Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Untethered bootrom exploit for iPhone 3GS (new bootrom)

axi0mX

axi0mX

macrumors newbie
Original poster
Apr 13, 2017
1
3
Released Monday. You can downgrade to any iOS version with a custom IPSW, have custom boot logos, verbose boot, install openiBoot, install Linux (if there is a compatible kernel/distro). This exploit gives you complete control over the device during boot, at the lowest level. It is called alloc8.

Bootrom exploits are notable, because they exploit code in read-only memory in the SoC, and that cannot be fixed with a software update. All iPhone 3GS devices will be vulnerable forever.

Before alloc8, the last time a bootrom exploit for iPhone was released publicly was in 2010. It was geohot's limera1n exploit, which works over USB but cannot be used for persistence (untethered jailbreak).

Technical write-up for those interested:
https://github.com/axi0mX/alloc8

Jailbreak tool:
https://github.com/axi0mX/ipwndfu
 
  • Like
Reactions: LightBulbFun, braddick and Applejuiced
This is awesome, I just took my 3GS from 6.1.6 back to 4.3.3, was going to go for 3.1.3 but iOS 4.3.3 runs nearly as well as 3.x if not faster due to multitasking support. 5 and 6 are what started to slow this old beast down. Even so 6.1 ran pretty well for it's age.

Running great on 4.3.3 though! Had it on 4.1 for quite some time but nice to have it at nearly the last version of 4.x.

IMG_0002.PNG IMG_0003.PNG
 
  • Like
Reactions: LightBulbFun
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back