December 25, 2024
iH8Sn0w Discovers iBoot Exploit Making A5(X) Devices Jailbreakable for Life!

iH8Sn0w Discovers iBoot Exploit Making A5(X) Devices Jailbreakable for Life!

Posted February 1, 2014 at 8:39pm by iClarified
iH8Sn0w has announced the discovery of an iBoot exploit that makes A5(X) devices jailbroken for life!

The A5 processor is used in the iPhone 4S, iPad 2, Apple TV 3G, iPod touch 5G, and iPad mini. The A5X processor is used in the iPad 3.

iH8Sn0w posted the A5 AES keys to Twitter earlier today:


A5 AES Keys anyone? 4S 7.0.4 iBSS -iv 3a0fc879691a5a359973792bcd367277 -k 371e3aea9121d90b8106228bf2b5ee4c638a0b4837fefbd87a3c0aca646e5996

He also noted that all the A5(X) AES keys will be posted here shortly.

All A5(X) AES Keys will be posted on @icj_’s http://www.icj.me/ios/keys as soon as I clean this up a bit more :)

While the iBoot exploit is not as good as a bootrom exploit, iH8Sn0w notes that it is very powerful and will result in his A5(X) devices having an untethered jailbreak for life.


So looks like all my A5(X) devices are fully untethered and jailbroken for life now. :)

No. This isn’t a bootrom exploit. Still a very powerful iBoot exploit though (when exploited properly ;P /cc @winocm).


Please follow iClarified on Twitter, Facebook, or RSS for updates. If you haven't jailbroken already please use the iClarified Jailbreak Wizard to jailbreak your device.

Update:
It appears that this exploit may never go public, according to a tweet from winocm.

@iH8sn0w @livealex13 this one isn't ever going public. It's hell to use.

So why is this important? If kept private, this exploit can be used to help find other ones. We now have a 'secret weapon' that can be used to grab encryption keys and find new jailbreaks on newer firmwares and devices!

Read More




iH8Sn0w Discovers iBoot Exploit Making A5(X) Devices Jailbreakable for Life!
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (33)
You must login or register to add a comment...
odedoo1
odedoo1 - February 9, 2014 at 10:52pm
It seems like you guys are not understanding the meaning of this exploit! With this exploit that Apple can not close because it's hardware exploit and not software, will be able to upgrade A5(X) devices to any iOS that Apple will come out with and find software exploits for jail braking all devices.
mattlyon
mattlyon - April 1, 2014 at 7:38pm
Just like the iPhone 4....
odedoo1
odedoo1 - February 9, 2014 at 10:45pm
if i'm not mistaken he jailbroke his iPhone 5 iOS 6 24 hours after the release but he never shared that jailbreak with nobody and teasing everybody about it for 6 month that he is the only person walking around with an iOS 6 jailbroken iDevice till the evasion team managed to creat their own jailbreak for iOS 6. just covering my a*ss i'm not absolutely sure if it's him or another hacker which i rather not say his name but the story is true.
jasons
jasons - February 3, 2014 at 8:23pm
or he meant unlock the activation lock
Pr0toc0L
Pr0toc0L - February 3, 2014 at 7:28pm
Some people seem incapable of deciphering what is what. And unlock simply means "to unlock the phone from a particular CELLULAR provider and open it to any cellular provider". That is a world of difference from a jailbreak exploit that deals with thr entire OS of the device. Just because an iPhone is jailbroke DOES NOT mean it is unlocked. The two are entirely different.
Raniel
Raniel - February 3, 2014 at 1:55pm
I'm only interested in unlocking my iphone not this jailbreak exploits.
Chris
Chris - February 3, 2014 at 5:33pm
Why don't you just pay your carrier the 35 dollars or whatever the fee is to officially unlock it? Or does your carrier not support that?
odedoo1
odedoo1 - February 9, 2014 at 11:04pm
Just buy an Apple unlock, do a search for IMEI unlocking, it used to be really cheap but since it become against the law in the U.S, the prices went up in Europe but still worth it because you'll never ever need to worry about unlocking that device again and if it's locked by AT$T then it's really cheap. "IMEI unlock is Apple factory unlocking so it's forever ". And it's all done over the net.
gamerscul9870
gamerscul9870 - February 10, 2014 at 12:00am
At$t lol
mocha
mocha - February 3, 2014 at 5:14am
Why we bother to exploit the 1st world war's device, as we are in the middle of 3rd world war?
UltimateXtreme
UltimateXtreme - March 3, 2014 at 8:23am
Because a load of people are still using WW1 devices, which includes me. If I remember correctly, there are more iPad 2s than any other, and that its sales success made it into the GBoWRs (during WW1). And A5 devices are still certified to handle everything the next gens are, maybe not so well, but can handle it still.
XBMC FTW
XBMC FTW - February 2, 2014 at 3:01pm
Apple TV 3 - FINALLY !!!!! XBMC has a new home !!!
forty0z
forty0z - February 3, 2014 at 6:14am
There are better devices to use xbmc on that are cheaper. Like the ouya and other android devices.
Chris
Chris - February 3, 2014 at 5:34pm
Actually, the AT3 isn't jailbreakable because of this iBoot exploint. The device needs to be jailbroken first o be able to utilize this (from what I've heard).
Egon
Egon - February 4, 2014 at 2:22pm
there are 2 types of atv3
Saul
Saul - February 2, 2014 at 6:40am
I wonder is this going to tethered or untethered jailbreak?
Um....
Um.... - February 2, 2014 at 12:58pm
Why don't you try reading that again (maybe slower) & you'll answer your own question.
jasons
jasons - February 2, 2014 at 5:29am
but how many of them getting ios 8?
gamerscul9870
gamerscul9870 - February 2, 2014 at 5:31am
Me unless this idea of iOS 6 being unincluded is not being accepted.
Pr0toc0L
Pr0toc0L - February 2, 2014 at 4:20am
What Ive learned is there is no absolutes. There is no such thing as "unexploitable". So for hackers and developers, the claim of "permanent" jailbreak is merely an understanding rather than a set in stone concept. Its not that Apple cant eliminate such an exploit, it's that they would have to change the structure of the boot process, which is something that is generally a constant with little variable.
RogerWilco
RogerWilco - February 2, 2014 at 3:08am
I guess I don't see the importance of this when these devices will plateau soon in terms of OS upgradability. If I can't upgrade beyond iOS 7.0.4 and it's already jailbroken, I'm essentially already jailbroken for life, right? Does Apple go back and patch old versions of iOS? No, right? And the average iPhone user will upgrade their device in 3-4 years, if not sooner, so you'll be back to square one then anyway...Still, short term benefits are good, I suppose.
The Devils >> Devil....!!
The Devils >> Devil....!! - February 2, 2014 at 12:39am
so what ur saying is apple have no way, to access this hardcoded key, even though they designed and know every there is to know? if i designed something anything im sure i would know how to flush out what i don't want there! until i fully know how it works, i doubt everything i read or hear! unless its proven! plus tomorrow is another day who knows what comes next, these guys are at the top, and do what they like when they like!
n350z
n350z - February 1, 2014 at 11:40pm
Read this in a book i have and thought it might help explain in more detail. "Vulnerabilities inside iBoot are nearly as powerful as vulnerabilities inside the bootrom when it comes to features they can provide. These vulnerabilities have the downside that iBoot is not baked into the hardware and therefore they can be fixed by a simple software upgrade. Aside from this, iBoot is still early enough in the bootchain that boot arguments can be given to the kernel, the kernel can be patched, or the hardware can be used directly to perform GID key AES operations"
iuser
iuser - February 1, 2014 at 11:37pm
Hooray!!! Hope it works for my Apple TV 3!
1
Pr0toc0L
Pr0toc0L - February 1, 2014 at 10:38pm
Its possible if it goes into the kernel (which more than likely does) and is inserted into the actual boot processes itself. Any code bootable code can be entered into the boot process, this is how Apple or any OS is able to load an OS in the first place
George
George - February 1, 2014 at 8:54pm
Does this also allow downgrading?
Collin
Collin - February 2, 2014 at 1:08am
OMG i really Hope SOOOO!!!
n350z
n350z - February 1, 2014 at 8:45pm
He's also said he "will start working on A6 later" so who knows maybe A5 A6 A7 iboot coming ;)
gamerscul9870
gamerscul9870 - February 1, 2014 at 9:08pm
Unless apple doesn't include any iOS 6 anything added to iOS 7 jb, then this guy will have to add that to the jb list.
1
Me
Me - February 1, 2014 at 8:41pm
Apple TV 3?? Hope so!
The Devils >> Devil....!!
The Devils >> Devil....!! - February 1, 2014 at 8:57pm
Im Not Sure How Sure How This All Works, Surely Apple Could Patch It Once It Heard, A Jailbrake 4 Life To Me Is Only Possible With No Software Updates On The Device? I Don't See How a Jailbroken Device Could Exist With Software Updates For Life When No 1 Knows Which Way Apple Decide 's To Go? I Might Be Wrong! But I Guess No-One Really Knows?
Chris
Chris - February 1, 2014 at 9:04pm
If its for life it means a software update cannot patch it. It's hard coded into the physical unit itself.
n350z
n350z - February 1, 2014 at 9:09pm
Have the AES keys allows the booting of unsigned code meaning its possable to inject unsigned code
Recent. Read the latest Apple News.
RECENT
Tutorials. Help is here.
TUTORIALS
Where to Download macOS Sequoia
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.
DEALS