The iPhone Wiki - User contributions [en]

User:Pod2g

2014-02-09T01:43:02Z

Cykey: oops

{{lowercase}}
'''pod2g''', with real name '''Cyril Cattiaux''', is an iOS hacker living in France, who has discovered several [[bootrom]] exploits. He was formerly part of the [[Chronic Dev (team)|Chronic Dev Team]], but left for personal reasons. Later he was part of the [[Dream Team]] when it emerged.

When asked about how he finds all these vulnerabilities, he always answers "by luck" and even explains the Racoon config file as an example, but having so much luck seems to be impossible. He is considered as one of the most talented iOS hackers ever.

In January 2013 he released his first app (podDJ) officially on the AppStore, although he did not leave the hacking scene.

== Credits ==
* [[0x24000 Segment Overflow]]
* [[usb_control_msg(0xA1, 1) Exploit]]
* [[Corona]]
* [[Rocky Racoon]]
* He was the first to [https://twitter.com/pod2g/status/23932796062 tweet the IMG3 keys] for [[iBSS]] for [[iOS]] 4.0.1 on the [[n90ap|iPhone 4]]. (exploit??)
* As of [[Timeline|29 January 2011]], he revealed to have two [[Untethered jailbreak|untether exploits]]. News of release have not been revealed. On 27 December 2011 he released an untether for iOS 5.0.1 for [[S5L8940|A4]] devices. His untether is now built into [[redsn0w]], [[PwnageTool]] and a Cydia package called [[corona]]. (to be replaced with exploits)
* Part of [[evad3rs]] who made [[evasi0n]].

== Appearances and Presentations ==
* HiTB Amsterdam 2012
* HiTB Malaysia 2012
** [http://www.youtube.com/watch?v=STAWXGQvmRI iOS/OS X Security Panel]
* [[JailbreakCon|WWJC]] 2012

== Publications ==
* Magazine (french, will be added)

== External Links ==
* [https://twitter.com/pod2g Twitter]

[[Category:Hackers]]

User:Pod2g

2014-02-09T01:42:48Z

Cykey: Pod2g wasn't at the 2013 WWJC event

{{lowercase}}
'''pod2g''', with real name '''Cyril Cattiaux''', is an iOS hacker living in France, who has discovered several [[bootrom]] exploits. He was formerly part of the [[Chronic Dev (team)|Chronic Dev Team]], but left for personal reasons. Later he was part of the [[Dream Team]] when it emerged.

When asked about how he finds all these vulnerabilities, he always answers "by luck" and even explains the Racoon config file as an example, but having so much luck seems to be impossible. He is considered as one of the most talented iOS hackers ever.

In January 2013 he released his first app (podDJ) officially on the AppStore, although he did not leave the hacking scene.

== Credits ==
* [[0x24000 Segment Overflow]]
* [[usb_control_msg(0xA1, 1) Exploit]]
* [[Corona]]
* [[Rocky Racoon]]
* He was the first to [https://twitter.com/pod2g/status/23932796062 tweet the IMG3 keys] for [[iBSS]] for [[iOS]] 4.0.1 on the [[n90ap|iPhone 4]]. (exploit??)
* As of [[Timeline|29 January 2011]], he revealed to have two [[Untethered jailbreak|untether exploits]]. News of release have not been revealed. On 27 December 2011 he released an untether for iOS 5.0.1 for [[S5L8940|A4]] devices. His untether is now built into [[redsn0w]], [[PwnageTool]] and a Cydia package called [[corona]]. (to be replaced with exploits)
* Part of [[evad3rs]] who made [[evasi0n]].

== Appearances and Presentations ==
* HiTB Amsterdam 2012
* HiTB Malaysia 2012
** [http://www.youtube.com/watch?v=STAWXGQvmRI iOS/OS X Security Panel]
* [[JailbreakCon|WWJC]] 20132

== Publications ==
* Magazine (french, will be added)

== External Links ==
* [https://twitter.com/pod2g Twitter]

[[Category:Hackers]]

IPSW File Format

2014-01-09T22:41:33Z

Cykey:

'''IPSW''' ('''iP'''od<sup>1</sup> '''S'''oft'''W'''are or '''iP'''hone '''S'''oft'''W'''are) Files have the Magic Number 504B0304 (PK\003\004) and thus are [[wikipedia:ZIP (file format)|ZIP]] archives. They can be modified with typical zip/unzip tools (i.e. change extension to .zip and double click). IPSWs are used to deliver the [[Apple TV]]/[[iPad]]/[[iPhone]]/[[iPod touch]] [[firmware]] to the end-user.

<sup>1</sup>IPSW files have been used since the very first iPod, though they have [http://www.freemyipod.org/wiki/Firmware a different format than] iOS-based devices.

== IPSW Contents ==
* [[Restore Ramdisk]]
* [[Update Ramdisk]] (Some firmwares don't contain this because of various reasons- Error 3002 means you are trying to update with an IPSW that is missing this)
* [[Disk Image Formats|Filesystem Ramdisk]] (the largest [[Apple Disk Image|.dmg]] file)
* [[Device Tree]]
* [[Kernelcache|kernelcache.release.XXXXXXX file]] (application processor specific i.e [[S5L8900]], [[S5L8920]], [[S5L8720]], [[S5L8922]], [[S5L8930]], [[S5L8940]])
* BuildManifest.plist (first appeared in firmware 3.0?)
* Restore.plist file
* ''Firmware\''
** ''all_flash\''
*** ''all_flash.XXXXX.production\'' (hardware specific i.e. [[M68ap]], [[N82ap]], etc.)
**** [[S5L File Formats#IMG2|IMG2]]/[[IMG3 File Format|IMG3]] files
**** manifest
** \dfu (Folder)
*** [[iBEC]].XXXXX.DFU (hardware specific i.e. [[M68ap]], [[N82ap]], etc.)
*** [[iBSS]].XXXXX.DFU (hardware specific i.e. [[M68ap]], [[N82ap]], etc.)
*** [[WTF]].XXXXX.DFU (hardware specific i.e. [[M68ap]], [[N82ap]], [[N45ap]], [[N72ap]] - currently not present in firmwares for the [[N88ap|iPhone 3GS]] and later, because it is mostly used to patch issues with the DFU mode that was burned into the bootrom)
** ICE3_XX.XX.XX_BOOT_02.06.Release.bbfw (Contains the baseband and the bootloader. X stands for a number. This is the baseband version. 02.06 is the bootloader. Only in the iPhone 4 firmware.)

== Example ==
This is a ls -alR of an extracted iPhone 3GS 3.0 Firmware IPSW.
total 608400
drwx------@ 11 m staff 374 17 Jun 07:11 .
drwxrwxrwx 5 m staff 170 18 Jul 07:34 ..
-rw-r--r--@ 1 m admin 281214976 22 Mai 17:10 018-5302-002.dmg
-rw-r--r--@ 1 m admin 12769604 22 Mai 16:59 018-5304-002.dmg
-rw-r--r--@ 1 m admin 12777796 22 Mai 16:59 018-5306-002.dmg
-rw-r--r-- 1 m admin 21097 22 Mai 17:29 BuildManifest.plist
drwxr-xr-x@ 5 m staff 170 17 Jun 07:11 Firmware
-rw-r--r-- 1 m admin 1763 22 Mai 17:10 Restore.plist
-rw-r--r--@ 1 m staff 4695492 22 Mai 14:32 kernelcache.release.s5l8920x

./Firmware:
total 16
drwxr-xr-x@ 5 m staff 170 17 Jun 07:11 .
drwx------@ 11 m staff 374 17 Jun 07:11 ..
drwxr-xr-x@ 4 m staff 136 18 Jun 02:10 all_flash
drwxr-xr-x@ 4 m staff 136 22 Mai 13:39 dfu

./Firmware/all_flash:
total 16
drwxr-xr-x@ 4 m staff 136 18 Jun 02:10 .
drwxr-xr-x@ 5 m staff 170 17 Jun 07:11 ..
drwxr-xr-x@ 16 m staff 544 22 Mai 13:43 all_flash.n88ap.production

./Firmware/all_flash/all_flash.n88ap.production:
total 1320
drwxr-xr-x@ 16 m staff 544 22 Mai 13:43 .
drwxr-xr-x@ 4 m staff 136 18 Jun 02:10 ..
-rw-r--r--@ 1 m staff 44996 22 Mai 13:08 DeviceTree.n88ap.img3
-rw-r--r--@ 1 m staff 67908 22 Mai 13:12 LLB.n88ap.RELEASE.img3
-rw-r--r--@ 1 m staff 9604 22 Mai 13:15 applelogo.s5l8920x.img3
-rw-r--r--@ 1 m staff 19716 22 Mai 13:15 batterycharging0.s5l8920x.img3
-rw-r--r--@ 1 m staff 24900 22 Mai 13:16 batterycharging1.s5l8920x.img3
-rw-r--r--@ 1 m staff 76100 22 Mai 13:16 batteryfull.s5l8920x.img3
-rw-r--r--@ 1 m staff 56772 22 Mai 13:16 batterylow0.s5l8920x.img3
-rw-r--r--@ 1 m staff 65348 22 Mai 13:17 batterylow1.s5l8920x.img3
-rw-r--r--@ 1 m staff 20356 22 Mai 13:17 glyphcharging.s5l8920x.img3
-rw-r--r--@ 1 m staff 19332 22 Mai 13:18 glyphplugin.s5l8920x.img3
-rw-r--r--@ 1 m staff 178500 22 Mai 13:21 iBoot.n88ap.RELEASE.img3
-rw-r--r--@ 1 m staff 341 22 Mai 13:43 manifest
-rw-r--r--@ 1 m staff 20484 22 Mai 13:24 needservice.s5l8920x.img3
-rw-r--r--@ 1 m staff 47876 22 Mai 13:24 recoverymode.s5l8920x.img3

./Firmware/dfu:
total 416
drwxr-xr-x@ 4 m staff 136 22 Mai 13:39 .
drwxr-xr-x@ 5 m staff 170 17 Jun 07:11 ..
-rw-r--r--@ 1 m staff 104772 22 Mai 13:30 [[iBEC]].n88ap.RELEASE.dfu
-rw-r--r--@ 1 m staff 104772 22 Mai 13:36 [[iBSS]].n88ap.RELEASE.dfu

[[Category:File Formats]]

Malformed PairRequest

2013-10-06T15:16:57Z

Cykey: Explained the crash a bit

By sending [[lockdownd]] a malformed property list for the [[PairRequest]] command causes [[lockdownd]] to crash and restart. This is probably non-exploitable, but it is used in the [[Timezone Vulnerability]] to restart [[lockdownd]] to change file permissions.

Normally, [[lockdownd]] expects data (NSData) to be sent as the PairRequest. However, [[evasi0n]] sends a boolean (NSNumber) which causes lockdownd to crash with an Objective-C unrecognized selector error.

__NOTOC__
== Usage ==
* [[evasi0n|evasi0n jailbreak]]

== Credits ==
* [[evad3rs]]

== See Also ==
* [[Timezone Vulnerability]]

== References ==
* [http://conference.hitb.org/hitbsecconf2013ams/materials/D2T1%20-%20Pod2g,%20Planetbeing,%20Musclenerd%20and%20Pimskeks%20aka%20Evad3rs%20-%20Swiping%20Through%20Modern%20Security%20Features.pdf Slides from HITB presentation in Amsterdam 2013]
* [http://blog.accuvantlabs.com/blog/bthomas/evasi0n-jailbreaks-userland-component Accuvant Labs analysis of evasi0n]

[[Category:Exploits]]

Evasi0n

2013-02-04T21:22:53Z

Cykey:

{{lowercase}}
'''evasi0n''' is a [[jailbreak]] tool that can be used to [[jailbreak]] ([[untethered jailbreak|untethered]]) [[iOS]] 6.0-6.1 on all [[#Supported Devices|supported devices]], excluding the [[j33ap|Apple TV 3G]]. It was releasd on Februrary 4, 2013, and supports Windows, OS X, and Linux (x86/x86_64).

== Supported Devices ==
All devices that support iOS 6.0-6.1, excluding the Apple TV 3G are supported. The reasoning behind this is unknown at the moment.

== Version History ==
* 1.0
** Initial release

== Download ==
{| class="wikitable" style="text-align:center;"
! Version
! Release Date
! OS
! SHA-1 Hash
! colspan="3" | Download
|-
| rowspan="3" | 1.0
| rowspan="3" | 4 Februrary 2013
| Linux
| c9e4b15a161b89f0e412721f471c5f8559b6054f
| [https://evad3rs.box.com/shared/static/5dped2c9ejnk5r6ahfpg.lzma box.com]
| [https://mega.co.nz/#!0kUkXBLC!Q8e53kQZpLbGL7PquHWgQFhMU9Ru3WJWxBuzEdkiMJo Mega]
| [http://rapidshare.com/files/2561828874/evasi0n-linux-1.0-3c53ba10e2448d311b0f4157f2d7eb568f106c4f-release.tar.lzma RapidShare]
|-
| OS X
| 23f99a0d65e71fd79ff072b227f0ecb176f0ffa8
| [https://evad3rs.box.com/shared/static/du66n0g9wl1j4ta57hpx.dmg box.com]
| [https://mega.co.nz/#!5h0BwQoa!KdRLFwNJ3OjMS-7Zs2YGQnsvPxAKEsaAjabY__8pNtY Mega]
| [http://rapidshare.com/files/3010870584/evasi0n-mac-1.0-3c53ba10e2448d311b0f4157f2d7eb568f106c4f-release.dmg RapidShare]
|-
| Windows
| 2ff288e1798b4711020e9dd7f26480e57704d8b2
| [https://evad3rs.box.com/shared/static/tg1t0cz7oakvq7hsv0bd.zip box.com]
| [https://mega.co.nz/#!d9ciUApQ!AkwevVU1OtUrEUU7U4fE-V8qqM9aINTAGgjkukShihE Mega]
| [http://rapidshare.com/files/3503186483/evasi0n-win-1.0-3c53ba10e2448d311b0f4157f2d7eb568f106c4f-release.zip RapidShare]
|}

{{stub|jailbreaking}}
[[Category:Jailbreaks]]

Chronic Dev (team)

2012-08-03T16:00:30Z

Cykey: Removed posixninja

{{DISPLAYTITLE:Chronic Dev Team}}
[[Chronic Dev (team)|Chronic Dev]] is not the same as the [[iPhone Dev Team]]. [[Chronic Dev (team)|Chronic Dev]] is a team of hackers. Actually they cannot be distinctly assigned with such a "team", some just work losely together and might also be in another team. According to their [http://chronic-dev.org/blog/who-we-are/ Blog page] the following members are currently in the team:

== Official Members ==
*[[AriX]]
*[[User:ChronicDev|chronic]]
*[[User:DHowett|DHowett]]
*[[User:Jan0|jan0]]
*[[User:Jaywalker|Jaywalker]]
*[[OPK]]
*[[User:Semaphore|semaphore]]
*[[User:Westbaer|westbaer]]

== Associates ==
*[[bugout]]
*[[User:Bushing|bushing]]
*[[c1de0x]]
*[[CPICH]]
*[[User:Chpwn|chpwn]]
*[[User:Comex|comex]]
*[[User:Geohot|geohot]]
*[[ius]]
*[[User:lilstevie|Lilstevie]]
*[[User:MuscleNerd|MuscleNerd]]
*[[User:NerveGas|NerveGas]]
*[[nikias]]
*[[User:Planetbeing|planetbeing]]
*[[User:Pod2g|pod2g]]
*[[psp250]]
*[[User:pumpkin|pumpkin]]
*[[saurik]]

==Projects==
*[[iRecovery|iRecovery / libirecovery]]
*[[Greenpois0n (toolkit)|greenpois0n]]
*[[GenPass]]

==Links==
*[http://chronic-dev.org/blog/ Chronic Dev Blog]
*[https://github.com/Chronic-Dev GitHub]
*[http://chronicdev.googlecode.com/ Chronic Dev google code]
*[http://twitter.com/chronicdevteam Chronic Dev Team on Twitter]
[[Category:Hackers]]

Bluefreeze

2012-03-22T19:39:51Z

Cykey: fix typo

[[iFaith]] has a protection that you don't use it on the wrong firmware to protect you. '''Bluefreeze''', a tool written by a group called The Private Dev Team, modifies the firmware version (and firmware checksum) in the iFaith certificate file, so that this check gets disabled. By doing so, you can install any firmware version on your device, even without having saved the [[SHSH]] files. The problem by doing so is that you actually install a firmware without signatures, with all consequences.

Bluefreeze asks you to build and browse to two ipsw's one signed properly and one not signed. Then Bluefreeze swaps the properly signed img3 files in the properly signed firmware file with the incorrectly signed img3 files in the unsigned ipsw thus resulting in an ipsw file with properly signed img3 files. This firmware file is used for the downgrade.

Having an incorrectly signed firmware installed won't let you boot of course. But because the limera1n exploit ignores incorrect signatures we can use the limera1n exploit (DFU mode, then using redsn0w) to boot up your device. The problem is only that you have to repeat this every time (similar to a tethered jailbreak), so it's not a downgrade you would want. This should be your last resort, and only if you absolutely need a downgrade.

This way a downgrade to [[iOS]] 4.3, 4.3.5, or 5.0 from 5.0.1 is possible. Supported devices are iPhone 3GS, iPod touch 3G, and all [[S5L8930|A4]] devices.

One common misconception about this downgrade solution is that it may conflict with an untethered jailbreak. This is completely false. If proper exploits are used (anything but a userland one ex: Jailbreakme 3.0) and properly jailbroken this tethered downgrade would become an untethered downgrade.

Another common misconception about this is that you can downgrade and use [[TinyUmbrella]] or [[iFaith]] to get a valid [[SHSH]] blob and use that to restore to that and be untethered. This is false also.

== Purpose ==
With this method you can install a firmware for which you don't have [[SHSH]] saved for some tests, for example if you're a software developer and need to do some tests on a specific version.

== Alternative ==
A much easier way to do a "tethered downgrade" (unsure if this still works):
* 1. Patch ASR on the Ramdisk (you can just create a custom IPSW and use that.)
* 2. Replace the Rootfs-DMG of the currently signed Firmware with the decrypted Rootfs-DMG of the older Firmware
* 3. After the Filesystem of the old Firmware is installed, use iRecovery and upload a pwned iBSS, iBEC and Kernel from the old Firmware
* 4. Send the device the "bootx"-Command using iRecovery.
* 5. Done! Remember your device will always need to boot tethered.

== Download ==
* [http://www.mediafire.com/?9olh9qd8v1q4xm7 Windows]

== External Links ==
* [https://github.com/ThePrivateDevTeam/Bluefreeze GitHub]
* [http://www.youtube.com/watch?v=UpZKxqLqK7A Guide]
* [http://bluefreeze.weebly.com/index.html Home Page]

[[Category:GUI Tools]]

User:Cykey

2012-03-21T20:48:26Z

Cykey: Created page with "I am a 13 years old iPhone Developer from Canada."

I am a 13 years old iPhone Developer from Canada.

Timeline

2012-03-21T20:44:19Z

Cykey: fixed minor typo

{{float toc}}
== 2012 ==
=== March ===
* March 7 -- Apple releases iOS 5.1 and announces new devices: [[iPad 3]], [[J33ap|Apple TV 3G]], [[K93aap|iPad2,4?]]
=== January ===
* January 20 -- [[Absinthe]] was released to jailbreak and untether the A5 devices running iOS 5.0 and 5.0.1.
* January 18 -- Apple announces [[iBooks.app|iBooks 2]].

== 2011 ==
=== December ===
* December 30 -- [[User:pod2g|pod2g]]'s untether for iOS 4.4.4 makes its way into a new version of [[Seas0nPass]] for [[k66ap|Apple TV 2G]] owners.
* December 27 -- [[User:pod2g|pod2g]]'s untether for iOS 5.0.1 is released in new versions of [[PwnageTool]] and [[redsn0w]], and as a Cydia package called [[Corona]] (by the [[Chronic Dev (team)|Chronic Dev Team]]) for devices already jailbroken on 5.0.1.
* December 15 -- Apple releases iOS 4.4.4 for the [[k66ap|Apple TV 2G]], as well as a minor update (5.0.1 build 9A406) for the [[n94ap|iPhone 4S]] to address SIM card issues.
* December 4 -- [[iFaith]] 1.4 is released, which can circumvent the APTicket [[nonce]] on devices vulnerable to [[limera1n]]'s exploit.

=== November ===
* November 9 -- iOS 5.0.1 is released in an attempt to fix battery-related issues.
=== October ===
* October 14 -- The [[n94ap|iPhone 4S]] is officially released, although some preorders were delivered early.
* October 12 -- [[iOS]] 5.0 is released.
* October 5 -- Steve Jobs passes away.
* October 4 -- Apple announces the new [[N94ap|iPhone 4S]].
=== September ===
* September 19 -- [[redsn0w]] 0.9.9 beta 1 is released, introducing a new UI and many features (like submitting SHSHs to the [[Cydia Server]].
* September 17 -- [[MyGreatFest]], first iCommunity and jailbreak centered convention was held.
=== July ===
*July 15 -- Apple releases iOS 4.2.9 and 4.3.4, patching all jailbreaking-related vulnerabilities (aside from those in the [[bootrom]]).
*July 6 -- [[User:Comex|comex]] releases [[Saffron]], the first public jailbreak for the [[iPad 2]].
*July 2 -- A beta version of the upcoming jailbreak from [[User:comex|comex]] for the [[iPad 2]], making use of a PDF exploit, was leaked. A hotfix by Apple is expected very soon.
=== June ===
*June 1 -- [[User:ih8sn0w|iH8sn0w]] releases [[iFaith]] to dump SHSH blobs from a device.
=== May ===
*May 6 -- [[PwnageTool]], [[redsn0w]], and [[sn0wbreeze]] are updated for iOS 4.3.3 support (and in the case of sn0wbreeze, iOS 4.2.8 support as well).
*May 3 -- Apple releases iOS 4.2.8 and 4.3.3 to address the location-tracking controversy. Once more, current untethering vulnerabilities remained unpatched.
=== April ===
*April 24 -- [[PwnageTool]], [[redsn0w]], and [[sn0wbreeze]] are updated for iOS 4.3.2 support (and in the case of sn0wbreeze, iOS 4.2.7 support as well).
*April 14 -- Apple releases iOS 4.2.7 and 4.3.2 to fix security issues and connection issues for [[K95ap|iPad 2 CDMA model]], but leaves untethering vulnerabilities unpatched.
*April 3 -- All major jailbreak tools ([[redsn0w]], [[PwnageTool]], [[sn0wbreeze]]) get updated to includes [[i0n1c]]'s untether code to jailbreak devices compatible with iOS 4.3.1 except the [[iPad 2]].
=== March ===
*March 25 -- Apple releases iOS 4.3.1, properly blocking [[User:comex|comex]]'s [[IOSurface Kernel Exploit|exploit]].
*March 13 -- [[User:Comex|comex]] shows a remotely jailbroken [[K95ap|iPad 2 CDMA]].
*March 11 -- Release of the [[iPad 2]] in the USA. The exploits for [[limera1n]] ([[User:Geohot|geohot]]), [[SHA-1 Image Segment Overflow|SHAtter]] ([[User:posixninja|p0sixninja]]), and [[comex]]'s [[kernel]] exploit were closed by Apple.
*March 9 -- Apple releases iOS 4.3, fixing the [[HFS Legacy Volume Name Stack Buffer Overflow]] vulnerability.
=== February ===
*February 15 -- New version of both [[PwnageTool]] and [[sn0wbreeze]] were released to support 4.2.1 and untethered using the [[feedface]] exploit.
*February 7 -- The [[Chronic Dev (team)|Chronic Dev Team]] release a version of [[greenpois0n (jailbreak)|greenpois0n]] to jailbreak the [[N92ap|iPhone 4 CDMA model]] using the [[HFS Legacy Volume Name Stack Buffer Overflow]].
*February 3 -- [[User:Jaywalker|Jaywalker]] of the [[Chronic Dev (team)|Chronic Dev Team]] posts [https://www.youtube.com/watch?v=T3NYPVT13xw a video] of custom boot using a soon to be released version of [[Greenpois0n (jailbreak)|greenpois0n]].
=== January ===
*January 12 -- Apple discontinues iOS support for [[N82ap|iPhone 3G]] and [[N72ap|iPod touch 2G]] since today's beta release of iOS 4.3. Also first time a beta iOS for [[K66ap|Apple TV 2G]] is released.
*January 11 -- Verizon announces [[N92ap|CDMA version of iPhone 4]].

== 2010 ==
=== November ===
*November 28 -- [[ultrasn0w]] 1.2 is released by the [[iPhone Dev Team]] to unlock [[N82ap|iPhone 3G]] and [[N88ap|iPhone 3GS]] on baseband 6.15.00
*November 22 -- Apple releases iOS 4.2.1 (respectively 4.2 for [[K66ap|Apple TV 2G]])
===October===
*October 31 -- The [[iPhone Dev Team|Dev Team]] releases [[redsn0w]] 0.9.6b2 which jailbreaks iOS 4.1, 4.2 and 3.2.2 on every device available at the time of release (except for iPT 2G MC). It also includes "DFU" button allowing to flash custom [[IPSW]] from Windows [http://blog.iphone-dev.org/post/1452044444/redsn0w-limera1n-fun (see blog post)].
*October 20 -- The [[iPhone Dev Team|Dev Team]] releases [[PwnageTool]] 4.1 which jailbreaks iOS 4.1 and 3.2.2 on every device available at the time of release. [http://blog.iphone-dev.org/post/1359246784/20102010-event (see blog post)]
*October 18 -- [[Chronic Dev (team)|Chronic Dev Team]] releases [[Greenpois0n (jailbreak)|greenpois0n]] RC4 which added support for iPod touch 2G (MC and MB) for an untethered jailbreak using [[User:comex|comex]]'s kernel exploit and the [[usb_control_msg(0xA1, 1) Exploit]].
*October 12 -- [[Chronic Dev (team)|Chronic Dev Team]] releases [[Greenpois0n (jailbreak)|greenpois0n]] after switching its exploit from [[SHA-1 Image Segment Overflow|SHAtter]] to [[limera1n]], in the hope that [[SHA-1 Image Segment Overflow|SHAtter]] remains for 5th generation devices. (The exploit [[limera1n]] uses was fixed in the [[iBoot (Bootloader)|iBoot]] revision found in iOS 4.2 beta 2, which means Apple knows about the vulnerability and the next [[bootrom]] revision may have it patched.)
*October 10 -- Following the first [[limera1n]] beta release, [[User:geohot|geohot]] released multiple versions, each fixing bugs affecting previous releases. [[Chronic Dev (team)|Chronic Dev Team]] officialy anounces that, in order to keep [[SHA-1 Image Segment Overflow|SHAtter]] undisclosed and possibly preserve it for 5th generation devices, [[Greenpois0n (jailbreak)|greenpois0n]] would be delayed in order to incorporate this new exploit [[limera1n]] uses.
*October 9 -- In order to push [[Chronic Dev (team)|Chronic Dev Team]] to change the exploit used on [[Greenpois0n (jailbreak)|greenpois0n]], [[User:geohot|geohot]] rushed out a beta version of [[limera1n]].
*October 8 -- [[User:Geohot|Geohot]] comes back to the scene with a new [[bootrom]] exploit believed to work on all devices, as shown on the resurrected [http://www.limera1n.com limera1n web site]. He prompts [[Chronic_Dev_(team)|Chronic Dev Team]] to use his exploit instead of [[SHA-1 Image Segment Overflow|SHAtter]], but, since [[Greenpois0n (jailbreak)|greenpois0n]] is already scheduled to October 10, it may be not possible. [[User:Geohot|Geohot]] ETA'd his [[limera1n]] release to October 11, if [[Greenpois0n (jailbreak)|greenpois0n]] can't be changed to use this new exploit. This decision, however, would burn 2 [[bootrom]] exploits: [[SHA-1 Image Segment Overflow|SHAtter]] itself and the one used by [[limera1n]], which is unpatchable by firmware updates.
*October 6 -- Chronic Dev Team issues expected ETA of [[Greenpois0n (jailbreak)|greenpois0n]] as October 10, featuring the new [[SHA-1 Image Segment Overflow|SHAtter]] exploit for devices with the [[S5L8930]].

===September===
*September 30 -- [[User:MuscleNerd|MuscleNerd]] of the [[iPhone Dev Team]] posts [http://www.youtube.com/watch?v=adVp-IxcDHI the first video] of an [[K66ap|Apple TV 2G]] jailbroken via [[SHA-1 Image Segment Overflow|SHAtter]].
*September 27 -- [[User:MuscleNerd|MuscleNerd]] of the [[iPhone Dev Team]] posts [http://www.youtube.com/watch?v=aoX1Q8ym2J8 the first video] of an [[N81ap|iPod touch 4G]] jailbroken via [[SHA-1 Image Segment Overflow|SHAtter]].
*September 20 -- [[User:pod2g|pod2g]] discloses details about the [[usb_control_msg(0xA1, 1) Exploit‎]] here at The iPhone Wiki. It was used in [[redsn0w]] the following day.
*September 9 -- The existence of [[SHA-1 Image Segment Overflow|SHAtter]] is revealed. Further details were not released, however.
*September 8 -- Apple releases the [[N81ap|iPod touch 4G]], and iOS 4.1, closing the [[AT+XAPP Vulnerability]].
*September 1 -- Apple event. They announced the new [[N81ap|iPod touch 4G]], [[K66ap|Apple TV 2G]], iOS 4.1, and [[iTunes]] 10.

===August===
*August 12 -- [[Saurik]] releases the first version of PDF Patcher, which installs Apple's patch for the FreeType vulnerability (used in conjunction with other exploits by [[Star]]). It works on firmwares as far back as 2.x, and renders iOS 3.2.2 and 4.0.2 useless for jailbreakers. Jailbreaking and installing this patch is currently the only way for users of first generation iPod touches and iPhones to protect themselves against malicious use of the exploit.
*August 11 -- Apple releases iOS 4.0.2 for [[iPhone]]/[[iPod touch]] and iOS 3.2.2 for [[K48ap|iPad]] as a hotfix for [[Star]]'s exploits. [[Ultrasn0w]]'s exploit remains, since there's no [[Baseband Firmware|baseband]] update on those versions.
*August 3 -- Just before midnight in [[User:planetbeing|planetbeing]]'s timezone [[ultrasn0w]] has been released by the [[iPhone Dev Team]] to [[unlock]] the [[N90ap|iPhone 4]].
*August 1 -- [[User:Comex|comex]] releases [[Star]], a [[jailbreak]] for all iDevices with iOS 3.1.2 through 4.0.1.

===July===
*July 30 -- [[N90ap|iPhone 4]] is released in major countries (second wave).
*July 26 -- Jailbreaking is now officially legal in the U.S.A.: [http://www.eff.org/press/archives/2010/07/26 EFF Wins New Legal Protections for Cell Phone Jailbreakers and Unlockers]
*July 15 -- Apple releases iOS 3.2.1 and 4.0.1.

===June===
*June 24 -- [[N90ap|iPhone 4]] is launched.
*June 22 -- [[iPhone Dev Team]] releases [[PwnageTool]] 4.0 and later 4.0.1 for all devices on 4.0 except those with newer bootroms (some [[N72ap|iPod touch 2G]] and [[N88ap|iPhone 3GS]] devices, and all [[N18ap|iPod touch 3G]] and newer devices).
*June 21 -- [[iPhone Dev Team]] releases [[redsn0w]] 0.9.5 to jailbreak 4.0 on [[N82ap|iPhone 3G]] and [[N72ap|iPhone touch 2G]] ([[Bootrom 240.4|old bootrom]]).
*June 21 -- [[iPhone Dev Team]] releases [[ultrasn0w]] 0.93, an unlock for baseband firmwares [[4.26.08]], [[5.11.07]], [[5.12.01]], and [[5.13.04]].
*June 21 -- Apple releases iOS 4.0
*June 19 -- [[User:Geohot|geohot]] holds a speech at the [[Nuit du hack 2010|Nuit du Hack]]

===May===
*May 3 -- Windows version of [[Spirit]] has been updated to not require Windows 98 compatibility mode to run and fixed a photo deletion issue.
*May 2 -- [[User:Comex|comex]] releases [[Spirit]], an [[untethered jailbreak]] for all iDevices with iOS 3.1.2 through 3.2.

===April===
*April 3 -- Apple releases the [[K48ap|iPad]].

===Feb===
*Feb 12 -- [[User:sherif hashim|sherif_hashim]] discovers [[AT+XAPP Vulnerability]] and passes it to [[User:MuscleNerd|MuscleNerd]], an elite member of the [[iPhone Dev Team]]
*Feb 2 -- Apple releases iOS 3.1.3, closing [[usb_control_msg(0x21, 2) Exploit|usb_control_msg(0x21, 2)]] vulnerability used by [[blackra1n]], [[redsn0w]], et. al.

==2009==
===November===
*November 3 -- [[User:Geohot|geohot]] releases [[blackra1n]] RC3, a software jailbreak for all devices. Includes a new unlock for baseband [[5.11.07]] called [[blacksn0w]] and is also noticeably faster than previous versions.

===October===
*October 11 -- [[User:Geohot|geohot]] releases [[blackra1n]] RC1, a 30 second software jailbreak for all devices, including a [[tethered jailbreak]] for the [[N18ap|iPod touch 3G]], and [[N88ap|iPhone 3GS]] and [[N72ap|iPod touch 2G]] units with newer bootrom revisions.

===September===
* September 24 -- [[User:iH8sn0w|iH8sn0w]] discovers the [[AT+XEMN Heap Overflow|AT+XEMN]] crash independently.
* September 9 -- The [[N18ap|iPod touch 3G]] with [[S5L8922]] processor is released. [[N72ap|iPod touch 2G]] units continue shipping, but with [[Bootrom 240.5.1|a new bootrom]]. [[N88ap|iPhone 3GS]] units also begin shipping with [[Bootrom 359.3.2|a new bootrom]]. These are no longer vulnerable to the [[0x24000 Segment Overflow]].
* Apple releases iOS 3.1/3.1.1 (7C144/7C145), closing the [[iBoot Environment Variable Overflow]] and [[AT+XLOG Vulnerability|AT+XLOG]] + [[AT+FNS]] Baseband Exploits.

===July===
* July 14 -- [[User:Geohot|geohot]] releases [[purplesn0w]], a software unlock for the [[X-Gold 608]] using [[AT+XLOG Vulnerability|the same exploit as ultrasn0w]], but handled differently. Minutes later, an explanation and source code was posted.
* July 7 -- The [[iPhone Dev Team]] updates [[redsn0w]] and [[ultrasn0w]] to version 0.8, now with [[N88ap|iPhone 3GS]] support. Saurik also updates [[WinterBoard]] to support the [[N88ap|iPhone 3GS]].
* July 3 -- [[User:Geohot|geohot]] releases [[purplera1n]], a software jailbreak for the [[N88ap|iPhone 3GS]].

===June===
* June 28 -- [[User:Geohot|geohot]] posts pictures on his blog of the first fully jailbroken [[N88ap|iPhone 3GS]].
* June 25 -- It's discovered that [[N88ap|iPhone 3GS]] is vulnerable to the [[0x24000 Segment Overflow]].
* June 24 -- The [[iPhone Dev Team]] releases [[ultrasn0w]], an [[unlock]] for [[X-Gold 608]] thanks to [[AT+XLOG Vulnerability|a new exploit]] discovered by [[User:Oranav|Oranav]].
* June 23 -- [[User:Geohot|geohot]] announces he's found a new exploit in [[iBoot (Bootloader)|iBoot]] he calls [[purplera1n]].
* June 19 -- Release of [[N88ap|iPhone 3GS]] to the public and the release of [[PwnageTool]] 3.0 and [[redsn0w]] for jailbreaking devices running iOS 3.0
* June 17 -- Apple releases iOS 3.0.
* June 8 -- Apple announces the [[N88ap|iPhone 3GS]].

===March===
* March 10 -- Information about the [[0x24000 Segment Overflow]] exploit used for the [[N72ap|iPod touch 2G]] [[untethered jailbreak]] is released thanks to the combined work of [[chronic]], [[CPICH]], [[User:Posixninja|posixninja]], [[User:Pod2g|pod2g]], [[ius]], [[planetbeing]], [[User:MuscleNerd|MuscleNerd]], and co. after being leaked and sold by [[NitroKey]]. To prevent users wasting their money on a stolen exploit, the Hybrid DevTeam decided to release it immediately.

===January===
* January 31 -- The [[iPhone Dev Team]] released [[redsn0w Lite]], a [[tethered jailbreak|tethered]] [[N72ap|iPod touch 2G]] [[jailbreak]]. It combines the [[ARM7 Go]] vulnerability with the well-established [[pwnage]] flow for other Apple mobile devices. It was bundled in a way that allowed usage on iOS 2.2.1 by uploading [[iBoot (Bootloader)|iBoot]] from iOS 2.1.1, which is vulnerable to [[ARM7 Go]], to the device while in [[DFU Mode]].
* January 29 -- Apple releases iOS 2.2.1, closing the [[AT+stkprof]] exploit.
* January 25 -- [[0wnboot]] is released to [http://code.google.com/p/chronicdev/ chronicdev google code page], thanks to [[AriX]], [[User:ChronicDev|chronic]], [[CPICH]], [[westbaer]], [[ius]], [[User:Pod2g|pod2g]], the rest of the iPod devel crew on IRC, and to the #iphone-hax lab rats. Within days, [[AriX]] and the [[Chronic Dev (team)|Chronic Dev Team]] got a ramdisk booting for a [[tethered jailbreak]].
* January 17 -- [[User:MuscleNerd|MuscleNerd]] of the [[iPhone Dev Team]] [https://twitter.com/MuscleNerd/status/1127346766 shows a video demo] of the first jailbroken [[N72ap|iPod touch 2G]].
* January 16 -- [[ARM7 Go]] vulnerability disclosed where else but here on The iPhone Wiki, for developers to poke and prod at.
* January 15 -- The [[iPhone Dev Team]] [https://twitter.com/iphone_dev/status/1120595069 tweets the VFDecrypt key] for iOS 2.2 on [[N72ap|iPod touch 2G]], demonstrating for the first time that unsigned code can now be run on that device.
* January 1 -- The [[iPhone Dev Team]] releases [[yellowsn0w]] 0.9 beta for baseband [[2.28.00]].

==2008==
===December===
* December 27 -- [[25C3 presentation "Hacking the iPhone"]]
* December 21 -- [[User:MuscleNerd|MuscleNerd]], of the [[iPhone Dev Team]] does a live demo of the 3G unlock, dubbed as [[yellowsn0w]]: http://qik.com/video/729275

===November===
* November 21 -- Apple releases iOS 2.2.

===September===
* September 9 -- Apple releases iOS 2.1. [[N72ap|iPod touch 2G]], which no longer had the [[Pwnage 2.0]] exploit, is revealed.

===August===
* August 18 -- Apple releases 2.0.2 fimware. [[iPhone Dev Team]] releases [http://wikee.iphwn.org/news:pwnage20announcement QuickPwn], a 2.x [[pwnage]]/ramdisk combination exploit that allows jailbreaking without needing to create custom IPSWs.
* August 4 -- Apple releases 2.0.1 fimware

===July===
* July 22 -- [[TA_Mobile]] hardware dumps the 3G baseband (bootloader 5.8 & FW 1.45.00) by desoldering the [[NOR]].
* July 19 -- [[iPhone Dev Team]] releases [[PwnageTool]] 2.0, jailbreaking and unlocking the 2.0 software on the [[M68ap|iPhone 2G]] and jailbreaking iOS 2.0 on the [[N82ap|iPhone 3G]] and [[N45ap|iPod touch]].
* July 15 -- Apple releases iOS 1.1.5, the last of the 1.x firmwares
* July 11 -- [[N82ap|iPhone 3G]] is released. Apple releases iOS 2.0 and MobileMe on the same date, resulting in server issues.

===June===
* June 9 - [[N82ap|iPhone 3G]] is announced at [[WWDC]] '08.

===April===
* April 3 -- [[iPhone Dev Team]] releases [[PwnageTool]] 1.0, making use of the [[pmdx exploit]] (to patch RSA checks out of the [[kernel]], to write unsigned to [[NOR]])

===March===
* March 12 -- [[iPhone Dev Team|Dev team]] releases dual-boot jailbreak method, only to be silently fixed in 2.0.
* March 4 -- [[User:N000b|George Zhu (n000b)]] releases [[iLiberty / iLiberty+]].

===February===
* February 28 -- [[Cydia Application|Cydia]] is released as an open-source alternative to [[Installer.app]], and prepares to take over the jailbreak application scene upon 2.0's release.
* February 26 -- Apple releases iOS 1.1.4.
* February 11 -- [[User:Zibri|Zibri]] leaks the [[Ramdisk Hack]] in [[ZiPhone]], the first all-in-one unlock, activate, jailbreak solution.
* February 8 -- [[User:Geohot|geohot]] releases software unlock for 4.6. Apple states 25% of phones were never activated with AT&T.

===January===
* January 28 -- [[iPhone Dev Team]] releases [[Soft Upgrade]] jailbreak for 1.1.3.
* January 24 -- [[Nate True]] releases a version of [[iBrickr]] that used the [[Soft Upgrade]] method to jailbreak 1.1.3 for [[M68ap|iPhones]].
* January 18 -- [[User:Geohot|Geohot]] and his friends [http://iphonejtag.blogspot.com/2008/01/112-otb-unlocked.html unlocked 1.1.2 OTB 4.6 by test point], the unbeatable version at that time.
* January 18 -- [[iPhone Dev Team]] posts YouTube video of a jailbroken 1.1.3, which was made possible by the dual boot jailbreak from [[bgm]].
* January 15 -- Apple releases iOS 1.1.3, closing the [[Mknod]] exploit. In addition, everything now runs as "mobile" instead of "root."

== 2007 ==
===November===
* November 15 -- [[Baseband Bootloader|Baseband bootloader]] 4.6 is found on new [[M68ap|iPhone]]s, which initially had no [[unlock]].
* November 12 -- Apple releases iOS 1.1.2, closing the [[LibTiff]] and [[Symlinks]] exploits.
* November 2 -- [[JailbreakMe|AppSnapp]] is released, bringing jailbreaking to the mainstream iPhone user.

===October===
* October 23 -- iPhone-Elite Team releases the [[Virginizer]].
* October 14 -- [[User:AriX|AriX]] releases iJailBreak, the first automated [[n45ap|iPod touch]] jailbreak for the Mac.
* October 12 -- [[User:planetbeing|planetbeing]] releases [[touchFree]], the first automated [[N45ap|iPod touch]] jailbreak.
* October 10 -- [[cmw]] (aka Niacin) and Dre release the LibTiff exploit to jailbreak the [[N45ap|iPod touch]], which is later adapted for use in [[JailbreakMe|AppSnapp]].

===September===
* September 27 -- Apple releases iOS 1.1.1.
* September 11 -- [[iPhone Dev Team]] releases [[iUnlock]], first free software unlock.
* September 10 -- [[IPSF]] releases first paid software unlock.
* September 9 -- Apple announces the [[N45ap|iPod touch]] at a media event.

===August===
* August 23 -- [[User:Geohot|geohot]] and team release [[hardware unlock]] method.
* August 21 -- [[Installer.app]] is released by Nullriver, first GUI apps are distributed.

===July===
* July 23 -- First phones are used with other carriers by means of [[SIM hacks]].
* July 20 -- nightwatch adapts a [[toolchain]] to the iPhone. The first apps are compiled.
* July 9 -- [[iPhone Dev Team]] releases a [[jailbreak]] method. The first use of this is ringtones.
* July 3 -- DVD Jon first cracks [[activation]]. People can use the apps on the phone without a subscription.

===June===
* June 29 -- [[M68ap|iPhone]] is released. World's most hyped consumer product.
* June 26 -- The [[iPhone Dev Team]] was formed.