iOS5 \ 4S ...where we are at for JB

Discussion in 'Jailbreaks and iOS Hacks' started by rick snagwell, Nov 9, 2011.

  1. rick snagwell macrumors 68040

    rick snagwell

    Joined:
    Feb 12, 2011
    Location:
    oceanside, ca
    #1
    DHLizard, who used to be a reg on these forums...he went over to the dev team. a genius i might add, just put this out. some good news


    Upcoming jailbreak(s)
    Apple is going to release 5.0.1 sooner than later.
    If you want to get an untethered jailbreak on iOS5, you may need to update to iOS5 (5.0 firmware) before Apple stops signing 5.0

    pod2g who believes he has an untethered exploit for 5.0 firmware Tweeted this
    pod2g pod2g
    Note about 5.0.1 : don't update if you plan on jbking : the bug Charlie MILLER found can simplify exploits dramatically and will be closed.

    (This refers to the exploit @0xcharlie recently found in iOS which may simplify any number of exploits)
    This is a dangerous vulnerability and will need to be patched by hackers after we use it for exploits (as was done with .pdf patchers via Cydia)

    So you may need to be on 5.0 firmware to get a tethered jailbreak in the future
    Also remember, there should be an overlap when Apple signs both firmwares for several hours after 5.0.1 is released
    Do not update to 5.0.1 when it comes out (until the hackers advise otherwise) !

    Hashes no longer allow restores to 5.x.x firmware versions (what does this mean ?)
    If Apple releases 5.0.1 and stops signing 5.0, you can no longer restore or upgrade to 5.0 (except for the short overlap when Apple signs both firmwares)
    You will be forced to 5.0.1 and may not be able to use the untethered jailbreak !
     
  2. vong macrumors 6502a

    vong

    Joined:
    Jan 31, 2010
    #2
    Man... I want to upgrade to iOS 5 (still on 4.2.1 on iPhone 4) but is the battery issue a big one?
     
  3. TC25 macrumors 68020

    Joined:
    Mar 28, 2011
    #3
    No.
     
  4. bradl macrumors 68040

    bradl

    Joined:
    Jun 16, 2008
    #4
    I was wondering where he went! good news to know!

    personally, it's a race against time for me. the 2 64GB 4S that we ordered are still on backorder (though it has only been a week), so I'm hoping they get here before 5.0.1 comes out. That will at least guarantee me that they will come with 5.0.

    BL.
     
  5. rick snagwell thread starter macrumors 68040

    rick snagwell

    Joined:
    Feb 12, 2011
    Location:
    oceanside, ca
    #5
    yup, he had an answer for everything. I'm sure he is helping out the dev team though.
     
  6. speed4tu macrumors member

    Joined:
    Mar 30, 2009
    #6
    Im still on 4.2.6 with untether. I wanna update to ios 5 but don't wanna loose my untethered jailbreak nor have to redownload and setup all my jailbreak aps.
     
  7. TC25 macrumors 68020

    Joined:
    Mar 28, 2011
    #7
    Some decisions can be hard.
     
  8. machasm macrumors member

    Joined:
    Dec 21, 2010
    #8
    I am currently on 4.3.3 with my iPad 2 and jail broken. I am reluctant to upgrade to ios5 without a JB now but don't want to miss the signing window. Any idea on how long Apple will continue to sign ios5 while 5.0.1 is out? I guess that window will only be of use if the JB is out by then, otherwise I will stool have the same dilemma.
    Think I will stick where I am until I can successfully upgrade AND JB at the same time.
    Mac
     
  9. rick snagwell thread starter macrumors 68040

    rick snagwell

    Joined:
    Feb 12, 2011
    Location:
    oceanside, ca
    #9
    it clearly states this above.

    So you may need to be on 5.0 firmware to get a tethered jailbreak in the future
    Also remember, there should be an overlap when Apple signs both firmwares for several hours after 5.0.1 is released
    Do not update to 5.0.1 when it comes out (until the hackers advise otherwise) !
     
  10. TC25 macrumors 68020

    Joined:
    Mar 28, 2011
    #10
    You will be waiting a long time. There are absolutely NO problems with the tethered jb. I have been running it for a month, both redsn0w and sn0wbreeze.
     
  11. hitekalex macrumors 68000

    hitekalex

    Joined:
    Feb 4, 2008
    Location:
    Chicago, USA
    #11
    Yeah, no problems other than your phone becoming a brick from time to time due to its inability to reboot without a PC..
     
  12. rick snagwell thread starter macrumors 68040

    rick snagwell

    Joined:
    Feb 12, 2011
    Location:
    oceanside, ca
    #12
    i think thats better than being jb.

    if a couple hours is all its bricked for that is.
     
  13. TC25 macrumors 68020

    Joined:
    Mar 28, 2011
    #13
    In a month, this has never happened to me.
     
  14. mrblack927 macrumors 6502a

    mrblack927

    Joined:
    Aug 19, 2008
    #14
    Wait... hashes can no longer be used to restore firmwares? Since when? Even if you have them saved locally with TU?
     
  15. Applejuiced macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #15
    Yes, since 5.0 came out.
    Apple has implemented new security that you cannot replay saved blobs in order to restore. You can still use your old shsh blobs to restore to anything 4.3.5 and lower but above that no.
    Sucks major donkey a$$.
     
  16. mrblack927 macrumors 6502a

    mrblack927

    Joined:
    Aug 19, 2008
    #16
    Wow... That's interesting. I wonder how they pulled that off? You would think that there's only a limited amount they could do to prevent local restores when we're spoofing Apple's activation servers. Maybe they added a TTL to the hashes so that they expire in a day or so? But then we could just spoof the local time/date...

    I would be interested (from an ITSEC standpoint) to know the whole story behind that.
     
  17. Applejuiced macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #17
    From the Dev Teams blog:

    Blob monster:
    It looks like Apple is about to aggressively combat the “replay attacks” that have until now allowed users to use iTunes to restore to previous firmware versions using saved SHSH blobs.

    Those of you who have been jailbreaking for a while have probably heard us periodically warn you to “save your blobs” for each firmware using either Cydia or TinyUmbrella (or even the “copy from /tmp during restore” method for advanced users). Saving your blobs for a given firmware on your specific device allows you to restore *that* device to *that* firmware even after Apple has stopped signing it. That’s all about to change.

    Starting with the iOS5 beta, the role of the “APTicket” is changing — it’s being used much like the “BBTicket” has always been used. The LLB and iBoot stages of the boot sequence are being refined to depend on the authenticity of the APTicket, which is uniquely generated at each and every restore (in other words, it doesn’t depend merely on your ECID and firmware version…it changes every time you restore, based partly on a random number). This APTicket authentication will happen at every boot, not just at restore time. Because only Apple has the crypto keys to properly sign the per-restore APTicket, replayed APTickets are useless.

    This will only affect restores starting at iOS5 and onward, and Apple will be able to flip that switch off and on at will (by opening or closing the APTicket signing window for that firmware, like they do for the BBTicket). geohot’s limera1n exploit occurs before any of this new checking is done, so tethered jailbreaks will still always be possible for devices where limera1n applies. Also, restoring to pre-5.0 firmwares with saved blobs will still be possible (but you’ll soon start to need to use older iTunes versions for that). Note that iTunes ultimately is *not* the component that matters here..it’s the boot sequence on the device starting with the LLB.

    Although it’s always been just “a matter of time” before Apple started doing this (they’ve always done this with the BBTicket), it’s still a significant move on Apple’s part (and it also dovetails with certain technical requirements of their upcoming OTA “delta” updates).

    Note: although there may still be ways to combat this, a beta period is really not the time or place to discuss them. We’re just letting you know what Apple has already done in their exisiting beta releases — they’ve stepped up their game!
     
  18. Dwalls90 macrumors 601

    Dwalls90

    Joined:
    Feb 5, 2009
    #18
    I wouldn't worry. 5.0.1 isn't due out until late November given Apple's estimates. I'm sure your phone will ship before the end of November, most are shipping after a week I believe even with back-orders (at least in the states)

    I agree ... I upgraded to 5.0 on my i4 and used the tethered JB and it was fine to be honest.
     
  19. hitekalex macrumors 68000

    hitekalex

    Joined:
    Feb 4, 2008
    Location:
    Chicago, USA
    #19
    It never happens until it does. I had gone on a 2 day camping trip with my old 3GS running tethered JB. 3 hours away from my house - an app crash caused a system-wide hang, which required a reboot. As a result, no working phone for the remainder of the trip.

    Tethered JB = never again for me.
     
  20. ACardAttack macrumors 6502

    ACardAttack

    Joined:
    Mar 18, 2010
    #20
    I really wish 5.0.1 was gonna be jailbreakable....I'll still hold out hope...would love to get that battery fix
     
  21. elpmas macrumors 68000

    elpmas

    Joined:
    Sep 9, 2009
    Location:
    Where the fresh snow don't go.
  22. Grolubao macrumors 65816

    Grolubao

    Joined:
    Dec 23, 2008
    Location:
    London, UK
    #22
    I'm on 4.3.2, I can still update to 5.0 even if 5.0.1 is out correct? Meaning I would just point to the 5.0 package
     
  23. hibanzai macrumors member

    Joined:
    Jul 24, 2011
    #23
    That's not good news. Especially when they might release a fix for the woeful battery life in 5.0.1.

    I had hoped the hackers would wait for 5.0.1 to use their exploits on that, then Apple would have to release a 5.0.2, which won't be necessary to update to since it will simply have the patch to the exploits from 0.1.

    :/
     
  24. Applejuiced macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #24
    No. Did you not read anything we posted above about the new shsh blob check?
    Once 5.0.1 is out and Apple stops signing 5.0 you will never be able to update or restore to that.
     
  25. mrblack927 macrumors 6502a

    mrblack927

    Joined:
    Aug 19, 2008
    #25
    Ah, thanks for that! Very interesting. So they've added a nonce to the key-signing procedure for restores. That certainly makes things more challenging. I can see the dev team eventually getting around this with a low-level exploit like limera1n to set the nonce to a fixed value, but at the very least this means the days of things like this being easy are disappearing. Apple stepping up their game indeed.
     

Share This Page