Results 1 to 20 of 20

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Hypothetical untethered jailbreak

  1. #1
    Default Hypothetical untethered jailbreak
    I posted this on another site, but they didn't understand what I'm asking. Let's say the next jailbreak is tethered. It is still a jailbreak right? So can we not load a custom firmware? In this case, we could restore to a custom firmware that has the PDF exploit still intact, and thus have a complete jailbreak from jailbreakme.com Someone confirm/debunk this.

  2. The Following User Says Thank You to sharksharkk For This Useful Post:

    benny1124 (2010-09-14)

  3. #2
    Retired Moderator iYeow's Avatar
    Join Date
    Feb 2008
    Location
    Vancouver, Canada
    Posts
    13,996
    Thanks
    76
    Thanked 2,764 Times in 2,652 Posts

    I will see if I can answer this correctly.
    Tethered jailbreak is still a jailbreak but you need a pc or some aid to boot up your iphone everytime you power down.

    Custom Firmware is a package customize firmware and when restored , your iphone is already jailbroken and even activated. This is an iboot exploit and Apple cannot close this hole with changing the hardware. Unfortunately, not all 3Gs are able to accept Custom Firmware, only Old bootroms.

    Jailbreakme.com is a Userland jailbreak , and is able to jailbreak all devices up to OS 4.0.1. You do the jailbreak after your iphone OS is installed. It is not an iboot exploit.
    Last edited by iYeow; 2010-09-11 at 11:31 PM.

  4. The Following User Says Thank You to iYeow For This Useful Post:

    benny1124 (2010-09-14)

  5. #3
    Quote Originally Posted by yeow202 View Post
    I will see if I can answer this correctly.
    Tethered jailbreak is still a jailbreak but you need a pc or some aid to boot up your iphone everytime you power down.

    Custom Firmware is a package customize firmware and when restored , your iphone is already jailbroken and even activated. This is an iboot exploit and Apple cannot close this hole with changing the hardware. Unfortunately, not all 3Gs are able to accept Custom Firmware, only Old bootroms.

    Jailbreakme.com is a Userland jailbreak , and is able to jailbreak all devices up to OS 4.0.1. You do the jailbreak after your iphone OS is installed. It is not an iboot exploit.
    No. You didn't answer it correctly at all. Either you don't know what you're talking about, or you didn't read my question/suggestion properly.

  6. #4
    No you can't, plain and simple

  7. #5
    Retired Moderator iYeow's Avatar
    Join Date
    Feb 2008
    Location
    Vancouver, Canada
    Posts
    13,996
    Thanks
    76
    Thanked 2,764 Times in 2,652 Posts

    Fine, either I don't know what I am talking about or you don't know how to ask a question.

  8. #6
    Good answer.

  9. #7
    That's a good question. I think what he's asking is what If I buy an iPhone 4 that comes with 4.0.2, then I upgrade to 4.1. Then I use the tethered jailbreak and restore to a custom firmware with 4.0.1. Can I use jailbreakme?

    I'm pretty sure it won't work, it'll wipe out after a reboot.

    That's a good question. I think what he's asking is what If I buy an iPhone 4 that comes with 4.0.2, then I upgrade to 4.1. Then I use the tethered jailbreak and restore to a custom firmware with 4.0.1. Can I use jailbreakme?

    I'm pretty sure it won't work, it'll wipe out after a reboot.
    Last edited by Waleed786; 2010-09-12 at 02:27 AM. Reason: Automerged Doublepost

  10. #8
    Retired Moderator iYeow's Avatar
    Join Date
    Feb 2008
    Location
    Vancouver, Canada
    Posts
    13,996
    Thanks
    76
    Thanked 2,764 Times in 2,652 Posts

    It is really a weird question. Cfw and jailbreakme.com are two different exploits and if you can restore to cfw, why would you want to screw it up with another jailbreak by using jailbreakme.com unless he doesn't know what he is talking about.
    Last edited by iYeow; 2010-09-12 at 10:00 AM.

  11. #9
    Retired Moderator
    Join Date
    Jun 2009
    Location
    Alhambra, CA
    Posts
    16,904
    Thanks
    137
    Thanked 2,202 Times in 1,924 Posts

    Yeow is right on the dot. If you can restore to a custom fw that means you JB it already. Using Jailbreakme on a custom fw is running a JB over another JB which doesnt work. You could only use a custom fw on old boot 3GS or 3G/2G phones. Like Yeow said, after using a custom fw youre already jailbroken, untethered, so whats the need for jailbreakme afterwards? Besides, iP4 cant use custom fw's either.

  12. #10
    Quote Originally Posted by Anniex423 View Post
    Besides, iP4 cant use custom fw's either.
    How would the tethered jailbreak work if it's not with a custom firmware?

  13. #11
    Retired Moderator
    Join Date
    Jun 2009
    Location
    Alhambra, CA
    Posts
    16,904
    Thanks
    137
    Thanked 2,202 Times in 1,924 Posts

    Not sure what you mean. The iP4 has one and only one JB method and that one is untethered. Not all custom fw (depends on device and which fw) will cause a tethered JB. Even if that were the case, my point is if you use a custom fw and get a tethered JB under the circumstances, its already jailbroken and you cant run jailbreakme over an already jailbroken phone. Naturally running any sort of jailbreak over another jailbreak can either do nothing to change the status of the phone or potentially screw it up.

    So regardless of anything, once you use a custom fw theres no point in trying to run another jailbreak (regardless of its exploit method) over a jailbreak.

  14. #12
    Oh okay I got it. What I meant was, when the jailbreak for 4.1 is released, it will most likely be tethered right? Which means it deals with custom firmwares?

  15. #13
    Retired Moderator
    Join Date
    Jun 2009
    Location
    Alhambra, CA
    Posts
    16,904
    Thanks
    137
    Thanked 2,202 Times in 1,924 Posts

    No I doubt it will be tethered. The new JB the devs are working on would probably be more permanent. Rumor says it would not be patchable by Apple until Apple physically changes the hardware of the iPhones. Not 100% confirmed but thats the rumor.

  16. #14
    You guys didn't understand my question in the first place. I was never talking about running a jailbreak over another jailbreak. What I was saying is if you have a tethered jailbreak, would you have the ability to restore to a firmware that is 4.0.1, or simply an unjailbroken firmware that has the PDF exploit injected into it? Then we would have a device on a firmware that is, or looks like 4.0.1, in which case we would be able to run jailbreakme.com. Make sense?

  17. #15
    No because it doesn't matter If ur jailbroken or not, you can't downgrade without shsh files, even with custom firmwares. Not only that, but even if it did work, the baseband can't be changed so it still wouldn't be unlockable.

  18. #16
    Retired Moderator iYeow's Avatar
    Join Date
    Feb 2008
    Location
    Vancouver, Canada
    Posts
    13,996
    Thanks
    76
    Thanked 2,764 Times in 2,652 Posts

    Why bother about restoring to 4.0.1 to close the pdf exploit, Jay Freeman has a patch for all devices right on the front page. It even patches the 2G iphone where Apple has abandoned the support for it.

  19. #17
    He doesn't want to close the PDF exploit, he wants to use it to jailbreak. 4.0.1 doesn't even close it, that would be 4.0.2 and 4.1

  20. #18
    Retired Moderator iYeow's Avatar
    Join Date
    Feb 2008
    Location
    Vancouver, Canada
    Posts
    13,996
    Thanks
    76
    Thanked 2,764 Times in 2,652 Posts

    Oic, isn't Jailbreakme.com using the pdf exploit and is already closed by Apple by the 4.0.2 update..hahaha

  21. #19
    Retired Moderator Orby's Avatar
    Join Date
    Aug 2010
    Location
    Omicron Persei Eight
    Posts
    5,851
    Thanks
    42
    Thanked 699 Times in 594 Posts

    The short answer: nope.

    The longer answer: a tethered jailbreak is caused because of an "incomplete" exploit in the chain of trust--either only a bootrom-level OR only an iBoot level. The chain of trust in the boot is not completely broken--Apple code signatures and verification still remain in some places.

    For all SHSH required, LLB-size checking bootroms (commonly referred to as the new bootrom) you need BOTH types of exploits. Look at blackra1n on a new-bootrom 3GS, it was only one exploit, an iBoot-level. Because LLB couldn't be altered on a new bootrom device (size checks stop 24kpwn), the stock LLB invalidated the altered iBoot on every boot, throwing the device into recovery mode. The tethered boot just allows iBoot to manually launch with unsigned code over USB and boot the phone into a jailbroken state.

    Userland jailbreaks occur after the LLB, iBoot, and the kernel start running. If the bootrom-level (SHAtter) exploit is applied without an iBoot exploit, it'll boot tethered, as the stock iBoot will invalidate the altered kernel necessary for a jailbreak. The point is the need for the USB intervention occurs before any userland jailbreak can run and make the device boot.

    EDIT: Custom firmware isn't exactly the answer either, it too needs both an iBoot-level exploit and a bootrom exploit to restore to the device. iBoot cannot be downgraded without the SHSH blobs for the current batch of devices, and although custom firmware has been engineered in the past to not initiate another SHSH blob check upon its restore to the device, it still needs a pwned iBoot and bootrom exploit to break the chain of trust to run.

    Was that closer to what you were looking for?
    Last edited by Orby; 2010-09-13 at 10:41 PM.

  22. #20
    Quote Originally Posted by orbyorb View Post
    The short answer: nope.

    The longer answer: a tethered jailbreak is caused because of an "incomplete" exploit in the chain of trust--either only a bootrom-level OR only an iBoot level. The chain of trust in the boot is not completely broken--Apple code signatures and verification still remain in some places.

    For all SHSH required, LLB-size checking bootroms (commonly referred to as the new bootrom) you need BOTH types of exploits. Look at blackra1n on a new-bootrom 3GS, it was only one exploit, an iBoot-level. Because LLB couldn't be altered on a new bootrom device (size checks stop 24kpwn), the stock LLB invalidated the altered iBoot on every boot, throwing the device into recovery mode. The tethered boot just allows iBoot to manually launch with unsigned code over USB and boot the phone into a jailbroken state.

    Userland jailbreaks occur after the LLB, iBoot, and the kernel start running. If the bootrom-level (SHAtter) exploit is applied without an iBoot exploit, it'll boot tethered, as the stock iBoot will invalidate the altered kernel necessary for a jailbreak. The point is the need for the USB intervention occurs before any userland jailbreak can run and make the device boot.

    EDIT: Custom firmware isn't exactly the answer either, it too needs both an iBoot-level exploit and a bootrom exploit to restore to the device. iBoot cannot be downgraded without the SHSH blobs for the current batch of devices, and although custom firmware has been engineered in the past to not initiate another SHSH blob check upon its restore to the device, it still needs a pwned iBoot and bootrom exploit to break the chain of trust to run.

    Was that closer to what you were looking for?
    yes thank you. noone else knew what they were talking about. that explains and answers my question perfectly.

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •