Untethered bootrom exploit for iPhone 3GS (new bootrom)

Discussion in 'Jailbreaks and iOS Hacks' started by axi0mX, Apr 13, 2017.

  1. axi0mX macrumors newbie

    axi0mX

    Joined:
    Apr 13, 2017
    #1
    Released Monday. You can downgrade to any iOS version with a custom IPSW, have custom boot logos, verbose boot, install openiBoot, install Linux (if there is a compatible kernel/distro). This exploit gives you complete control over the device during boot, at the lowest level. It is called alloc8.

    Bootrom exploits are notable, because they exploit code in read-only memory in the SoC, and that cannot be fixed with a software update. All iPhone 3GS devices will be vulnerable forever.

    Before alloc8, the last time a bootrom exploit for iPhone was released publicly was in 2010. It was geohot's limera1n exploit, which works over USB but cannot be used for persistence (untethered jailbreak).

    Technical write-up for those interested:
    https://github.com/axi0mX/alloc8

    Jailbreak tool:
    https://github.com/axi0mX/ipwndfu
     
  2. Applejuiced macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #2
    Sweet JB. Sucks that its about 10 years later but still good to have available.
    Verbose boot and untethered JB's for life for that device.
    Too bad we dont have anything like this for the newer devices.
     
  3. Manatlt macrumors 6502a

    Joined:
    Aug 26, 2013
    Location:
    London, UK
    #3
    Also too bad most apps no longer work with 3GS/iOS 6 (and below).
     
  4. Peter K. macrumors 6502a

    Peter K.

    Joined:
    Nov 6, 2012
    Location:
    SoCal
    #4
    True. How amazing would this be for the 6S or later?
     
  5. Applejuiced macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #5
    I still have hopes and dreams something will come out from our Chinese friends.
    Fully untethered would be great. Im not even asking for too much such as a hardware bootrom exploit pwned for life :D
     

Share This Page