Stefan Esser, better known in the jailbreak community as i0n1c, was responsible for one of the most successful exploits in jailbreak history. While the iOS 4.3.1 jailbreak was certainly a collaborative effort, Esser’s work was perhaps the most important.

No one likes to connect their iDevice to their computer every time they reboot, and i0n1c’s untether meant they didn’t have to. What made it so successful? The fact that the exploit continued to work through iOS 4.3.2 and 4.3.3 updates.

Have you ever wondered what goes into hacking the most secure mobile operating system? Esser tells all in this 97 page paper…

Stefan Esser was a speaker at the annual Black Hat Security Conference, held in Las Vegas last month. He gave a presentation based on a paper he wrote entitled iOS Kernel Exploitation. iPhoneinCanada provides an excerpt from his speech:

“The iPhone user land is locked down very tightly by kernel level protections. Therefore any sophisticated attack has to include a kernel exploit in order to completely compromise the device. Because of this our previous session titled “Targeting the iOS Kernel” already discussed how to reverse the iOS kernel in order to find kernel security vulnerabilities. Exploitation of iOS kernel vulnerabilities has not been discussed yet.”

During his presentation, i0n1c also revealed the hardware he used to hack iOS. Among the tools were a 470k resistor, a USB to Serial breakout board, a PodGizmo connector, and two mini USB-B to USB-A cables.

This stuff goes way over our heads. But if you’re interested in reading i0n1c’s full paper, you can read all 97 pages of it here. It’s amazing that all of this work can be replicated by jailbreakers with the click of a button.

What do you think? Anyone planning on trying it out? (We’re probably just going to stick with RedSn0w โ€” much simpler that way.)


  • Yeah, trying it out soon.

  • Dane

    I actually always find ways to jailbreak each new iOS version on my own. It’s not hard, I just don’t want to be bothered working on software releases for the public who all complain and find unique bugs and glitches plus I don’t want to have the threat of Apple harassing me with some frivolous lawsuit because they can’t secure their devices

    • Albert

      I doubt you even know how to hack an Android phone, and saying you find your own exploits. Apple has never sue a hacker for hacking iOS, the most they have done and do is patch the exploit with a new firmware release. they have ven hired some hackers.

    • Theadobeflash

      it wonder if anyone has actually done that (found an exploit kept it to themselves so it wouldnt be patched ?

    • I doubt you could, plus if you did find an exploit you don’t have to compile a software release I’m sure any real jailbreaker would love to do it for you.

    • Theadobeflash

      btw you understand comex made $40,000 from jailbreakme 2.0 alone! if you dont release an exploit you are stupid as hell (LeeRoy Jenkins)

    • Theadobeflash

      and why would you say you always find new ways? if its not public it wont be patched !?

  • Dane

    I work for Chinese government

    • mattt

      yeah im sure you do.

    • YOU’RE A FAKER AND A FRAUD!!!!!!!!!!!!!!!

      Earlier you said you were afraid of Apple suing you…. “….Apple harassing me with some frivolous lawsuit…”

      Now you say you work for the Chinese Government!

      If you really worked for the Chinese Gov, then there is no way in Hell that Apple could touch you!


      – Eric

  • Jailbreaker

    Well done guys we appreciate all ur hard work!!!……ya right ^^^^^^

  • killa574

    shyt i work on area 51 whit ufo and aliens

    • HaHaHa

    • Meh

      Sure you do. You work in a top secret military base and can’t even spell SHIT?

  • Jailbreaker

    Dane ur full of shit…u cant do what these geniuses do

    • lololol

      He can do your mom

      • Blablabla

        Haha..nice one ๐Ÿ˜‰

  • goofygreek

    Nice, now i just wish i was better at coding. I would love to be able to hack my own iphone.

  • I’m sure that stuff doesn’t cost that much. But I wouldn’t do it b/c of the thought of permanently messing up my phone. I’ll leave it to the professionals.

  • John doe

    I think i0n1c is a peace of shit!

    • Calling out goofygreek

      You’re bad at spelling

  • That’s why you put your name as john doe

  • Jason Masters

    These guys are geniuses the work it takes to create a jailbreak is outstanding!

    • lololol

      Away, pervert!

      • Jason Masters

        Same person different name troll you will eventually get banned so have fun knock yourself out so pathetic

  • Rich

    Not defending him, but it’s possible he did find his own way to hack it and kept it to himself. And new coding in general would prolly mean he would have to re-do it anyway. If anyone other than the big name jailbreakers said they did it, you prolly would call BS, lying or not. Just like if a random guy on the street said he played professional football, you wouldn’t belive him. But there are many that have and people don’t know cause they didn’t have a big name in the sport.

  • Geez

    Good job not crediting pod2g or iClarified. The iPhoneinCanada “excerpt from his speech” is actually the Black Hat session description posted on the original article.

  • ic0edx

    I love this stuff, I wish learned all this when i was a kid. It’s not to late just started my C++ class 3 week ago.

  • Adam

    Lol @ Dane.

  • Keith

    Is the link for the 97 pages not working for anyone else?

  • Scaredy Shroom

    Hell, I’d be willing to learn this stuff and make exploits for the community (because they’re great!) if someone could just start me off)

    • stfudvs

      learn how to code first, c++ vb, learn unix, learn to walk before you try to run

  • JP

    Yea, I do haking of my one iphone. it is really cool. im the guy behind the scenes doing the hacking. comex, geohot and all of thos other guys just take the stage, its really me who is developing it.

    LOL, of course not. Sorry dane.

  • Stevie May

    Shame exploit don’t work on 4.3.5 cus I cannot downgrade

  • Stevie May

    Shame exploit don’t work on 4.3.5 because I cannot downgrade

  • Stevie May

    Shame exploit don’t work on 4.3.5 because I cannot downgrade from it at all

    • stfudvs

      apple is still signing 4.1, u can use iReb to get to pwned DFU and use shift+restore in iTunes and point to a stock or custom 4.1 then u can have untethered jb

  • Greensprout

    Dead link!

  • stfudvs

    Dane is a troll, but there are people who keep exploits for themselves in iOS, as in any system that draws the eyes of hackers

  • Me

    I work in computer security, specialising in mobile devices. I’m at MyGreatFest UK on Saturday – knew Stefan gave a talk at BH but didn’t know the paper had been released already – thanks iDB. Gonna read it on the train down tomorrow ๐Ÿ™‚