|
iPhone and iPod touch v1.1.1 full jailbreak tested, confirmed!Posted Oct 10th 2007 3:09AM by Ryan Block3 T0 h# F/ j* O0 D% k, K
Filed under: Cellphones, Portable Audio, Portable Video
/ S+ t5 g) R. `9 P! n
. s3 e6 q1 k# c$ A
- P, W( b3 O9 }5 b. P1 D" |3 O We were invited by iPhone / iPod touch file system hacker Niacin (who you might also know for his PSP and MSN TV Linux clusterhacks, etc.) and Dre to test out their new v1.1.1 file system hack. Weknow the whole v1.1.1 hacking thing has been massively confusing evento folks like us, so here's a quick n' dirty timeline to bring you upto date.
3 a. n. ^. k0 L. h- Apple releases iPhone, which was obviously cracked six ways from Sunday.
- Through firmwares 1.0.1 and 1.0.2 Apple does not block these hacks in any way.
- Firmwarev1.1.1 is released for iPhone and iPod touch, which completely locksout file system access (and thus 3rd party software).
- Awkward silence from Apple fans and the dev community as everyone ponders how to crack the new file system protections.
- Hackers dinopio, edgan discover the symlink hack,which takes v1.0.2 iPhones up to v1.1.1 with read / write file systemaccess. In other words, the hack only works on v1.0.2 iPhones (not theiPod touch) when being upgraded to v1.1.1, and still doesn't grant theability to execute loaded programs.
- The next version of dinopio & co.'s symlink hack(which hasn't yet been released to the public) grants the covetedexecute privilege (so you can run those 3rd party apps), and enablesanother hack (by pumpkin) to make the new SpringBoard (the applicationlauncher) recognize the freshly recompiled iPhone apps.
- Hacker Niacin (aka toc2rta) and Dre claimthey've managed to combine the symlink hack with a TIFF vulnerabilityfound in the v1.1.1 firmware's mobile Safari, which grants access tothe file system. This is the hack we're testing here.. Q" |) N \- U0 C0 F2 h$ S" x" c
Note:Due to the nature of this hack, it's to be considered ephemeral. Appleneeds only to patch the TIFF vulnerability and file system access onv1.1.1 is out, with the touch and iPhone back to their previouslynot-too-hackable state. And the result thus far? We've tested the solution, and we can confirm file system read+write accessvia the TIFF exploit on an iPod touch, meaning loading a simple imagefile on your v1.1.1 device gives full root file system access!' r1 Y% G5 T' Q" F' ]) [: d
! @* K, v1 D. c' yCaveats:7 |* t# d% p. h" N5 w% B
- The release has not at this time been released to thepublic. Niacin claims that will happen in the near future, possiblylater this morning.
- Thus far the hack isn't entirelywithout issues. We're still trying to determine exactly what's what,but we've lost read and write access unexpectedly. This may or may notbe a problem with our machine or device, though, and not necessarilythe hack.
- We did not test this method on an iPhone, buttechnically there should be no difference in the effect. Side note:your v1.1.1 iPhone would, at this time, need to be activated to loadthe TIFF. (How else are you gonna load it?) This is supposedly beingworked on.
Quick terminal log using iPHUC on the iPod touch confirming write ability to root FS after the break.8 ~2 L+ d3 H9 u1 `6 q! _
9 \) Y n3 W- Y( H% J$ r' C3 D* b- i
==Terminal==9 h$ j3 S& j5 m) n: g
iphuc 0.6.1 with tab completion.: N9 B3 E1 I) u
>> By The iPhoneDev Team: nightwatch geohot ixtli warren nall mjc operator* K: a4 h$ o4 M9 E: k4 w. z Q
CFRunLoop: Waiting for iPhone.
3 D' L5 p- V1 A+ n) T! cnotification: iPhone attached.1 a( }- Z. Q; O: G# _. w- b$ J
AMDeviceStartService 'com.apple.afc': 0; }/ _: F3 X& d3 K; P2 |- |
(iPHUC) /: ls
8 B% H+ T3 p! H3 X7 J' K.9 G. P6 n! X! [4 O( a1 G; G( Y
..% M; {. ?5 [$ C# i
Applications7 v. U) n u0 ?- _# L' M; ~! g
Library
4 H8 ]& r( L* oSystem
6 y- S8 }" b" W9 M. E0 P; J3 dbin& g) u3 K! Z0 V: r
cores
3 h2 ]) B* X F7 q3 n I9 f0 ~5 ?dev. B8 C, j# ^; V5 ?" S- K
etc
2 T- Z# \* _- [ p% hmach6 w5 O3 x' E3 A" S# g8 F
private
) r2 r. ~! v6 b h" \/ S9 ]sbin# g6 q4 z3 L) X6 _7 @" Y7 [
tmp* ?2 f: Y3 T" s! e7 c4 I- @3 ?6 c
usr1 w+ M! l! i" s$ A" P8 `8 J
var
. o" S' ?' S: F$ U0 n9 P(iPHUC) /: putfile ./fstab /etc/fstab [That's the money line! No errors.]
; G: U; c [0 Y1 p9 b5 |(iPHUC) /: exit7 z. z. m1 I( [0 a
==/Terminal==
; e+ y$ a L. M
. [6 C$ `, Y5 B! y4 nCan confirm by way of getfile that the uploaded version sticks. |
-
|