• Your favorite








    , and
  • Dev-Team Confirms: New Bootrom Defeats 24kpwn

    image via StealthBravo.com

    As noted here on MMi last night, new iPhone 3GSes are shipping with an updated bootrom that is resistant to 24kpwn. Dev-Team member MuscleNerd confirms that the new bootrom, iBoot-359.3.2, is no longer vulnerable to the memory segment overrun exploit.

    This is the first time Apple has upgraded the bootrom during a normal production cycle, rather than when a new model is introduced. The bootrom is a snippet of code that runs at startup time, and checks on the status of the boot image. It's generally used to verify that the image has not been corrupted, but can also be used to check for unauthorized firmware. The 24kpwn exploit - otherwise known as 0x24000 Segment Overflow - bypassed the signature checks on iBoot and allowed unsigned firmware to be loaded. The new bootrom makes that impossible, so currently shipping 3GS phones cannot be jailbroken until a new exploit is found.

    To determine if your new 3GS is running the new bootrom, just check System Profiler while the phone is in DFU mode. Versions of iBoot prior to 359.3.2 should still be able to be jailbroken using known methods.
    This article was originally published in forum thread: Dev-Team Confirms: New Bootrom Defeats 24kpwn started by Paul Daniel Ash View original post
    Comments 102 Comments
    1. Slocko's Avatar
      Slocko -
      Why can't the bootram be udpated back to what it was? Is it simply a matter that you physically have no access to it?

      Quote Originally Posted by confucious View Post
      Make sure you let Cydia grab your files and you should be OK.
    1. lkailburn's Avatar
      lkailburn -
      success!!!!! just went down to ATT and picked up a 32gig black 3GS with serial number indicating week 37 of production!! I simply asked the woman if she could look through all the 3gs's and find one that was week 40 or older. she had no idea why but was more than happy to look!!
      Gonna do a sync/backup and then see if i can jailbreak it


      EDIT: update. 15-20 seconds after clicking "Make it Ra1n" with BlackRa1n RC2 i was able to jailbreak my new 3GS and my old 3G.