iOS 6 untethered jailbreak for iPhone 5, iPhone 4S, and other non-jailbroken devices is in the works.
Like this article?
or like her Facebook Page for latest stories and updates.