Difference between revisions of "Jailbreak (S5L8920+)"

From The iPhone Wiki
Jump to: navigation, search
(Jailbreak tools: Because tables solve life's problems.)
(Jailbreak tools: Added Jailbreakme.)
Line 26: Line 26:
 
|style="width:100px;"| 3.2?
 
|style="width:100px;"| 3.2?
 
|style="width:100px;"| 3.2.1?
 
|style="width:100px;"| 3.2.1?
  +
|-
  +
| [[Jailbreakme]]
  +
| {{no}}
  +
| {{yes}}
 
|-
 
|-
 
| [[Spirit]]
 
| [[Spirit]]
Line 54: Line 58:
 
| {{no}}
 
| {{no}}
 
| {{no}}
 
| {{no}}
  +
|-
  +
| [[Jailbreakme]]
  +
| {{no}}
  +
| {{no}}
  +
| {{no}}
  +
| {{no}}
  +
| {{no}}
  +
| {{yes}}
  +
| {{yes}}
 
|-
 
|-
 
| [[purplera1n]]
 
| [[purplera1n]]
Line 109: Line 122:
 
| {{no}}
 
| {{no}}
 
| {{no}}
 
| {{no}}
  +
|-
  +
| [[Jailbreakme]]
  +
| {{no}}
  +
| {{no}}
  +
| {{no}}
  +
| {{yes}}
 
|-
 
|-
 
| [[redsn0w]]
 
| [[redsn0w]]

Revision as of 22:24, 1 August 2010

When the iPhone 3GS was initially released, Apple did not have enough time to fix the 0x24000 Segment Overflow in the S5L8920. However, in order to flash an exploited LLB and jailbreak the iPhone 3GS, one of the following needs to be done:

  • Find a new iBoot exploit every time a new firmware is out.
  • Find a way to bypass the ECID checks.
  • Find another bootrom exploit that allows unsigned code executing via USB (Pwnage 2.0-like)

This also applies to the iPhone 3GS with the new bootrom, iPod touch 3G and later devices, except a bootrom exploit is needed as well.

ECID

Apple added a new tag to the IMG3 File Format called ECID. The ECID is unique to each phone, and its signature is being checked. With this method, Apple attempts to block downgrades once newer firmware becomes available, unless you have a dump of your old firmware's unique IMG3 or signed certificate. Therefore, iBoot exploits won't be so useful for tethered jailbreaks, because such exploits will be closed in new firmwares. [1].

The issue with this is that, even with the 0x24000 Segment Overflow still in bootrom, an iBoot exploit is still needed to actually flash the exploited LLB. If Apple uses this ECID stuff to block downgrades, then a new iBoot exploit will be needed whenever they fix the last, so that the 0x24000 Segment Overflow can be applied. This is because Apple could choose to not let you upload an older, exploitable iBEC/iBoot/iBSS to the device.

There are methods to help keep your downgrading ability, though.

  • If it was cached prior to 3.1's release, 3GS owners can save a file which contains the signature of the 3.0 iBSS containing their ECID, using the purplera1n website.
  • Saurik's servers are actively caching the necessary files. Instructions to use the servers are included.
  • The SHSH associated with an ECID can be also saved by running TinyUmbrella. TinyUmbrella allows the user to restore to whatever version is associated with that SHSH file permanently. This is based on the aforementioned service Saurik provides remotely from his server(s).

Jailbreak tools

iPad

Jailbreak Tool Works with firmware...
3.2? 3.2.1?
Jailbreakme No Yes
Spirit Yes No

iPhone 3GS

Jailbreak Tool Works with firmware...
3.0? 3.0.1? 3.1? 3.1.2? 3.1.3? 4.0? 4.0.1?
blackra1n No No Yes1 Yes1 No No No
Jailbreakme No No No No No Yes Yes
purplera1n Yes No No No No No No
PwnageTool No No Restore from a custom firmware2 Yes Restore from a custom firmware2
redsn0w 0.8 0.8 0.9.21 or 0.9.31 0.9.21 or 0.9.31 No No No
Spirit No No No Yes Yes No No

1 Tethered jailbreak on devices with the new bootrom.

2 Only applicable for devices with the old bootrom. Requires the device to have signature checks disabled (pwned).

iPod touch 3G

Jailbreak Tool Works with firmware...
3.1.1? 3.1.2? 3.1.3? 4.0?
blackra1n Yes1 Yes1 No No
Jailbreakme No No No Yes
redsn0w 0.9.21 or 0.9.31 0.9.21 or 0.9.31 No No
Spirit No Yes Yes No

1 Tethered jailbreak.