https://www.theiphonewiki.com/w/api.php?action=feedcontributions&feedformat=atom&user=Filippo+BigaThe iPhone Wiki - User contributions [en]2026-05-01T15:20:41ZUser contributionsMediaWiki 1.31.14https://www.theiphonewiki.com/w/index.php?title=Limera1n&diff=10438Limera1n2010-10-11T18:17:19Z<p>Filippo Biga: </p>
<hr />
<div>[[Image:Ra1ndrop.png|right]]<br />
This is [[User:Geohot|geohot's]] latest [[jailbreak]] utility. It uses his undisclosed exploit, along with [[User:Comex|comex]]'s [[userland exploit]], to achieve an [[untethered jailbreak]] on newer devices.<br />
* [[N88ap|iPhone 3GS]]<br />
* [[N90ap|iPhone 4]]<br />
* [[N72ap|iPod touch 2G]] (support announced, not released)<br />
* [[N18ap|iPod touch 3G]]<br />
* [[N81ap|iPod touch 4G]]<br />
* [[K48ap|iPad]]<br />
* [[K66ap|AppleTV]] ([http://www.tuaw.com/2010/10/09/limera1n-jailbreak-released-greenpois0n-jailbreak-delayed/ However it's current usefulness is debatable])<br />
<br />
It has been demonstrated multiple times by [[User:Geohot|geohot]], using blog posts on his now private blog. [[User:Geohot|Geohot]] [http://1.bp.blogspot.com/_NJ4JFBfr1tY/TDgkAsTQEmI/AAAAAAAAAcw/ZNHDxMNNL4Y/s1600/iphone4.png showed off a high-res picture of Cydia on an iPhone 4]. He [http://www.youtube.com/watch?v=__TR86PLiHw displayed an iPod touch 3G with an untethered jailbreak] that met MuscleNerd's requirements for a good video. In addition, he took a [http://4.bp.blogspot.com/_NJ4JFBfr1tY/S7_OvGMqJMI/AAAAAAAAAcE/R5WLrCizGw0/s1600/ipad_jb.jpg picture of Cydia and blackra1n icons on his iPad's SpringBoard].<br />
<br />
limera1n was released to the public on October 9, 2010, delaying the release of [[greenpois0n]], because [[greenpois0n]] has to be rewritten to use the limera1n exploit instead of [[SHAtter]]. It only supports Windows at the moment, and there are some devices with issues.<br />
<br />
==Release text==<br />
<center>limera1n, 6 months in the making<br /><br />
iPhone 3GS, iPod Touch 3G, iPad, iPhone 4, iPod Touch 4G<br /><br />
4.0-4.1 and beyond+++<br /><br />
limera1n is unpatchable<br /><br />
untethered thanks to jailbreakme star '''comex'''<br /><br />
released today to get chronicdev to do the right thing<br /><br />
brought to you by '''geohot'''<br /><br />
hacktivates<br /><br />
Mac coming soon<br /><br />
follow the instructions in the box, sadly limera1n isn't one click<br /><br />
that's the price of unpatchability<br /><br />
as usual, donations appreciated but not required<br /><br />
still in beta, pardon my ragged edges<br /><br />
AppleTV is technically supported, but theres no apps yet<br /><br />
zero pictures of my face</center><br />
<br />
==Credit==<br />
*[[User:Geohot|geohot]] - the program itself, and [[bootrom exploit]].<br />
*[[User:Comex|comex]] - [[userland exploit]] that allows limera1n to run [[untethered jailbreak|untethered]].<br />
<br />
==Changelog==<br />
{| class="wikitable" style="border-collapse:collapse;" border="1"<br />
|-<br />
|<center>'''Version'''</center><br />
|<center>'''Release time'''</center><br />
|<center>'''MD5 Hash'''</center><br />
|<center>'''Change comment'''</center><br />
|-<br />
|beta 1<br />
|9 Oct 2010 XX:XX GMT<br />
|2f2b09a6ed5c5613d5361d8a9d0696b6<br />
|First release.<br />
|-<br />
|beta 2<br />
|9 Oct 2010 XX:XX GMT<br />
|a70dccb3dfc0e505687424184dc3d1ce<br />
|Fixed kernel patching magic. Rerun BETA2+ over BETA1.<br />
|-<br />
|beta 3<br />
|9 Oct 2010 XX:XX GMT<br />
|81730090f7de1576268ee8c2407c3d35<br />
|Fixed an issue with [[N88ap|iPhone 3GS]] ([[iBoot-359.3.2|new bootrom]])<br />
|-<br />
| beta 4<br />
|9 Oct 2010 XX:XX GMT<br />
|d901c4b3a544983f095b0d03eb94e4db<br />
|Uninstall fixed, respring fixed<br />
|-<br />
| RC1<br />
|11 Oct 2010 XX:XX GMT<br />
|0622d99ffe4c25f75c720a689853845f<br />
|out of beta! afc2, reliability improvements, no reboot for cydia, 2kb smaller<br />
|}<br />
<br />
==Technical Information==<br />
=== Basics ===<br />
* limera1n does not use [[SHAtter]].<br />
* limera1n uses a [[bootrom exploit]] to achieve the [[tethered jailbreak]] and [[unsigned code execution]].<br />
* limera1n uses a userland exploit to make the jailbreak [[Untethered jailbreak|untethered]], which was developed by [[User:Comex|comex]].<br />
<br />
=== Exploits ===<br />
Details of the [[bootrom exploit]] to follow.<br />
<br />
=== Process ===<br />
The jailbreak appears to execute something like the following (in no particular order):<br />
* In [[recovery1]],<br />
"setenv debug-uarts 1<br />
setenv auto-boot false<br />
saveenv"<br />
* In [[DFU]], it uploads a [[payload]].<br />
* In [[recovery2]], it uploads another [[payload]] and its [[ramdisk]].<br />
"setenv auto-boot true<br />
reset<br />
geohot done"<br />
<br />
=== Interesting Messages ===<br />
*<br />
"geohot black is the new purple"<br />
*<br />
"blackra1n start: %d current IRQ mask is %8.8X<br />
usb irq disabled...shhh<br />
fxns found @ %8.8X %8.8X<br />
found iBoot @ %8.8X<br />
i'm back from IRQland...<br />
3g detected, kicking nor<br />
nor kicked<br />
memcpy done<br />
iBoot restored!!!<br />
found command table @ %8.8X<br />
cmd_geohot added<br />
time to pray...%8.8X"<br />
*<br />
"2.2X send command(%d): %s<br />
send exploit!!!<br />
sent data to copy: %X<br />
sent shellcode: %X has real length %X<br />
never freed: %X<br />
sent fake data to timeout: %X<br />
sent exploit to heap overflow: %X<br />
sending file with length: 0x%X Mingw runtime failure:<br />
VirtualQuery failed for %d bytes at address %p Unknown pseudo relocation protocol version %d.<br />
Unknown pseudo relocation bit size %d."<br />
<br />
==Controversy==<br />
The release of this jailbreak is specifically designed to pressure [[Chronic Dev]] into not releasing the SHAtter exploit, instead implementing the limera1n exploit into [[greenpois0n]]. Now that [[User:Geohot|geohot]] has released limera1n, releasing [[SHAtter]] would uselessly disclose another [[bootrom exploit]] to Apple.<br />
<br />
[[User:Geohot|geohot]]'s rationale is that Apple has already discovered, through internal testing, the limera1n exploit, making it very likely that it will be fixed in the next bootrom. Because [[iBoot]] code is present both in the bootrom and firmware, and because firmware is refreshed much more often that bootrom code, any fix in this code branch would appear first in firmware. geohot observed his limera1n exploit was closed in firmware and concluded that it would almost certainly be fixed in the next bootrom revision, whereas SHAtter still has a chance of remaining useful in the 5th generation iPhone should it not be disclosed at this time.<br />
<br />
limera1n's [[Untethered jailbreak|untethered]] userland exploit was obtained by [[User:Geohot|geohot]] under questionable circumstances from [[User:Comex|comex]]. [[User:Comex|comex]] did in fact end up giving his approval for the exploit to be included in limera1n.<br />
<br />
==External Links==<br />
* [http://loadingchanges.com/wp-content/uploads/2010/10/limetime.jpg Picture of limera1n in action]<br />
* [http://limera1n.com/ limera1n.com Official limera1n site]<br />
* [http://theiphonewiki.com/limera1n Mirror Site http://theiphonewiki.com/limera1n]<br />
* [http://www.mediafire.com/?5sovoo41rbcdspw Limera1n RC Beta2 Dump on Mediafire]<br />
* [http://www.pastie.org/1210054 Veence's explanation for release]<br />
* [http://theiphonewiki.com/wiki/index.php?title=Limesn0w Limesn0w unlock?]</div>Filippo Bigahttps://www.theiphonewiki.com/w/index.php?title=User:Filippo_Biga&diff=8663User:Filippo Biga2010-08-23T18:48:39Z<p>Filippo Biga: New page: Probably no one.</p>
<hr />
<div>Probably no one.</div>Filippo Biga