Can some explain the Pwnage exploit

Discussion in 'Jailbreaks and iOS Hacks' started by thundermustard, Jun 27, 2010.

  1. thundermustard macrumors regular

    Apr 21, 2008
    Just trying to understand what is going on behind the scenes.
    Here are the facts that I understand. You must have a SHSH blob saved to get iTunes to allow you to (after bypassing their servers) downgrade. Those signatures only happen when that firmware is available. So if you bought an old iPhone in the box running 3.0 you can only get Cydia to save the most current firmware in the wild.
    However, if you have a 3GS on the old boot rom and a Pwned iPhone you can make custom firmwares and then update/downgrade without using Apple's servers at all.
    What is it about the Pwned iPhone that allows that (why does iTunes allow you to bypass the signature verification). And is there nothing that could happen to your iPhone that would remove that code that allows it?
    What if you used BlackRa1n before, can you make a new custom firmware and update the same as if it had been Pwned?
  2. yifanlu macrumors member

    Jul 29, 2009
    The iphone boots in a chain. Each level boots another, so if you were to break the chain and insert your own code, you "own" the rest of the chain. High-level JB like Sprit aren't that "exciting" because you only get really high level stuff (after OS loads). Low-level JB, most noticeability, the bootrom, are the holy grail, because you own the system at a low enough level that you can bypass signature checks (every code on the iPhone is signed by apple, and doesn't load without the signature, and the signature is broken when the code is modified) before the system starts, therefore allowing you to load your own firmware. The bootrom is also a separate chip, so they can't fix exploits in it without making a new revision/device.
  3. Trakis macrumors member

    Jun 24, 2010
  4. Neolithium macrumors 6502a


    Jun 4, 2010
    Wherever the army needs me.
  5. labman macrumors 604


    Jun 9, 2009
    Mich near Detroit
    Btw there are threads going on about the iPhone 4 jailbreak just look and read. the TS asked nothing about iPhone 4. best to either start your own thread or even better look at the other threads already started. if you look at the threads about it you will see some very good news as of today.
  6. thundermustard thread starter macrumors regular

    Apr 21, 2008
    Thanks for that informative reply.
    Doesn't it seem like iTunes could be rewritten to never allow a bypassing of the signature check.
    I now understand the importance of not updating iTunes until the all clear is given.
  7. jav6454 macrumors P6


    Nov 14, 2007
    1 Geostationary Tower Plaza
    It is not iTunes that does the signature check. It's the OS itself and all the middle boot up programs and scripts in the iPhone. All iTunes does is upload and install the OS, nothing more.

Share This Page