SHAtter jailbreak

[BrokeNCYDEz]

To my understanding, this low level bootrom exploit means that all the iOS devices currently released will always be jailbreak-able, right?

But here is where I am confused, for example, I jailbreak my iPhone 4 on 4.1 firmware with the SHAtter exploit, and Apple releases 4.2, this means I can update and just re-jailbreak? Or would I have to wait for a new jailbreak software to be released? Or is this just simply meaning that jailbreaking newer firmware will be easy, or a snap, and will not be patched until new hardware has been revised?

If you can, explain EVERY little detail on this exploit and how it will work. I don't know too much about this whole 'low level bootrom exploit'.

[iYeow]

If this is an iboot exploit, you could probably restore to Custom firmware and be already jailbroken when successfully restored.,

[Orby]

If this is an iboot exploit, you could probably restore to Custom firmware and be already jailbroken when successfully restored.,

Ay, there's the rub.

SHAtter is in the bootrom exploit family, but SHAtter by itself is likely not enough to produce an untethered jailbreak of an iPhone 4, for instance.

For every bootrom exploit, you'll need an iBoot exploit as well to flash the exploited code to the NOR on SHSH blob-required devices and to load in an unsigned kernel. Though we have (had) those exploits, Apple releases new firmware (complete with new blobs) to seal holes in iBoot. Meaning new devices and new firmwares need new iBoot exploits to make the bootrom exploit work at all/work untethered (OR you have a old, exploitable iBoot with the blobs for your device to match).

[iYeow]

Thank you for the info.very useful.

[BrokeNCYDEz]

Ay, there's the rub.

SHAtter is in the bootrom exploit family, but SHAtter by itself is likely not enough to produce an untethered jailbreak of an iPhone 4, for instance.

For every bootrom exploit, you'll need an iBoot exploit as well to flash the exploited code to the NOR on SHSH blob-required devices and to load in an unsigned kernel. Though we have (had) those exploits, Apple releases new firmware (complete with new blobs) to seal holes in iBoot. Meaning new devices and new firmwares need new iBoot exploits to make the bootrom exploit work at all/work untethered (OR you have a old, exploitable iBoot with the blobs for your device to match).

So, excuse my confusion, with this exploit you are allowed to always be jailbreakable AS LONG as the new patches in iBoot are exploited?
For example, even jailbroken with SHAtter I should wait until 4.2's firmware itself has been jailbroken?

[j3st3r]

correct

[BrokeNCYDEz]

I get it now. Same exploit means easier jailbreak because they don't have to find another. Thank you!

[dt0theh]

hey guys thanks for the info.. a little confused tho. maybe someone can clearify for me.. when shatter comes out and i jailbreak my 4.1 iphone 4 if i restore for any reason after and try to bring it to apple to say be fixed or whatever will the restore wipe the info? or will apple be able to tell? thanks everyone! sorry if this was answered already.. i did not see it anywhere.....

[Nelly998]

I have never heard of apple finding out after a factory restore, and have returned/ had replaced many of iPhone that were previously jailbroken with zero problems.

[sammysalsa8]

hey guys thanks for the info.. a little confused tho. maybe someone can clearify for me.. when shatter comes out and i jailbreak my 4.1 iphone 4 if i restore for any reason after and try to bring it to apple to say be fixed or whatever will the restore wipe the info? or will apple be able to tell? thanks everyone! sorry if this was answered already.. i did not see it anywhere.....

Once you restore it and have an AT&T sim in there you should be fine. I've gotten my iPhone checked twice already, and had no problems. They just swapped mine out. So I don't believe they should be able to tell if it were previously jailbroken or unlocked, unless you didn't restore it at all.

[dt0theh]

k just makin sure cause i see ppl sayin shatter is a perm jb... thought maybe with that a restore wouldnt work... thanks

[Orby]

k just makin sure cause i see ppl sayin shatter is a perm jb... thought maybe with that a restore wouldnt work... thanks

Permanent just means Apple can't close the hole used for the exploit with any software update. Any jailbreak can be undone purely by restoring the device's firmware to Apple's stock one from DFU mode.

Also, Brokencydez, that's not entirely right. Jailbreaks are almost always a combination of exploits. blackra1n is a combination of the usb_control_msg(0x21,2) for iBoot and 0x2400 Segment Overflow in the VROM exploits (and redsn0w uses this same attack route for 3.1.2), Spirit uses three exploits (sneaky dots in backup restores, incomplete code signing, and the BPF_STX kernel stack overwrite).

We've got the bootrom (I actually now think SHAtter isn't a "bootrom" exploit, but is elsewhere in the hardware and is therefore unfixable like a bootrom exploit, allowing unsigned code over USB) one down, but the iBoot hole needed to launch/flash unsigned code is still, and will be, needed in the future as long as SHSH blobs are enforced in the capacity Apple designed them to be.

[dt0theh]

thanks for the info guys.. you cleared things up for me, i appreciate it !

[BrokeNCYDEz]

Permanent just means Apple can't close the hole used for the exploit with any software update. Any jailbreak can be undone purely by restoring the device's firmware to Apple's stock one from DFU mode.

Also, Brokencydez, that's not entirely right. Jailbreaks are almost always a combination of exploits. blackra1n is a combination of the usb_control_msg(0x21,2) for iBoot and 0x2400 Segment Overflow in the VROM exploits (and redsn0w uses this same attack route for 3.1.2), Spirit uses three exploits (sneaky dots in backup restores, incomplete code signing, and the BPF_STX kernel stack overwrite).

We've got the bootrom (I actually now think SHAtter isn't a "bootrom" exploit, but is elsewhere in the hardware and is therefore unfixable like a bootrom exploit, allowing unsigned code over USB) one down, but the iBoot hole needed to launch/flash unsigned code is still, and will be, needed in the future as long as SHSH blobs are enforced in the capacity Apple designed them to be.

One more question, regarding the recent picture @pod2g posted on twitter, what is this picture supposed to indicate exactly?:
Hey, @p0sixninja 's epic greenpois0n works well on iPhon... on Twitpic

[BigCol]

The new JB is tethered? Thats me fooked then. I live in the uk but have an iphone I bought in the US wshich was locked to at&t. If I update it, I will lose my unlock as well as being able to tether it to my pc. Will there be a work around solution OR am I screwed bigtime?? Thanks guys

[Orby]

The new JB is tethered? Thats me fooked then. I live in the uk but have an iphone I bought in the US wshich was locked to at&t. If I update it, I will lose my unlock as well as being able to tether it to my pc. Will there be a work around solution OR am I screwed bigtime?? Thanks guys

No no no. Not boned, or at least not in the manner you're thinking.

If the past jailbreaks are indicative of the future BigCol, you will be able to hacktivate your phone as part of the jailbreaking process. HOWEVER, the current 4.1 for all phones contains a baseband update which is not currently unlockable or downgradable (and your phone would only work on AT&T).

EDIT: Read Semaphore's blog (http://thefirmwareumbrella.blogspot.com) to learn how to use TinyUmbrella to update your iPhone 4 (and only the iPhone 4) to any newer firmware without touching the baseband. That'll come in handy if/when you update to jailbreak on 4.x but like being able to use your phone in the UK.

[RocketshipVirus]

One more question, regarding the recent picture @pod2g posted on twitter, what is this picture supposed to indicate exactly?:
Hey, @p0sixninja 's epic greenpois0n works well on iPhon... on Twitpic

Basically it means he is close to being done with the next big jailbreak. Geohot used to do this alot too and everyone would get all hyped up when it would be a few WEEKS before he ever released. Like orbyorb said it takes more than one exploit to make the magic happen, so we have to let them figure a way to let those exploits mesh nicely.

[XFaega]

If your going to use tinyumbrella to go from 4.0(x) do a restore not a update. If you do a update you will update the baseband. So it is very important to just restore. I just did it to my i4 and it worked great. Still on baseband 1.59.00 and version 4.1 (8B117). Now waiting for jailbreak.