iPhone Dev-Team Posts Video of Broken iBoot
Posted July 13, 2008 at 11:15pm by iClarified
The iPhone Dev-Team has posted a video showing a command line tool which talks to your iPhone and decides what gets run!
This is the command line to talk to your iPhone's "BIOS" of sorts. It decides what gets run (if it's signed correctly) or not. Normally it's very restrictive. Unless it's been pwned.
Pwnage breaks the chain of trust from the very earliest boot stage, and as the video shows, this chain has now been broken on the iPhone 3G. Given that the only thing lower than this is ROM, Apple will have to change the hardware to prevent us from getting in, and we don't expect them to ask for your phone back so they can "fix" it.
Please note that this has been anything but trivial, and it wasn't as easy as porting our old code to the 3G iPhone. Many of our best hackers have been working in long shifts all weekend on this, and continue to do so as I write this post.
In geohot's famous words:
"IT GIVES YOU A FULL INTERACTIVE SHELL
I REPEAT, A FULL INTERACTIVE SHELL"
Note that this is indeed what geohot was talking about when we first talked to it almost a year ago. It exists because iTunes needs something to interact with when restoring the phone, but as mentioned above, is normally heavily restricted, only allowing Apple-approved code to run.
----------
This is the command line to talk to your iPhone's "BIOS" of sorts. It decides what gets run (if it's signed correctly) or not. Normally it's very restrictive. Unless it's been pwned.
Pwnage breaks the chain of trust from the very earliest boot stage, and as the video shows, this chain has now been broken on the iPhone 3G. Given that the only thing lower than this is ROM, Apple will have to change the hardware to prevent us from getting in, and we don't expect them to ask for your phone back so they can "fix" it.
Please note that this has been anything but trivial, and it wasn't as easy as porting our old code to the 3G iPhone. Many of our best hackers have been working in long shifts all weekend on this, and continue to do so as I write this post.
In geohot's famous words:
"IT GIVES YOU A FULL INTERACTIVE SHELL
I REPEAT, A FULL INTERACTIVE SHELL"
Note that this is indeed what geohot was talking about when we first talked to it almost a year ago. It exists because iTunes needs something to interact with when restoring the phone, but as mentioned above, is normally heavily restricted, only allowing Apple-approved code to run.
----------