The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Redsn0w"
(Fixed wiki markup, and moving a question to the talk page.) |
|||
Line 108: | Line 108: | ||
* Can update the baseband on the [[X-Gold 608]] to [[6.15.00]], allowing the reuse of the [[AT+XAPP Vulnerability]] |
* Can update the baseband on the [[X-Gold 608]] to [[6.15.00]], allowing the reuse of the [[AT+XAPP Vulnerability]] |
||
|- |
|- |
||
+ | ! style="white-space: nowrap;" | |
||
=== 0.9.6 beta ==== |
=== 0.9.6 beta ==== |
||
Line 115: | Line 116: | ||
** [[Tethered jailbreak]] on devices that are not vulnerable to [[Pwnage 2.0]] or [[0x24000 Segment Overflow]]. |
** [[Tethered jailbreak]] on devices that are not vulnerable to [[Pwnage 2.0]] or [[0x24000 Segment Overflow]]. |
||
* Can update the baseband on the [[X-Gold 608]] to [[6.15.00]], allowing the reuse of the [[AT+XAPP Vulnerability]] |
* Can update the baseband on the [[X-Gold 608]] to [[6.15.00]], allowing the reuse of the [[AT+XAPP Vulnerability]] |
||
+ | * Allows you to "deactivate" a hacktivated phone, so sbinger's [http://www.bingner.com/SAM.html Subscriber Artificial Module] (SAM) can trick your iPhone and [[iTunes]] into creating legitimate activation tickets. |
||
− | ** Quote From Dev-Team "Update #6: Developer @sbingner (author of TetherMe) has made some excellent progress devising a new hactivation method that kills two birds with one stone for all you ultrasn0w unlockers. His tool, “Subscriber Artificial Module (SAM)” tricks your iPhone and iTunes into creating legitimate activation tickets even though you’re unlocked with ultrasn0w. This means you get the full benefit of push applications, and your battery life increases substantially. If you’d like to try it out, check out http://www.bingner.com/SAM.html |
||
− | To help make it easier to try out @sbingner’s tool, we’ve updated redsn0w to include a new “Deactivate” option for the 3G and 3GS. Use this option *after* you’ve installed SAM…it will remove the normal patches made to lockdownd and let SAM take over. (sbingner plans on making a button to do this within SAMPrefs too). Great work, @sbingner!" End Quote. |
||
− | |||
|} |
|} |
||
Line 144: | Line 143: | ||
[[Category:Hacking Software]] |
[[Category:Hacking Software]] |
||
− | |||
− | ===Custom Boot Logo Tethered=== |
||
− | If we chose to "Boot Tethered" in redsn0w, can we use our own custom boot logo? Or at least make a new pwnapple? It's getting kind of Old... |
||
− | [[User:xX-BLACK_OPS-Xx|xX-BLACK_OPS-Xx]] |
Revision as of 06:32, 3 December 2010
redsn0w was originally called QuickPwn but due to the theft and exploitation of the name, QuickPWN by quickpwn.com, as of iOS 3.0, QuickPwn was discontinued and redsn0w (at the time, version 0.7) was converted into a jailbreaking tool for all current devices as well as providing unlock support the iPhone 2G. As of version 0.8, the iPhone 3GS can also be jailbroken through redsn0w.
Version 0.9 beta 3 was released for Windows and Mac OS X, and it allows iOS 3.0 through 3.1.2 to be jailbroken. It includes support for all devices except the iPod touch 3G, and supports a tethered jailbreak on iPhone 3GS units and iPod touch 2G units with new bootroms. In addition, this version supported custom boot and recovery mode logos, as well as verbose mode on bootup.
The final release, version 0.9.2, supports jailbreaking of all iDevices (at the time) with iOS 3.0 through 3.1.2 on Windows and Mac OS X, as well as 3.1.3 on S5L8900 devices. Version 0.9.3 adds support of internet tethering IPCC hack on those devices and 0.9.4 allows jailbreaking of early iPod touch 2G with iOS 3.1.3.
Version 0.9.5b5-5 supports jailbreaking the iPhone 3G and iPod touch 2G (old bootrom) with iOS 4.0 on Windows and Mac OS X.
redsn0w 0.9.6b2 can jailbreak iOS 3.2.2, and 4.0 through 4.1 on every device that supports those versions, on Windows and Mac OS X.
Contents
Credit
Versions
Version | Release date | Changes |
---|---|---|
0.8 |
July 2009 |
|
0.9.2 |
Unknown |
|
0.9.3 beta |
Unknown |
|
0.9.4 |
Unknown |
|
0.9.5 beta 5-3 |
June 21, 2010 |
|
0.9.5 beta 5-4 |
Unknown |
|
0.9.5 beta 5-5 |
Unknown |
|
0.9.6 beta 1 |
September 21, 2010 |
|
0.9.6 beta 2 |
October 31, 2010 |
|
0.9.6 beta 3 |
November 2010 |
|
0.9.6 beta 4 |
November 23, 2010 |
|
0.9.6 beta 5 |
November 28, 2010 |
|
0.9.6 beta = |
December 1, 2010 |
|
Exploits used
For iPod touch, iPhone and iPhone 3G, see:
For iPod touch 2G, see:
- 0x24000 Segment Overflow
- ARM7 Go - was used to upload the oversized LLB required to utilize the 0x24000 Segment Overflow.
- usb_control_msg(0xA1, 1) Exploit - used to upload the oversized LLB to utilize the 0x24000 Segment Overflow. It is also used for a tethered jailbreak on units with the new bootrom.
For iPhone 3GS, see:
- 0x24000 Segment Overflow
- iBoot Environment Variable Overflow - Exploit has a different implementation from geohot's implementation in purplera1n.
- usb_control_msg(0x21, 2) Exploit
- limera1n exploit
For iPod touch 3G
- usb_control_msg(0x21, 2) Exploit
- limera1n exploit
for iPhone 4, iPod touch 4G, iPad and Apple TV 2G
- limera1n exploit