https://www.theiphonewiki.com/w/api.php?action=feedcontributions&user=AknipGD&feedformat=atomThe iPhone Wiki - User contributions [en]2024-03-29T08:57:54ZUser contributionsMediaWiki 1.31.14https://www.theiphonewiki.com/w/index.php?title=IOS_5_HFS_Heap_Buffer_Overflow&diff=126059IOS 5 HFS Heap Buffer Overflow2023-05-29T23:50:29Z<p>AknipGD: </p>
<hr />
<div>{{lowercase}}<br />
An exploit is available in iOS 5's [[iBoot (Bootloader) | iBoot]] that abuses a heap buffer overflow bug. The exploit was discovered by [[User:posixninja | p0sixninja]].<br />
<br />
The exploit has been shown to be able to [https://twitter.com/Ralph0045/status/1298975307848994816 untethered verbose boot] the [[K48AP | original iPad]].<br />
<br />
Support for untethered downgrades on the [[N18AP | iPod touch (3rd generation)]] via this exploit was planned in [https://dora2ios.web.app/konayuki/index.html powdersn0w], however has not been implemented.<br />
<br />
The exploit should also be available in iOS 4 or earlier. It was patched in iOS 6.<br />
<br />
= See also =<br />
* [[De Rebus Antiquis]], another iBoot exploit with similar uses<br />
<br />
= External links =<br />
* [https://pastebin.com/9FuxXRtA Source code]<br />
* [https://nyansatan.github.io/exploiting-ios-5-iboot/ Guide to exploitation]<br />
* [https://github.com/JonathanSeals/Ancient-iBoot-Fun Jonathan Seals’ tools for exploitation]<br />
* [https://github.com/Ralph0045/iBoot-5-Stuff Ralph0045’s tools for exploitation]<br />
<br />
[[Category:iBoot]]<br />
[[Category:Exploits]]<br />
[[Category:iBoot Exploits]]<br />
[[Category:Downgrading]]<br />
{{stub|exploit}}</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=USB-C_Connector&diff=125753USB-C Connector2022-11-07T18:45:48Z<p>AknipGD: </p>
<hr />
<div>[[File:USB-C Connector.jpg|thumb|USB-C Connector]]<br />
The '''USB-C''' connector is used on [[iPad (10th generation)]] and newer, [[iPad Pro (11-inch)]] and newer, [[iPad Pro (12.9-inch) (3rd generation)]] and newer, and [[iPad Air (4th generation)]]. It was first used by Apple on MacBooks.<br />
<br />
{{stub}}</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=USB-C_Connector&diff=125752USB-C Connector2022-11-07T18:45:37Z<p>AknipGD: </p>
<hr />
<div>[[File:USB-C Connector.jpg|thumb|USB-C Connector]]<br />
The '''USB-C''' connector is used on [[iPad (10th Generation)]] and newer, [[iPad Pro (11-inch)]] and newer, [[iPad Pro (12.9-inch) (3rd generation)]] and newer, and [[iPad Air (4th generation)]]. It was first used by Apple on MacBooks.<br />
<br />
{{stub}}</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=USB-C_Connector&diff=125751USB-C Connector2022-11-07T18:45:06Z<p>AknipGD: </p>
<hr />
<div>[[File:USB-C Connector.jpg|thumb|USB-C Connector]]<br />
The '''USB-C''' connector is used on [iPad (10th Generation)]] and newer, [[iPad Pro (11-inch)]] and newer, [[iPad Pro (12.9-inch) (3rd generation)]] and newer, and [[iPad Air (4th generation)]]. It was first used by Apple on MacBooks.<br />
<br />
{{stub}}</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=Sn0wbreeze&diff=125750Sn0wbreeze2022-11-07T18:41:49Z<p>AknipGD: Further refined</p>
<hr />
<div>{{lowercase}}<br />
{{Infobox software<br />
| name = sn0wbreeze<br />
| title = sn0wbreeze<br />
| logo = [[File:sn0wbreeze_logo.png]]<br />
| screenshot = [[File:sn0wbreeze.png|300px]]<br />
| caption = sn0wbreeze 2.9<br />
| author = [[User:ih8sn0w|iH8sn0w]]<br />
| developer = iH8sn0w<br />
| released = 1.0b / {{Start date|2010|01|13|df=yes}}<br />1.0 / {{Start date|2010|01|16|df=yes}}<br />
| discontinued = <br />
| latest release version = 2.9.14<br />
| latest release date = {{Start date and age|2013|04|11|df=yes}}<br />
| latest preview version = 2.8b11<br />
| latest preview date = {{Start date and age|2011|11|10|df=yes}}<br />
| programming language = [[wikipedia:C Sharp (programming language)|C#]] <small>([[wikipedia:Visual Basic .NET|VB .NET]] through 2.8b4)</small><br />
| operating system = [[wikipedia:Microsoft Windows|Microsoft Windows]]<br />
| platform = <br />
| size = 23,361,564 bytes (22.2 MiB) [ZIP]<br />26,883,072 (25.6 MiB) [EXE]<br />
| language = [[wikipedia:English language|English]]<br />
| status = Abandoned<br />
| genre = Jailbreaking<br />
| license = [[wikipedia:GNU General Public License#Version 3|GNU GPL v3]]<br />
| website = [http://ih8sn0w.com/ ih8sn0w.com]<br />
}}<br />
<br />
'''sn0wbreeze''' is a tool used to create custom [[IPSW File Format|IPSW]]s to restore, similar to [[PwnageTool]]. Can be used to jailbreak and unlock when making the custom IPSW. This is a GUI of [[XPwn]] for Windows written in C# (previously Visual Basic) and is developed by [[User:ih8sn0w|iH8sn0w]]. It is released under GPL v3 license, and previous versions source are available on [https://github.com/iH8sn0w/sn0wbreeze GitHub], however this violates the GPL.<br />
<br />
Because versions of [[iTunes]] past iTunes 11.1 rehashes all of the restore [[firmware|firmwares]] used, restoring Sn0wbreeze CFW files on iTunes 11 and up is impossible.<br />
<br />
{{float toc|left}}<br />
<br />
{{clear}}<br />
<br />
== Versions ==<br />
[[sn0wbreeze]] was first released {{date|2010|01|13}} as a beta version. The following versions that are shown here are official, and sorted by compatibility with iOS revisions.<br />
<br />
=== 3.X ===<br />
{| class="wikitable"<br />
! Version<br />
! Release date<br />
! Changes<br />
|-<br />
! Public Beta<br />
| {{date|2010|01|13}}<br />
|<br />
* Initial release<br />
* Jailbreaks iOS 3.1.2<br />
* Only allows you to be able to select simple mode<br />
* Taken down due to copyright issues with [[XPwn]]<br />
|-<br />
! 1.0<br />
| {{date|2010|01|16}}<br />
|<br />
* Official release of sn0wbreeze<br />
|-<br />
! 1.1<br />
| {{date|2010|01|19}}<br />
|<br />
* Fixes [[Cydia Application|Cydia]] problems<br />
* Fixes problems with [[NOR]] on [[S5L8900]] devices<br />
* Fixes custom packages not being installed<br />
|-<br />
! 1.2<br />
| {{date|2010|01|21}}<br />
|<br />
* GUI fixes<br />
* Fixed even more [[Cydia Application|Cydia]] problems<br />
|-<br />
! 1.3<br />
| {{date|2010|01|23}}<br />
|<br />
* fixes bug where some [[Cydia Application|Cydia]] repositories could not be added and downloaded from<br />
|-<br />
! 1.4<br />
| {{date|2010|01|26}}<br />
|<br />
* Fixed vital bug where deb files may not be added to the right place<br />
* Add iPod touch<br />
* Fixes issues with iPhone 3GS<br />
|-<br />
! 1.5<br />
| {{date|2010|02|05}}<br />
|<br />
* Jailbreaks iOS 3.1.3<br />
* Removed verbose mode support<br />
|-<br />
! 1.5.1<br />
| {{date|2010|02|07}}<br />
|<br />
* Removed [[blacksn0w]] due to CommCenter issues<br />
* Supports iPod touch (2nd generation)<br />
* Fixes YouTube app issues<br />
|-<br />
! 1.5.2<br />
| {{date|2010|03|21}}<br />
|<br />
* Reintegrated [[blacksn0w]]<br />
|}<br />
<br />
=== 4.X ===<br />
{| class="wikitable"<br />
! Version<br />
! Release date<br />
! Changes<br />
|-<br />
! 1.6<br />
| {{date|2010|06|24}}<br />
|<br />
* Jailbreaks iOS 4.0 only.<br />
* Removed [[ultrasn0w]] integration. (Due to MuscleNerd's request citing version management issues. Install it through the "custom packages" feature instead.)<br />
* Removed "sn0wbreeze App" integration (discontinued)<br />
|-<br />
! 1.6.1<br />
| {{date|2010|06|24}}<br />
| <br />
* ?<br />
|-<br />
! 1.7<br />
| {{date|2010|07|06}}<br />
|<br />
* Added support for new bootroms in the form of a [[tethered jailbreak]] with [[iBooty]].<br />
|-<br />
! 1.8 Beta<br />
| {{date|2010|07|16}}<br />
|<br />
* Only for iOS 4.1 beta.<br />
* Doesn't support [[hacktivation]].<br />
|-<br />
! 2.0<br />
| rowspan="2" | {{date|2010|09|22}}<br />
|<br />
* Added support for "MC model" [[N72AP|iPod touch (2nd generation)]] ([[Tethered jailbreak|tethered]] using [[usb_control_msg(0xA1, 1) Exploit]])<br />
* Added Support for [[N18AP|iPod touch (3rd generation)]] and [[N88AP|iPhone 3GS]] ([[Bootrom 359.3.2|new bootrom]]) on iOS 3.1.2<br />
* GUI improvements<br />
* Backwards compatible with 3.1.X<br />
|-<br />
! 2.0.1<br />
|<br />
* Fix for Error 37<br />
|-<br />
! 2.0.2<br />
| {{date|2010|09|25}}<br />
|<br />
* Fixes for Error 37 and hacktivation.<br />
|-<br />
! 2.1<br />
| {{date|2010|11|13}}<br />
|<br />
* Jailbreaks iOS 3.2.2/4.1.<br />
* Implemented [[usb_control_msg(0xA1, 1) Exploit|steaks4uce]] and [[limera1n]] exploits.<br />
* Added support for all iOS devices (except [[M68AP|iPhone]] and [[N45AP|iPod touch]])<br />
|-<br />
! 2.2r1<br />
| rowspan="2" | {{date|2011|02|15}}<br />
|<br />
* Jailbreaks iOS 4.2.1.<br />
* A new "Baseband Preservation Mode", which allows upgrade without updating the baseband (as usual), but without jailbreaking ([http://twitter.com/iH8sn0w/status/19249886721478656 announced on Dec 27])<br />
|-<br />
! 2.2r2<br />
|<br />
* Includes a fix for iBooks.<br />
|-<br />
! 2.2r3<br />
| {{date|2011|02|18}}<br />
|<br />
* Fixes iBooks issues on devices still having issues.<br />
|-<br />
! 2.2.1<br />
| {{date|2011|02|20}}<br />
|<br />
* Fixes for the [[N92AP|iPhone 4 (iPhone3,3)]]<br />
* Definitely fixes iBooks.<br />
* Drag and drop [[IPSW File Format|IPSWs]].<br />
* Fixes issues with Windows Classic.<br />
|-<br />
! 2.3b1<br />
| {{date|2011|03|13}}<br />
|<br />
* "For people that want to play around with 4.3 or preserve their baseband. It's BETA for a reason."<br />
|-<br />
! 2.3b2<br />
| {{date|2011|03|17}}<br />
|<br />
* Adds Multitasking Gestures option in Settings App.<br />
* [[iBooty]] bug fixes (includes [[iBSS]] issues).<br />
* [[iBooty]] is even faster.<br />
* [[Mobile Substrate]] is now working.<br />
* Sleep bug in [[IPod touch|iPod touches]] is fixed.<br />
* Rare [[K48AP|iPad]] issues resolved.<br />
* Added [[iREB]] to top bar for future re-runs within [[sn0wbreeze]].<br />
* [[ultrasn0w]] is still broken.<br />
|-<br />
! 2.3b3<br />
| {{date|2011|03|18}}<br />
|<br />
* Fixed [[N81AP|iPod touch (4th generation)]] [[iBooty]] issues.<br />
|-<br />
! 2.3b4<br />
| rowspan="2" | {{date|2011|03|19}}<br />
|<br />
* [[ultrasn0w]] now works for basebands ([[01.59.00]] / [[04.26.08]] / [[05.11.07]] / [[05.12.01]] / [[05.13.04]] / [[06.15.00]])<br />
* Fixed minor GUI + [[iBooty]] bugs.<br />
|-<br />
|-<br />
! 2.4b1<br />
|<br />
* iOS 4.3.1 is now supported<br />
|-<br />
! 2.5<br />
| {{date|2011|04|03}}<br />
|<br />
* Jailbreaks all iOS 4.3.1 compatible device (except [[iPad 2]]).<br />
|-<br />
! 2.5.1<br />
| {{date|2011|04|06}}<br />
|<br />
* Cydia 1.1.1 is now pre-installed.<br />
* iPhone 3GS users can now flash the iPad 06.15.00 baseband.<br />
* Animate (Animated Boot Logos) by the Chronic Dev-Team is now supported.<br />
* Added afc2 Apple TV (2nd generation) is now fully supported.<br />
* Added Apple TV (2nd generation) DFU Instructions.<br />
* YouTube issues resolved on hacktivated devices.<br />
* iPhone 3GS old-bootrom issues fixed (Error 37).<br />
|-<br />
! 2.6<br />
| {{date|2011|04|19}}<br />
|<br />
* Jailbreaks all iOS 4.3.2/4.2.7 compatible devices (except [[iPad 2]]).<br />
* Updated to support i0n1c's 4.3.2/4.2.7 untether.<br />
* Multitasking Gestures enabled as usual.<br />
|-<br />
! 2.7<br />
| {{date|2011|05|06}}<br />
|<br />
* Jailbreaks all iOS 4.3.3/4.2.8 compatible devices (except [[iPad 2]]).<br />
* Updated to support i0n1c's 4.3.3/4.2.8 untether.<br />
|-<br />
! 2.7.1<br />
| {{date|2011|05|08}}<br />
|<br />
* Jailbreaks all iOS 4.3.3/4.2.8 compatible devices (except [[iPad 2]]).<br />
* Updated i0n1c's untethering exploit to resolve issues with iPhones and the mute switch.<br />
* A rerelease of 2.7.1 shrunk the file size significantly.<br />
|-<br />
! 2.7.2<br />
| {{date|2011|05|11}}<br />
|<br />
* This version adds support for iOS 4.3 Build 8F305 on the Apple TV (2nd generation).<br />
|-<br />
! 2.7.3<br />
| {{date|2011|05|13}}<br />
|<br />
* Fixed Pacman<br />
|}<br />
<br />
=== 5.X ===<br />
{| class="wikitable"<br />
! Version<br />
! Release date<br />
! Changes<br />
|-<br />
! 2.8b1<br />
| {{date|2011|06|12}}<br />
|<br />
* Jailbreaks iOS 5 beta (for developers)<br />
|-<br />
! 2.8b2<br />
| {{date|2011|06|18}} (?)<br />
|<br />
* The jailbreak for iOS 5.0b on the [[N88AP|iPhone 3GS]] ([[Bootrom 359.3|old bootrom]]) is now [[untethered jailbreak|untethered]].<br />
|-<br />
! 2.8b3.5<br />
| {{date|2011|06|26}}<br />
|<br />
* Now jailbreaks iOS 5 (beta 2)<br />
* Intended for developers ONLY!<br />
* Does not Hacktivate or add afc2 in this release to prevent piracy.<br />
* iPhone 3GS old bootrom users have an untethered boot.<br />
* Now only 15MB :)<br />
* [http://pastie.org/2123276 release notes]<br />
|-<br />
! 2.8b4<br />
| {{date|2011|07|11}}<br />
|<br />
* Intended only for developers (as usual).<br />
* Hacktivation is disabled (again).<br />
* MAKE SURE YOU UPDATE TO iTunes 10.5 BETA 3!<br />
* [http://pastie.org/2199509 release notes]<br />
|-<br />
! 2.8b5<br />
| {{date|2011|08|17}}<br />
| <br />
* Now supports iOS 5 beta 5 (9A5228d).<br />
* Added Hacktivation ability.<br />
* Added option to remove [[UDID]] developer check + beta timer.<br />
* Finally decided to fix Baseband preservation standalone mode.<br />
* Tethered devices are booted via iBooty.<br />
* Re-added afc2.<br />
* [http://pastie.org/2389351 release notes]<br />
|-<br />
! 2.8b6<br />
| {{date|2011|08|20}}<br />
| <br />
* Now supports iOS 5 beta 6.<br />
* Still removes [[UDID]] developer check + beta timer<br />
* Still has the ability to hacktivate.<br />
* Still preserves the baseband (as always).<br />
* [http://pastie.org/2405111 release notes]<br />
|-<br />
! 2.8b7<br />
| {{date|2011|09|01}}<br />
| <br />
* Now jailbreaks iOS 5 beta 7.<br />
* Still removes [[UDID]] Developer check + Beta timer.<br />
* Still has the ability to hacktivate.<br />
* Still preserves the [[baseband]] (as always!).<br />
* [http://pastie.org/2469158 release notes]<br />
|-<br />
! 2.8b8<br />
| {{date|2011|10|04}}<br />
| <br />
* INSTANT IPSW detection (seriously!).<br />
* Now jailbreaks iOS 5 Gold Master (9A334).<br />
* Now jailbreaks iOS 5 (9A334).<br />
* UDID Developer check removal is no longer needed.<br />
* Still has the ability to hacktivate. <br />
* Still preserves the baseband (as always!). <br />
* [http://pastie.org/2641544 release notes]<br />
|-<br />
! 2.8b9<br />
| {{date|2011|11|03}}<br />
| <br />
* Supports iOS 5.0 (9A334)/5.0.1-b1 (9A402)<br />
* Fixed iBooks sandbox crashing issues.<br />
* Fixed location services issues with iPhone 3GS users running the iPad baseband.<br />
* Re-added iPad baseband install option to iPhone 3GS. <br />
* Removes UDID requirement/Beta timer in 5.0.1.<br />
* Tethered devices are booted via iBooty which is extracted to the Desktop after running sn0wbreeze.<br />
* If on an [[N88AP|iPhone 3GS]], always reflash the [[K66AP|iPad]] baseband when running [[iOS]] 5.0+<br />
* [http://pastie.org/2807967 release notes]<br />
|-<br />
! 2.8b10<br />
| {{date|2011|11|05}}<br />
| <br />
* Supports iOS 5.0 (9A334)/5.0.1-b2 (9A404)<br />
* Fixed iBooks sandbox crashing issues (as of 2.8b9).<br />
* Fixed location services issues with iPhone 3GS users running the iPad baseband (as of 2.8b9).<br />
* Re-added iPad baseband install option to iPhone 3GS.<br />
* Removes UDID requirement/Beta timer in 5.0.1.<br />
* Tethered devices are booted via iBooty which is extracted to the Desktop after running sn0wbreeze.<br />
* [http://pastie.org/2812951 release notes]<br />
|-<br />
! 2.8b11<br />
| {{date|2011|11|10}}<br />
| <br />
* Supports iOS 5.0 (9A334)/5.0.1 (9A405)<br />
* Fixed iBooks sandbox crashing issues (as of 2.8b9).<br />
* Fixed location services issues with iPhone 3GS users running the iPad baseband (as of 2.8b9).<br />
* Re-added iPad baseband install option to iPhone 3GS.<br />
* Tethered devices are booted via iBooty which is extracted to the Desktop after running sn0wbreeze.<br />
* iPhone 3GS iPad baseband (06.15.00) users: Re-flash the iPad baseband via sn0wbreeze if you restore(d) to a stock 5.0 firmware.<br />
* [http://pastie.org/2844818 release notes]<br />
|-<br />
! 2.9<br />
| {{date|2012|01|16}}<br />
| <br />
* Happy birthday sn0wbreeze!<br />
* Brought back old firmware support in one release!<br />
* GUI Improvements<br />
* You can now build IPSWs with TinyUmbrella/iFaith blobs!<br />
* Removes OTA Updates/badge on iOS 5.x.x+ devices.<br />
* Added an IPSW Downloader<br />
* Built-in iREB functionality updated from newest iREB r5 module.<br />
* Custom Packages in Expert actually works now. :P<br />
* All supported firmwares in this release are untethered.<br />
* A5 devices are NOT supported at this time due to no public DFU/iBoot exploit.<br />
* Supports iOS 3.1.3<br />
* Supports iOS 3.2.x<br />
* Supports iOS 4.0.x<br />
* Supports iOS 4.1<br />
* Supports iOS 4.2.1 - 4.2.8<br />
* Supports iOS 4.3 - 4.3.3<br />
* Supports iOS 5.0.1<br />
* A rerelease fixed the [[IPSW File Format|IPSW]] download [https://twitter.com/#!/iH8sn0w/status/159133836695977987 bug]<br />
* [http://blog.ih8sn0w.com/2012/01/happy-birthday-sn0wbreeze.html release notes]<br />
|-<br />
! 2.9.1<br />
| {{date|2012|01|19}}<br />
| <br />
* iPhone 3G never flashed the iPad baseband when chosen.<br />
* Fixed PRAM issues.<br />
|-<br />
! 2.9.2<br />
| {{date|2012|03|09}}<br />
| <br />
* Added [[tethered jailbreak]] support for iOS 5.1 on [[limera1n Exploit|limera1n]]-vulnerable devices.<br />
* Bug fixes (specifically with baseband [[06.15.00]] and iPhone).<br />
* Re-added [[BootNeuter]].<br />
* [http://blog.ih8sn0w.com/2012/03/sn0wbreeze-v292.html release notes]<br />
|-<br />
! 2.9.3<br />
| {{date|2012|03|12}}<br />
| <br />
* Added Apple TV (2nd generation) support for iOS 4.4.3/4.4.4.<br />
* Fixed rare issues with iOS 5.0.1 where it would halt on the Apple logo upon boot.<br />
* [http://blog.ih8sn0w.com/2012/03/sn0wbreeze-v293.html release notes]<br />
|-<br />
! 2.9.4<br />
| {{date|2012|05|25}}<br />
| <br />
* Added the 5.1.1/9B206 [[Untethered jailbreak|untether]] that was released with today's [[absinthe]] update. <br />
* Added 5.0/9B206f ([[K66AP|Apple TV (2nd generation)]]) support.<br />
* Minor UI changes (thanks @[https://twitter.com/icj_ icj_]!).<br />
* Bug Fixes.<br />
* [http://blog.ih8sn0w.com/2012/05/sn0wbreeze-v294.html release notes]<br />
|-<br />
! 2.9.5<br />
| {{date|2012|03|27}}<br />
| <br />
* Added 5.1.1/9B208 untether payload for the [[N90BAP|iPhone 4 (iPhone3,1)]].<br />
* Added iPhone 3GS (iPad Baseband users) location services fix.<br />
* [http://blog.ih8sn0w.com/2012/05/sn0wbreeze-v295.html release notes]<br />
|-<br />
! 2.9.6<br />
| {{date|2012|06|06}}<br />
| <br />
* Added 5.0.2/9B830 [[K66AP|Apple TV (2nd generation)]] [[Untethered jailbreak|untether]] payload. (Thanks @planetbeing & @nitoTV)<br />
* Apple TV (2nd generation) users can now resize their root partition.<br />
* [http://blog.ih8sn0w.com/2012/06/sn0wbreeze-v296.html release notes]<br />
|}<br />
<br />
=== 6.X ===<br />
{| class="wikitable"<br />
! Version<br />
! Release date<br />
! Changes<br />
|-<br />
|-<br />
! 2.9.7<br />
| {{date|2012|01|12}}<br />
| <br />
* The 6.0/6.0.1 is currently a tethered based jailbreak via iBooty except for iPhone 3GS old bootrom users.<br />
* SAM is built-in for iOS 6 hacktivations. Hacktivated phones can reboot to a semi-tethered state after being activated rather than just hang at the Apple Logo.<br />
* Added 6.0 (10A403)/6.0.1 (10A523) support. Only includes iPhone 3GS & A4 devices.<br />
* [http://blog.ih8sn0w.com/2012/11/sn0wbreeze-v297.html release notes]<br />
|-<br />
! 2.9.8<br />
| {{date|2013|02|04}}<br />
| <br />
* Added 5.2/6.0.x/6.1 untethers provided by [[evad3rs]]<br />
* Added iOS 6.1 support for iPhone 3GS, and A4 devices.<br />
* Fixed Hacktivation issues on 6.0.x.<br />
* Fixed some iFaith mode bugs.<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html release notes]<br />
|-<br />
! 2.9.9<br />
| {{date|2013|02|10}}<br />
| <br />
* Fixed issue with device not showing up in iTunes/xcode.<br />
* Fixed bug when building iPhone 4 (iPhone3,2) IPSW.<br />
* Apple TV (2nd generation) bug fixes.<br />
* Now adds evasi0n untether directly to Cydia (for future updates).<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|-<br />
! 2.9.10<br />
| {{date|2013|02|22}}<br />
| <br />
* Added iOS 6.1.2 support for 3GS/A4 devices.<br />
* Added Apple TV (2nd generation) iOS 5.2 sandbox fix.<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|-<br />
! 2.9.11<br />
| {{date|2013|02|24}}<br />
| <br />
* Fixed bug with Cydia having “compatibility-issues” with the untether package on 6.1.2.<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|-<br />
! 2.9.12<br />
| {{date|2013|03|10}}<br />
| <br />
* Finally fully fixed iPhone3,2 limera1n payload injection issues.<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|-<br />
! 2.9.13<br />
| {{date|2013|03|11}}<br />
| <br />
* Ugh. More rootfs bug fixes.<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|-<br />
! 2.9.14<br />
| {{date|2013|04|11}}<br />
| <br />
* After Cydia's mishap with aptickets from 6.0 --> 6.1.2 (causing soft-dfu loops), sn0wbreeze now includes an apticket validation. It will verify the apticket after browsing for iOS5+ blobs in iFaith mode.<br />
* Added tethered support for A4 devices on iOS 6.1.3 (3GS old bootroms are untethered as usual).<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|}<br />
<br />
== Resources ==<br />
*[https://github.com/iH8sn0w/sn0wbreezedl/archive/master.zip Download sn0wbreeze]<br />
<br />
[[Category:Hacking Software]]<br />
[[Category:GUI Tools]]<br />
[[Category:Jailbreaks]]<br />
[[Category:Jailbreaking]]<br />
[[Category:Downgrading]]</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=User:AknipGD&diff=125562User:AknipGD2022-10-20T14:36:12Z<p>AknipGD: </p>
<hr />
<div>(totally not stolen)<br />
<br />
==Devices==<br />
{| class="wikitable"<br />
|-<br />
! Device<br />
! Variant<br />
! Colour<br />
! Storage<br />
! Jailbroken?<br />
! Purpose<br />
|-<br />
<br />
| [[iPad (7th generation)]]<br />
| [[J171AP|iPad7,11]]<br />
| Silver<br />
| 32GB<br />
| {{yes}}<br />
| Main<br />
|-<br />
| [[iPhone SE (1st generation)]]<br />
| [[N69AP|iPhone8,4]]<br />
| Space Grey<br />
| 64GB<br />
| {{yes}}<br />
| Main<br />
|-<br />
| [[M68AP|iPhone 4S]]<br />
| [[M68AP|iPhone4,1]]<br />
| Black<br />
| 8GB<br />
| {{yes}}<br />
| Old GD stuffs<br />
|-<br />
<br />
| [[iPhone 7]]<br />
| [[D101AP|iPhone9,3]]<br />
| Matte Black<br />
| 32GB<br />
| {{yes}}<br />
| IPA trollery (TrollStore'd)<br />
|}</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=User:AknipGD&diff=125561User:AknipGD2022-10-20T14:35:20Z<p>AknipGD: </p>
<hr />
<div>(totally not stolen)<br />
<br />
==Devices==<br />
{| class="wikitable"<br />
|-<br />
! Device<br />
! Variant<br />
! Colour<br />
! Storage<br />
! Jailbroken?<br />
! Purpose<br />
|-<br />
<br />
| [[iPad (7th generation)]]<br />
| [[J171AP|iPad7,11]]<br />
| Silver<br />
| 32GB<br />
| {{yes}}<br />
| Main<br />
|-<br />
| [[iPhone SE (1st generation)]]<br />
| [[N69AP|iPhone8,4]]<br />
| Space Grey<br />
| 64GB<br />
| {{yes}}<br />
| Main<br />
|-<br />
| [[M68AP|iPhone 4S]]<br />
| [[M68AP|iPhone4,1]]<br />
| Black<br />
| 8GB<br />
| {{yes}}<br />
| Old GD stuffs<br />
|-<br />
<br />
| [[iPhone 7]]<br />
| [[D101AP|iPhone8,4]]<br />
| Matte Black<br />
| 32GB<br />
| {{Yes (TrollStore'd)}}<br />
| IPA trollery<br />
|}</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=User:AknipGD&diff=124153User:AknipGD2022-08-14T07:51:43Z<p>AknipGD: this was hell</p>
<hr />
<div>(totally not stolen)<br />
<br />
==Devices==<br />
{| class="wikitable"<br />
|-<br />
! Device<br />
! Variant<br />
! Colour<br />
! Storage<br />
! Jailbroken?<br />
! Purpose<br />
|-<br />
<br />
| [[iPad (7th generation)]]<br />
| [[J171AP|iPad7,11]]<br />
| Silver<br />
| 32GB<br />
| {{yes}}<br />
| Main<br />
|-<br />
| [[iPhone SE (1st generation)]]<br />
| [[N69AP|iPhone8,4]]<br />
| Space Grey<br />
| 64GB<br />
| {{yes}}<br />
| Main<br />
|-<br />
| [[M68AP|iPhone 4S]]<br />
| [[M68AP|iPhone4,1]]<br />
| Black<br />
| 8GB<br />
| {{yes}}<br />
| Old GD stuffs<br />
|-<br />
<br />
| [[iPhone 7]]<br />
| [[D101AP|iPhone8,4]]<br />
| Matte Black<br />
| 32GB<br />
| {{no}}<br />
| Vanilla iOS stuffs/waiting for Cheyote<br />
|}</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=User:AknipGD&diff=124152User:AknipGD2022-08-14T07:50:51Z<p>AknipGD: </p>
<hr />
<div>(totally not stolen)<br />
<br />
==Devices==<br />
{| class="wikitable"<br />
|-<br />
! Device<br />
! Variant<br />
! Colour<br />
! Storage<br />
! Jailbroken?<br />
! Purpose<br />
|-<br />
<br />
| [[iPad (7th generation)]]<br />
| [[J171AP|iPad7,11]]<br />
| rowspan="2" | Silver<br />
| 32GB<br />
| {{yes}}<br />
| Main<br />
|-<br />
| [[iPhone SE (1st generation)]]<br />
| [[N69AP|iPhone8,4]]<br />
| 64GB<br />
| {{yes}}<br />
| Main<br />
|-<br />
| [[M68AP|iPhone 4S]]<br />
| [[M68AP|iPhone4,1]]<br />
| Black<br />
| 8GB<br />
| {{yes}}<br />
| Old GD stuffs<br />
|-<br />
<br />
| [[iPhone 7]]<br />
| [[D101AP|iPhone8,4]]<br />
| Matte Black<br />
| 32GB<br />
| {{no}}<br />
| Vanilla iOS stuffs/waiting for Cheyote<br />
|}</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=User:AknipGD&diff=124151User:AknipGD2022-08-14T07:50:07Z<p>AknipGD: </p>
<hr />
<div>(totally not stolen)<br />
<br />
==Devices==<br />
{| class="wikitable"<br />
|-<br />
! Device<br />
! Variant<br />
! Colour<br />
! Storage<br />
! Jailbroken?<br />
! Purpose<br />
|-<br />
<br />
| [[iPad (7th Generation)]]<br />
| [[J171AP|iPad7,11]]<br />
| rowspan="2" | Silver<br />
| 32GB<br />
| {{yes}}<br />
| Main<br />
|-<br />
| [[iPhone SE (1st generation)]]<br />
| [[N69AP|iPhone8,4]]<br />
| 64GB<br />
| {{yes}}<br />
| Main<br />
|-<br />
| [[M68AP|iPhone 4S]]<br />
| [[M68AP|iPhone4,1]]<br />
| Black<br />
| 8GB<br />
| {{yes}}<br />
| Old GD stuffs<br />
|-<br />
<br />
| [[iPhone 7]]<br />
| [[D101AP|iPhone8,4]]<br />
| Matte Black<br />
| 32GB<br />
| {{no}}<br />
| Vanilla iOS stuffs/waiting for Cheyote<br />
|}</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=User:AknipGD&diff=124150User:AknipGD2022-08-14T07:49:46Z<p>AknipGD: </p>
<hr />
<div>(totally not stolen)<br />
<br />
==Devices==<br />
{| class="wikitable"<br />
|-<br />
! Device<br />
! Variant<br />
! Colour<br />
! Storage<br />
! Jailbroken?<br />
! Purpose<br />
|-<br />
<br />
| [[iPad (7th Generation)]]<br />
| [[J171AP|iPad7,11]]<br />
| rowspan="2" | Silver<br />
| 32GB<br />
| {{yes}}<br />
| Main<br />
|-<br />
| [[iPhone SE (1st generation)]]<br />
| [[N69AP|iPhone8,4]]<br />
| 64GB<br />
| {{yes}}<br />
| Main<br />
|-<br />
| [[M68AP|iPhone 4S]]<br />
| [[M68AP|iPhone4,1]]<br />
| Black<br />
| 8GB<br />
| rowspan="4" {{yes}}<br />
| Old GD stuffs<br />
|-<br />
<br />
| [[iPhone 7]]<br />
| [[D101AP|iPhone8,4]]<br />
| Matte Black<br />
| 32GB<br />
| Vanilla iOS stuffs/waiting for Cheyote<br />
|}</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=User:AknipGD&diff=124149User:AknipGD2022-08-14T07:49:35Z<p>AknipGD: </p>
<hr />
<div>(totally not stolen)<br />
<br />
==Devices==<br />
{| class="wikitable"<br />
|-<br />
! Device<br />
! Variant<br />
! Colour<br />
! Storage<br />
! Jailbroken?<br />
! Purpose<br />
|-<br />
<br />
| [[iPad (7th Generation)]]<br />
| [[J171AP|iPad7,11]]<br />
| rowspan="2" | Silver<br />
| 32GB<br />
| {{yes}}<br />
| Main<br />
|-<br />
| [[iPhone SE (1st generation)]]<br />
| [[N69AP|iPhone8,4]]<br />
| 64GB<br />
| {{yes}}<br />
| Main<br />
|-<br />
| [[M68AP|iPhone 4S]]<br />
| [[M68AP|iPhone4,1]]<br />
| Black<br />
| 8GB<br />
| rowspan="4" {{yes}}<br />
| Old GD stuffs<br />
|-<br />
<br />
| [[iPhone 7]]<br />
| [[D101AP|iPhone8,4]]<br />
| Matte Black<br />
| 32GB<br />
| {{no}}<br />
| Vanilla iOS stuffs/waiting for Cheyote<br />
|}</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=User:AknipGD&diff=124148User:AknipGD2022-08-14T07:48:28Z<p>AknipGD: </p>
<hr />
<div>(totally not stolen)<br />
<br />
==Devices==<br />
{| class="wikitable"<br />
|-<br />
! Device<br />
! Variant<br />
! Colour<br />
! Storage<br />
! Jailbroken?<br />
! Purpose<br />
|-<br />
<br />
| [[iPad (7th Generation)]]<br />
| [[J171AP|iPad7,11]]<br />
| rowspan="2" | Silver<br />
| 32GB<br />
| {{yes}}<br />
| Main<br />
|-<br />
| [[iPhone SE (1st generation)]]<br />
| [[N69AP|iPhone8,4]]<br />
| 64GB<br />
| {{yes}}<br />
| Main<br />
|-<br />
| [[M68AP|iPhone 4S]]<br />
| [[M68AP|iPhone4,1]]<br />
| Black<br />
| 8GB<br />
| rowspan="4" {{yes}}<br />
| Old GD stuffs<br />
|-<br />
<br />
| [[iPhone 7]]<br />
| [[D101AP|iPhone8,4]]<br />
| 32GB<br />
| {{no}}<br />
| <br />
|}</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=User:AknipGD&diff=124147User:AknipGD2022-08-14T07:48:13Z<p>AknipGD: </p>
<hr />
<div>(totally not stolen)<br />
<br />
==Devices==<br />
{| class="wikitable"<br />
|-<br />
! Device<br />
! Variant<br />
! Colour<br />
! Storage<br />
! Jailbroken?<br />
! Purpose<br />
|-<br />
<br />
| [[iPad (7th Generation)]]<br />
| [[J171AP|iPad7,11]]<br />
| rowspan="2" | Silver<br />
| 32GB<br />
| {{yes}}<br />
| Main<br />
|-<br />
| [[iPhone SE (1st generation)]]<br />
| [[N69AP|iPhone8,4]]<br />
| 64GB<br />
| {{yes}}<br />
| Main<br />
|-<br />
| [[M68AP|iPhone 4S]]<br />
| [[M68AP|iPhone4,1]]<br />
| Black<br />
| 8GB<br />
| rowspan="4" {{yes}}<br />
| Old GD stuffs<br />
|-<br />
<br />
| [[iPhone 7]]<br />
| [[D101AP|iPhone8,4]]<br />
| Gold<br />
| {{no}}<br />
| 32GB<br />
|}</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=User:AknipGD&diff=124146User:AknipGD2022-08-14T07:47:43Z<p>AknipGD: </p>
<hr />
<div>(totally not stolen)<br />
<br />
==Devices==<br />
{| class="wikitable"<br />
|-<br />
! Device<br />
! Variant<br />
! Colour<br />
! Storage<br />
! Jailbroken?<br />
! Purpose<br />
|-<br />
<br />
| [[iPad (7th Generation)]]<br />
| [[J171AP|iPad7,11]]<br />
| rowspan="2" | Silver<br />
| 32GB<br />
| {{yes}}<br />
| Main<br />
|-<br />
| [[iPhone SE (1st generation)]]<br />
| [[N69AP|iPhone8,4]]<br />
| 64GB<br />
| {{yes}}<br />
| Main<br />
|-<br />
| [[M68AP|iPhone 4S]]<br />
| [[M68AP|iPhone4,1]]<br />
| Black<br />
| 8GB<br />
| rowspan="4" {{yes}}<br />
| Old GD stuffs<br />
|-<br />
<br />
| [[iPhone 7]]<br />
| [[D101AP|iPhone8,4]]<br />
| Gold<br />
| 32GB<br />
| {{no}}<br />
|}</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=User:AknipGD&diff=124145User:AknipGD2022-08-14T07:47:20Z<p>AknipGD: </p>
<hr />
<div>(totally not stolen)<br />
<br />
==Devices==<br />
{| class="wikitable"<br />
|-<br />
! Device<br />
! Variant<br />
! Colour<br />
! Storage<br />
! Jailbroken?<br />
! Purpose<br />
|-<br />
<br />
| [[iPad (7th Generation)]]<br />
| [[J171AP|iPad7,11]]<br />
| rowspan="2" | Silver<br />
| 32GB<br />
| {{yes}}<br />
| Main<br />
|-<br />
| [[iPhone SE (1st generation)]]<br />
| [[N69AP|iPhone8,4]]<br />
| 64GB<br />
| {{yes}}<br />
| Main<br />
|-<br />
| [[M68AP|iPhone 4S]]<br />
| [[M68AP|iPhone4,1]]<br />
| Black<br />
| 8GB<br />
| rowspan="4" {{yes}}<br />
| Old GD stuffs<br />
|-<br />
<br />
| [[iPhone 7]]<br />
| [[D101AP|iPhone8,4]]<br />
| Gold<br />
| {{no}} | 32GB<br />
|}</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=User:AknipGD&diff=124144User:AknipGD2022-08-14T07:46:57Z<p>AknipGD: h</p>
<hr />
<div>(totally not stolen)<br />
<br />
==Devices==<br />
{| class="wikitable"<br />
|-<br />
! Device<br />
! Variant<br />
! Colour<br />
! Storage<br />
! Jailbroken?<br />
! Purpose<br />
|-<br />
<br />
| [[iPad (7th Generation)]]<br />
| [[J171AP|iPad7,11]]<br />
| rowspan="2" | Silver<br />
| 32GB<br />
| {{yes}}<br />
| Main<br />
|-<br />
| [[iPhone SE (1st generation)]]<br />
| [[N69AP|iPhone8,4]]<br />
| 64GB<br />
| {{yes}}<br />
| Main<br />
|-<br />
| [[M68AP|iPhone 4S]]<br />
| [[M68AP|iPhone4,1]]<br />
| Black<br />
| 8GB<br />
| rowspan="4" {{yes}}<br />
| Old GD stuffs<br />
|-<br />
<br />
| [[iPhone 7]]<br />
| [[D101AP|iPhone8,4]]<br />
| Gold<br />
| rowspan="2" | 32GB<br />
|}</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=J171AP&diff=121817J171AP2022-03-15T21:23:42Z<p>AknipGD: </p>
<hr />
<div>This is the [[iPad (7th generation)]] (iPad7,11 model). It uses the model number A2197. It contains an Apple A10 SoC, with 3GB of RAM. It came in 32 and 128 GB models. The colors are in Space Grey, Silver, and Gold. It's like the [[J172AP]], but without a celluar module.<br />
{{stub|hardware}}<br />
[[Category:Devices]]</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=J171AP&diff=121816J171AP2022-03-15T21:22:10Z<p>AknipGD: </p>
<hr />
<div>This is the [[iPad (7th generation)]] (iPad7,11 model). It uses the model number A2197. It contains an Apple A10 SoC, with 3GB of RAM. It came in 32 and 128 GB models. The colors are in Space Grey, Silver, and Gold. It's like the [[J172AP]], but without a celluar model.<br />
{{stub|hardware}}<br />
[[Category:Devices]]</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=J171AP&diff=121815J171AP2022-03-15T21:21:39Z<p>AknipGD: a</p>
<hr />
<div>This is the [[iPad (7th generation)]] (iPad7,11 model). It uses the model number A2197. It contains an Apple A10 SoC, with 3GB of RAM. It came in 32 and 128 GB models. The colors are in Space Grey, Silver, and Gold. It's like the [[J170AP]], but without a celluar model.<br />
{{stub|hardware}}<br />
[[Category:Devices]]</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=J171AP&diff=121814J171AP2022-03-15T21:20:30Z<p>AknipGD: first 2022 edit, also added some details.</p>
<hr />
<div>This is the [[iPad (7th generation)]] (iPad7,11 model). It uses the model number A2197. It contains an Apple A11 SoC, with 3GB of RAM. It came in 32 and 128 GB models. The colors are in Space Grey, Silver, and Gold.<br />
{{stub|hardware}}<br />
[[Category:Devices]]</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=Sn0wbreeze&diff=119530Sn0wbreeze2021-11-12T13:58:11Z<p>AknipGD: added comma</p>
<hr />
<div>{{lowercase}}<br />
{{Infobox software<br />
| name = sn0wbreeze<br />
| title = sn0wbreeze<br />
| logo = [[File:sn0wbreeze_logo.png]]<br />
| screenshot = [[File:sn0wbreeze.png|300px]]<br />
| caption = sn0wbreeze 2.9<br />
| author = [[User:ih8sn0w|iH8sn0w]]<br />
| developer = iH8sn0w<br />
| released = 1.0b / {{Start date|2010|01|13|df=yes}}<br />1.0 / {{Start date|2010|01|16|df=yes}}<br />
| discontinued = <br />
| latest release version = 2.9.14<br />
| latest release date = {{Start date and age|2013|04|11|df=yes}}<br />
| latest preview version = 2.8b11<br />
| latest preview date = {{Start date and age|2011|11|10|df=yes}}<br />
| programming language = [[wikipedia:C Sharp (programming language)|C#]] <small>([[wikipedia:Visual Basic .NET|VB .NET]] through 2.8b4)</small><br />
| operating system = [[wikipedia:Microsoft Windows|Microsoft Windows]]<br />
| platform = <br />
| size = 23,361,564 bytes (22.2 MiB) [ZIP]<br />26,883,072 (25.6 MiB) [EXE]<br />
| language = [[wikipedia:English language|English]]<br />
| status = Abandoned<br />
| genre = Jailbreaking<br />
| license = [[wikipedia:GNU General Public License#Version 3|GNU GPL v3]]<br />
| website = [http://ih8sn0w.com/ ih8sn0w.com]<br />
}}<br />
<br />
'''sn0wbreeze''' is a tool used to create custom [[IPSW File Format|IPSW]]s to restore, similar to [[PwnageTool]]. Can be used to jailbreak and unlock when making the custom IPSW. This is a GUI of [[XPwn]] for Windows written in C# (previously Visual Basic) and is developed by [[User:ih8sn0w|iH8sn0w]]. It is released under GPL v3 license, and previous versions source are available on [https://github.com/iH8sn0w/sn0wbreeze GitHub], however this violates the GPL.<br />
<br />
To restore to custom firmwares, you will need a version of [[iTunes]] BEFORE 11.1. As of iTunes 11.1, iTunes rehashes the [[firmware]] used.<br />
<br />
{{float toc|left}}<br />
<br />
{{clear}}<br />
<br />
== Versions ==<br />
[[sn0wbreeze]] was first released {{date|2010|01|13}} as a beta version. The following versions that are shown here are official, and sorted by compatibility with iOS revisions.<br />
<br />
=== 3.X ===<br />
{| class="wikitable"<br />
! Version<br />
! Release date<br />
! Changes<br />
|-<br />
! Public Beta<br />
| {{date|2010|01|13}}<br />
|<br />
* Initial release<br />
* Jailbreaks iOS 3.1.2<br />
* Only allows you to be able to select simple mode<br />
* Taken down due to copyright issues with [[XPwn]]<br />
|-<br />
! 1.0<br />
| {{date|2010|01|16}}<br />
|<br />
* Official release of sn0wbreeze<br />
|-<br />
! 1.1<br />
| {{date|2010|01|19}}<br />
|<br />
* Fixes [[Cydia Application|Cydia]] problems<br />
* Fixes problems with [[NOR]] on [[S5L8900]] devices<br />
* Fixes custom packages not being installed<br />
|-<br />
! 1.2<br />
| {{date|2010|01|21}}<br />
|<br />
* GUI fixes<br />
* Fixed even more [[Cydia Application|Cydia]] problems<br />
|-<br />
! 1.3<br />
| {{date|2010|01|23}}<br />
|<br />
* fixes bug where some [[Cydia Application|Cydia]] repositories could not be added and downloaded from<br />
|-<br />
! 1.4<br />
| {{date|2010|01|26}}<br />
|<br />
* Fixed vital bug where deb files may not be added to the right place<br />
* Add iPod touch<br />
* Fixes issues with iPhone 3GS<br />
|-<br />
! 1.5<br />
| {{date|2010|02|05}}<br />
|<br />
* Jailbreaks iOS 3.1.3<br />
* Removed verbose mode support<br />
|-<br />
! 1.5.1<br />
| {{date|2010|02|07}}<br />
|<br />
* Removed [[blacksn0w]] due to CommCenter issues<br />
* Supports iPod touch (2nd generation)<br />
* Fixes YouTube app issues<br />
|-<br />
! 1.5.2<br />
| {{date|2010|03|21}}<br />
|<br />
* Reintegrated [[blacksn0w]]<br />
|}<br />
<br />
=== 4.X ===<br />
{| class="wikitable"<br />
! Version<br />
! Release date<br />
! Changes<br />
|-<br />
! 1.6<br />
| {{date|2010|06|24}}<br />
|<br />
* Jailbreaks iOS 4.0 only.<br />
* Removed [[ultrasn0w]] integration. (Due to MuscleNerd's request citing version management issues. Install it through the "custom packages" feature instead.)<br />
* Removed "sn0wbreeze App" integration (discontinued)<br />
|-<br />
! 1.6.1<br />
| {{date|2010|06|24}}<br />
| <br />
* ?<br />
|-<br />
! 1.7<br />
| {{date|2010|07|06}}<br />
|<br />
* Added support for new bootroms in the form of a [[tethered jailbreak]] with [[iBooty]].<br />
|-<br />
! 1.8 Beta<br />
| {{date|2010|07|16}}<br />
|<br />
* Only for iOS 4.1 beta.<br />
* Doesn't support [[hacktivation]].<br />
|-<br />
! 2.0<br />
| rowspan="2" | {{date|2010|09|22}}<br />
|<br />
* Added support for "MC model" [[N72AP|iPod touch (2nd generation)]] ([[Tethered jailbreak|tethered]] using [[usb_control_msg(0xA1, 1) Exploit]])<br />
* Added Support for [[N18AP|iPod touch (3rd generation)]] and [[N88AP|iPhone 3GS]] ([[Bootrom 359.3.2|new bootrom]]) on iOS 3.1.2<br />
* GUI improvements<br />
* Backwards compatible with 3.1.X<br />
|-<br />
! 2.0.1<br />
|<br />
* Fix for Error 37<br />
|-<br />
! 2.0.2<br />
| {{date|2010|09|25}}<br />
|<br />
* Fixes for Error 37 and hacktivation.<br />
|-<br />
! 2.1<br />
| {{date|2010|11|13}}<br />
|<br />
* Jailbreaks iOS 3.2.2/4.1.<br />
* Implemented [[usb_control_msg(0xA1, 1) Exploit|steaks4uce]] and [[limera1n]] exploits.<br />
* Added support for all iOS devices (except [[M68AP|iPhone]] and [[N45AP|iPod touch]])<br />
|-<br />
! 2.2r1<br />
| rowspan="2" | {{date|2011|02|15}}<br />
|<br />
* Jailbreaks iOS 4.2.1.<br />
* A new "Baseband Preservation Mode", which allows upgrade without updating the baseband (as usual), but without jailbreaking ([http://twitter.com/iH8sn0w/status/19249886721478656 announced on Dec 27])<br />
|-<br />
! 2.2r2<br />
|<br />
* Includes a fix for iBooks.<br />
|-<br />
! 2.2r3<br />
| {{date|2011|02|18}}<br />
|<br />
* Fixes iBooks issues on devices still having issues.<br />
|-<br />
! 2.2.1<br />
| {{date|2011|02|20}}<br />
|<br />
* Fixes for the [[N92AP|iPhone 4 (iPhone3,3)]]<br />
* Definitely fixes iBooks.<br />
* Drag and drop [[IPSW File Format|IPSWs]].<br />
* Fixes issues with Windows Classic.<br />
|-<br />
! 2.3b1<br />
| {{date|2011|03|13}}<br />
|<br />
* "For people that want to play around with 4.3 or preserve their baseband. It's BETA for a reason."<br />
|-<br />
! 2.3b2<br />
| {{date|2011|03|17}}<br />
|<br />
* Adds Multitasking Gestures option in Settings App.<br />
* [[iBooty]] bug fixes (includes [[iBSS]] issues).<br />
* [[iBooty]] is even faster.<br />
* [[Mobile Substrate]] is now working.<br />
* Sleep bug in [[IPod touch|iPod touches]] is fixed.<br />
* Rare [[K48AP|iPad]] issues resolved.<br />
* Added [[iREB]] to top bar for future re-runs within [[sn0wbreeze]].<br />
* [[ultrasn0w]] is still broken.<br />
|-<br />
! 2.3b3<br />
| {{date|2011|03|18}}<br />
|<br />
* Fixed [[N81AP|iPod touch (4th generation)]] [[iBooty]] issues.<br />
|-<br />
! 2.3b4<br />
| rowspan="2" | {{date|2011|03|19}}<br />
|<br />
* [[ultrasn0w]] now works for basebands ([[01.59.00]] / [[04.26.08]] / [[05.11.07]] / [[05.12.01]] / [[05.13.04]] / [[06.15.00]])<br />
* Fixed minor GUI + [[iBooty]] bugs.<br />
|-<br />
|-<br />
! 2.4b1<br />
|<br />
* iOS 4.3.1 is now supported<br />
|-<br />
! 2.5<br />
| {{date|2011|04|03}}<br />
|<br />
* Jailbreaks all iOS 4.3.1 compatible device (except [[iPad 2]]).<br />
|-<br />
! 2.5.1<br />
| {{date|2011|04|06}}<br />
|<br />
* Cydia 1.1.1 is now pre-installed.<br />
* iPhone 3GS users can now flash the iPad 06.15.00 baseband.<br />
* Animate (Animated Boot Logos) by the Chronic Dev-Team is now supported.<br />
* Added afc2 Apple TV (2nd generation) is now fully supported.<br />
* Added Apple TV (2nd generation) DFU Instructions.<br />
* YouTube issues resolved on hacktivated devices.<br />
* iPhone 3GS old-bootrom issues fixed (Error 37).<br />
|-<br />
! 2.6<br />
| {{date|2011|04|19}}<br />
|<br />
* Jailbreaks all iOS 4.3.2/4.2.7 compatible devices (except [[iPad 2]]).<br />
* Updated to support i0n1c's 4.3.2/4.2.7 untether.<br />
* Multitasking Gestures enabled as usual.<br />
|-<br />
! 2.7<br />
| {{date|2011|05|06}}<br />
|<br />
* Jailbreaks all iOS 4.3.3/4.2.8 compatible devices (except [[iPad 2]]).<br />
* Updated to support i0n1c's 4.3.3/4.2.8 untether.<br />
|-<br />
! 2.7.1<br />
| {{date|2011|05|08}}<br />
|<br />
* Jailbreaks all iOS 4.3.3/4.2.8 compatible devices (except [[iPad 2]]).<br />
* Updated i0n1c's untethering exploit to resolve issues with iPhones and the mute switch.<br />
* A rerelease of 2.7.1 shrunk the file size significantly.<br />
|-<br />
! 2.7.2<br />
| {{date|2011|05|11}}<br />
|<br />
* This version adds support for iOS 4.3 Build 8F305 on the Apple TV (2nd generation).<br />
|-<br />
! 2.7.3<br />
| {{date|2011|05|13}}<br />
|<br />
* Fixed Pacman<br />
|}<br />
<br />
=== 5.X ===<br />
{| class="wikitable"<br />
! Version<br />
! Release date<br />
! Changes<br />
|-<br />
! 2.8b1<br />
| {{date|2011|06|12}}<br />
|<br />
* Jailbreaks iOS 5 beta (for developers)<br />
|-<br />
! 2.8b2<br />
| {{date|2011|06|18}} (?)<br />
|<br />
* The jailbreak for iOS 5.0b on the [[N88AP|iPhone 3GS]] ([[Bootrom 359.3|old bootrom]]) is now [[untethered jailbreak|untethered]].<br />
|-<br />
! 2.8b3.5<br />
| {{date|2011|06|26}}<br />
|<br />
* Now jailbreaks iOS 5 (beta 2)<br />
* Intended for developers ONLY!<br />
* Does not Hacktivate or add afc2 in this release to prevent piracy.<br />
* iPhone 3GS old bootrom users have an untethered boot.<br />
* Now only 15MB :)<br />
* [http://pastie.org/2123276 release notes]<br />
|-<br />
! 2.8b4<br />
| {{date|2011|07|11}}<br />
|<br />
* Intended only for developers (as usual).<br />
* Hacktivation is disabled (again).<br />
* MAKE SURE YOU UPDATE TO iTunes 10.5 BETA 3!<br />
* [http://pastie.org/2199509 release notes]<br />
|-<br />
! 2.8b5<br />
| {{date|2011|08|17}}<br />
| <br />
* Now supports iOS 5 beta 5 (9A5228d).<br />
* Added Hacktivation ability.<br />
* Added option to remove [[UDID]] developer check + beta timer.<br />
* Finally decided to fix Baseband preservation standalone mode.<br />
* Tethered devices are booted via iBooty.<br />
* Re-added afc2.<br />
* [http://pastie.org/2389351 release notes]<br />
|-<br />
! 2.8b6<br />
| {{date|2011|08|20}}<br />
| <br />
* Now supports iOS 5 beta 6.<br />
* Still removes [[UDID]] developer check + beta timer<br />
* Still has the ability to hacktivate.<br />
* Still preserves the baseband (as always).<br />
* [http://pastie.org/2405111 release notes]<br />
|-<br />
! 2.8b7<br />
| {{date|2011|09|01}}<br />
| <br />
* Now jailbreaks iOS 5 beta 7.<br />
* Still removes [[UDID]] Developer check + Beta timer.<br />
* Still has the ability to hacktivate.<br />
* Still preserves the [[baseband]] (as always!).<br />
* [http://pastie.org/2469158 release notes]<br />
|-<br />
! 2.8b8<br />
| {{date|2011|10|04}}<br />
| <br />
* INSTANT IPSW detection (seriously!).<br />
* Now jailbreaks iOS 5 Gold Master (9A334).<br />
* Now jailbreaks iOS 5 (9A334).<br />
* UDID Developer check removal is no longer needed.<br />
* Still has the ability to hacktivate. <br />
* Still preserves the baseband (as always!). <br />
* [http://pastie.org/2641544 release notes]<br />
|-<br />
! 2.8b9<br />
| {{date|2011|11|03}}<br />
| <br />
* Supports iOS 5.0 (9A334)/5.0.1-b1 (9A402)<br />
* Fixed iBooks sandbox crashing issues.<br />
* Fixed location services issues with iPhone 3GS users running the iPad baseband.<br />
* Re-added iPad baseband install option to iPhone 3GS. <br />
* Removes UDID requirement/Beta timer in 5.0.1.<br />
* Tethered devices are booted via iBooty which is extracted to the Desktop after running sn0wbreeze.<br />
* If on an [[N88AP|iPhone 3GS]], always reflash the [[K66AP|iPad]] baseband when running [[iOS]] 5.0+<br />
* [http://pastie.org/2807967 release notes]<br />
|-<br />
! 2.8b10<br />
| {{date|2011|11|05}}<br />
| <br />
* Supports iOS 5.0 (9A334)/5.0.1-b2 (9A404)<br />
* Fixed iBooks sandbox crashing issues (as of 2.8b9).<br />
* Fixed location services issues with iPhone 3GS users running the iPad baseband (as of 2.8b9).<br />
* Re-added iPad baseband install option to iPhone 3GS.<br />
* Removes UDID requirement/Beta timer in 5.0.1.<br />
* Tethered devices are booted via iBooty which is extracted to the Desktop after running sn0wbreeze.<br />
* [http://pastie.org/2812951 release notes]<br />
|-<br />
! 2.8b11<br />
| {{date|2011|11|10}}<br />
| <br />
* Supports iOS 5.0 (9A334)/5.0.1 (9A405)<br />
* Fixed iBooks sandbox crashing issues (as of 2.8b9).<br />
* Fixed location services issues with iPhone 3GS users running the iPad baseband (as of 2.8b9).<br />
* Re-added iPad baseband install option to iPhone 3GS.<br />
* Tethered devices are booted via iBooty which is extracted to the Desktop after running sn0wbreeze.<br />
* iPhone 3GS iPad baseband (06.15.00) users: Re-flash the iPad baseband via sn0wbreeze if you restore(d) to a stock 5.0 firmware.<br />
* [http://pastie.org/2844818 release notes]<br />
|-<br />
! 2.9<br />
| {{date|2012|01|16}}<br />
| <br />
* Happy birthday sn0wbreeze!<br />
* Brought back old firmware support in one release!<br />
* GUI Improvements<br />
* You can now build IPSWs with TinyUmbrella/iFaith blobs!<br />
* Removes OTA Updates/badge on iOS 5.x.x+ devices.<br />
* Added an IPSW Downloader<br />
* Built-in iREB functionality updated from newest iREB r5 module.<br />
* Custom Packages in Expert actually works now. :P<br />
* All supported firmwares in this release are untethered.<br />
* A5 devices are NOT supported at this time due to no public DFU/iBoot exploit.<br />
* Supports iOS 3.1.3<br />
* Supports iOS 3.2.x<br />
* Supports iOS 4.0.x<br />
* Supports iOS 4.1<br />
* Supports iOS 4.2.1 - 4.2.8<br />
* Supports iOS 4.3 - 4.3.3<br />
* Supports iOS 5.0.1<br />
* A rerelease fixed the [[IPSW File Format|IPSW]] download [https://twitter.com/#!/iH8sn0w/status/159133836695977987 bug]<br />
* [http://blog.ih8sn0w.com/2012/01/happy-birthday-sn0wbreeze.html release notes]<br />
|-<br />
! 2.9.1<br />
| {{date|2012|01|19}}<br />
| <br />
* iPhone 3G never flashed the iPad baseband when chosen.<br />
* Fixed PRAM issues.<br />
|-<br />
! 2.9.2<br />
| {{date|2012|03|09}}<br />
| <br />
* Added [[tethered jailbreak]] support for iOS 5.1 on [[limera1n Exploit|limera1n]]-vulnerable devices.<br />
* Bug fixes (specifically with baseband [[06.15.00]] and iPhone).<br />
* Re-added [[BootNeuter]].<br />
* [http://blog.ih8sn0w.com/2012/03/sn0wbreeze-v292.html release notes]<br />
|-<br />
! 2.9.3<br />
| {{date|2012|03|12}}<br />
| <br />
* Added Apple TV (2nd generation) support for iOS 4.4.3/4.4.4.<br />
* Fixed rare issues with iOS 5.0.1 where it would halt on the Apple logo upon boot.<br />
* [http://blog.ih8sn0w.com/2012/03/sn0wbreeze-v293.html release notes]<br />
|-<br />
! 2.9.4<br />
| {{date|2012|05|25}}<br />
| <br />
* Added the 5.1.1/9B206 [[Untethered jailbreak|untether]] that was released with today's [[absinthe]] update. <br />
* Added 5.0/9B206f ([[K66AP|Apple TV (2nd generation)]]) support.<br />
* Minor UI changes (thanks @[https://twitter.com/icj_ icj_]!).<br />
* Bug Fixes.<br />
* [http://blog.ih8sn0w.com/2012/05/sn0wbreeze-v294.html release notes]<br />
|-<br />
! 2.9.5<br />
| {{date|2012|03|27}}<br />
| <br />
* Added 5.1.1/9B208 untether payload for the [[N90BAP|iPhone 4 (iPhone3,1)]].<br />
* Added iPhone 3GS (iPad Baseband users) location services fix.<br />
* [http://blog.ih8sn0w.com/2012/05/sn0wbreeze-v295.html release notes]<br />
|-<br />
! 2.9.6<br />
| {{date|2012|06|06}}<br />
| <br />
* Added 5.0.2/9B830 [[K66AP|Apple TV (2nd generation)]] [[Untethered jailbreak|untether]] payload. (Thanks @planetbeing & @nitoTV)<br />
* Apple TV (2nd generation) users can now resize their root partition.<br />
* [http://blog.ih8sn0w.com/2012/06/sn0wbreeze-v296.html release notes]<br />
|}<br />
<br />
=== 6.X ===<br />
{| class="wikitable"<br />
! Version<br />
! Release date<br />
! Changes<br />
|-<br />
|-<br />
! 2.9.7<br />
| {{date|2012|01|12}}<br />
| <br />
* The 6.0/6.0.1 is currently a tethered based jailbreak via iBooty except for iPhone 3GS old bootrom users.<br />
* SAM is built-in for iOS 6 hacktivations. Hacktivated phones can reboot to a semi-tethered state after being activated rather than just hang at the Apple Logo.<br />
* Added 6.0 (10A403)/6.0.1 (10A523) support. Only includes iPhone 3GS & A4 devices.<br />
* [http://blog.ih8sn0w.com/2012/11/sn0wbreeze-v297.html release notes]<br />
|-<br />
! 2.9.8<br />
| {{date|2013|02|04}}<br />
| <br />
* Added 5.2/6.0.x/6.1 untethers provided by [[evad3rs]]<br />
* Added iOS 6.1 support for iPhone 3GS, and A4 devices.<br />
* Fixed Hacktivation issues on 6.0.x.<br />
* Fixed some iFaith mode bugs.<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html release notes]<br />
|-<br />
! 2.9.9<br />
| {{date|2013|02|10}}<br />
| <br />
* Fixed issue with device not showing up in iTunes/xcode.<br />
* Fixed bug when building iPhone 4 (iPhone3,2) IPSW.<br />
* Apple TV (2nd generation) bug fixes.<br />
* Now adds evasi0n untether directly to Cydia (for future updates).<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|-<br />
! 2.9.10<br />
| {{date|2013|02|22}}<br />
| <br />
* Added iOS 6.1.2 support for 3GS/A4 devices.<br />
* Added Apple TV (2nd generation) iOS 5.2 sandbox fix.<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|-<br />
! 2.9.11<br />
| {{date|2013|02|24}}<br />
| <br />
* Fixed bug with Cydia having “compatibility-issues” with the untether package on 6.1.2.<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|-<br />
! 2.9.12<br />
| {{date|2013|03|10}}<br />
| <br />
* Finally fully fixed iPhone3,2 limera1n payload injection issues.<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|-<br />
! 2.9.13<br />
| {{date|2013|03|11}}<br />
| <br />
* Ugh. More rootfs bug fixes.<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|-<br />
! 2.9.14<br />
| {{date|2013|04|11}}<br />
| <br />
* After Cydia's mishap with aptickets from 6.0 --> 6.1.2 (causing soft-dfu loops), sn0wbreeze now includes an apticket validation. It will verify the apticket after browsing for iOS5+ blobs in iFaith mode.<br />
* Added tethered support for A4 devices on iOS 6.1.3 (3GS old bootroms are untethered as usual).<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|}<br />
<br />
== Resources ==<br />
*[https://github.com/iH8sn0w/sn0wbreezedl/archive/master.zip Download sn0wbreeze]<br />
<br />
[[Category:Hacking Software]]<br />
[[Category:GUI Tools]]<br />
[[Category:Jailbreaks]]<br />
[[Category:Jailbreaking]]<br />
[[Category:Downgrading]]</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=Untethered_jailbreak&diff=118960Untethered jailbreak2021-10-24T20:07:33Z<p>AknipGD: </p>
<hr />
<div>An '''untethered jailbreak''' is a jailbreak wherein a user can reboot their device at will, and have their device start up with the jailbreak automatically applied without the assistance of a computer or a utility on the device.<br />
<br />
These jailbreaks can be applied via multiple different methods, the most common of which being kernel exploits.<br />
<br />
== Kernel exploits ==<br />
<br />
Most untethered jailbreaks rely on vulnerabilities in the kernel and early boot process, typically using a combination of codesigning bypasses and manipulating the system into executing a binary early in the boot process (or obtaining unsigned code execution via a vulnerability in an existing startup process). Once code execution has been obtained, a kernel exploit is used in order to patch the currently loaded kernel to allow for the rootfs to be remounted as read/write, and to allow for unsigned code execution.<br />
<br />
Tools that use kernel exploits to achieve untethered jailbreaks:<br />
<br />
*[[Spirit]]<br />
*[[Star|JailbreakMe 2.0 (star)]]/[[Saffron|JailbreakMe 3.0 (saffron)]]<br />
*[[limera1n]]<br />
*[[greenpois0n]]<br />
*[[Absinthe]]<br />
*[[unthredera1n]]<br />
*[[evasi0n]]<br />
*[[p0sixspwn]]<br />
*[[evasi0n7]]<br />
*[[Pangu]]<br />
*[[Pangu8]]<br />
*[[TaiG]]<br />
*[[etasonJB]]<br />
*[[UntetherHomeDepot]]<br />
*[[Pangu9]]<br />
*[[Fugu14]]<br />
<br />
== BootROM exploits ==<br />
<br />
Older devices, such as the iPhone 3GS, iPod touch 2 (old bootrom) and earlier, have had vulnerabilities discovered in the [[BootROM]] that are able to be executed without the assistance of DFU mode (such as via a malformed image in the NOR) allowing for stages of the boot chain to be overwritten with custom code, such as a patched LLB/iBoot to allow for an unsigned kernel, and a custom boot logo. Examples of bootrom exploits that allow for untethered code execution are [[Pwnage]], [[0x24000 Segment Overflow|24kpwn]] and [[alloc8 Exploit|alloc8]].<br />
<br />
Tools that use bootROM exploits to achieve untethered jailbreaks:<br />
<br />
*[[redsn0w]]<br />
*[[sn0wbreeze]]<br />
*[[PwnageTool]]<br />
*[[ipwndfu]]<br />
<br />
== iBoot exploits ==<br />
<br />
Some jailbreaks abuse vulnerabilities in the currently installed [[iBoot]] in order to patch out signature checks or load an alternative iBoot, therefore being able to load a patched and jailbroken kernel. Very few jailbreak utilities opt to use this method, as iBoot exploits are rare to come across and are able to be patched by Apple with software updates, thereby only being able to be used if blobs have been saved, or if the device was discontinued before Apple released a patch.<br />
<br />
==See also==<br />
*[[Jailbreak]]<br />
*[[Jailbreak Exploits]]<br />
*[[Tethered jailbreak]]<br />
*[[Semi-tethered jailbreak]]<br />
*[[Semi-untethered jailbreak]]<br />
<br />
[[Category:Jailbreaking]]</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=N81ap&diff=118889N81ap2021-10-23T03:09:08Z<p>AknipGD: a</p>
<hr />
<div>#REDIRECT [[N81AP]]</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=N81ap&diff=118888N81ap2021-10-23T03:08:42Z<p>AknipGD: redirect page</p>
<hr />
<div>#REDIRECT N81AP</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=0x24000_Segment_Overflow&diff=1188610x24000 Segment Overflow2021-10-22T17:13:05Z<p>AknipGD: changed "us" in the first line to "people"</p>
<hr />
<div>Also known by its codename, 24Kpwn, this was the first exploit in the [[S5L8720]] that allowed people to bypass the bootrom signature checks on [[LLB]] and create what is known as an [[untethered jailbreak]].<br />
<br />
As of {{date|2009|10}}, seven months after the exposure of this hole, Apple sold updated [[N88AP|iPhone 3GS]] and [[N72AP|iPod touch (2nd generation)]] units with new bootroms that have this vulnerability patched.<br />
<br />
==Credit==<br />
A "hybrid" dev team, in alphabetical order: [[User:ChronicDev|chronic]], [[CPICH]], [[ius]], [[User:MuscleNerd|MuscleNerd]], [[User:Planetbeing|Planetbeing]], [[User:Pod2g|pod2g]], [[User:Posixninja|posixninja]], et al. (anyone wishing to be unnamed)<br />
<br />
==Background==<br />
Upon boot-up, the [[S5L8720]] and [[S5L8920]] SoC have a MIU configuration which maps the [[S5L8720|Secure ROM]] to 0x0, providing the newly turned on device with an ARM exception vector and the first code to execute. This MIU configuration also maps a small amount of SRAM to 0x22000000 for the [[S5L8720]], and 0x84000000 for the [[S5L8920]]. Statically allocated variables, heap, and stack must use the SRAM, as "[[S5L8720|Secure ROM]]" is unwritable. A region of memory starting from (SRAM Start)+0x24000 is used for this purpose. The region of memory from the start of SRAM to (SRAM Start)+0x24000 is used as a buffer for loading the [[LLB|next stage bootloader]] code. The [[LLB]] code is stored in [[NOR]], along with code for all other bootloader stages, as well as art resources (boot logos) and the [[DeviceTree|OpenFirmware device tree]] to provide to the XNU [[kernel]]. The first portion (first 0x160 bytes) of memory at (SRAM Start)+0x24000 is used for initialized statically allocated variables. Shortly after boot, values for that region are initialized from [[S5L8720|Secure ROM]].<br />
<br />
==Vulnerability==<br />
The code that reads the [[LLB]] [[IMG3 File Format|IMG3 file]] from [[NOR]] into memory does not check the size of the [[LLB]] image being loaded, instead taking the size directly from the non-signature checked portion of the IMG3 header on the [[NOR]] (see ROM offset 0x2178). Any image greater than 0x24000 bytes in length will begin overwriting the portion of memory used to store Secure ROM statically allocated variables. Immediately vulnerable data includes USB data structures for [[DFU Mode]], a pointer to the bdev list structure, task list structures for the Secure ROM's scheduler, as well as the addresses of the hardware SHA1 registers. All of the above are potential avenues for exploitation. The method described below uses the SHA1 register addresses.<br />
<br />
This vulnerability was discovered independently by pod2g and [[User:MuscleNerd|MuscleNerd]].<br />
<br />
== Exploit==<br />
The goal of the exploit is to gain arbitrary code execution capability.<br />
<br />
The exploit, as proposed by [[User:Planetbeing|planetbeing]], uses the overflow to overwrite one of the addresses of the SHA1 registers. The particular register is the only one that directly copies data to be hashed into the hardware (or into an arbitrary memory location, once the destination address has been overwritten). Code execution is achieved by writing data into the stack, specifically by overwriting the LR of the function performing the write to the "SHA1 register" so that instead of returning to the main SHA1 routine, it returns to a chosen location in memory that contains the payload code. The location chosen is within the range of memory that is filled with the [[LLB]]'s [[IMG3 File Format|IMG3]], so that the payload code can be placed within the LLB's IMG3.<br />
<br />
The challenge is determining what to put in as the SHA1 register location so that the right portion of stack can be overwritten with the payload LR. This can be challenging without having access to any sort of exception dump (crash register dumps in the [[S5L8720|bootrom]] had been disabled by Apple). [[User:Planetbeing|Planetbeing]] performed a static analysis of a very detailed IDB produced by [[User:ChronicDev|chronic]] and CPICH and determined the theoretical call stack for both of the invocations of the SHA1 hardware within the bootrom code [http://web.archive.org/web/20140410202729/http://pastie.org/414981].<br />
<br />
In-situ verification of the LR location was performed by [[User:Posixninja|posixninja]]. CPICH discovered a way to alter the [[IMG3 File Format|IMG3]] DER so that the second invocation of the SHA-1 hardware was not performed without affecting the first, allowing better confirmation that this step was performed properly.<br />
<br />
The final SHA-1 register address was chosen so that the first dword of the DATA tag of the [[LLB]] [[IMG3 File Format|IMG3]] would replace sub_5E54's LR. This is because this is the first dword of the [[IMG3 File Format|IMG3]] that can be altered without substantially changing the [[IMG3 File Format|IMG3]]'s structure (and possibly disrupting earlier parsing code). The LR replacement must be done the first time the exploit is triggered (by the invocation of sub_5E54), or else the [[S5L8720|bootrom]] would crash. Since sub_5E54 takes 0x40 bytes of data at a time, the replacement LR thus must be within the first 0x40 bytes of data to be hashed. Data to be hashed starts at 0xC bytes from the start of the [[IMG3 File Format|IMG3]], and the first dword of the DATA tag is 0x20 bytes from the start of the [[IMG3 File Format|IMG3]]. Thus, the SHA1 register address chosen should be 0x20 - 0xC = 0x14 bytes before sub_5E54's LR. So, it must be 0x2202FE24. Note that the exploit will also trash up to 0x2202FE24 + 0x40 = 0x2202FE64. So a sizeable portion of doComputeSHA1's stack will be trashed as well.<br />
<br />
The final exploit [[IMG3 File Format|IMG3]] was verified by [[User:Posixninja|posixninja]] under [[User:Planetbeing|planetbeing]]'s instructions to allow arbitrary code execution. It was a regular [[IMG3 File Format|IMG3]] with padding up to 0x24000 bytes. The next 0x100 bytes were taken from the original initialization values for 0x22024000. However, 0x240FC, the offset of the SHA1 register address, was altered to 0x2202FE24. The first dword of the DATA tag (offset 0x20) was altered to 0x22023000. Payload code was placed at offset 0x23000.<br />
<br />
==Payload==<br />
The goal of the payload is to allow an unsigned [[LLB]] to be loaded.<br />
<br />
There are several ways that can be used, including directly calling the JumpToMemory function which is designed to prepare the SoC and invoke the [[LLB]] code. However, it's designed to be used on decrypted, unpacked code, and the [[LLB]] code currently resides in an encrypted from within the [[IMG3 File Format|IMG3]]'s DATA tag. The simplest solution is thus to use the bootrom's own machinery to decrypt and execute the code.<br />
<br />
The final payload evolved out of a discussion between '''pod2g''' and '''planetbeing''', based on an IDB documented by '''pod2g''', '''chronic''', '''CPICH''', et al. The lowest impact solution is to apply the pwnage patch to the rsaCheck subroutine of the bootrom, and returning from the payload from computing the SHA1 without crashing the bootrom. However, in this case, since bootrom text is unwritable, this was not a viable solution.<br />
<br />
The next lowest impact solution is to return from the entire parseFirmwareFooter function with a successful value, instead of the failure value it would normally return if signature checks fail. This would skip any remaining code in that subroutine. This solution did not work in-situ. Failures checking the epoch tags prevented the firmware from being executed. The cause of this was not investigated.<br />
<br />
The final payload was to return past the verification of epoch and other tags in the [[LLB]]'s [[IMG3 File Format|IMG3]] to a spot right before the DATA tag was loaded from memory and decrypted. R5 was set to 0 to ensure decryption would not be skipped. The original value for the first DATA dword (before we had to overwrite it with the exploit LR) is written back to 0x22000020 by the payload, and the original SHA1 register value was written back to 0x2202FE24 to ensure the payload only activates once.<br />
<br />
== Deployment ==<br />
Although the exploitable [[LLB]] can be manually written to [[NOR]] by bootstrapping from a tethered jailbreak, the easiest way is to use the Apple restore process itself. Apple's restore process will write arbitrary [[IMG3 File Format|IMG3]] files onto the [[NOR]], even if they fail signature checks. However, the "total size" value of the [[IMG3 File Format|IMG3]] is fixed up by the kernel before it is written to [[NOR]]. This would negate the exploit. However, [[User:MuscleNerd|MuscleNerd]] discovered that this could be bypassed by including the padding in another tag, such as CERT. Then, the written exploit [[LLB]] would have the "correct", exploitable total size.<br />
<br />
==Timing Impact==<br />
This exploit would have allowed the [[pwnage]] of the [[N88AP|iPhone 3GS]] without the discovery of an additional code execution vulnerability (required to write the exploit [[LLB]]), provided that the bug still existed in the 3GS's [[S5L8920|bootrom]]. Even though it was too late to patch the bootrom, it was not too late for Apple to change the restore process in the stock IPSW, removing the method used to get the exploitive [[LLB]] onto the device. Before, Apple would have no reason to fix this, since writing arbitrary data to [[NOR]] does not negate their chain of trust. However, now that a way has been found, they were able to prioritize a fix for this oversight thus making the permanent [[pwnage]] of future devices significantly more difficult.<br />
<br />
Thanks to irresponsible handling of the exploit by a third-party company known as [[NitroKey]] who was interested in making financial gain from the work of others, this eventuality became a near-certainty and pretty much erased the possibility of a day-of-release jailbreak for the [[N88AP|iPhone 3GS]] and the [[N18AP|iPod touch (3rd generation)]]. In addition, to counteract the exploit, with the early exposure of the exploit, Apple was able to add the [[ECID]] tag to the [[IMG3 File Format]] in the [[N88AP|iPhone 3GS]]. The early leak of the exploit allowed Apple to understand that an [[iBoot]] exploit would be necessary to flash the required oversized [[LLB]] and through doing so, Apple have prevented this exploit from allowing the [[N88AP|iPhone 3GS]] to be permanently jailbroken through this exploit unless new [[iBoot]] exploits (allowing unsigned code to be run) can be found in every firmware release or a signed copy of an (older) vulnerable version of [[iBoot]] is stored.<br />
<br />
May the bastards of [[NitroKey]] burn in hell for all eternity.<br />
<br />
==3GS Implementation==<br />
Early-run models of the [[N88AP|iPhone 3GS]] are still affected by this vulnerability. In these models, the exploit remains the same in spirit.<br />
<br />
The call tree and stacks analysis is very similar although a few bytes here and there changed it slightly. It was again done manually but afterward, and out of fun, an IDA Python Script was written to automate the process. The new static analysis can be seen [http://pastie.org/551212 here], and the IDA Python Script for it [http://github.com/iZsh/IDA-Python-Scripts/ there].<br />
<br />
The main differences are:<br />
<br />
* the SRAM is at 0x84000000 instead of 0x22000000<br />
* the Original value of the first DATA dword is written back to 0x84000040 (which was overwritten by the LR address)<br />
* the SHA1 register original value is written back to 0x840241CC<br />
* '''The decrypt flag is not held in R5 anymore''', but in a local variable of the function "my_process_module" (sub_2564). An extra static analysis tells us this variable is held at 0x84033F30, thus that's where you have to store your 0x0 value before returning to this function.<br />
<br />
[[Category:Bootrom Exploits]]</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=Fugu14&diff=118857Fugu142021-10-21T21:19:21Z<p>AknipGD: </p>
<hr />
<div>'''Fugu14''' is a unreleased, incomplete [[untethered jailbreak]] for [[iOS]] 14.3 to 14.5.1 It released on {{date|2021|10|24}}<ref>https://twitter.com/linushenze/status/1450573401546952717</ref>. Out of the box, it only supports arm64e devices.<br />
<ref>https://media.discordapp.net/attachments/688122358107603013/899764274812059679/1500x500.png</ref><br />
== References ==<br />
<references/><br />
<br />
[[Category:Jailbreaks]]<br />
[[Category:Jailbreaking]]<br />
{{stub|software}}</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=Fugu14&diff=118832Fugu142021-10-20T12:37:25Z<p>AknipGD: fixed, looked at the IOMFB thing accidentally</p>
<hr />
<div>'''Fugu14''' is a unreleased, incomplete [[untethered jailbreak]] for [[iOS]] 13 and 14. It released on {{date|2021|10|24}}<ref>https://twitter.com/linushenze/status/1450573401546952717</ref>. Out of the box, it only supports arm64e devices.<br />
<ref>https://media.discordapp.net/attachments/688122358107603013/899764274812059679/1500x500.png</ref><br />
== References ==<br />
<references/><br />
<br />
[[Category:Jailbreaks]]<br />
[[Category:Jailbreaking]]<br />
{{stub|software}}</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=Fugu14&diff=118830Fugu142021-10-20T00:19:54Z<p>AknipGD: sasdasasdasas</p>
<hr />
<div>'''Fugu14''' is a unreleased, incomplete [[untethered jailbreak]] for [[iOS]] 12 - 14. It released on {{date|2021|10|24}}<ref>https://twitter.com/linushenze/status/1450573401546952717</ref>. Out of the box, it only supports arm64e devices.<br />
<ref>https://media.discordapp.net/attachments/688122358107603013/899764274812059679/1500x500.png</ref><br />
== References ===<br />
<references/><br />
<br />
[[Category:Jailbreaks]]<br />
[[Category:Jailbreaking]]<br />
{{stub|software}}</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=Fugu14&diff=118829Fugu142021-10-20T00:17:37Z<p>AknipGD: as</p>
<hr />
<div>'''Fugu14''' is a unreleased, incomplete [[untethered jailbreak]] for iOS 14. It released on {{date|2021|10|24}}<ref>https://twitter.com/linushenze/status/1450573401546952717</ref>. Out of the box, it only supports arm64e devices.<br />
<ref>https://media.discordapp.net/attachments/688122358107603013/899764274812059679/1500x500.png</ref><br />
== References ===<br />
<references/><br />
<br />
[[Category:Jailbreaks]]<br />
[[Category:Jailbreaking]]<br />
{{stub|software}}</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=Fugu14&diff=118800Fugu142021-10-19T15:36:12Z<p>AknipGD: </p>
<hr />
<div>Fugu14 is a unreleased, incomplete [[untethered jailbreak]] for iOS 14. It released on October 21, 2021. Out of the box, it only supports arm64e devices.<br />
<br />
Info can be found here.<br />
https://media.discordapp.net/attachments/688122358107603013/899764274812059679/1500x500.png<br />
<br />
[[Category:Jailbreaks]]<br />
[[Category:Jailbreaking]]<br />
{{stub|software}}</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=Fugu14&diff=118799Fugu142021-10-19T15:34:57Z<p>AknipGD: dasd</p>
<hr />
<div>Fugu14 is a unreleased, incomplete [[untethered jailbreak]] for iOS 14. It released on October 21, 2021. Out of the box, it only supports arm64e devices.<br />
<br />
Info can be found here.<br />
https://media.discordapp.net/attachments/688122358107603013/899764274812059679/1500x500.png<br />
<br />
<br />
{{stub|software}}</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=Fugu14&diff=118798Fugu142021-10-19T15:34:38Z<p>AknipGD: HA! I CREATED IT!</p>
<hr />
<div>Fugu14 is a unreleased, incomplete [[untethered jailbreak]] for iOS 14. It released on October 21, 2021. Out of the box, it only supports arm64e devices.<br />
<br />
Info can be found here.<br />
https://media.discordapp.net/attachments/688122358107603013/899764274812059679/1500x500.png<br />
<br />
<br />
{{software|stub}}</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=User_talk:IAdam1n&diff=118415User talk:IAdam1n2021-10-10T00:56:47Z<p>AknipGD: /* Thanks for deleting the blackd00r page. */ new section</p>
<hr />
<div>{{Talk Archive}}<br />
If you have any questions/concerns about an edit that I have made, please use this talk page to discuss it or [[Special:Emailuser/iAdam1n|email]] me.<br />
<br />
== 13.6 GM or 13.6 b4? ==<br />
<br />
Hey, I'm just slightly confused how this wiki names GM builds. Looking at the firmware list I see the 13.4 GM listed as "beta 6" on this wiki, but then 13.5 GM listed as "GM". For 13.6, the pages you're creating list them as GM but Apple's developer page lists them as beta 4. So is there some sort of algorithm used to determine if a build is beta or GM? Thanks [[User:Admanny|Admanny]] ([[User talk:Admanny|talk]]) 20:09, 9 July 2020 (UTC)<br />
:Developer portal is listing them as GM, not beta 4. --[[User:IAdam1n|iAdam1n]] ([[User talk:IAdam1n|talk]]) 20:10, 9 July 2020 (UTC)<br />
::https://developer.apple.com/news/releases/ ? [[User:Admanny|Admanny]] ([[User talk:Admanny|talk]]) 20:13, 9 July 2020 (UTC)<br />
:::They've just changed it then, it was listed as GM. It's a GM build. --[[User:IAdam1n|iAdam1n]] ([[User talk:IAdam1n|talk]]) 20:18, 9 July 2020 (UTC)<br />
<br />
== Regarding today's 14.1 fiasco ==<br />
<br />
Here's the timeline of events that I have observed so far:<br />
<br />
*14.1 is publicly released for iOS, iPadOS, and tvOS, not OTA, along with 14.2b3<br />
*14.1 is pulled as seen on the dev portal<br />
*14.1 for iOS and iPadOS is reclassified as GM seed and re-released as beta<br />
*14.1 for tvOS remains pulled and has never been re-released<br />
<br />
Can you confirm the last bullet point (tvOS)? Apple pulled the tvOS entry when everything else got fixed as seen in [https://developer.apple.com/news/releases/] Thanks. [[User:Admanny|Admanny]] ([[User talk:Admanny|talk]]) 21:34, 13 October 2020 (UTC)<br />
:They did but it linked to the 14.0.2 IPSW and is now pulled again. --[[User:IAdam1n|iAdam1n]] ([[User talk:IAdam1n|talk]]) 21:36, 13 October 2020 (UTC)<br />
<br />
== tvOS 13.4 b6 infomation ==<br />
<br />
in [[beta Firmware/iPhone/13.x]] and [[beta Firmware/Apple TV/13.x]] in GM was listed as beta 6, why your readd tvOS 13.4's GM? I know (tvOS/iOS) 13.6's GM's beta 4 is renaming name, so listed as a GM. --[[User:小美粉粉|小美粉粉]] ([[User talk:小美粉粉|talk]]) 05:18, 5 September 2021 (UTC)<br />
:My bad on that one, I reverted it. I was copy/pasting a lot because you made so many mistakes it was easier and that was caught in it I think. --[[User:IAdam1n|iAdam1n]] ([[User talk:IAdam1n|talk]]) 05:19, 5 September 2021 (UTC)<br />
<br />
== Thanks for deleting the blackd00r page. ==<br />
<br />
I did not know these were illegal. It was too late before i realized.</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=WatchOS&diff=118412WatchOS2021-10-09T19:17:41Z<p>AknipGD: aDasd</p>
<hr />
<div>{{lowercase}}<br />
'''watchOS''' is the Operating System that is used by the [[Apple Watch]]. It is a stripped down version of [[iOS]]. The first version released was stylized and marketed as Watch OS 1.0, which was based on iOS 8.2.<br />
<br />
watchOS 1.0.1 enabled users to view diverse emojis and fixes a few bugs and performance issues.<br />
<br />
{{stub|software}}<br />
[[Category:Firmware]]</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=User:AknipGD&diff=118411User:AknipGD2021-10-09T19:16:27Z<p>AknipGD: https://www.theiphonewiki.com/wiki/Special:Contributions/AknipGD</p>
<hr />
<div>Hi. I like to make and edit pages to my liking. I DO NOT VANDALIZE, look at this https://www.theiphonewiki.com/wiki/Special:Contributions/AknipGD</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=Backr00m&diff=118410Backr00m2021-10-09T19:14:29Z<p>AknipGD: </p>
<hr />
<div>{{lowercase}}{{Infobox software<br />
| name = backr00m<br />
| title = backr00m<br />
| developer = [https://twitter.com/nitoTV nitoTV]<br />
| released = {{Start date and age|2018|07|08|df=yes}}<br />
| latest release version = 1.1<br />
| latest release date = {{Start date and age|2018|07|08|df=yes}}<br />
| language = [[wikipedia:English|English]]<br />
| status = Current<br />
| genre = Jailbreaking<br />
| license = [[wikipedia:Freeware|Freeware]]<br />
| website = [https://nito.tv/ nito.tv]<br />
}}<br />
'''backr00m''' is a [[semi-untethered jailbreak]] released for [[tvOS]] 10.2.2-11.1. It supports both the [[Apple TV HD]] and [[Apple TV 4K]].<br />
<br />
It supersedes [[greeng0blin]] by using more reliable exploits.<br />
<br />
{| class="wikitable"<br />
|-<br />
! Version<br />
! Date<br />
! Changes<br />
|-<br />
| 1.0<br />
| rowspan="2" | {{date|2018|07|08}}<br />
|<br />
* Initial Release<br />
|-<br />
| 1.1<br />
|<br />
* Fix installing on 11.0<br />
* Fix nitoTV crashing<br />
|}<br />
<br />
{{stub|software}}<br />
<br />
[[Category:Jailbreaks]]<br />
[[Category:Jailbreaking]]</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=4039&diff=11840940392021-10-09T19:14:09Z<p>AknipGD: </p>
<hr />
<div>4039 (AKA 4039jb) is a [[iOS|iPhoneOS 1.1]] jailbreak for the [[iPod1,1|iPod touch]].<br />
<br />
{{stub|software}}</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=4039&diff=11840840392021-10-09T19:13:57Z<p>AknipGD: aka</p>
<hr />
<div>4039 (aka 4039jb) is a [[iOS|iPhoneOS 1.1]] jailbreak for the [[iPod1,1|iPod touch]].<br />
<br />
{{stub|software}}</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=Sn0wbreeze&diff=118407Sn0wbreeze2021-10-09T18:07:47Z<p>AknipGD: </p>
<hr />
<div>{{lowercase}}<br />
{{Infobox software<br />
| name = sn0wbreeze<br />
| title = sn0wbreeze<br />
| logo = [[File:sn0wbreeze_logo.png]]<br />
| screenshot = [[File:sn0wbreeze.png|300px]]<br />
| caption = sn0wbreeze 2.9<br />
| author = [[User:ih8sn0w|iH8sn0w]]<br />
| developer = iH8sn0w<br />
| released = 1.0b / {{Start date|2010|01|13|df=yes}}<br />1.0 / {{Start date|2010|01|16|df=yes}}<br />
| discontinued = <br />
| latest release version = 2.9.14<br />
| latest release date = {{Start date and age|2013|04|11|df=yes}}<br />
| latest preview version = 2.8b11<br />
| latest preview date = {{Start date and age|2011|11|10|df=yes}}<br />
| programming language = [[wikipedia:C Sharp (programming language)|C#]] <small>([[wikipedia:Visual Basic .NET|VB .NET]] through 2.8b4)</small><br />
| operating system = [[wikipedia:Microsoft Windows|Microsoft Windows]]<br />
| platform = <br />
| size = 23,361,564 bytes (22.2 MiB) [ZIP]<br />26,883,072 (25.6 MiB) [EXE]<br />
| language = [[wikipedia:English language|English]]<br />
| status = Abandoned<br />
| genre = Jailbreaking<br />
| license = [[wikipedia:GNU General Public License#Version 3|GNU GPL v3]]<br />
| website = [http://ih8sn0w.com/ ih8sn0w.com]<br />
}}<br />
<br />
'''sn0wbreeze''' is a tool used to create custom [[IPSW File Format|IPSW]]s to restore, similar to [[PwnageTool]]. Can be used to jailbreak and unlock when making the custom IPSW. This is a GUI of [[XPwn]] for Windows written in C# (previously Visual Basic) and is developed by [[User:ih8sn0w|iH8sn0w]]. It is released under GPL v3 license, and previous versions source are available on [https://github.com/iH8sn0w/sn0wbreeze GitHub], however this violates the GPL.<br />
<br />
To restore to custom firmwares you will need a version of [[iTunes]] BEFORE 11.1. As of iTunes 11.1, iTunes rehashes the [[firmware]] used.<br />
<br />
{{float toc|left}}<br />
<br />
{{clear}}<br />
<br />
== Versions ==<br />
[[sn0wbreeze]] was first released {{date|2010|01|13}} as a beta version. The following versions that are shown here are official, and sorted by compatibility with iOS revisions.<br />
<br />
=== 3.X ===<br />
{| class="wikitable"<br />
! Version<br />
! Release date<br />
! Changes<br />
|-<br />
! Public Beta<br />
| {{date|2010|01|13}}<br />
|<br />
* Initial release<br />
* Jailbreaks iOS 3.1.2<br />
* Only allows you to be able to select simple mode<br />
* Taken down due to copyright issues with [[XPwn]]<br />
|-<br />
! 1.0<br />
| {{date|2010|01|16}}<br />
|<br />
* Official release of sn0wbreeze<br />
|-<br />
! 1.1<br />
| {{date|2010|01|19}}<br />
|<br />
* Fixes [[Cydia Application|Cydia]] problems<br />
* Fixes problems with [[NOR]] on [[S5L8900]] devices<br />
* Fixes custom packages not being installed<br />
|-<br />
! 1.2<br />
| {{date|2010|01|21}}<br />
|<br />
* GUI fixes<br />
* Fixed even more [[Cydia Application|Cydia]] problems<br />
|-<br />
! 1.3<br />
| {{date|2010|01|23}}<br />
|<br />
* fixes bug where some [[Cydia Application|Cydia]] repositories could not be added and downloaded from<br />
|-<br />
! 1.4<br />
| {{date|2010|01|26}}<br />
|<br />
* Fixed vital bug where deb files may not be added to the right place<br />
* Add iPod touch<br />
* Fixes issues with iPhone 3GS<br />
|-<br />
! 1.5<br />
| {{date|2010|02|05}}<br />
|<br />
* Jailbreaks iOS 3.1.3<br />
* Removed verbose mode support<br />
|-<br />
! 1.5.1<br />
| {{date|2010|02|07}}<br />
|<br />
* Removed [[blacksn0w]] due to CommCenter issues<br />
* Supports iPod touch (2nd generation)<br />
* Fixes YouTube app issues<br />
|-<br />
! 1.5.2<br />
| {{date|2010|03|21}}<br />
|<br />
* Reintegrated [[blacksn0w]]<br />
|}<br />
<br />
=== 4.X ===<br />
{| class="wikitable"<br />
! Version<br />
! Release date<br />
! Changes<br />
|-<br />
! 1.6<br />
| {{date|2010|06|24}}<br />
|<br />
* Jailbreaks iOS 4.0 only.<br />
* Removed [[ultrasn0w]] integration. (Due to MuscleNerd's request citing version management issues. Install it through the "custom packages" feature instead.)<br />
* Removed "sn0wbreeze App" integration (discontinued)<br />
|-<br />
! 1.6.1<br />
| {{date|2010|06|24}}<br />
| <br />
* ?<br />
|-<br />
! 1.7<br />
| {{date|2010|07|06}}<br />
|<br />
* Added support for new bootroms in the form of a [[tethered jailbreak]] with [[iBooty]].<br />
|-<br />
! 1.8 Beta<br />
| {{date|2010|07|16}}<br />
|<br />
* Only for iOS 4.1 beta.<br />
* Doesn't support [[hacktivation]].<br />
|-<br />
! 2.0<br />
| rowspan="2" | {{date|2010|09|22}}<br />
|<br />
* Added support for "MC model" [[N72AP|iPod touch (2nd generation)]] ([[Tethered jailbreak|tethered]] using [[usb_control_msg(0xA1, 1) Exploit]])<br />
* Added Support for [[N18AP|iPod touch (3rd generation)]] and [[N88AP|iPhone 3GS]] ([[Bootrom 359.3.2|new bootrom]]) on iOS 3.1.2<br />
* GUI improvements<br />
* Backwards compatible with 3.1.X<br />
|-<br />
! 2.0.1<br />
|<br />
* Fix for Error 37<br />
|-<br />
! 2.0.2<br />
| {{date|2010|09|25}}<br />
|<br />
* Fixes for Error 37 and hacktivation.<br />
|-<br />
! 2.1<br />
| {{date|2010|11|13}}<br />
|<br />
* Jailbreaks iOS 3.2.2/4.1.<br />
* Implemented [[usb_control_msg(0xA1, 1) Exploit|steaks4uce]] and [[limera1n]] exploits.<br />
* Added support for all iOS devices (except [[M68AP|iPhone]] and [[N45AP|iPod touch]])<br />
|-<br />
! 2.2r1<br />
| rowspan="2" | {{date|2011|02|15}}<br />
|<br />
* Jailbreaks iOS 4.2.1.<br />
* A new "Baseband Preservation Mode", which allows upgrade without updating the baseband (as usual), but without jailbreaking ([http://twitter.com/iH8sn0w/status/19249886721478656 announced on Dec 27])<br />
|-<br />
! 2.2r2<br />
|<br />
* Includes a fix for iBooks.<br />
|-<br />
! 2.2r3<br />
| {{date|2011|02|18}}<br />
|<br />
* Fixes iBooks issues on devices still having issues.<br />
|-<br />
! 2.2.1<br />
| {{date|2011|02|20}}<br />
|<br />
* Fixes for the [[N92AP|iPhone 4 (iPhone3,3)]]<br />
* Definitely fixes iBooks.<br />
* Drag and drop [[IPSW File Format|IPSWs]].<br />
* Fixes issues with Windows Classic.<br />
|-<br />
! 2.3b1<br />
| {{date|2011|03|13}}<br />
|<br />
* "For people that want to play around with 4.3 or preserve their baseband. It's BETA for a reason."<br />
|-<br />
! 2.3b2<br />
| {{date|2011|03|17}}<br />
|<br />
* Adds Multitasking Gestures option in Settings App.<br />
* [[iBooty]] bug fixes (includes [[iBSS]] issues).<br />
* [[iBooty]] is even faster.<br />
* [[Mobile Substrate]] is now working.<br />
* Sleep bug in [[IPod touch|iPod touches]] is fixed.<br />
* Rare [[K48AP|iPad]] issues resolved.<br />
* Added [[iREB]] to top bar for future re-runs within [[sn0wbreeze]].<br />
* [[ultrasn0w]] is still broken.<br />
|-<br />
! 2.3b3<br />
| {{date|2011|03|18}}<br />
|<br />
* Fixed [[N81AP|iPod touch (4th generation)]] [[iBooty]] issues.<br />
|-<br />
! 2.3b4<br />
| rowspan="2" | {{date|2011|03|19}}<br />
|<br />
* [[ultrasn0w]] now works for basebands ([[01.59.00]] / [[04.26.08]] / [[05.11.07]] / [[05.12.01]] / [[05.13.04]] / [[06.15.00]])<br />
* Fixed minor GUI + [[iBooty]] bugs.<br />
|-<br />
|-<br />
! 2.4b1<br />
|<br />
* iOS 4.3.1 is now supported<br />
|-<br />
! 2.5<br />
| {{date|2011|04|03}}<br />
|<br />
* Jailbreaks all iOS 4.3.1 compatible device (except [[iPad 2]]).<br />
|-<br />
! 2.5.1<br />
| {{date|2011|04|06}}<br />
|<br />
* Cydia 1.1.1 is now pre-installed.<br />
* iPhone 3GS users can now flash the iPad 06.15.00 baseband.<br />
* Animate (Animated Boot Logos) by the Chronic Dev-Team is now supported.<br />
* Added afc2 Apple TV (2nd generation) is now fully supported.<br />
* Added Apple TV (2nd generation) DFU Instructions.<br />
* YouTube issues resolved on hacktivated devices.<br />
* iPhone 3GS old-bootrom issues fixed (Error 37).<br />
|-<br />
! 2.6<br />
| {{date|2011|04|19}}<br />
|<br />
* Jailbreaks all iOS 4.3.2/4.2.7 compatible devices (except [[iPad 2]]).<br />
* Updated to support i0n1c's 4.3.2/4.2.7 untether.<br />
* Multitasking Gestures enabled as usual.<br />
|-<br />
! 2.7<br />
| {{date|2011|05|06}}<br />
|<br />
* Jailbreaks all iOS 4.3.3/4.2.8 compatible devices (except [[iPad 2]]).<br />
* Updated to support i0n1c's 4.3.3/4.2.8 untether.<br />
|-<br />
! 2.7.1<br />
| {{date|2011|05|08}}<br />
|<br />
* Jailbreaks all iOS 4.3.3/4.2.8 compatible devices (except [[iPad 2]]).<br />
* Updated i0n1c's untethering exploit to resolve issues with iPhones and the mute switch.<br />
* A rerelease of 2.7.1 shrunk the file size significantly.<br />
|-<br />
! 2.7.2<br />
| {{date|2011|05|11}}<br />
|<br />
* This version adds support for iOS 4.3 Build 8F305 on the Apple TV (2nd generation).<br />
|-<br />
! 2.7.3<br />
| {{date|2011|05|13}}<br />
|<br />
* Fixed Pacman<br />
|}<br />
<br />
=== 5.X ===<br />
{| class="wikitable"<br />
! Version<br />
! Release date<br />
! Changes<br />
|-<br />
! 2.8b1<br />
| {{date|2011|06|12}}<br />
|<br />
* Jailbreaks iOS 5 beta (for developers)<br />
|-<br />
! 2.8b2<br />
| {{date|2011|06|18}} (?)<br />
|<br />
* The jailbreak for iOS 5.0b on the [[N88AP|iPhone 3GS]] ([[Bootrom 359.3|old bootrom]]) is now [[untethered jailbreak|untethered]].<br />
|-<br />
! 2.8b3.5<br />
| {{date|2011|06|26}}<br />
|<br />
* Now jailbreaks iOS 5 (beta 2)<br />
* Intended for developers ONLY!<br />
* Does not Hacktivate or add afc2 in this release to prevent piracy.<br />
* iPhone 3GS old bootrom users have an untethered boot.<br />
* Now only 15MB :)<br />
* [http://pastie.org/2123276 release notes]<br />
|-<br />
! 2.8b4<br />
| {{date|2011|07|11}}<br />
|<br />
* Intended only for developers (as usual).<br />
* Hacktivation is disabled (again).<br />
* MAKE SURE YOU UPDATE TO iTunes 10.5 BETA 3!<br />
* [http://pastie.org/2199509 release notes]<br />
|-<br />
! 2.8b5<br />
| {{date|2011|08|17}}<br />
| <br />
* Now supports iOS 5 beta 5 (9A5228d).<br />
* Added Hacktivation ability.<br />
* Added option to remove [[UDID]] developer check + beta timer.<br />
* Finally decided to fix Baseband preservation standalone mode.<br />
* Tethered devices are booted via iBooty.<br />
* Re-added afc2.<br />
* [http://pastie.org/2389351 release notes]<br />
|-<br />
! 2.8b6<br />
| {{date|2011|08|20}}<br />
| <br />
* Now supports iOS 5 beta 6.<br />
* Still removes [[UDID]] developer check + beta timer<br />
* Still has the ability to hacktivate.<br />
* Still preserves the baseband (as always).<br />
* [http://pastie.org/2405111 release notes]<br />
|-<br />
! 2.8b7<br />
| {{date|2011|09|01}}<br />
| <br />
* Now jailbreaks iOS 5 beta 7.<br />
* Still removes [[UDID]] Developer check + Beta timer.<br />
* Still has the ability to hacktivate.<br />
* Still preserves the [[baseband]] (as always!).<br />
* [http://pastie.org/2469158 release notes]<br />
|-<br />
! 2.8b8<br />
| {{date|2011|10|04}}<br />
| <br />
* INSTANT IPSW detection (seriously!).<br />
* Now jailbreaks iOS 5 Gold Master (9A334).<br />
* Now jailbreaks iOS 5 (9A334).<br />
* UDID Developer check removal is no longer needed.<br />
* Still has the ability to hacktivate. <br />
* Still preserves the baseband (as always!). <br />
* [http://pastie.org/2641544 release notes]<br />
|-<br />
! 2.8b9<br />
| {{date|2011|11|03}}<br />
| <br />
* Supports iOS 5.0 (9A334)/5.0.1-b1 (9A402)<br />
* Fixed iBooks sandbox crashing issues.<br />
* Fixed location services issues with iPhone 3GS users running the iPad baseband.<br />
* Re-added iPad baseband install option to iPhone 3GS. <br />
* Removes UDID requirement/Beta timer in 5.0.1.<br />
* Tethered devices are booted via iBooty which is extracted to the Desktop after running sn0wbreeze.<br />
* If on an [[N88AP|iPhone 3GS]], always reflash the [[K66AP|iPad]] baseband when running [[iOS]] 5.0+<br />
* [http://pastie.org/2807967 release notes]<br />
|-<br />
! 2.8b10<br />
| {{date|2011|11|05}}<br />
| <br />
* Supports iOS 5.0 (9A334)/5.0.1-b2 (9A404)<br />
* Fixed iBooks sandbox crashing issues (as of 2.8b9).<br />
* Fixed location services issues with iPhone 3GS users running the iPad baseband (as of 2.8b9).<br />
* Re-added iPad baseband install option to iPhone 3GS.<br />
* Removes UDID requirement/Beta timer in 5.0.1.<br />
* Tethered devices are booted via iBooty which is extracted to the Desktop after running sn0wbreeze.<br />
* [http://pastie.org/2812951 release notes]<br />
|-<br />
! 2.8b11<br />
| {{date|2011|11|10}}<br />
| <br />
* Supports iOS 5.0 (9A334)/5.0.1 (9A405)<br />
* Fixed iBooks sandbox crashing issues (as of 2.8b9).<br />
* Fixed location services issues with iPhone 3GS users running the iPad baseband (as of 2.8b9).<br />
* Re-added iPad baseband install option to iPhone 3GS.<br />
* Tethered devices are booted via iBooty which is extracted to the Desktop after running sn0wbreeze.<br />
* iPhone 3GS iPad baseband (06.15.00) users: Re-flash the iPad baseband via sn0wbreeze if you restore(d) to a stock 5.0 firmware.<br />
* [http://pastie.org/2844818 release notes]<br />
|-<br />
! 2.9<br />
| {{date|2012|01|16}}<br />
| <br />
* Happy birthday sn0wbreeze!<br />
* Brought back old firmware support in one release!<br />
* GUI Improvements<br />
* You can now build IPSWs with TinyUmbrella/iFaith blobs!<br />
* Removes OTA Updates/badge on iOS 5.x.x+ devices.<br />
* Added an IPSW Downloader<br />
* Built-in iREB functionality updated from newest iREB r5 module.<br />
* Custom Packages in Expert actually works now. :P<br />
* All supported firmwares in this release are untethered.<br />
* A5 devices are NOT supported at this time due to no public DFU/iBoot exploit.<br />
* Supports iOS 3.1.3<br />
* Supports iOS 3.2.x<br />
* Supports iOS 4.0.x<br />
* Supports iOS 4.1<br />
* Supports iOS 4.2.1 - 4.2.8<br />
* Supports iOS 4.3 - 4.3.3<br />
* Supports iOS 5.0.1<br />
* A rerelease fixed the [[IPSW File Format|IPSW]] download [https://twitter.com/#!/iH8sn0w/status/159133836695977987 bug]<br />
* [http://blog.ih8sn0w.com/2012/01/happy-birthday-sn0wbreeze.html release notes]<br />
|-<br />
! 2.9.1<br />
| {{date|2012|01|19}}<br />
| <br />
* iPhone 3G never flashed the iPad baseband when chosen.<br />
* Fixed PRAM issues.<br />
|-<br />
! 2.9.2<br />
| {{date|2012|03|09}}<br />
| <br />
* Added [[tethered jailbreak]] support for iOS 5.1 on [[limera1n Exploit|limera1n]]-vulnerable devices.<br />
* Bug fixes (specifically with baseband [[06.15.00]] and iPhone).<br />
* Re-added [[BootNeuter]].<br />
* [http://blog.ih8sn0w.com/2012/03/sn0wbreeze-v292.html release notes]<br />
|-<br />
! 2.9.3<br />
| {{date|2012|03|12}}<br />
| <br />
* Added Apple TV (2nd generation) support for iOS 4.4.3/4.4.4.<br />
* Fixed rare issues with iOS 5.0.1 where it would halt on the Apple logo upon boot.<br />
* [http://blog.ih8sn0w.com/2012/03/sn0wbreeze-v293.html release notes]<br />
|-<br />
! 2.9.4<br />
| {{date|2012|05|25}}<br />
| <br />
* Added the 5.1.1/9B206 [[Untethered jailbreak|untether]] that was released with today's [[absinthe]] update. <br />
* Added 5.0/9B206f ([[K66AP|Apple TV (2nd generation)]]) support.<br />
* Minor UI changes (thanks @[https://twitter.com/icj_ icj_]!).<br />
* Bug Fixes.<br />
* [http://blog.ih8sn0w.com/2012/05/sn0wbreeze-v294.html release notes]<br />
|-<br />
! 2.9.5<br />
| {{date|2012|03|27}}<br />
| <br />
* Added 5.1.1/9B208 untether payload for the [[N90BAP|iPhone 4 (iPhone3,1)]].<br />
* Added iPhone 3GS (iPad Baseband users) location services fix.<br />
* [http://blog.ih8sn0w.com/2012/05/sn0wbreeze-v295.html release notes]<br />
|-<br />
! 2.9.6<br />
| {{date|2012|06|06}}<br />
| <br />
* Added 5.0.2/9B830 [[K66AP|Apple TV (2nd generation)]] [[Untethered jailbreak|untether]] payload. (Thanks @planetbeing & @nitoTV)<br />
* Apple TV (2nd generation) users can now resize their root partition.<br />
* [http://blog.ih8sn0w.com/2012/06/sn0wbreeze-v296.html release notes]<br />
|}<br />
<br />
=== 6.X ===<br />
{| class="wikitable"<br />
! Version<br />
! Release date<br />
! Changes<br />
|-<br />
|-<br />
! 2.9.7<br />
| {{date|2012|01|12}}<br />
| <br />
* The 6.0/6.0.1 is currently a tethered based jailbreak via iBooty except for iPhone 3GS old bootrom users.<br />
* SAM is built-in for iOS 6 hacktivations. Hacktivated phones can reboot to a semi-tethered state after being activated rather than just hang at the Apple Logo.<br />
* Added 6.0 (10A403)/6.0.1 (10A523) support. Only includes iPhone 3GS & A4 devices.<br />
* [http://blog.ih8sn0w.com/2012/11/sn0wbreeze-v297.html release notes]<br />
|-<br />
! 2.9.8<br />
| {{date|2013|02|04}}<br />
| <br />
* Added 5.2/6.0.x/6.1 untethers provided by [[evad3rs]]<br />
* Added iOS 6.1 support for iPhone 3GS, and A4 devices.<br />
* Fixed Hacktivation issues on 6.0.x.<br />
* Fixed some iFaith mode bugs.<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html release notes]<br />
|-<br />
! 2.9.9<br />
| {{date|2013|02|10}}<br />
| <br />
* Fixed issue with device not showing up in iTunes/xcode.<br />
* Fixed bug when building iPhone 4 (iPhone3,2) IPSW.<br />
* Apple TV (2nd generation) bug fixes.<br />
* Now adds evasi0n untether directly to Cydia (for future updates).<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|-<br />
! 2.9.10<br />
| {{date|2013|02|22}}<br />
| <br />
* Added iOS 6.1.2 support for 3GS/A4 devices.<br />
* Added Apple TV (2nd generation) iOS 5.2 sandbox fix.<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|-<br />
! 2.9.11<br />
| {{date|2013|02|24}}<br />
| <br />
* Fixed bug with Cydia having “compatibility-issues” with the untether package on 6.1.2.<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|-<br />
! 2.9.12<br />
| {{date|2013|03|10}}<br />
| <br />
* Finally fully fixed iPhone3,2 limera1n payload injection issues.<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|-<br />
! 2.9.13<br />
| {{date|2013|03|11}}<br />
| <br />
* Ugh. More rootfs bug fixes.<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|-<br />
! 2.9.14<br />
| {{date|2013|04|11}}<br />
| <br />
* After Cydia's mishap with aptickets from 6.0 --> 6.1.2 (causing soft-dfu loops), sn0wbreeze now includes an apticket validation. It will verify the apticket after browsing for iOS5+ blobs in iFaith mode.<br />
* Added tethered support for A4 devices on iOS 6.1.3 (3GS old bootroms are untethered as usual).<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|}<br />
<br />
== Resources ==<br />
*[https://github.com/iH8sn0w/sn0wbreezedl/archive/master.zip Download sn0wbreeze]<br />
<br />
[[Category:Hacking Software]]<br />
[[Category:GUI Tools]]<br />
[[Category:Jailbreaks]]<br />
[[Category:Jailbreaking]]<br />
[[Category:Downgrading]]</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=Sn0wbreeze&diff=118406Sn0wbreeze2021-10-09T18:07:01Z<p>AknipGD: </p>
<hr />
<div>{{lowercase}}<br />
{{Infobox software<br />
| name = sn0wbreeze<br />
| title = sn0wbreeze<br />
| logo = [[File:sn0wbreeze_logo.png]]<br />
| screenshot = [[File:sn0wbreeze.png|300px]]<br />
| caption = sn0wbreeze 2.9<br />
| author = [[User:ih8sn0w|iH8sn0w]]<br />
| developer = iH8sn0w<br />
| released = 1.0b / {{Start date|2010|01|13|df=yes}}<br />1.0 / {{Start date|2010|01|16|df=yes}}<br />
| discontinued = <br />
| latest release version = 2.9.14<br />
| latest release date = {{Start date and age|2013|04|11|df=yes}}<br />
| latest preview version = 2.8b11<br />
| latest preview date = {{Start date and age|2011|11|10|df=yes}}<br />
| programming language = [[wikipedia:C Sharp (programming language)|C#]] <small>([[wikipedia:Visual Basic .NET|VB .NET]] through 2.8b4)</small><br />
| operating system = [[wikipedia:Microsoft Windows|Microsoft Windows]]<br />
| platform = <br />
| size = 23,361,564 bytes (22.2 MiB) [ZIP]<br />26,883,072 (25.6 MiB) [EXE]<br />
| language = [[wikipedia:English language|English]]<br />
| status = Abandoned<br />
| genre = Jailbreaking<br />
| license = [[wikipedia:GNU General Public License#Version 3|GNU GPL v3]]<br />
| website = [http://ih8sn0w.com/ ih8sn0w.com]<br />
}}<br />
<br />
'''sn0wbreeze''' is a tool used to create custom [[IPSW File Format|IPSW]]s to restore, similar to [[PwnageTool]]. Can be used to jailbreak and unlock when making the custom IPSW. This is a GUI of [[XPwn]] for Windows written in C# (previously Visual Basic) and is developed by [[User:ih8sn0w|iH8sn0w]]. It is released under GPL v3 license, and previous versions source are available on [https://github.com/iH8sn0w/sn0wbreeze GitHub], however this violates the GPL.<br />
<br />
To restore to custom firmwares you will need a version of [[iTunes]] BEFORE 11.1. As of iTunes 11.1, iTunes rehashes the firmware used.<br />
<br />
{{float toc|left}}<br />
<br />
{{clear}}<br />
<br />
== Versions ==<br />
[[sn0wbreeze]] was first released {{date|2010|01|13}} as a beta version. The following versions that are shown here are official, and sorted by compatibility with iOS revisions.<br />
<br />
=== 3.X ===<br />
{| class="wikitable"<br />
! Version<br />
! Release date<br />
! Changes<br />
|-<br />
! Public Beta<br />
| {{date|2010|01|13}}<br />
|<br />
* Initial release<br />
* Jailbreaks iOS 3.1.2<br />
* Only allows you to be able to select simple mode<br />
* Taken down due to copyright issues with [[XPwn]]<br />
|-<br />
! 1.0<br />
| {{date|2010|01|16}}<br />
|<br />
* Official release of sn0wbreeze<br />
|-<br />
! 1.1<br />
| {{date|2010|01|19}}<br />
|<br />
* Fixes [[Cydia Application|Cydia]] problems<br />
* Fixes problems with [[NOR]] on [[S5L8900]] devices<br />
* Fixes custom packages not being installed<br />
|-<br />
! 1.2<br />
| {{date|2010|01|21}}<br />
|<br />
* GUI fixes<br />
* Fixed even more [[Cydia Application|Cydia]] problems<br />
|-<br />
! 1.3<br />
| {{date|2010|01|23}}<br />
|<br />
* fixes bug where some [[Cydia Application|Cydia]] repositories could not be added and downloaded from<br />
|-<br />
! 1.4<br />
| {{date|2010|01|26}}<br />
|<br />
* Fixed vital bug where deb files may not be added to the right place<br />
* Add iPod touch<br />
* Fixes issues with iPhone 3GS<br />
|-<br />
! 1.5<br />
| {{date|2010|02|05}}<br />
|<br />
* Jailbreaks iOS 3.1.3<br />
* Removed verbose mode support<br />
|-<br />
! 1.5.1<br />
| {{date|2010|02|07}}<br />
|<br />
* Removed [[blacksn0w]] due to CommCenter issues<br />
* Supports iPod touch (2nd generation)<br />
* Fixes YouTube app issues<br />
|-<br />
! 1.5.2<br />
| {{date|2010|03|21}}<br />
|<br />
* Reintegrated [[blacksn0w]]<br />
|}<br />
<br />
=== 4.X ===<br />
{| class="wikitable"<br />
! Version<br />
! Release date<br />
! Changes<br />
|-<br />
! 1.6<br />
| {{date|2010|06|24}}<br />
|<br />
* Jailbreaks iOS 4.0 only.<br />
* Removed [[ultrasn0w]] integration. (Due to MuscleNerd's request citing version management issues. Install it through the "custom packages" feature instead.)<br />
* Removed "sn0wbreeze App" integration (discontinued)<br />
|-<br />
! 1.6.1<br />
| {{date|2010|06|24}}<br />
| <br />
* ?<br />
|-<br />
! 1.7<br />
| {{date|2010|07|06}}<br />
|<br />
* Added support for new bootroms in the form of a [[tethered jailbreak]] with [[iBooty]].<br />
|-<br />
! 1.8 Beta<br />
| {{date|2010|07|16}}<br />
|<br />
* Only for iOS 4.1 beta.<br />
* Doesn't support [[hacktivation]].<br />
|-<br />
! 2.0<br />
| rowspan="2" | {{date|2010|09|22}}<br />
|<br />
* Added support for "MC model" [[N72AP|iPod touch (2nd generation)]] ([[Tethered jailbreak|tethered]] using [[usb_control_msg(0xA1, 1) Exploit]])<br />
* Added Support for [[N18AP|iPod touch (3rd generation)]] and [[N88AP|iPhone 3GS]] ([[Bootrom 359.3.2|new bootrom]]) on iOS 3.1.2<br />
* GUI improvements<br />
* Backwards compatible with 3.1.X<br />
|-<br />
! 2.0.1<br />
|<br />
* Fix for Error 37<br />
|-<br />
! 2.0.2<br />
| {{date|2010|09|25}}<br />
|<br />
* Fixes for Error 37 and hacktivation.<br />
|-<br />
! 2.1<br />
| {{date|2010|11|13}}<br />
|<br />
* Jailbreaks iOS 3.2.2/4.1.<br />
* Implemented [[usb_control_msg(0xA1, 1) Exploit|steaks4uce]] and [[limera1n]] exploits.<br />
* Added support for all iOS devices (except [[M68AP|iPhone]] and [[N45AP|iPod touch]])<br />
|-<br />
! 2.2r1<br />
| rowspan="2" | {{date|2011|02|15}}<br />
|<br />
* Jailbreaks iOS 4.2.1.<br />
* A new "Baseband Preservation Mode", which allows upgrade without updating the baseband (as usual), but without jailbreaking ([http://twitter.com/iH8sn0w/status/19249886721478656 announced on Dec 27])<br />
|-<br />
! 2.2r2<br />
|<br />
* Includes a fix for iBooks.<br />
|-<br />
! 2.2r3<br />
| {{date|2011|02|18}}<br />
|<br />
* Fixes iBooks issues on devices still having issues.<br />
|-<br />
! 2.2.1<br />
| {{date|2011|02|20}}<br />
|<br />
* Fixes for the [[N92AP|iPhone 4 (iPhone3,3)]]<br />
* Definitely fixes iBooks.<br />
* Drag and drop [[IPSW File Format|IPSWs]].<br />
* Fixes issues with Windows Classic.<br />
|-<br />
! 2.3b1<br />
| {{date|2011|03|13}}<br />
|<br />
* "For people that want to play around with 4.3 or preserve their baseband. It's BETA for a reason."<br />
|-<br />
! 2.3b2<br />
| {{date|2011|03|17}}<br />
|<br />
* Adds Multitasking Gestures option in Settings App.<br />
* [[iBooty]] bug fixes (includes [[iBSS]] issues).<br />
* [[iBooty]] is even faster.<br />
* [[Mobile Substrate]] is now working.<br />
* Sleep bug in [[IPod touch|iPod touches]] is fixed.<br />
* Rare [[K48AP|iPad]] issues resolved.<br />
* Added [[iREB]] to top bar for future re-runs within [[sn0wbreeze]].<br />
* [[ultrasn0w]] is still broken.<br />
|-<br />
! 2.3b3<br />
| {{date|2011|03|18}}<br />
|<br />
* Fixed [[N81AP|iPod touch (4th generation)]] [[iBooty]] issues.<br />
|-<br />
! 2.3b4<br />
| rowspan="2" | {{date|2011|03|19}}<br />
|<br />
* [[ultrasn0w]] now works for basebands ([[01.59.00]] / [[04.26.08]] / [[05.11.07]] / [[05.12.01]] / [[05.13.04]] / [[06.15.00]])<br />
* Fixed minor GUI + [[iBooty]] bugs.<br />
|-<br />
|-<br />
! 2.4b1<br />
|<br />
* iOS 4.3.1 is now supported<br />
|-<br />
! 2.5<br />
| {{date|2011|04|03}}<br />
|<br />
* Jailbreaks all iOS 4.3.1 compatible device (except [[iPad 2]]).<br />
|-<br />
! 2.5.1<br />
| {{date|2011|04|06}}<br />
|<br />
* Cydia 1.1.1 is now pre-installed.<br />
* iPhone 3GS users can now flash the iPad 06.15.00 baseband.<br />
* Animate (Animated Boot Logos) by the Chronic Dev-Team is now supported.<br />
* Added afc2 Apple TV (2nd generation) is now fully supported.<br />
* Added Apple TV (2nd generation) DFU Instructions.<br />
* YouTube issues resolved on hacktivated devices.<br />
* iPhone 3GS old-bootrom issues fixed (Error 37).<br />
|-<br />
! 2.6<br />
| {{date|2011|04|19}}<br />
|<br />
* Jailbreaks all iOS 4.3.2/4.2.7 compatible devices (except [[iPad 2]]).<br />
* Updated to support i0n1c's 4.3.2/4.2.7 untether.<br />
* Multitasking Gestures enabled as usual.<br />
|-<br />
! 2.7<br />
| {{date|2011|05|06}}<br />
|<br />
* Jailbreaks all iOS 4.3.3/4.2.8 compatible devices (except [[iPad 2]]).<br />
* Updated to support i0n1c's 4.3.3/4.2.8 untether.<br />
|-<br />
! 2.7.1<br />
| {{date|2011|05|08}}<br />
|<br />
* Jailbreaks all iOS 4.3.3/4.2.8 compatible devices (except [[iPad 2]]).<br />
* Updated i0n1c's untethering exploit to resolve issues with iPhones and the mute switch.<br />
* A rerelease of 2.7.1 shrunk the file size significantly.<br />
|-<br />
! 2.7.2<br />
| {{date|2011|05|11}}<br />
|<br />
* This version adds support for iOS 4.3 Build 8F305 on the Apple TV (2nd generation).<br />
|-<br />
! 2.7.3<br />
| {{date|2011|05|13}}<br />
|<br />
* Fixed Pacman<br />
|}<br />
<br />
=== 5.X ===<br />
{| class="wikitable"<br />
! Version<br />
! Release date<br />
! Changes<br />
|-<br />
! 2.8b1<br />
| {{date|2011|06|12}}<br />
|<br />
* Jailbreaks iOS 5 beta (for developers)<br />
|-<br />
! 2.8b2<br />
| {{date|2011|06|18}} (?)<br />
|<br />
* The jailbreak for iOS 5.0b on the [[N88AP|iPhone 3GS]] ([[Bootrom 359.3|old bootrom]]) is now [[untethered jailbreak|untethered]].<br />
|-<br />
! 2.8b3.5<br />
| {{date|2011|06|26}}<br />
|<br />
* Now jailbreaks iOS 5 (beta 2)<br />
* Intended for developers ONLY!<br />
* Does not Hacktivate or add afc2 in this release to prevent piracy.<br />
* iPhone 3GS old bootrom users have an untethered boot.<br />
* Now only 15MB :)<br />
* [http://pastie.org/2123276 release notes]<br />
|-<br />
! 2.8b4<br />
| {{date|2011|07|11}}<br />
|<br />
* Intended only for developers (as usual).<br />
* Hacktivation is disabled (again).<br />
* MAKE SURE YOU UPDATE TO iTunes 10.5 BETA 3!<br />
* [http://pastie.org/2199509 release notes]<br />
|-<br />
! 2.8b5<br />
| {{date|2011|08|17}}<br />
| <br />
* Now supports iOS 5 beta 5 (9A5228d).<br />
* Added Hacktivation ability.<br />
* Added option to remove [[UDID]] developer check + beta timer.<br />
* Finally decided to fix Baseband preservation standalone mode.<br />
* Tethered devices are booted via iBooty.<br />
* Re-added afc2.<br />
* [http://pastie.org/2389351 release notes]<br />
|-<br />
! 2.8b6<br />
| {{date|2011|08|20}}<br />
| <br />
* Now supports iOS 5 beta 6.<br />
* Still removes [[UDID]] developer check + beta timer<br />
* Still has the ability to hacktivate.<br />
* Still preserves the baseband (as always).<br />
* [http://pastie.org/2405111 release notes]<br />
|-<br />
! 2.8b7<br />
| {{date|2011|09|01}}<br />
| <br />
* Now jailbreaks iOS 5 beta 7.<br />
* Still removes [[UDID]] Developer check + Beta timer.<br />
* Still has the ability to hacktivate.<br />
* Still preserves the [[baseband]] (as always!).<br />
* [http://pastie.org/2469158 release notes]<br />
|-<br />
! 2.8b8<br />
| {{date|2011|10|04}}<br />
| <br />
* INSTANT IPSW detection (seriously!).<br />
* Now jailbreaks iOS 5 Gold Master (9A334).<br />
* Now jailbreaks iOS 5 (9A334).<br />
* UDID Developer check removal is no longer needed.<br />
* Still has the ability to hacktivate. <br />
* Still preserves the baseband (as always!). <br />
* [http://pastie.org/2641544 release notes]<br />
|-<br />
! 2.8b9<br />
| {{date|2011|11|03}}<br />
| <br />
* Supports iOS 5.0 (9A334)/5.0.1-b1 (9A402)<br />
* Fixed iBooks sandbox crashing issues.<br />
* Fixed location services issues with iPhone 3GS users running the iPad baseband.<br />
* Re-added iPad baseband install option to iPhone 3GS. <br />
* Removes UDID requirement/Beta timer in 5.0.1.<br />
* Tethered devices are booted via iBooty which is extracted to the Desktop after running sn0wbreeze.<br />
* If on an [[N88AP|iPhone 3GS]], always reflash the [[K66AP|iPad]] baseband when running [[iOS]] 5.0+<br />
* [http://pastie.org/2807967 release notes]<br />
|-<br />
! 2.8b10<br />
| {{date|2011|11|05}}<br />
| <br />
* Supports iOS 5.0 (9A334)/5.0.1-b2 (9A404)<br />
* Fixed iBooks sandbox crashing issues (as of 2.8b9).<br />
* Fixed location services issues with iPhone 3GS users running the iPad baseband (as of 2.8b9).<br />
* Re-added iPad baseband install option to iPhone 3GS.<br />
* Removes UDID requirement/Beta timer in 5.0.1.<br />
* Tethered devices are booted via iBooty which is extracted to the Desktop after running sn0wbreeze.<br />
* [http://pastie.org/2812951 release notes]<br />
|-<br />
! 2.8b11<br />
| {{date|2011|11|10}}<br />
| <br />
* Supports iOS 5.0 (9A334)/5.0.1 (9A405)<br />
* Fixed iBooks sandbox crashing issues (as of 2.8b9).<br />
* Fixed location services issues with iPhone 3GS users running the iPad baseband (as of 2.8b9).<br />
* Re-added iPad baseband install option to iPhone 3GS.<br />
* Tethered devices are booted via iBooty which is extracted to the Desktop after running sn0wbreeze.<br />
* iPhone 3GS iPad baseband (06.15.00) users: Re-flash the iPad baseband via sn0wbreeze if you restore(d) to a stock 5.0 firmware.<br />
* [http://pastie.org/2844818 release notes]<br />
|-<br />
! 2.9<br />
| {{date|2012|01|16}}<br />
| <br />
* Happy birthday sn0wbreeze!<br />
* Brought back old firmware support in one release!<br />
* GUI Improvements<br />
* You can now build IPSWs with TinyUmbrella/iFaith blobs!<br />
* Removes OTA Updates/badge on iOS 5.x.x+ devices.<br />
* Added an IPSW Downloader<br />
* Built-in iREB functionality updated from newest iREB r5 module.<br />
* Custom Packages in Expert actually works now. :P<br />
* All supported firmwares in this release are untethered.<br />
* A5 devices are NOT supported at this time due to no public DFU/iBoot exploit.<br />
* Supports iOS 3.1.3<br />
* Supports iOS 3.2.x<br />
* Supports iOS 4.0.x<br />
* Supports iOS 4.1<br />
* Supports iOS 4.2.1 - 4.2.8<br />
* Supports iOS 4.3 - 4.3.3<br />
* Supports iOS 5.0.1<br />
* A rerelease fixed the [[IPSW File Format|IPSW]] download [https://twitter.com/#!/iH8sn0w/status/159133836695977987 bug]<br />
* [http://blog.ih8sn0w.com/2012/01/happy-birthday-sn0wbreeze.html release notes]<br />
|-<br />
! 2.9.1<br />
| {{date|2012|01|19}}<br />
| <br />
* iPhone 3G never flashed the iPad baseband when chosen.<br />
* Fixed PRAM issues.<br />
|-<br />
! 2.9.2<br />
| {{date|2012|03|09}}<br />
| <br />
* Added [[tethered jailbreak]] support for iOS 5.1 on [[limera1n Exploit|limera1n]]-vulnerable devices.<br />
* Bug fixes (specifically with baseband [[06.15.00]] and iPhone).<br />
* Re-added [[BootNeuter]].<br />
* [http://blog.ih8sn0w.com/2012/03/sn0wbreeze-v292.html release notes]<br />
|-<br />
! 2.9.3<br />
| {{date|2012|03|12}}<br />
| <br />
* Added Apple TV (2nd generation) support for iOS 4.4.3/4.4.4.<br />
* Fixed rare issues with iOS 5.0.1 where it would halt on the Apple logo upon boot.<br />
* [http://blog.ih8sn0w.com/2012/03/sn0wbreeze-v293.html release notes]<br />
|-<br />
! 2.9.4<br />
| {{date|2012|05|25}}<br />
| <br />
* Added the 5.1.1/9B206 [[Untethered jailbreak|untether]] that was released with today's [[absinthe]] update. <br />
* Added 5.0/9B206f ([[K66AP|Apple TV (2nd generation)]]) support.<br />
* Minor UI changes (thanks @[https://twitter.com/icj_ icj_]!).<br />
* Bug Fixes.<br />
* [http://blog.ih8sn0w.com/2012/05/sn0wbreeze-v294.html release notes]<br />
|-<br />
! 2.9.5<br />
| {{date|2012|03|27}}<br />
| <br />
* Added 5.1.1/9B208 untether payload for the [[N90BAP|iPhone 4 (iPhone3,1)]].<br />
* Added iPhone 3GS (iPad Baseband users) location services fix.<br />
* [http://blog.ih8sn0w.com/2012/05/sn0wbreeze-v295.html release notes]<br />
|-<br />
! 2.9.6<br />
| {{date|2012|06|06}}<br />
| <br />
* Added 5.0.2/9B830 [[K66AP|Apple TV (2nd generation)]] [[Untethered jailbreak|untether]] payload. (Thanks @planetbeing & @nitoTV)<br />
* Apple TV (2nd generation) users can now resize their root partition.<br />
* [http://blog.ih8sn0w.com/2012/06/sn0wbreeze-v296.html release notes]<br />
|}<br />
<br />
=== 6.X ===<br />
{| class="wikitable"<br />
! Version<br />
! Release date<br />
! Changes<br />
|-<br />
|-<br />
! 2.9.7<br />
| {{date|2012|01|12}}<br />
| <br />
* The 6.0/6.0.1 is currently a tethered based jailbreak via iBooty except for iPhone 3GS old bootrom users.<br />
* SAM is built-in for iOS 6 hacktivations. Hacktivated phones can reboot to a semi-tethered state after being activated rather than just hang at the Apple Logo.<br />
* Added 6.0 (10A403)/6.0.1 (10A523) support. Only includes iPhone 3GS & A4 devices.<br />
* [http://blog.ih8sn0w.com/2012/11/sn0wbreeze-v297.html release notes]<br />
|-<br />
! 2.9.8<br />
| {{date|2013|02|04}}<br />
| <br />
* Added 5.2/6.0.x/6.1 untethers provided by [[evad3rs]]<br />
* Added iOS 6.1 support for iPhone 3GS, and A4 devices.<br />
* Fixed Hacktivation issues on 6.0.x.<br />
* Fixed some iFaith mode bugs.<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html release notes]<br />
|-<br />
! 2.9.9<br />
| {{date|2013|02|10}}<br />
| <br />
* Fixed issue with device not showing up in iTunes/xcode.<br />
* Fixed bug when building iPhone 4 (iPhone3,2) IPSW.<br />
* Apple TV (2nd generation) bug fixes.<br />
* Now adds evasi0n untether directly to Cydia (for future updates).<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|-<br />
! 2.9.10<br />
| {{date|2013|02|22}}<br />
| <br />
* Added iOS 6.1.2 support for 3GS/A4 devices.<br />
* Added Apple TV (2nd generation) iOS 5.2 sandbox fix.<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|-<br />
! 2.9.11<br />
| {{date|2013|02|24}}<br />
| <br />
* Fixed bug with Cydia having “compatibility-issues” with the untether package on 6.1.2.<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|-<br />
! 2.9.12<br />
| {{date|2013|03|10}}<br />
| <br />
* Finally fully fixed iPhone3,2 limera1n payload injection issues.<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|-<br />
! 2.9.13<br />
| {{date|2013|03|11}}<br />
| <br />
* Ugh. More rootfs bug fixes.<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|-<br />
! 2.9.14<br />
| {{date|2013|04|11}}<br />
| <br />
* After Cydia's mishap with aptickets from 6.0 --> 6.1.2 (causing soft-dfu loops), sn0wbreeze now includes an apticket validation. It will verify the apticket after browsing for iOS5+ blobs in iFaith mode.<br />
* Added tethered support for A4 devices on iOS 6.1.3 (3GS old bootroms are untethered as usual).<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|}<br />
<br />
== Resources ==<br />
*[https://github.com/iH8sn0w/sn0wbreezedl/archive/master.zip Download sn0wbreeze]<br />
<br />
[[Category:Hacking Software]]<br />
[[Category:GUI Tools]]<br />
[[Category:Jailbreaks]]<br />
[[Category:Jailbreaking]]<br />
[[Category:Downgrading]]</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=Sn0wbreeze&diff=118405Sn0wbreeze2021-10-09T18:06:40Z<p>AknipGD: The iTunes page sounds wierd, doesnt it?</p>
<hr />
<div>{{lowercase}}<br />
{{Infobox software<br />
| name = sn0wbreeze<br />
| title = sn0wbreeze<br />
| logo = [[File:sn0wbreeze_logo.png]]<br />
| screenshot = [[File:sn0wbreeze.png|300px]]<br />
| caption = sn0wbreeze 2.9<br />
| author = [[User:ih8sn0w|iH8sn0w]]<br />
| developer = iH8sn0w<br />
| released = 1.0b / {{Start date|2010|01|13|df=yes}}<br />1.0 / {{Start date|2010|01|16|df=yes}}<br />
| discontinued = <br />
| latest release version = 2.9.14<br />
| latest release date = {{Start date and age|2013|04|11|df=yes}}<br />
| latest preview version = 2.8b11<br />
| latest preview date = {{Start date and age|2011|11|10|df=yes}}<br />
| programming language = [[wikipedia:C Sharp (programming language)|C#]] <small>([[wikipedia:Visual Basic .NET|VB .NET]] through 2.8b4)</small><br />
| operating system = [[wikipedia:Microsoft Windows|Microsoft Windows]]<br />
| platform = <br />
| size = 23,361,564 bytes (22.2 MiB) [ZIP]<br />26,883,072 (25.6 MiB) [EXE]<br />
| language = [[wikipedia:English language|English]]<br />
| status = Abandoned<br />
| genre = Jailbreaking<br />
| license = [[wikipedia:GNU General Public License#Version 3|GNU GPL v3]]<br />
| website = [http://ih8sn0w.com/ ih8sn0w.com]<br />
}}<br />
<br />
'''sn0wbreeze''' is a tool used to create custom [[IPSW File Format|IPSW]]s to restore, similar to [[PwnageTool]]. Can be used to jailbreak and unlock when making the custom IPSW. This is a GUI of [[XPwn]] for Windows written in C# (previously Visual Basic) and is developed by [[User:ih8sn0w|iH8sn0w]]. It is released under GPL v3 license, and previous versions source are available on [https://github.com/iH8sn0w/sn0wbreeze GitHub], however this violates the GPL.<br />
<br />
To restore to custom firmwares you will need a version of iTunes BEFORE 11.1. As of iTunes 11.1, iTunes rehashes the firmware used.<br />
<br />
{{float toc|left}}<br />
<br />
{{clear}}<br />
<br />
== Versions ==<br />
[[sn0wbreeze]] was first released {{date|2010|01|13}} as a beta version. The following versions that are shown here are official, and sorted by compatibility with iOS revisions.<br />
<br />
=== 3.X ===<br />
{| class="wikitable"<br />
! Version<br />
! Release date<br />
! Changes<br />
|-<br />
! Public Beta<br />
| {{date|2010|01|13}}<br />
|<br />
* Initial release<br />
* Jailbreaks iOS 3.1.2<br />
* Only allows you to be able to select simple mode<br />
* Taken down due to copyright issues with [[XPwn]]<br />
|-<br />
! 1.0<br />
| {{date|2010|01|16}}<br />
|<br />
* Official release of sn0wbreeze<br />
|-<br />
! 1.1<br />
| {{date|2010|01|19}}<br />
|<br />
* Fixes [[Cydia Application|Cydia]] problems<br />
* Fixes problems with [[NOR]] on [[S5L8900]] devices<br />
* Fixes custom packages not being installed<br />
|-<br />
! 1.2<br />
| {{date|2010|01|21}}<br />
|<br />
* GUI fixes<br />
* Fixed even more [[Cydia Application|Cydia]] problems<br />
|-<br />
! 1.3<br />
| {{date|2010|01|23}}<br />
|<br />
* fixes bug where some [[Cydia Application|Cydia]] repositories could not be added and downloaded from<br />
|-<br />
! 1.4<br />
| {{date|2010|01|26}}<br />
|<br />
* Fixed vital bug where deb files may not be added to the right place<br />
* Add iPod touch<br />
* Fixes issues with iPhone 3GS<br />
|-<br />
! 1.5<br />
| {{date|2010|02|05}}<br />
|<br />
* Jailbreaks iOS 3.1.3<br />
* Removed verbose mode support<br />
|-<br />
! 1.5.1<br />
| {{date|2010|02|07}}<br />
|<br />
* Removed [[blacksn0w]] due to CommCenter issues<br />
* Supports iPod touch (2nd generation)<br />
* Fixes YouTube app issues<br />
|-<br />
! 1.5.2<br />
| {{date|2010|03|21}}<br />
|<br />
* Reintegrated [[blacksn0w]]<br />
|}<br />
<br />
=== 4.X ===<br />
{| class="wikitable"<br />
! Version<br />
! Release date<br />
! Changes<br />
|-<br />
! 1.6<br />
| {{date|2010|06|24}}<br />
|<br />
* Jailbreaks iOS 4.0 only.<br />
* Removed [[ultrasn0w]] integration. (Due to MuscleNerd's request citing version management issues. Install it through the "custom packages" feature instead.)<br />
* Removed "sn0wbreeze App" integration (discontinued)<br />
|-<br />
! 1.6.1<br />
| {{date|2010|06|24}}<br />
| <br />
* ?<br />
|-<br />
! 1.7<br />
| {{date|2010|07|06}}<br />
|<br />
* Added support for new bootroms in the form of a [[tethered jailbreak]] with [[iBooty]].<br />
|-<br />
! 1.8 Beta<br />
| {{date|2010|07|16}}<br />
|<br />
* Only for iOS 4.1 beta.<br />
* Doesn't support [[hacktivation]].<br />
|-<br />
! 2.0<br />
| rowspan="2" | {{date|2010|09|22}}<br />
|<br />
* Added support for "MC model" [[N72AP|iPod touch (2nd generation)]] ([[Tethered jailbreak|tethered]] using [[usb_control_msg(0xA1, 1) Exploit]])<br />
* Added Support for [[N18AP|iPod touch (3rd generation)]] and [[N88AP|iPhone 3GS]] ([[Bootrom 359.3.2|new bootrom]]) on iOS 3.1.2<br />
* GUI improvements<br />
* Backwards compatible with 3.1.X<br />
|-<br />
! 2.0.1<br />
|<br />
* Fix for Error 37<br />
|-<br />
! 2.0.2<br />
| {{date|2010|09|25}}<br />
|<br />
* Fixes for Error 37 and hacktivation.<br />
|-<br />
! 2.1<br />
| {{date|2010|11|13}}<br />
|<br />
* Jailbreaks iOS 3.2.2/4.1.<br />
* Implemented [[usb_control_msg(0xA1, 1) Exploit|steaks4uce]] and [[limera1n]] exploits.<br />
* Added support for all iOS devices (except [[M68AP|iPhone]] and [[N45AP|iPod touch]])<br />
|-<br />
! 2.2r1<br />
| rowspan="2" | {{date|2011|02|15}}<br />
|<br />
* Jailbreaks iOS 4.2.1.<br />
* A new "Baseband Preservation Mode", which allows upgrade without updating the baseband (as usual), but without jailbreaking ([http://twitter.com/iH8sn0w/status/19249886721478656 announced on Dec 27])<br />
|-<br />
! 2.2r2<br />
|<br />
* Includes a fix for iBooks.<br />
|-<br />
! 2.2r3<br />
| {{date|2011|02|18}}<br />
|<br />
* Fixes iBooks issues on devices still having issues.<br />
|-<br />
! 2.2.1<br />
| {{date|2011|02|20}}<br />
|<br />
* Fixes for the [[N92AP|iPhone 4 (iPhone3,3)]]<br />
* Definitely fixes iBooks.<br />
* Drag and drop [[IPSW File Format|IPSWs]].<br />
* Fixes issues with Windows Classic.<br />
|-<br />
! 2.3b1<br />
| {{date|2011|03|13}}<br />
|<br />
* "For people that want to play around with 4.3 or preserve their baseband. It's BETA for a reason."<br />
|-<br />
! 2.3b2<br />
| {{date|2011|03|17}}<br />
|<br />
* Adds Multitasking Gestures option in Settings App.<br />
* [[iBooty]] bug fixes (includes [[iBSS]] issues).<br />
* [[iBooty]] is even faster.<br />
* [[Mobile Substrate]] is now working.<br />
* Sleep bug in [[IPod touch|iPod touches]] is fixed.<br />
* Rare [[K48AP|iPad]] issues resolved.<br />
* Added [[iREB]] to top bar for future re-runs within [[sn0wbreeze]].<br />
* [[ultrasn0w]] is still broken.<br />
|-<br />
! 2.3b3<br />
| {{date|2011|03|18}}<br />
|<br />
* Fixed [[N81AP|iPod touch (4th generation)]] [[iBooty]] issues.<br />
|-<br />
! 2.3b4<br />
| rowspan="2" | {{date|2011|03|19}}<br />
|<br />
* [[ultrasn0w]] now works for basebands ([[01.59.00]] / [[04.26.08]] / [[05.11.07]] / [[05.12.01]] / [[05.13.04]] / [[06.15.00]])<br />
* Fixed minor GUI + [[iBooty]] bugs.<br />
|-<br />
|-<br />
! 2.4b1<br />
|<br />
* iOS 4.3.1 is now supported<br />
|-<br />
! 2.5<br />
| {{date|2011|04|03}}<br />
|<br />
* Jailbreaks all iOS 4.3.1 compatible device (except [[iPad 2]]).<br />
|-<br />
! 2.5.1<br />
| {{date|2011|04|06}}<br />
|<br />
* Cydia 1.1.1 is now pre-installed.<br />
* iPhone 3GS users can now flash the iPad 06.15.00 baseband.<br />
* Animate (Animated Boot Logos) by the Chronic Dev-Team is now supported.<br />
* Added afc2 Apple TV (2nd generation) is now fully supported.<br />
* Added Apple TV (2nd generation) DFU Instructions.<br />
* YouTube issues resolved on hacktivated devices.<br />
* iPhone 3GS old-bootrom issues fixed (Error 37).<br />
|-<br />
! 2.6<br />
| {{date|2011|04|19}}<br />
|<br />
* Jailbreaks all iOS 4.3.2/4.2.7 compatible devices (except [[iPad 2]]).<br />
* Updated to support i0n1c's 4.3.2/4.2.7 untether.<br />
* Multitasking Gestures enabled as usual.<br />
|-<br />
! 2.7<br />
| {{date|2011|05|06}}<br />
|<br />
* Jailbreaks all iOS 4.3.3/4.2.8 compatible devices (except [[iPad 2]]).<br />
* Updated to support i0n1c's 4.3.3/4.2.8 untether.<br />
|-<br />
! 2.7.1<br />
| {{date|2011|05|08}}<br />
|<br />
* Jailbreaks all iOS 4.3.3/4.2.8 compatible devices (except [[iPad 2]]).<br />
* Updated i0n1c's untethering exploit to resolve issues with iPhones and the mute switch.<br />
* A rerelease of 2.7.1 shrunk the file size significantly.<br />
|-<br />
! 2.7.2<br />
| {{date|2011|05|11}}<br />
|<br />
* This version adds support for iOS 4.3 Build 8F305 on the Apple TV (2nd generation).<br />
|-<br />
! 2.7.3<br />
| {{date|2011|05|13}}<br />
|<br />
* Fixed Pacman<br />
|}<br />
<br />
=== 5.X ===<br />
{| class="wikitable"<br />
! Version<br />
! Release date<br />
! Changes<br />
|-<br />
! 2.8b1<br />
| {{date|2011|06|12}}<br />
|<br />
* Jailbreaks iOS 5 beta (for developers)<br />
|-<br />
! 2.8b2<br />
| {{date|2011|06|18}} (?)<br />
|<br />
* The jailbreak for iOS 5.0b on the [[N88AP|iPhone 3GS]] ([[Bootrom 359.3|old bootrom]]) is now [[untethered jailbreak|untethered]].<br />
|-<br />
! 2.8b3.5<br />
| {{date|2011|06|26}}<br />
|<br />
* Now jailbreaks iOS 5 (beta 2)<br />
* Intended for developers ONLY!<br />
* Does not Hacktivate or add afc2 in this release to prevent piracy.<br />
* iPhone 3GS old bootrom users have an untethered boot.<br />
* Now only 15MB :)<br />
* [http://pastie.org/2123276 release notes]<br />
|-<br />
! 2.8b4<br />
| {{date|2011|07|11}}<br />
|<br />
* Intended only for developers (as usual).<br />
* Hacktivation is disabled (again).<br />
* MAKE SURE YOU UPDATE TO iTunes 10.5 BETA 3!<br />
* [http://pastie.org/2199509 release notes]<br />
|-<br />
! 2.8b5<br />
| {{date|2011|08|17}}<br />
| <br />
* Now supports iOS 5 beta 5 (9A5228d).<br />
* Added Hacktivation ability.<br />
* Added option to remove [[UDID]] developer check + beta timer.<br />
* Finally decided to fix Baseband preservation standalone mode.<br />
* Tethered devices are booted via iBooty.<br />
* Re-added afc2.<br />
* [http://pastie.org/2389351 release notes]<br />
|-<br />
! 2.8b6<br />
| {{date|2011|08|20}}<br />
| <br />
* Now supports iOS 5 beta 6.<br />
* Still removes [[UDID]] developer check + beta timer<br />
* Still has the ability to hacktivate.<br />
* Still preserves the baseband (as always).<br />
* [http://pastie.org/2405111 release notes]<br />
|-<br />
! 2.8b7<br />
| {{date|2011|09|01}}<br />
| <br />
* Now jailbreaks iOS 5 beta 7.<br />
* Still removes [[UDID]] Developer check + Beta timer.<br />
* Still has the ability to hacktivate.<br />
* Still preserves the [[baseband]] (as always!).<br />
* [http://pastie.org/2469158 release notes]<br />
|-<br />
! 2.8b8<br />
| {{date|2011|10|04}}<br />
| <br />
* INSTANT IPSW detection (seriously!).<br />
* Now jailbreaks iOS 5 Gold Master (9A334).<br />
* Now jailbreaks iOS 5 (9A334).<br />
* UDID Developer check removal is no longer needed.<br />
* Still has the ability to hacktivate. <br />
* Still preserves the baseband (as always!). <br />
* [http://pastie.org/2641544 release notes]<br />
|-<br />
! 2.8b9<br />
| {{date|2011|11|03}}<br />
| <br />
* Supports iOS 5.0 (9A334)/5.0.1-b1 (9A402)<br />
* Fixed iBooks sandbox crashing issues.<br />
* Fixed location services issues with iPhone 3GS users running the iPad baseband.<br />
* Re-added iPad baseband install option to iPhone 3GS. <br />
* Removes UDID requirement/Beta timer in 5.0.1.<br />
* Tethered devices are booted via iBooty which is extracted to the Desktop after running sn0wbreeze.<br />
* If on an [[N88AP|iPhone 3GS]], always reflash the [[K66AP|iPad]] baseband when running [[iOS]] 5.0+<br />
* [http://pastie.org/2807967 release notes]<br />
|-<br />
! 2.8b10<br />
| {{date|2011|11|05}}<br />
| <br />
* Supports iOS 5.0 (9A334)/5.0.1-b2 (9A404)<br />
* Fixed iBooks sandbox crashing issues (as of 2.8b9).<br />
* Fixed location services issues with iPhone 3GS users running the iPad baseband (as of 2.8b9).<br />
* Re-added iPad baseband install option to iPhone 3GS.<br />
* Removes UDID requirement/Beta timer in 5.0.1.<br />
* Tethered devices are booted via iBooty which is extracted to the Desktop after running sn0wbreeze.<br />
* [http://pastie.org/2812951 release notes]<br />
|-<br />
! 2.8b11<br />
| {{date|2011|11|10}}<br />
| <br />
* Supports iOS 5.0 (9A334)/5.0.1 (9A405)<br />
* Fixed iBooks sandbox crashing issues (as of 2.8b9).<br />
* Fixed location services issues with iPhone 3GS users running the iPad baseband (as of 2.8b9).<br />
* Re-added iPad baseband install option to iPhone 3GS.<br />
* Tethered devices are booted via iBooty which is extracted to the Desktop after running sn0wbreeze.<br />
* iPhone 3GS iPad baseband (06.15.00) users: Re-flash the iPad baseband via sn0wbreeze if you restore(d) to a stock 5.0 firmware.<br />
* [http://pastie.org/2844818 release notes]<br />
|-<br />
! 2.9<br />
| {{date|2012|01|16}}<br />
| <br />
* Happy birthday sn0wbreeze!<br />
* Brought back old firmware support in one release!<br />
* GUI Improvements<br />
* You can now build IPSWs with TinyUmbrella/iFaith blobs!<br />
* Removes OTA Updates/badge on iOS 5.x.x+ devices.<br />
* Added an IPSW Downloader<br />
* Built-in iREB functionality updated from newest iREB r5 module.<br />
* Custom Packages in Expert actually works now. :P<br />
* All supported firmwares in this release are untethered.<br />
* A5 devices are NOT supported at this time due to no public DFU/iBoot exploit.<br />
* Supports iOS 3.1.3<br />
* Supports iOS 3.2.x<br />
* Supports iOS 4.0.x<br />
* Supports iOS 4.1<br />
* Supports iOS 4.2.1 - 4.2.8<br />
* Supports iOS 4.3 - 4.3.3<br />
* Supports iOS 5.0.1<br />
* A rerelease fixed the [[IPSW File Format|IPSW]] download [https://twitter.com/#!/iH8sn0w/status/159133836695977987 bug]<br />
* [http://blog.ih8sn0w.com/2012/01/happy-birthday-sn0wbreeze.html release notes]<br />
|-<br />
! 2.9.1<br />
| {{date|2012|01|19}}<br />
| <br />
* iPhone 3G never flashed the iPad baseband when chosen.<br />
* Fixed PRAM issues.<br />
|-<br />
! 2.9.2<br />
| {{date|2012|03|09}}<br />
| <br />
* Added [[tethered jailbreak]] support for iOS 5.1 on [[limera1n Exploit|limera1n]]-vulnerable devices.<br />
* Bug fixes (specifically with baseband [[06.15.00]] and iPhone).<br />
* Re-added [[BootNeuter]].<br />
* [http://blog.ih8sn0w.com/2012/03/sn0wbreeze-v292.html release notes]<br />
|-<br />
! 2.9.3<br />
| {{date|2012|03|12}}<br />
| <br />
* Added Apple TV (2nd generation) support for iOS 4.4.3/4.4.4.<br />
* Fixed rare issues with iOS 5.0.1 where it would halt on the Apple logo upon boot.<br />
* [http://blog.ih8sn0w.com/2012/03/sn0wbreeze-v293.html release notes]<br />
|-<br />
! 2.9.4<br />
| {{date|2012|05|25}}<br />
| <br />
* Added the 5.1.1/9B206 [[Untethered jailbreak|untether]] that was released with today's [[absinthe]] update. <br />
* Added 5.0/9B206f ([[K66AP|Apple TV (2nd generation)]]) support.<br />
* Minor UI changes (thanks @[https://twitter.com/icj_ icj_]!).<br />
* Bug Fixes.<br />
* [http://blog.ih8sn0w.com/2012/05/sn0wbreeze-v294.html release notes]<br />
|-<br />
! 2.9.5<br />
| {{date|2012|03|27}}<br />
| <br />
* Added 5.1.1/9B208 untether payload for the [[N90BAP|iPhone 4 (iPhone3,1)]].<br />
* Added iPhone 3GS (iPad Baseband users) location services fix.<br />
* [http://blog.ih8sn0w.com/2012/05/sn0wbreeze-v295.html release notes]<br />
|-<br />
! 2.9.6<br />
| {{date|2012|06|06}}<br />
| <br />
* Added 5.0.2/9B830 [[K66AP|Apple TV (2nd generation)]] [[Untethered jailbreak|untether]] payload. (Thanks @planetbeing & @nitoTV)<br />
* Apple TV (2nd generation) users can now resize their root partition.<br />
* [http://blog.ih8sn0w.com/2012/06/sn0wbreeze-v296.html release notes]<br />
|}<br />
<br />
=== 6.X ===<br />
{| class="wikitable"<br />
! Version<br />
! Release date<br />
! Changes<br />
|-<br />
|-<br />
! 2.9.7<br />
| {{date|2012|01|12}}<br />
| <br />
* The 6.0/6.0.1 is currently a tethered based jailbreak via iBooty except for iPhone 3GS old bootrom users.<br />
* SAM is built-in for iOS 6 hacktivations. Hacktivated phones can reboot to a semi-tethered state after being activated rather than just hang at the Apple Logo.<br />
* Added 6.0 (10A403)/6.0.1 (10A523) support. Only includes iPhone 3GS & A4 devices.<br />
* [http://blog.ih8sn0w.com/2012/11/sn0wbreeze-v297.html release notes]<br />
|-<br />
! 2.9.8<br />
| {{date|2013|02|04}}<br />
| <br />
* Added 5.2/6.0.x/6.1 untethers provided by [[evad3rs]]<br />
* Added iOS 6.1 support for iPhone 3GS, and A4 devices.<br />
* Fixed Hacktivation issues on 6.0.x.<br />
* Fixed some iFaith mode bugs.<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html release notes]<br />
|-<br />
! 2.9.9<br />
| {{date|2013|02|10}}<br />
| <br />
* Fixed issue with device not showing up in iTunes/xcode.<br />
* Fixed bug when building iPhone 4 (iPhone3,2) IPSW.<br />
* Apple TV (2nd generation) bug fixes.<br />
* Now adds evasi0n untether directly to Cydia (for future updates).<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|-<br />
! 2.9.10<br />
| {{date|2013|02|22}}<br />
| <br />
* Added iOS 6.1.2 support for 3GS/A4 devices.<br />
* Added Apple TV (2nd generation) iOS 5.2 sandbox fix.<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|-<br />
! 2.9.11<br />
| {{date|2013|02|24}}<br />
| <br />
* Fixed bug with Cydia having “compatibility-issues” with the untether package on 6.1.2.<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|-<br />
! 2.9.12<br />
| {{date|2013|03|10}}<br />
| <br />
* Finally fully fixed iPhone3,2 limera1n payload injection issues.<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|-<br />
! 2.9.13<br />
| {{date|2013|03|11}}<br />
| <br />
* Ugh. More rootfs bug fixes.<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|-<br />
! 2.9.14<br />
| {{date|2013|04|11}}<br />
| <br />
* After Cydia's mishap with aptickets from 6.0 --> 6.1.2 (causing soft-dfu loops), sn0wbreeze now includes an apticket validation. It will verify the apticket after browsing for iOS5+ blobs in iFaith mode.<br />
* Added tethered support for A4 devices on iOS 6.1.3 (3GS old bootroms are untethered as usual).<br />
* [http://blog.ih8sn0w.com/2013/02/sn0wbreeze-v298.html?m=1 release notes]<br />
|}<br />
<br />
== Resources ==<br />
*[https://github.com/iH8sn0w/sn0wbreezedl/archive/master.zip Download sn0wbreeze]<br />
<br />
[[Category:Hacking Software]]<br />
[[Category:GUI Tools]]<br />
[[Category:Jailbreaks]]<br />
[[Category:Jailbreaking]]<br />
[[Category:Downgrading]]</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=Pwnage&diff=118310Pwnage2021-10-06T16:28:32Z<p>AknipGD: /* S5L8900 */</p>
<hr />
<div>This exploit is in the [[S5L8900]] bootrom, thus available in the [[M68AP|iPhone]], [[N45AP|iPod touch]], and [[N82AP|iPhone 3G]]. The exploit is that the bootrom doesn't signature check [[LLB]].<br />
<br />
==Credit==<br />
[[iPhone Dev Team]]<br />
<br />
==Exploit==<br />
===[[S5L8900]]===<br />
Pwnage exploits a bad [[Bootchain|chain of trust]] in the boot sequence of the S5L8900 device. The boot sequence includes [[LLB]] and [[iBoot (Bootloader)|iBoot]] modules which are stored in the device's [[NOR]] flash and are typically encrypted (as of 1.1.x). However, they are not signed with RSA signature at that point, because the 8900 container is dropped away before the file is written to NOR. Pwnage exploits this vulnerability. <br />
<br />
First, Apple assumes that if something is in NOR, it had necessarily passed through an RSA signature verification, and is therefore authentic Apple code. This is incorrect, because the only mechanism preventing the writing of unauthorized code to the NOR flash is the kernel. The iPhone/iPod touch kernel contains an extension designed specifically to write to NOR, called AppleImage2NORAccess. This extension performs an RSA signature verification on any data it tries to write. The verification itself is performed by the [[FairPlay]] extension, which is heavily obfuscated, but neutering the check is very simple. After the check is patched out, anything can be written to the NOR flash.<br />
<br />
Second, Apple assumes that disabling the encryption keys in “normal” environment will prevent from writing firmware files to the NOR flash. Luckily, we have found a way to run our code in “secure” environment and use AppleImage2NORAccess extension the same way as Apple does it on restore.<br />
<br />
Before iOS 2.0, the [[NOR]] was set up in a way that when the firmware images were flashed there, the RSA signatures were dropped along with the rest of the firmware container. So although [[iBoot (Bootloader)|iBoot]] signature checked the [[kernel]], [[LLB]] did not signature check [[iBoot (Bootloader)|iBoot]], and the [[VROM]] did not signature check [[LLB]].<br />
<br />
Pwnage starts by booting from a memory device (ramdisk) in “secure” environment to prevent the kernel from disabling encryption keys. Also, we add another memory device, pointed at the kernel's address space, to allow live kernel patching. After booting up, we patch out signature check from AppleImage2NorAccess extention and proceed with flashing our custom firmware files ([[iBoot (Bootloader)|iBoot]], [[LLB]], [[DeviceTree]], and pictures). Because the signature check has been patched out, and encryption keys are available, AppleImage2NORAccess happily writes them to the suitable location in NOR flash. After that, the device can be restarted, and will accept any unsigned 8900 file without complaint.<br />
<br />
One specific aspect of the attack that is worth examining more closely is the [[iBoot (Bootloader)|iBoot]] patch. iBoot is the last and most complicated bootloader on the devices, and is what actually loads up the kernel with [[DeviceTree]]. However, Apple made the decision to keep all the PKE (Public Key Encryption) logic out of iBoot, instead putting it in the secure bootloader. Thus, iBoot actually jumps into the secure bootloader when it wants to verify the authenticity of an 8900 file. This makes it hard to directly patch out the RSA signature verification from iBoot, as it actually occurs in the secure bootloader. Simply killing the jump into the secure bootloader is impossible, as it also fills in other information iBoot needs to proceed.<br />
<br />
Because of the tight coupling between the secure bootloader and the higher-level bootloaders, Apple gave us a solution: the secure bootloader often needs to call functions in the higher-level bootloaders, but it has the problem of knowing where to jump, as functions move around in different revisions. To get around this, Apple made thunks out of the function calls, and makes the higher-level bootloaders patch the secure bootloader on the fly (in RAM) with the relevant jump addresses. They just copy the secure bootloader into RAM and blindly apply a list of patches to it. We exploited this pre-existing patching mechanism to patch out the RSA signature verification from secure bootloader.<br />
<br />
Post-2.0, images are now written to [[NOR]] in a way that one can verify the other, like [[LLB]] verifying [[iBoot (Bootloader)|iBoot]], the [[VROM (S5L8900)|bootrom]] cannot be written to, so it still defaults to just reading [[LLB]] normally, un-signature checked.<br />
<br />
The [[bootrom]] has a vulnerability in [[DFU Mode]] when processesing iBoot certificates which are on a DER format. It copies all the certificate information onto the stack, but the signature itself is copied without any sort of bounds checking. So then you have classic stack buffer overflow and then you just make the signature checking function return true. <br />
<br />
[[25C3 presentation "Hacking the iPhone"|More info]].<br />
<br />
===[[S5L8720]] and on===<br />
This exploit has been fixed on the [[N72AP|iPod touch (2nd generation)]] and all devices released after it. The [[VROM (S5L8720)|bootrom]] sigchecks [[LLB]] before jumping to it now, and if the [[LLB]] is patched, it will default to [[DFU Mode]]. The [[0x24000 Segment Overflow]] exploit was later found in the first revisions of the [[N72AP|iPod touch (2nd generation)]] and [[N88AP|iPhone 3GS]] [[bootrom]]s, allowing the device to be fully jailbroken. It has since been fixed with new bootrom revisions for these devices. Newer devices were never susceptible to the [[0x24000 Segment Overflow]].<br />
<br />
==Implementation==<br />
* [[PwnageTool]]<br />
* [[XPwn]]<br />
* [[iPhoneLinux]]<br />
<br />
[[Category:Jailbreaks]]<br />
[[Category:Bootrom Exploits]]<br />
[[Category:Jailbreaking]]</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=Pwnage&diff=118294Pwnage2021-10-04T14:15:44Z<p>AknipGD: /* S5L8900 */</p>
<hr />
<div>This exploit is in the [[S5L8900]] bootrom, thus available in the [[M68AP|iPhone]], [[N45AP|iPod touch]], and [[N82AP|iPhone 3G]]. The exploit is that the bootrom doesn't signature check [[LLB]].<br />
<br />
==Credit==<br />
[[iPhone Dev Team]]<br />
<br />
==Exploit==<br />
===[[S5L8900]]===<br />
Pwnage exploits a bad [[Bootchain|chain of trust]] in the boot sequence of the S5L8900 device. The boot sequence includes [[LLB]] and [[iBoot (Bootloader)|iBoot]] modules which are stored in the device's [[NOR]] flash and are typically encrypted (as of 1.1.X). However, they are not signed with RSA signature at that point, because the 8900 container is dropped away before the file is written to NOR. Pwnage exploits this vulnerability. <br />
<br />
First, Apple assumes that if something is in NOR, it had necessarily passed through an RSA signature verification, and is therefore authentic Apple code. This is incorrect, because the only mechanism preventing the writing of unauthorized code to the NOR flash is the kernel. The iPhone/iPod touch kernel contains an extension designed specifically to write to NOR, called AppleImage2NORAccess. This extension performs an RSA signature verification on any data it tries to write. The verification itself is performed by the [[FairPlay]] extension, which is heavily obfuscated, but neutering the check is very simple. After the check is patched out, anything can be written to the NOR flash.<br />
<br />
Second, Apple assumes that disabling the encryption keys in “normal” environment will prevent from writing firmware files to the NOR flash. Luckily, we have found a way to run our code in “secure” environment and use AppleImage2NORAccess extension the same way as Apple does it on restore.<br />
<br />
Before iOS 2.0, the [[NOR]] was set up in a way that when the firmware images were flashed there, the RSA signatures were dropped along with the rest of the firmware container. So although [[iBoot (Bootloader)|iBoot]] signature checked the [[kernel]], [[LLB]] did not signature check [[iBoot (Bootloader)|iBoot]], and the [[VROM]] did not signature check [[LLB]].<br />
<br />
Pwnage starts by booting from a memory device (ramdisk) in “secure” environment to prevent the kernel from disabling encryption keys. Also, we add another memory device, pointed at the kernel's address space, to allow live kernel patching. After booting up, we patch out signature check from AppleImage2NorAccess extention and proceed with flashing our custom firmware files ([[iBoot (Bootloader)|iBoot]], [[LLB]], [[DeviceTree]], and pictures). Because the signature check has been patched out, and encryption keys are available, AppleImage2NORAccess happily writes them to the suitable location in NOR flash. After that, the device can be restarted, and will accept any unsigned 8900 file without complaint.<br />
<br />
One specific aspect of the attack that is worth examining more closely is the [[iBoot (Bootloader)|iBoot]] patch. iBoot is the last and most complicated bootloader on the devices, and is what actually loads up the kernel with [[DeviceTree]]. However, Apple made the decision to keep all the PKE (Public Key Encryption) logic out of iBoot, instead putting it in the secure bootloader. Thus, iBoot actually jumps into the secure bootloader when it wants to verify the authenticity of an 8900 file. This makes it hard to directly patch out the RSA signature verification from iBoot, as it actually occurs in the secure bootloader. Simply killing the jump into the secure bootloader is impossible, as it also fills in other information iBoot needs to proceed.<br />
<br />
Because of the tight coupling between the secure bootloader and the higher-level bootloaders, Apple gave us a solution: the secure bootloader often needs to call functions in the higher-level bootloaders, but it has the problem of knowing where to jump, as functions move around in different revisions. To get around this, Apple made thunks out of the function calls, and makes the higher-level bootloaders patch the secure bootloader on the fly (in RAM) with the relevant jump addresses. They just copy the secure bootloader into RAM and blindly apply a list of patches to it. We exploited this pre-existing patching mechanism to patch out the RSA signature verification from secure bootloader.<br />
<br />
Post-2.0, images are now written to [[NOR]] in a way that one can verify the other, like [[LLB]] verifying [[iBoot (Bootloader)|iBoot]], the [[VROM (S5L8900)|bootrom]] cannot be written to, so it still defaults to just reading [[LLB]] normally, un-signature checked.<br />
<br />
The [[bootrom]] has a vulnerability in [[DFU Mode]] when processesing iBoot certificates which are on a DER format. It copies all the certificate information onto the stack, but the signature itself is copied without any sort of bounds checking. So then you have classic stack buffer overflow and then you just make the signature checking function return true. <br />
<br />
[[25C3 presentation "Hacking the iPhone"|More info]].<br />
<br />
===[[S5L8720]] and on===<br />
This exploit has been fixed on the [[N72AP|iPod touch (2nd generation)]] and all devices released after it. The [[VROM (S5L8720)|bootrom]] sigchecks [[LLB]] before jumping to it now, and if the [[LLB]] is patched, it will default to [[DFU Mode]]. The [[0x24000 Segment Overflow]] exploit was later found in the first revisions of the [[N72AP|iPod touch (2nd generation)]] and [[N88AP|iPhone 3GS]] [[bootrom]]s, allowing the device to be fully jailbroken. It has since been fixed with new bootrom revisions for these devices. Newer devices were never susceptible to the [[0x24000 Segment Overflow]].<br />
<br />
==Implementation==<br />
* [[PwnageTool]]<br />
* [[XPwn]]<br />
* [[iPhoneLinux]]<br />
<br />
[[Category:Jailbreaks]]<br />
[[Category:Bootrom Exploits]]<br />
[[Category:Jailbreaking]]</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=/Applications/CheckerBoard.app&diff=118293/Applications/CheckerBoard.app2021-10-04T14:13:17Z<p>AknipGD: Removed page cite loop</p>
<hr />
<div>[[Image:Checkerboard-main.jpeg|100px|thumb|right|Main menu]]<br />
[[Image:Checkerboard-info.jpeg|100px|thumb|right|Info menu]]<br />
[[Image:Checkerboard-wifi.jpeg|100px|thumb|right|WiFi menu, shown after tapping "Start Diagnostics"]]<br />
[[Image:Checkerboard-exit.jpeg|100px|thumb|right|Exit Diagnostics button]]<br />
== Summary ==<br />
This (hidden) application is usually accessed by powering off the device, then after plugging in a charger, start holding down the volume up button and home button. It is present on all iOS 10.3 devices.<br />
<br />
It looks to be sending data to https://idiagnostics.apple.com, however due to certificate pinning, the data being sent is unknown.<br />
It is known to connect to AST2, an internal diagnostics web app, for diagnostics.<br />
<br />
== Other Information ==<br />
* It may be worth noting that the time displayed at the top-left (in the case of an iDevice without [[Airplane Mode]]) of the screen is Pacific Standard Time, regardless of user [[preferences]].<br />
* When opened in any way except from the volume up method, the app crashes to the homescreen, probably because the environment is not setup correctly.<br />
<br />
==Localization strings==<br />
Extracting its English localization strings yields these:<br />
<pre style="word-wrap:break-word;"><br />
/* ARE_YOU_SURE */<br />
Are you sure you want to exit Diagnostics?<br />
<br />
/* CANCEL */<br />
Cancel<br />
<br />
/* CHOOSE_OTHER_FOOTER */<br />
Choose Another Network<br />
<br />
/* CHOOSE_WIFI_HEADER */<br />
Choose a Wi‑Fi Network<br />
<br />
/* CHOOSE_WLAN_HEADER */<br />
Choose a WLAN Network<br />
<br />
/* COULD_NOT_FIND_NETWORK_TITLE */<br />
Could not find the network “%@”<br />
<br />
/* DIAGNOSTICS */<br />
Diagnostics<br />
<br />
/* DIAGNOSTICS_DESCRIPTION */<br />
Diagnostics allow Apple to identify potential hardware and software issues with this device.<br />
<br />
/* DISMISS */<br />
Dismiss<br />
<br />
/* DONE */<br />
Done<br />
<br />
/* EMERGENCY_CALL */<br />
Emergency Call<br />
<br />
/* ENCRYPTED_NETWORK_PROMPT */<br />
Enter the password for “%@”<br />
<br />
/* ENCRYPTED_NETWORK_TITLE */<br />
Enter Password<br />
<br />
/* EXIT_DIAGNOSTICS */<br />
Exit Diagnostics<br />
<br />
/* FAILED_NETWORK_PROMPT */<br />
Failed to join “%@”<br />
<br />
/* INCORRECT_PASSWORD_TITLE */<br />
Incorrect password for “%@”<br />
<br />
/* JOIN */<br />
Join<br />
<br />
/* JOINED_NETWORK_PROMPT */<br />
Joined network “%@”<br />
<br />
/* JOINING_NETWORK_PROMPT */<br />
Joining “%@”…<br />
<br />
/* NEXT */<br />
Next<br />
<br />
/* NONE */<br />
None<br />
<br />
/* NO_NETWORK_CONNECTION_MESSAGE_WIFI */<br />
The Wi‑Fi network you selected is not providing an Internet connection. Change your settings or choose a different network.<br />
<br />
/* NO_NETWORK_CONNECTION_MESSAGE_WLAN */<br />
The WLAN network you selected is not providing an Internet connection. Change your settings or choose a different network.<br />
<br />
/* NO_NETWORK_CONNECTION_TITLE */<br />
No Network Connection<br />
<br />
/* OK */<br />
OK<br />
<br />
/* OTHER_NETWORK_NAME */<br />
Name<br />
<br />
/* OTHER_NETWORK_PLACEHOLDER */<br />
Network Name<br />
<br />
/* OTHER_NETWORK_PROMPT */<br />
Enter network information<br />
<br />
/* OTHER_NETWORK_TITLE */<br />
Other Network<br />
<br />
/* PASSWORD */<br />
Password<br />
<br />
/* SECURITY */<br />
Security<br />
<br />
/* SERIAL_NUMBER */<br />
Serial Number<br />
<br />
/* SHUT_DOWN */<br />
Shut Down<br />
<br />
/* START_DIAGNOSTICS */<br />
Start Diagnostics<br />
<br />
/* TEMPERATURE */<br />
Temperature<br />
<br />
/* THERMAL_ALERT_STRING_IPAD */<br />
iPad needs to cool down before you can use it.<br />
<br />
/* THERMAL_ALERT_STRING_IPHONE */<br />
iPhone needs to cool down before you can use it.<br />
<br />
/* THERMAL_ALERT_STRING_IPOD */<br />
iPod needs to cool down before you can use it.<br />
<br />
/* TRY_AGAIN_MESSAGE */<br />
Please try again later.<br />
<br />
/* UNABLE_TO_JOIN_NETWORK_TITLE */<br />
Unable to join the network “%@”<br />
<br />
/* UNABLE_TO_JOIN_TITLE */<br />
Unable to join “%@”<br />
<br />
/* WEP */<br />
WEP<br />
<br />
/* WIFI_SETTINGS */<br />
Wi‑Fi Settings<br />
<br />
/* WLAN_SETTINGS */<br />
WLAN Settings<br />
<br />
/* WPA */<br />
WPA<br />
<br />
/* WPA2 */<br />
WPA2<br />
<br />
/* WPA2_ENTERPRISE */<br />
WPA2 Enterprise<br />
<br />
/* WPA_ENTERPRISE */<br />
WPA Enterprise<br />
</pre><br />
<br />
== Children ==<br />
=== Folders ===<br />
* [[_CodeSignature/]]<br />
* [[ar.lproj/]]<br />
* [[ca.lproj/]]<br />
* [[cs.lproj/]]<br />
* [[da.lproj/]]<br />
* [[de.lproj/]]<br />
* [[el.lproj/]]<br />
* [[en.lproj/]]<br />
* [[en_AU.lproj/]]<br />
* [[en_GB.lproj/]]<br />
* [[es.lproj/]]<br />
* [[es_419.lproj/]]<br />
* [[fi.lproj/]]<br />
* [[fr.lproj/]]<br />
* [[fr_CA.lproj/]]<br />
* [[he.lproj/]]<br />
* [[hi.lproj/]]<br />
* [[hr.lproj/]]<br />
* [[hu.lproj/]]<br />
* [[id.lproj/]]<br />
* [[it.lproj/]]<br />
* [[ja.lproj/]]<br />
* [[ko.lproj/]]<br />
* [[ms.lproj/]]<br />
* [[nl.lproj/]]<br />
* [[no.lproj/]]<br />
* [[pl.lproj/]]<br />
* [[pt.lproj/]]<br />
* [[pt_PT.lproj/]]<br />
* [[ro.lproj/]]<br />
* [[ru.lproj/]]<br />
* [[sk.lproj/]]<br />
* [[sv.lproj/]]<br />
* [[th.lproj/]]<br />
* [[tr.lproj/]]<br />
* [[uk.lproj/]]<br />
* [[vi.lproj/]]<br />
* [[zh_CN.lproj/]]<br />
* [[zh_HK.lproj/]]<br />
* [[zh_TW.lproj/]]<br />
<br />
<br />
=== Files ===<br />
* [[Assets.car]]<br />
* CheckerBoard<br />
* [[Entitlements.plist]]<br />
* [[Info.plist]]<br />
* [[PkgInfo]]<br />
<br />
== Parents ==<br />
{{parent|Applications}}<br />
<br />
[[Category:Software]]<br />
[[Category:Filesystem]]<br />
[[Category:Application]]</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=Checkm8_Exploit&diff=118292Checkm8 Exploit2021-10-04T14:12:04Z<p>AknipGD: added missed comma</p>
<hr />
<div>{{lowercase}}<br />
The '''checkm8 exploit''' is a [[bootrom]] exploit with a CVE ID of CVE-2019-8900 used to run unsigned code on iOS, iPadOS, tvOS, watchOS, bridgeOS, audioOS, and Haywire devices with processors between an A5 and an A11, a S1P and a S3, a S5L8747, and a T2 (and thereby [[jailbreak]] it). Jailbreaks based on checkm8 are [[semi-tethered jailbreak]]s as the exploit works by taking advantage of a use-after-free in the USB DFU stack.<br />
<br />
[[ipwndfu]], [[Fugu]], and [[checkra1n]] are currently the main tools capable of using the checkm8 exploit. <br />
<br />
== References ==<br />
* [https://habr.com/en/company/dsec/blog/472762/ Technical analysis of the checkm8 exploit]<br />
* [https://www.kb.cert.org/vuls/id/941987/ Apple devices vulnerable to arbitrary code execution in SecureROM]<br />
* [https://news.ycombinator.com/item?id=22849837 https://news.ycombinator.com/item?id=22849837]<br />
* [https://arstechnica.com/information-technology/2019/09/developer-of-checkm8-explains-why-idevice-jailbreak-exploit-is-a-game-changer Developer of Checkm8 explains why iDevice jailbreak exploit is a game changer]<br />
<br />
<br />
[[Category:Exploits]]<br />
[[Category:Bootrom Exploits]]</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=Checkm8_Exploit&diff=118291Checkm8 Exploit2021-10-04T14:11:38Z<p>AknipGD: Added Fugu ^_^</p>
<hr />
<div>{{lowercase}}<br />
The '''checkm8 exploit''' is a [[bootrom]] exploit with a CVE ID of CVE-2019-8900 used to run unsigned code on iOS, iPadOS, tvOS, watchOS, bridgeOS, audioOS, and Haywire devices with processors between an A5 and an A11, a S1P and a S3, a S5L8747, and a T2 (and thereby [[jailbreak]] it). Jailbreaks based on checkm8 are [[semi-tethered jailbreak]]s as the exploit works by taking advantage of a use-after-free in the USB DFU stack.<br />
<br />
[[ipwndfu]], [[Fugu]] and [[checkra1n]] are currently the main tools capable of using the checkm8 exploit. <br />
<br />
== References ==<br />
* [https://habr.com/en/company/dsec/blog/472762/ Technical analysis of the checkm8 exploit]<br />
* [https://www.kb.cert.org/vuls/id/941987/ Apple devices vulnerable to arbitrary code execution in SecureROM]<br />
* [https://news.ycombinator.com/item?id=22849837 https://news.ycombinator.com/item?id=22849837]<br />
* [https://arstechnica.com/information-technology/2019/09/developer-of-checkm8-explains-why-idevice-jailbreak-exploit-is-a-game-changer Developer of Checkm8 explains why iDevice jailbreak exploit is a game changer]<br />
<br />
<br />
[[Category:Exploits]]<br />
[[Category:Bootrom Exploits]]</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=Fugu&diff=118290Fugu2021-10-04T14:04:17Z<p>AknipGD: AAAAAAAAAAA</p>
<hr />
<div><br />
'''Fugu''' is an open-sourced, [[semi-tethered jailbreak]], developed by Linus Henze, based on [[checkm8 Exploit|checkm8]]. It currently only supports the [[t8010|A10 Fusion]] and [[t8011|A10X Fusion]] SOCs. <br />
{{stub|software}}<br />
[[Category:Jailbreaks]]<br />
[[Category:Jailbreaking]]</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=Fugu&diff=118289Fugu2021-10-04T14:03:36Z<p>AknipGD: s,clfflhksdjvghlsdjbsdklgjwdlfgjad</p>
<hr />
<div><br />
'''Fugu''' is an open-sourced, [[semi-tethered jailbreak]], developed by Linus Henze, based on [[checkm8 Exploit|checkm8]]. It currently only supports the [[t8010|A10]] and [[t8011|A10X Fusion]] SOCs. <br />
{{stub|software}}<br />
[[Category:Jailbreaks]]<br />
[[Category:Jailbreaking]]</div>AknipGDhttps://www.theiphonewiki.com/w/index.php?title=Fugu&diff=118288Fugu2021-10-04T14:03:20Z<p>AknipGD: names</p>
<hr />
<div><br />
'''Fugu''' is an open-sourced, [[semi-tethered jailbreak]], developed by Linus Henze, based on [[checkm8 Exploit|checkm8]]. It currently only supports the [[t8010|A10]] and [[t8011||A10X Fusion]] SOCs. <br />
{{stub|software}}<br />
[[Category:Jailbreaks]]<br />
[[Category:Jailbreaking]]</div>AknipGD