Newly discovered iBoot exploit makes A5(X) devices jailbreakable for life

By , Feb 1, 2014

jailbroken iphone 4s

“So looks like all my A5(X) devices are fully untethered and jailbroken for life now. :)” iH8sn0w, the developer behind Sn0wBreeze and other jailbreak apps, tweeted this afternoon. The comment has caused quite a bit of excitement, as we haven’t seen anything like this in jailbreaking since LimeRa1n.

iH8sn0w says he doesn’t have a bootrom exploit though, but rather a “powerful iBoot exploit.” And although it doesn’t look like he’s going to do anything with it right now in terms of a public release, it sounds like he’ll be able to use the exploit in future jailbreaks, and to find similar bugs in A6/A7 chips…

Ok, here are the tweets everyone is talking about:

iH8sn0w goes on to say that an iBoot exploit can be as powerful as a bootrom exploit when utilized correctly, and he’s going to start looking at A6 chips ‘later.’ But when asked if he planned to release the exploit, the hacker responded “nah. I’ll probably keep it private for development of future jailbreaks.”

So what does all of this mean in layman’s terms? Nothing right now. But iH8sn0w’s discovery could prove invaluable in future jailbreaks. And in a world where Apple is constantly beefing up iOS security, and able hackers are few and far between, it never hurts to have something like this in your hip pocket.

Thanks Matthew M!

  • Share:
  • Follow:
  • the miget

    Yes!!!!!!!!!!!!!

  • EpicFacepalm

    Hah, take that pod2g!

    • Liam Mulcahy

      Pod2g made many great jailbreaks possible please shut the hell up

      • EpicFacepalm

        It was no-offense to pod2g, and I agree I appreciate pod2g, I’ve jailbroken thanks to him after all.

        Well it seems a lot of people didn’t understand what I was talking about. pod2g was a lot angry with iH8Sn0w, winocm and SquiffyPwn because p0sixspwn burned a valuable exploit. But now iH8Sn0w has a more valuable exploit

      • Sam Khan

        And That exploit was patched in 7.1 B1

      • David Gitman

        B2 was still jailbroken

      • Sam Khan

        I’m talking about exploit used in 6.1.4/6.1.5 jailbreak

      • tw23777

        lol… how is an iBoot exploit that iH8sn0w has going to affect the evad3rs? iH8sn0w is most likely going to share it with the jailbreak devs so they can develop jailbreaks faster and easier..

        If anything, it will help them.

      • Lionelle

        More valuable exploit? This ain’t more valuable. The other exploit that they burned was usable in future iOS devices and if not used for 6.1.4/5 then also possibly for future iOS software. This new exploit is so far only for A5 devices. So it will be useless on everything from the iPhone 5, iPad 3 and up…

      • Jackie Zhao

        Lol… Use this iboot exploit to jailbreak Any A5 so they can find the hole to jailbreak other device .. Get it ..?? Stop hating ..

      • samosa queen

        What do you mean he burnt the exploit? The vuln he exploited on 6.1.3 was patched on 7.x.x. What is there to burn?

      • Tom

        It wasn’t patched in iOS 7.0. It was patched after iH8snow’s jailbreak came out. Most probably BECAUSE of the jailbreak.

    • Harald Tan

      Supposed to be Joshua Hill (P0sixninja)

  • Tan Zhi Kai

    ARGH. I want to downgrade to 6.1.4, with my SHSH now! But I cant. WTF

    • Tan Zhi Kai

      Then I can get a better ayecon

      • Victor

        Are you talking to yourself virtually.

      • Ted Forbes

        LOL!!!

      • Kiyashi Shizoku

        You just summed up the entirety of Twitter.

      • 3aloo1

        LOLOLOl

    • Palmer Paul

      You still wouldn’t be able to. It’s not a bootrom exploit (which is what is needed to enable SHSH downgrades), rather an iBoot exploit.

      • Tan Zhi Kai

        iH8sn0W: “actually, you can do anything a bootrom exploit can do. and I can bootstrap an older iboot to downgrade without shsh.”

      • Palmer Paul

        I stand corrected :)

      • UltimateXtreme

        Not related to the topic, but it’s nice to see someone humble enough to accept a mistake in today’s cudgelling internet. Respect you man!

    • Heff2010

      You can downgrade, it’s just kinda risky, you need to torrent a version if iOS that you want to run, open iTunes, hold shift and hit restore, it will open a menus to select what you want to restore with, select the torrented version of iOS, hit restore, and your done.

      ( if you try this this tell me if it still works, haven’t tried since last update)

  • samosa queen

    Well… no offense to iH8sn0w but I didn’t expect him to find such a vuln. I’d always thought p0sixninja, i0n1c, pod2g and geohot were capable only.

    • Matt Taylor

      Correct me if I’m wrong but Posixninja had been nothing but talk and empty promises for quite some time now!?

      • tw23777

        no. p0sixninja found the kernel vuln used in evasi0n, and exploited it… shared it with evaders and devs and they used/(stole) it..

      • Matt Taylor

        Oh, I didn’t know that! Sorry :-p

      • Palmer Paul

        ion1c hasn’t done much in awhile

      • Tom

        Except troll jailbreak users and developers.

        He’s an idiot. Just before the evad3rs dropped the original Evasi0n, he was criticising them for the delay and that percentage bar that they had on the Evasi0n website. He suggested that they were trying to get as many donations as possible and to get as much ad revenue as possible.

        This was coming from someone who finds expoloits and then sells them to commercial entities for vast sums.

      • http://www.techsavvyaz.com Tech Savvy

        Truthfully, even if this were the case…who cares? These devs spend hours upon hours (and several bottles of mountain dew as well as lines of cocain) slaving away at their machines attempting to find vulnerabilities. People offer up ransom bounties on forums agreeing to pay up when an exploit is found, but when the time comes to shovel out the cash…they bail. These same individuals are the ones on here crying about how a new release hasn’t happened yet, etc.

        Sunshine s-off for the HTC M8 did it right. Download a free apk (equivalent to .ipa for ios) install it, pay a nominal fee of 25.00 via paypal….Voila. S-Off! Guaranteed to work.

        These devs DESERVE every bit of every cent from every marketing ploy that they can employ. Maybe people should stop bitching about how long it takes them to get something free, and start offering to support the time spent on these exploits. (Time is money)

      • Aaron Baker

        Truthfully, even if this were the case…who cares? These devs spend hours upon hours (and several bottles of mountain dew as well as lines of cocain) slaving away at their machines attempting to find vulnerabilities. People offer up ransom bounties on forums agreeing to pay up when an exploit is found, but when the time comes to shovel out the cash…they bail. These same individuals are the ones on here crying about how a new release hasn’t happened yet, etc.

        Sunshine s-off for the HTC M8 did it right. Download a free apk (equivalent to .ipa for ios) install it, pay a nominal fee of 25.00 via paypal….Voila. S-Off! Guaranteed to work.

        These devs DESERVE every bit of every cent from every marketing ploy that they can employ. Maybe people should stop bitching about how long it takes them to get something free, and start offering to support the time spent on these exploits. (Time is money)

  • Easy.Yves.Saint

    Sweet

  • samosa queen

    I hope this doesn’t get wasted like the SHAtter exploit did.

    • hi there man

      I agree with you partially, however, there really isn’t much to waste, as it’s not like there’s anything to patch here, It only works on A5(X) devices. Everything Apple is gonna have in the future is gonna be A6+ anyway, so I really don’t see why they’re saving this internally…

      • Lionelle

        Maybe hes saving it for now because he still has to look in to A6+ devices to see if they have a similar exploit…

      • samosa queen

        iH8sn0w did say that he will test this exploit on the A6+ devices so I have no idea what your talking about here.

      • Andrew

        He said it should also work on A6 and A7.

    • Palmer Paul

      The SHAtter exploit wasn’t “wasted”. Another bootrom exploit (limera1n) was used before it in a public JB, and so they just did not use it, as there was no need for two bootrom JBs for one chip. Eventually, both limera1n and SHAtter were patched (which would have happened regardless of the the limera1n exploit), and so SHAtter became obsolete. Just because they weren’t able to use the exploit doesn’t mean it got “wasted”.

      • Michael Hulet

        SHAtter was leaked and patched before it was ever used, and that’s why it was wasted

  • Nirvana

    ih8sn0w is the man, make it the new l1mera1n

    • tw23777

      its not going to be public… Going to stay private for future jailbreak development… He will post AES keys though.

      • Sean Clark

        And when he posts the AES keys, he will be hit with an onslaught of tweets asking him how to use the keys to jailbreak their phones. :P

      • tw23777

        no way to jailbreak with AES keys unless you have the iBoot sploit, which iH8sn0w is keeping private..
        However, it will make kernel exploiting easier which is a good thing.

  • http://Wojemusic.com/ w0j3

    Hopefully this exploit can be used with next gen chips!!!

  • andy

    I want to downgrade my ipod touch 5th
    ATM running ios 7.0.4 and want to downgrade back to ios 6.1.3 !! :

    • http://173.58.214.169/ That’s what Siri said!!!

      Me too!

    • Burge

      Winterboard and a theme is your only way to get near iOS6 now

      • andy

        I dont really want to jailbreak, im still under warranty till march this year, if i jailbreak is there any possibilities that i can downgrade my ipod ? with shsh saved?

      • Burge

        No downgrade at all . As for the warranty if you get a problem with the device just restore in iTunes .. Apple don’t know that you jailbroken it unless you tell them . I’ve jailbroken all my devices as soon as I got them. And that does mean with in the hour of having them.. If there was a jailbreak that is.

      • andy

        ah ok cool, when i jailbreak my ipod does it drain the battery even more, performance issues or anything bad ??

      • Burge

        Maybe a little and I mean a little. But you end up playing with the device more so you will drain it more..

      • Andrew Roth

        Only depending on what tweaks you use. I use a jailbroken iPod Touch 5, as well. It runs pretty well, but some tweaks do use a lot of resources. One time when I still had a 4 it started failing so I reset it and it still broke so I contacted Apple and they helped even though the warranty was out of time and it was jailbroken. (They didn’t know it was jailbroken, of course).

      • andy

        ah ok then true haha i just want to install tweaks thats used for daily and something convenient cuz apple cant add stuff like that into new ios’s

  • Matthew Ball

    What can we do with the AES keys he publishes?

    • tw23777

      decrypt iBoot, iBEC, iBSS, rootfs, restore dmg, etc…

      If you’re iH8sn0w, however, or anybody else who has access to the iBoot exploit, you can downgrade, jailbreak, dump keys, basically a lot of the stuff you can do with a bootrom exploit, but with more work afaik

    • Burge

      What tw23777 is trying saying is..f@#k all

  • dedegarrido

    “@iH8sn0w So looks like all my A5 (x)…..” he mentioned “MY devices” not “all devices”…. so it sure looks like it’s not something for the public…

    • EpicFacepalm

      True, but when you read the article carefully, it says:

      But when asked if he planned to release the exploit, the hacker
      responded “nah. I’ll probably keep it private for development of future
      jailbreaks.”

      • Ted Forbes

        That is why we are all here to interpret things as best as it is possible technologically in jailbreaking terms.

        If only more technical comments, less clowning around and wasted remarks from some people here then perhaps things might get done a little faster.

  • http://www.officialimeiunlock.com/ Nicolas Anderson

    Halo I am not using iphone anymore bacause coz I will get idied after use itomany times

    • ConduciveMammal

      Whut?

      • Burge

        WHAT ?

      • ConduciveMammal

        Wat?

    • Andrew Roth

      I think he’s saying his battery life sucked?

  • Liam Mulcahy

    :D awesome!

  • Blake

    The Apple TV 3rd gen is A5 right? I’m assuming (as it hasn’t been reported yet) that this doesn’t help the jailbreak possibility for it?

    • Jailbrkr21

      no, it will have no effect of that.

    • Burge

      No ATV3 by the looks of it

  • http://173.58.214.169/ That’s what Siri said!!!

    And Apple is reading this article… and this post.

    • Harald Tan

      That’s what you said.

    • ConduciveMammal

      Not necessarily, just that new iOS versions will be jailbreakable instantly, without further work

    • Jailbrkr21

      if the exploit was publicly released then yes but it will not be released as it might be useful in future jailbreaks.

  • blu

    Good to know, 3 of my 4 iDevices have the A5 (iPad2, iPad mini and 4s), although only the iPad 2 is JB at this time (and they are all on iOS7).

  • Jonathan

    WOOOO HOOOO
    Does this include A5???

    • Ben

      It is A5 and A5X

  • Ted Forbes

    I wonder if this might also include the ATV3 as well? If so how soon can we expect to see a fully JB ATV3 device?

    • Andrew Roth

      It doesn’t, first of all. Second, it’s private. So… never.

  • jay

    thats awesome new

  • Sam Khan

    Wow it took almost 3 years

  • Sam Khan

    Its good but A5 is slow now

  • http://www.avault.com Saulo Benigno

    What do you mean with “for life”?

    • kl Wong

      =forever

    • Maxim∑

      forever until Apple patches it.

      • http://twitter.com/mrmberman Marc

        Can’t be patched, life means life of the device.

      • Litchy

        You obviously do not understand anything Maxim :D
        “for life” means: Apple can not patch this exploit and iH8sn0w will forever have the ability to jailbreak his A5 and A5X devices. The exploit is not usable with A6 and above obviously ;)

      • daniel

        well he doesn’t know sure if it works on A6 or nah yet.

      • Litchy

        yup you’re right, it will most certainly not work right away but maybe iH8sn0w will be able to use a few parts and the information he gained while finding the A5 exploit to get it to work for A6+ too

  • Sinistry

    Is it possibly to, and if so when will someone, invent a tool that allows anyone running any iOS version to easily revert to previous versions. I for one LOVE Control Center but so far everything else about iOS 7 is a disappointment. I’d take an iOS 6.x device with a handful of select Cydia tweaks over iOS 7 anytime but my ip5 came with ios7 so I don’t even have shsh blobs (if those even amount to anything anymore). Should I hold my breath or just get over it?

  • Jeremiah Miller

    does this include the iPod touch 5th gen?

    • ɑղժɾҽա

      Yes

  • ɑղժɾҽա

    Remember when it was really hard to jailbreak A5 devices?

  • Chun-Li aka ThunderThighs

    Why is everyone excited for something that isn’t a future thing to break new grounds? A5 only. Like if you still have a 4S then most likely your still on iOS6(old) or don’t want to cough up money. We are at A7 about to be on A8 soon. iH8Sn0w is contributing nothing special. If anything he just burned another key that Apple will look and patch in next firmware. This is why pod2g was referring to when wincom used a valuable exploit for a old firmware which was dumb to use on in the first place. And if anything iH8Sn0w is talking like always like p0sixninja out their mouths with nothing special. As of right now it’s a myth without proof of a permanent jailbreak in action. This is going to cause drama between jail breakers because he just ruined something special if he exposes the A6 and A7. Which the top jail breakers will call him out on. Don’t expose something for attention. Wait

    • Burge

      At last someone else who read it properly.

    • Litchy

      Sorry but I think you got this wrong… iH8sn0w did not reveal anything. He simply found a iBoot exploit that is unpatchable. Even if Apple would want to look at it they would not know where to start. He just posted “proof” not how he did it.

      With this iBoot exploit only A5 devices can be hacked: true
      Is it possible to use the knowledge gained from exploiting A5 to exploit A6 and above? Maybe!

      I can’t see why any hacker could be mad at iH8sn0w.

      • Burge

        He’s just stating the fact it’s A5(x) devices only there is no mention of A6 A7 and if you read some of the comments on here there are a few who think it will help them. At the mo this doesn’t help anyone even A5(x) devices because he is keeping for himself..

      • Litchy

        Seems like we understood Chun-Li differently^^ I read “iH8Sn0w is contributing nothing special” , “[…] he just burned another key that Apple will look into” and “[…]he just ruined something special”

        Sorry but thats just wrong :D He didn’t “ruin” anything. He found something VERY special and just posted proof.

        1. He never made his method public
        2. He said himself he’d look into A6+ later on
        3. He found a vuln that can’t be patched :D
        4. A5(X) is just the first step

        I just don’t understand how anybody could say something bad about iH8sn0w after this :D

      • Burge

        Even if he made it public apple can not fix this on A5 (X) devices.. iH8snow said he would look into A6 it doesn’t mean he will find anything..

  • Matthew Cooper

    The jailbreak scene has become my favorite soap opera so far

  • ::/DeltaStylez::

    Does this mean, I can downgrade my iPhone 4s without SHSH? (Because it came with iOS7 ;( )

    • XboxPS

      No.

  • abdullah575

    iphone 4S A5 ???

    • XboxPS

      Yep.
      The good ol’ S5L8940.

  • niooong

    Jailbreak is like this

  • Waleed

    wow i see a bright jailbreak future! now i am relaxed also for a5 plus devices ! <3
    we gotta wait

  • https://twitter.com/MrElectrifyer MrElectrifyer

    Cool, sounds like my SHSH blobs will soon be coming in handy

  • 3aloo1

    F*** yeah

  • El Barto

    :look at my 4S:
    :look at my iPad air:
    “1-0 for iPhone, man.”

  • Kamal Ahmad

    Dont be too happy guys. iH8sn0w isn’t going to make it public since he said finding such exploits is very rare. And he also said that it will work with A6 and A7, just that he’d have to move the exploit’s payload a little.

  • burlow

    Why are people still focusing on a5x? If you’re going to devote time, at least do current gen

  • 2013iphonehelper .

    what a great news!!

  • n0pr0xy

    None of you are hackers so the only information your going off of is just whatever you read on google. So everybody on here is talking out of their asses so just shut up. How do you know what’s burnt or not? If pod2g says something He knows what he’s talking about same with wino and Ih8snow. So anybody else talking about this subject is purely speculation. Sorry I’m just tired of seeing people argue about ignorant things on these posts.

  • Jacob Massey

    God, i wish i had this. I have a ipad 3, which is A5 chipped.

  • Kryztal Imma-star Ornelas

    im looking for ipad 3 wifi 7.1.2