Author Topic: Bootrom exploits  (Read 2793 times)

Offline ddominator

  • The Dominator
  • Global Moderator
  • Member
  • *****
  • Posts: 957
  • Karma: +11/-0
  • Sold his soul to Google
    • View Profile
    • Unofficial iDroid News Blog
  • iDevice: iPhone 2G 3.1.3
  • iDroid Version: MoJo 1.0.4.1
  • Jailbreak: redsn0w 0.94 FTW!!!
Re: Bootrom exploits
« Reply #15 on: October 09, 2010, 10:56:33 PM »
no, apparently it doesn't work on the iPhone 3G, iPod touch 2G, or the newer bootrom 3GS, or so I've heard from twitter posts :/
It should work on new 3GS, just needs fixed patches from what I understand.
Quote from: limera1n.com
known bugs
3GS new bootrom is broken, fix pending
By that time it works, Geohot's mug will be all over the app again...
« Last Edit: October 09, 2010, 10:58:51 PM by Rekoil »
Help Google takeover the world. Use Android on your mobile devices, use Chrome Browser, use Chrome OS!!!

Offline Rekoil

  • Administrator
  • Member
  • *****
  • Posts: 261
  • Karma: +1340/-0
    • View Profile
  • iDevice: iPhone 3GS (old bootrom), iPod Touch 1G
Re: Bootrom exploits
« Reply #16 on: October 09, 2010, 10:58:09 PM »
Even if it did work on the iPhone 3G (and it probably actually does) it would be silly to use it on it since the iPhone 3G can already be exploited by Pwnage 2.0.

By that time it works, Geohot's mug will be all over the app again...

No the website clearly states:
Quote from: limera1n.com
zero pictures of my face

Though it is at this time unclear if that is intended functionality or not.
« Last Edit: October 09, 2010, 11:02:44 PM by Rekoil »
32gb factory unlocked iPhone 3GS with early bootrom and shsh for all available firmwares

Offline iPwnUK

  • Member
  • Posts: 206
  • Karma: +1/-0
  • *Insert Witty Comment Here*
    • View Profile
Re: Bootrom exploits
« Reply #17 on: October 09, 2010, 11:16:50 PM »
no, apparently it doesn't work on the iPhone 3G, iPod touch 2G, or the newer bootrom 3GS, or so I've heard from twitter posts :/
It should work on new 3GS, just needs fixed patches from what I understand.
Quote from: limera1n.com
known bugs
3GS new bootrom is broken, fix pending
ah, fair enough, that seems better. and i didn't see the point with 3G compatibility either, just going with what i had heard from various tweets/retweets, seems by the time i get a chance to post anything, there has been 2 or 3 updates contradicting or backing up what i have said :P
seems that the windows download is up again though, will wait for a dev team/chronic dev team release though for baseband-preserving reasons, even though I don't unlock it's always useful to have for reselling purposes later on. (i dont think that limera1n does at least)
--------------iPhone 3G with--------------
iOS 4.1, Android 2.2.1 & PSFreedom

---iPhone 4 with Jailbroken iOS 4.1----
-------Game Center ID - iPwnUK--------

Follow @iDroidProject on Twitter for latest updates!

Offline Rekoil

  • Administrator
  • Member
  • *****
  • Posts: 261
  • Karma: +1340/-0
    • View Profile
  • iDevice: iPhone 3GS (old bootrom), iPod Touch 1G
Re: Bootrom exploits
« Reply #18 on: October 09, 2010, 11:49:10 PM »
ah, fair enough, that seems better. and i didn't see the point with 3G compatibility either, just going with what i had heard from various tweets/retweets, seems by the time i get a chance to post anything, there has been 2 or 3 updates contradicting or backing up what i have said :P
seems that the windows download is up again though, will wait for a dev team/chronic dev team release though for baseband-preserving reasons, even though I don't unlock it's always useful to have for reselling purposes later on. (i dont think that limera1n does at least)
Limera1n works just like blackra1n and redsn0w. It jailbreaks an already installed iOS, which means that no it will not preserve the baseband unless the baseband you want to preserve is already installed :P.
« Last Edit: October 09, 2010, 11:56:43 PM by Rekoil »
32gb factory unlocked iPhone 3GS with early bootrom and shsh for all available firmwares

Offline iPwnUK

  • Member
  • Posts: 206
  • Karma: +1/-0
  • *Insert Witty Comment Here*
    • View Profile
Re: Bootrom exploits
« Reply #19 on: October 09, 2010, 11:55:20 PM »
ah okay, that makes sense :P
--------------iPhone 3G with--------------
iOS 4.1, Android 2.2.1 & PSFreedom

---iPhone 4 with Jailbroken iOS 4.1----
-------Game Center ID - iPwnUK--------

Follow @iDroidProject on Twitter for latest updates!

Offline Rekoil

  • Administrator
  • Member
  • *****
  • Posts: 261
  • Karma: +1340/-0
    • View Profile
  • iDevice: iPhone 3GS (old bootrom), iPod Touch 1G
Re: Bootrom exploits
« Reply #20 on: October 09, 2010, 11:58:29 PM »
Whoah, hang on a second, this means that using limera1n, early bootrom 3GS' are now truly completely pwned for life! Previously, in order to achieve an untethered jailbreak, we've had to rely on a combination of 24kpwn and a vulnerability in the to-be-jailbroken version of iOS's iBoot as an injection vector for the modified LLB. But with limera1n, we can use the limera1n hole to upload a hacked LLB (24kpwn) thus removing the need for an iBoot vulnerability! Hell yes!
« Last Edit: October 10, 2010, 12:01:19 AM by Rekoil »
32gb factory unlocked iPhone 3GS with early bootrom and shsh for all available firmwares

Offline Neonkoala

  • Global Moderator
  • Member
  • *****
  • Posts: 294
  • Karma: +3/-0
    • View Profile
    • Neonkoala.co.uk
Re: Bootrom exploits
« Reply #21 on: October 10, 2010, 03:25:11 PM »
Well its still tethered unless a userland exploit is there to compliment it.
iPhone 3G | iPhone 4

Offline iPwnUK

  • Member
  • Posts: 206
  • Karma: +1/-0
  • *Insert Witty Comment Here*
    • View Profile
Re: Bootrom exploits
« Reply #22 on: October 10, 2010, 03:50:37 PM »
Limera1n worked fine for me, just had a go restoring my iPhone 4 to 4.1 (with the tinyumbrella TSS server to preserve my baseband of course ;)) restored all my settings fine from the backup i made, ran limera1n and all was well :P nothing broken, well, nothing that I can currently see at least ^^
--------------iPhone 3G with--------------
iOS 4.1, Android 2.2.1 & PSFreedom

---iPhone 4 with Jailbroken iOS 4.1----
-------Game Center ID - iPwnUK--------

Follow @iDroidProject on Twitter for latest updates!

Offline Rekoil

  • Administrator
  • Member
  • *****
  • Posts: 261
  • Karma: +1340/-0
    • View Profile
  • iDevice: iPhone 3GS (old bootrom), iPod Touch 1G
Re: Bootrom exploits
« Reply #23 on: October 10, 2010, 04:21:58 PM »
Well its still tethered unless a userland exploit is there to compliment it.
No because using 24kpwn we can upload a modified LLB, allowing us to boot any iBoot (and subsequently any kernel) we want. The problem before was replacing the LLB which required an iBoot exploit, using the limera1n exploit we are able to replace the LLB without the blessing of the MobileDevice framework (which as I've said almost 800 times now, required an iBoot vulnerability to play along) :)
32gb factory unlocked iPhone 3GS with early bootrom and shsh for all available firmwares

Offline shaheen

  • Member
  • Posts: 30
  • Karma: +0/-0
    • View Profile
Re: Bootrom exploits
« Reply #24 on: October 18, 2010, 04:58:54 PM »
definitely doesnt work on 3g.
i was all excited about the new update cuz im tired of my phone being unusably slow, then i tried to jailbreak, and it bricked the damn thing.
i had to edit itunes' host files to convince it to allow me to do a dfu restore.
redsn0w is still going strong tho
abcdefuckyoughijklmnopqrstuvwxyz

Offline Rekoil

  • Administrator
  • Member
  • *****
  • Posts: 261
  • Karma: +1340/-0
    • View Profile
  • iDevice: iPhone 3GS (old bootrom), iPod Touch 1G
Re: Bootrom exploits
« Reply #25 on: October 18, 2010, 09:13:32 PM »
definitely doesnt work on 3g.
i was all excited about the new update cuz im tired of my phone being unusably slow, then i tried to jailbreak, and it bricked the damn thing.
i had to edit itunes' host files to convince it to allow me to do a dfu restore.
redsn0w is still going strong tho
You huh? Edited wha? Convince it to allow DFU restore, whut? I don't mean to offend, but:
1. iPhone 3G doesn't use ECID (even if it does, it's irrelevant with Pwnage 2.0)
2. How would a different jailbreak make it faster? Unless you're referring to 4.1 which of course is faster, but at the same time, 4.1 can be jailbroken by redsn0w or Pwnage Tool.
3. iTunes doesn't have a hosts file, the operating system does.
4. IF YOU WERE ABLE TO FIX IT IT WASN'T BRICKED!!!! CAN EVERYONE PLEASE STOP REFERRING TO THEIR DEVICES AS BRICKED WHEN THEY CAN BE FIXED BY A RESTORE!!!!

Sorry for being so mean, I've had a tough day.
32gb factory unlocked iPhone 3GS with early bootrom and shsh for all available firmwares

Offline shaheen

  • Member
  • Posts: 30
  • Karma: +0/-0
    • View Profile
Re: Bootrom exploits
« Reply #26 on: October 24, 2010, 04:20:19 PM »
okay... it wasnt bricked.
but it was stuck in dfu mode.
itunes wouldnt let me restore due to some connectivity problem.
so i followed an online guide and edited some files in the itunes directory. prety sure they were host files(maybe from the operating system). thats what the tutorial said
and i WAS referring to 4.1
anyway it doesnt matter.
point is, dont use limera1n if you have a 2g or 3g.
abcdefuckyoughijklmnopqrstuvwxyz

Offline dazomaz

  • Member
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Bootrom exploits
« Reply #27 on: November 09, 2010, 08:45:32 PM »
Used Limera1n to Jailbreak my iPhone4 - would love to install android on it now - don't ask me why. Looking forward to the next release! Keep at it and I promise a donation when I install it!  :)

Offline Rekoil

  • Administrator
  • Member
  • *****
  • Posts: 261
  • Karma: +1340/-0
    • View Profile
  • iDevice: iPhone 3GS (old bootrom), iPod Touch 1G
Re: Bootrom exploits
« Reply #28 on: November 10, 2010, 11:45:58 AM »
Used Limera1n to Jailbreak my iPhone4 - would love to install android on it now - don't ask me why. Looking forward to the next release! Keep at it and I promise a donation when I install it!  :)
A donation now would be more helpful to be honest. As a non-profit organization, donation money will only be used towards getting devices to be used for testing and purchasing required software and certificates, so if you donate after the port is finished, that money will not help the people porting to i4, but rather the people porting to i5 or iPad2, which is still a good cause, but if you wanna speed up i4 porting you should donate now :)
32gb factory unlocked iPhone 3GS with early bootrom and shsh for all available firmwares

Offline SeanKPS

  • Member
  • Posts: 20
  • Karma: +0/-1
    • View Profile
Re: Bootrom exploits
« Reply #29 on: November 10, 2010, 09:33:59 PM »
Used Limera1n to Jailbreak my iPhone4 - would love to install android on it now - don't ask me why. Looking forward to the next release! Keep at it and I promise a donation when I install it!  :)
A donation now would be more helpful to be honest. As a non-profit organization, donation money will only be used towards getting devices to be used for testing and purchasing required software and certificates, so if you donate after the port is finished, that money will not help the people porting to i4, but rather the people porting to i5 or iPad2, which is still a good cause, but if you wanna speed up i4 porting you should donate now :)
Well that's a difficult logic when there is very little official word on what priority the newer devices are getting. And the little that I have heard is that they aren't a priority.
Unless a $10 donation from me is sent along with $395 from other people, it's hard to see my $10 going towards an iPhone 4.

So in a sense, the "it'll be done when it's done" is a little under informative.
If a developer needs donations, then donators need developments, even if the "developments" are just informative promises of future work to be done.

It's also hard to expect preemptive donations for the 3GS/i4 when time and time again they have been stated not to be a priority.
Yes, bluerise put a line referencing i4 in a readme. But it'll take more info than that for a community to recognize a change of priority.

I'm just saying  :P