MuscleNerd: no A5+ bootrom exploit

By , Jul 3, 2013

apple a5

For those of you holding out hope that a bootrom exploit has been discovered for newer iOS devices, you’re going to have to keep hoping. That’s because famed iOS hacker, MuscleNerd, has confirmed that no A5+ bootrom exploit exists. A bootrom exploit is extremely desirable, because it means that the device could be permanently susceptible to a tethered jailbreak, much in the same vein as limera1n for pre A5 devices.

Many have speculated that p0sixninja’s work has something to do with a bootrom exploit, but this pretty much squashes such speculation. Not all hope is lost, though. When asked if Apple has defeated jailbreakers, MuscleNerd responded like this:

I can’t say I’m surprised that no bootrom exploit exists. What do you say?

  • Share:
  • Follow:
  • Adel Ali

    F**k

    • Your Daddy

      thanks for censoring

    • Guest

      What starts with F and ends with UCK? FIRE TRUCK! HABAhahaha

      • Zorvage

        This is not a time for jokes. This is a time for crying.

      • fl0manel

        And mourning for this loss…

      • JomanJi

        not 4 us w/ A4 devices =D

    • MOM

      Son wyd

      • Your Daddy

        lol you’re here again

  • Leviscus Tempris

    Makes sense. Larger than jailbreak we will all keep speculating. No 5 bootrom exploit isn’t the end. Just means that we all need to be more careful what we do to our devices and keep working towards a new jailbreak.

  • J M

    I have never understood the allure of a tethered jailbreak (I understand it’s a stepping stone to hopefully an untethered solution). But, for useability, who wants to be stuck without a phone if you’re phone dies, crashes, or for some reason needs to reboot? What am I missing?

    • tim

      As of 5.0, a talented hacker (I think @optimo contributed in some way) created semi tether, where if you boot your phone without the aid of a computer, it works fine, just nothing jailbreak works. Whether or not that’s working on iOS 6.1.3 though..I don’t know. If there’s ever enough demand for it, it will be maintained

      • Your Daddy

        why do u cal yourself tim and not optimo then

      • Alberto Martinez

        He (tim) is not @optimo, he is saying the hacker @optimo might have contributed on the semi tether “where if you boot your phone without the aid of a computer, it works fine, just nothing jailbreak works”. Pay attention next time.

      • tim

        yeah pal i’m not optimo, didn’t say i was either.

      • http://www.funtechblog.wordpress.com./ Bobby McBobson

        oh ok sorry man

      • Mhmd Bassam Nasyr

        works with ios 6.1.3 using it on i4 with ios 6.1.3

    • John Sklikas

      Also developers can have their tweaks ready for the untethered jailbreak on the latest version of iOS by doing a tethered jailbreak in their development devices. Really important reason…

    • Eric

      That is what semi-tether is for. Tether jailbreak is really just for developers so when the untethered is out and everyone rushes to get their favorite third party extensions there are no incompatibilities or bugs that come from the new OS.

  • leart za jmi

    I hate no a5+ bootrom exploid, and i hate that i am stuck in 6.1.3 :)

    • Juan Herrera

      Being on 6.1.3 is your real problem.. not JB anymore.. probably using a 4 or 4s huh? What did you do to lose your JB, installed the ios 7 beta or something else?

      • leart za jmi

        I had 5.1.1 till 1 one week ago.
        I was trying to refresh the ios since i use it without restoring for 10 month.
        I tried ifile, everything went fine, so i decide to go further and i did a restore with semi-restore.
        It look fine at the start but after i noticed that the cydia and tweaks are not working, tried some solution but without results.
        And i dont had shsh blobs since my phone was with 5.1.1 from factory but i use it for the first time in september.
        So now i am on sad 6.1.3 :(

      • Rafael Romero

        Same happend to me but instead of restoring i did the RAT restore process and everything is back to normal! In my experience semi restore works but not with cydia tweaks!

      • leart za jmi

        Not only the tweaks, even cydia was missing something and it was opening in some bizare state.
        I would recommend to anyone, just use icleaner, restoring is not possible without itunes

      • Kimleang

        if you device on 5.1.1 why don’t you use redsn0w to restore. but now it too late :(

      • leart za jmi

        I know how to use redsn0w, but i had no shsh blobs for 5.1.1 since i used my phone for the first time in september 2012, at the time the windows for 5.1.1 was closed and apple signed only ios 6 shsh..
        No tool can grab shsh from a ios installed on your device, need to be singned by apple directly.
        So i am go e through the best 5.1.1 to the rest 6.1.3 :(

      • Steve Chavez

        When you semi-restore using the R.A.T. process, you need to ‘rejailbreak’, to reinstall cydia, tweaks, and sources. Same happened to an iPhone 5 ios 7.0.4 jailbroken device that i had. i restored all tweaks, settings, and even cydia. Though it was a fail, i had to rejailbreak it to avoid a restore. Hope this helped!

    • Your Daddy

      you can maybe jb tethered or semi tether if you have a4 device and i think a5

      • leart za jmi

        I dont have a a4 device, anyway a tethered iphone is very anoying, better to stay in genuine ios..

  • Your Daddy

    Noooooooooooooo

  • Cameron Nelms

    Maybe he made his own OS, completely different from Apple’s, I doubt it, but still

    • CaffeinePizza

      And to install it, you would have to have a bootrom exploit so no.

      • Your Daddy

        what

      • Andyxyoona

        You need a Bootrom Exploit to load custom firmwares (with the patched Kernels) therefore a complete OS won’t be possible.

      • Ethan

        There is one exception to that rule, you can make custom OS/Apps/JB if you have valid key to sign it with.
        (However I’m not 100% sure about signing OS because it checks it with Apple servers when you try to install it.)

        If they have a key they can just make Cydia app, sign it with keys that allow app to access all areas (like system apps on iOS do) and distribute it so you just put it in iTunes and install it
        (this isn’t even like sneaking trough yard and lockpicking the back door like all previous JBs, this is like getting the key to the front door :) )

      • Andyxyoona

        Yes. But if you want to installed a signed app like that. You would most likely require a jailbreak or some sort of exploit first.

      • Jack

        not with a PWNED DFU restore (i think thats what its called)

  • hussain mushima

    no A5+ bootrom exploit, But there might be A6 bootrom exploit

    • Johnathan Jennings

      No. A5+ includes A6 man..

      • Your Daddy

        Aw Crap

      • ClaudieX X

        Don’t let him down !!! :)

      • Jack

        Unless Apple really screws up and doesn’t realize it until after release

  • headd29

    Does this mean there’s no way to downgrade iOS versions on those devices, even if you have your SHSH keys saved?

    • CaffeinePizza

      yes

      • Your Daddy

        yes except for a4 or lower.

      • CaffeinePizza

        Correct.

      • Your Daddy

        ok

  • ClaudieX X

    Thanks God that my new iPad mini came with 6.1.2 !!!! Very Very Close !!! but enough to jailbreak it one week later… and now we are inseparable!

    • Your Daddy

      Wow that’s awesome i’m sure it’s better jailbroken

  • Edwin O Crespo

    The only Reason Ppl have iPhones is because We can jailbreak it. If apple do something to stop ppl from jailbreaking they’re phone they will Regret it.

    • Your Daddy

      They should give people a choice: jb or no jb. however apple does not want jb’ing because people pirate apps and steal iap’s.

    • Jarryd Richards

      What about the other half billion people who don’t jailbreak their device.

      • blastingbigairs

        In modern society we call them the elderly.

  • Maxim∑

    A5+’s architecture wont allow a boot ROM exploit

    • John Sklikas

      This is the most careless statement I’ve read in quite a while, there might be one, its just that nobody has found it yet… Unless you’re a hacker and scanned all the bootrom (nobody has done this yet) you can’t make such statements.

      • Maxim∑

        I was being serious it’s all on Apples dev website on the security portion…., This was implement on all AX devices. The beauty of the 3GS is that it didn’t require signing to move onto the next stage.

        ” This immutable code is laid down during chip fabrication, and is implicitly trusted. The Boot ROM code contains the Apple Root CA public key, which is used to verify that the Low-Level Bootloader (LLB) is signed by Apple before allowing it to load”

      • John Sklikas

        The most valid reply is this, the A4 is an AX device too. I don’t say that it’s easy because it isn’t but it isn’t impossible either…

  • Andyxyoona

    Guys. He’s just saying theres none as of now. It’s not like its end of the world… There’s still a possibility that they might find it, but just not today

  • http://klikkit.co.uk/ Jake – Klikkit

    Am I the only one thinking that this could just be to deter Apple from focusing on finding the exploit(s)?

  • Guest

    Same happend to me but i just reinstalled mobilesubstrate from cydia and it worked fine from then on

    • Rockwell mellow

      Wut

      • Jack

        I think he was trying to reply to someone but hit the wrong button

        but still great fail

        or just spam

  • Ian

    If a ios7 untetherd jailbreak came out will you be able to then be able to jailbreak untetherd on ios 6.1.3 ??

    • Dylfo

      No

      • Jack

        evad3rs have an exploit for iOS 6.1.3 they are just saving it to see if any of it works on iOS 7

  • Roger Riekki

    Can’t say I’m suprised :(

  • Dylfo

    What would you be able to do with a boot Tom exploit?

    • Jarryd Richards

      Jailbreak any applicable ios device indefinitely. Bootrom exploits use exploits in the hardware, so if apple wanted to patch it they would have to release a new device.

  • Gorgonphone

    I will keep my 5 on 6.1.2 as long as i have to…. Oh and decs need to be working on a spoof method to alow ios downgrades

  • batongxue

    Shit!
    Shite!
    How come shit is not censored?

  • 3aloo1

    Really what is the bootrom exploit summary please help

    • Jack

      Back on A4 devices (iPod Touch 4g iPhone 4 and i think the iPad 3) there is an exploit called limera1n and it targets the bootrom of the device to allow it to boot. The bootrom exploit is the most valuable thing a hacker could discoverand if it is discovered can change the way we jailbreak for at least another generaton of iDevices.

  • iOops

    The days of the easy jailbreaks seem to be coming to an end. Without a jailbreak, the iPhone is just a phone. I need a smart phone damn it.

  • F. Bh

    Hello experienced users, I am new to this apple world( just been 15 days of use)
    I ve an ipad A1460(4th gen) an a5 processor device.
    Can someone explain me what does “bootrom jailbreak/exploit” mean??? Tried to google out, but didn’t get any clear idea.
    Nd what is the difference between simple jailbreak and “bootrom jailbreak”???
    Does the above post mean that my device can never be jail broken???? :( :( :(
    (Currently it has 6.1.3)

    • Freak Cleverman

      Let’s get things clear
      “Jailbreak” – is the process of removing the limitations Apple put in its iDevices and allowing to install tweaks and apps they will never allow.
      In order to jailbreak and put all the data It requires we need exploits, which is kind of security holes that let you step-by-step get into iOS and finally break it free
      “BootRom exploit” – is an exploit found in the hardware itself.
      that means Apple can’t patch it like software exploit with a firmware release.
      If Apple wants to patch it and close the security holes they will need to release a new hardware – new device.
      All the older devices with that bootrom exploit will be jailbroken forever – you will be able to jailbreak them whatever firmware is installed on them and Apple will never be able to patch it.
      However bootrom exploit alone is not enough – the jailbreak will be Tethered until some hacker will find another software exploit that will Untether it.
      With Tethered jailbreak everytime your phone crashes or needs a reboot for any other reason, You’ll need to connect it to a computer and go through the boot process.
      and if you won’t- it will be stuck in a boot loop until you will. (Hence Tethered – to the computer)
      Hope I was clear enough :)

      • F. Bh

        Thank you for clearing my doubts
        :)

      • bw00ds

        Excellent, Mr. Cleaverman.

  • jp2002

    Not possible. Apple has got nearly 5 levels of security, which covers your idea too.

  • Brandon Higgins

    :O did everyone see what posix just tweeted???

    • Jack

      no what

  • Helmuth Erwin Siep Jr

    Hey jeff or anyone knowledgeable, what do u use to jb i5 on ios 6.1.4? teathered or untheatered?? thanks in advance!

  • Helmuth Erwin Siep Jr

    hey, what do you guys use to jb i5 wiith 6.1.4 ios installed? teathered or untheatereD? thanks!

    • Jack

      Its impossible to jailbreak because evad3rs hasn’t released their exploits yet which at the moment is being saved for the release of iOS 7

  • Aditya Varman

    Yeah its time to downgrade to A4 devices :)

    • Jack

      Already did i can fall back to ios 5.0.1 if i wanted to bitchez
      i just hope there will still be ios 5.0.1 ipsws still around… but a dropbox account could help with that problem.

  • Gianca

    My only hope with a A5 device is a jailbreak! My ipad 3 is impossible to be restored. I always get an error. It’s very likely to be a baseband problem. Any suggestions would be so much appreciated. Thx