Jailbreak iPhone 4S, iPad 3, iPad 2, iPad Mini and iPod Touch 5G for Life!
Developer of popular jailbreak tools, p0sixspwn and sn0wbreeze, the iH8sn0w has tweeted that he successfully become able to jailbreak for life by finding a new iBoot exploit. This exploit will make A5(X) devices jailbroken for life.
A5X jailbreak for life:
iH8sn0w has discovered this iBoot exploit to untether jailbreak devices powered by Apple A5(X) processor chips. This new exploit discovered by iH8sn0w should make all the A5(X) devices jailbroken for life. These devices powered by the A5 and A5X chips include:
- iPhone 4S
- iPad 2, iPad 3
- The iPad Mini (not Retina)
- iPod touch 5G
- Apple TV 3
According to web, "iBoot is Apple’s stage 2 bootloader for all of the devices. It runs what is known as Recovery Mode. It has an interactive interface which can be used over USB or serial." While iBoot is patchable with iOS updates, the jailbroken device puts in place a safeguard to prevent iBoot being overwritten, hence remaining jailbroken for life.
There was a lot of heat if it was an iBoot exploit or a BootROM one, however, iH8sn0w has clarified that it is an iBoot exploit. Remember that this is being given such a great hype because jailbreak community has never seen this much significant developed since GeoHot exploit in 2010. The limerain exploit used by GeoHot made it possible to jailbreak for life devices like iPhone 3GS, iPhone 4 and more.
The sad news is that iH8sn0w plans to keep this exploit secret so that it could be used in future jailbreaks of A6 chips. Here is what Saurik has to say about this A5(X) jailbreak for life exploit:
For informational purposes (as many people reading might not appreciate the difference), to get the encryption keys you only need an "iBoot exploit", not a "bootrom exploit". It is easier to find iBoot exploits (being later in the boot sequence, it has a larger attack surface: it has to be able to parse filesystems, for example), and they do afford more power over the device than an untethered userland exploit (in addition to letting you derive firmware encryption keys, you can boot custom kernels, and you might be able to dump the bootrom itself), but they are software updatable as part of new firmware releases from Apple and may have "insane setup requirements" (like, you might pretty much need an already-jailbroken device to actually setup the exploit). You thereby wouldn’t see an iBoot exploit used for a jailbreak (unless everyone is out of ideas for a very long time): instead, you’d see it hoarded away as a "secret weapon" used by jailbreakers to derive these encryption keys, making it easier to find and implement exploits on newer firmware updates for the same device (especially kernel exploits, where even if you have an arbitrary write vulnerability you are "flying blind" and thinking "ok, now where should I write? I can’t see anything… :’("). - reddit