Jailbreakme

Jailbreaking news update: unexpected developments for iOS 8.4.1 and iOS 9.x

Whilst most are no doubt still eagerly awaiting a jailbreak for the just-released iOS 10.2, there are those who still have devices on various flavours of iOS 9 and older, who have fallen through the cracks of the most recent Pangu releases. For them, this week brought some hope, with two separate announcements of upcoming jailbreaking tools, in addition to the release of a browser-based tool from Luca Todesco. This round-up will cover the various pieces of jailbreak release news that came to light over the past few days.

JailbreakMe for Pangu 9.3.3: details and tutorial

As reported recently on iDB, Luca Todesco has decided to solve the certification problems which have plagued the most recent Pangu release for 9.2-9.3.3, by making public a web-based tool for re-activating the jailbreak.

After doing some testing and research it seemed appropriate for a more in-depth discussion of the tool, along with a walkthrough, in order to address some of the more technical questions surrounding this latest development in the jailbreaking scene.

Luca Todesco releases browser-based exploit for Pangu 9.3.3 jailbreak without certificate

Noted iOS security researcher and hacker Luca Todesco has just released a WebKit-based loader for the Pangu 9.3.3 jailbreak. This impressive browser exploit is reminiscent of the original JailbreakMe exploits on iOS 1 and iOS 4, after which it is named.

All that is required for the technique to work is to follow a URL in mobile Safari, press a button, lock your device and wait for the respring.

Whilst this development is testament to Todesco’s hacking skills and has alleviated one major problem with the current 9.3.3 jailbreak: its reliance on developer certificates for the loader app, there is bound to be some confusion over what this tool actually does, and what it means for the jailbreak community. This post aims to bring some clarity to the topic.

How to jailbreak iOS 9.3.3 without a computer

For those who are unaware, Pangu launched a new jailbreak for iOS 9.2-9.3.3 over the weekend. Now, an iOS developer from the jailbreak scene has made it possible to jailbreak your iOS 9.3.3 device directly from your iOS device itself without the need for a computer.

It’s officially JailbreakMe-style, and in this tutorial, we’ll show you how to do it!

Hacker demos iOS 9.3.2 browser-based jailbreak

Italian hacker Luca Todesco is once again making waves in the jailbreak community after demonstrating on video a browser-based jailbreak on a 6th generation iPod touch running iOS 9.3.2.

Similar to the now classic JailbreakMe, the method used by Todesco can apparently jailbreak the device directly from Safari, without requiring a computer.

Does Apple really hate jailbreakers?

The cat and mouse between Apple and the jailbreak community has been going on for about 6 years now. Every time a new jailbreak tool is released, taking advantage of some holes in Apple’s tight mobile operating system, you can bet your shirt that Apple will be quick at patching those holes with a software update.

Sometimes those software updates are released faster than others. For example, it took Apple 43 days to patch a series of vulnerabilities that allowed iOS 6 users to jailbreak their devices using evasi0n. In comparison, it took Apple only nine days to fix the bugs that were exploited by JailbreakMe 3.0.

The time difference can be easily explained by the fact that exploits like those used by JailbreakMe represent a much a higher security threat to iOS users than those used in evasi0n. Remember, JailbreakMe could be run directly from the device’s browser, thus exposing virtually every single iOS 4.3.3 user at the time to security risks. In comparison, evasi0n requires you to plug the device to a computer via USB. Clearly, the security threats is much lower with evasi0n.

This being said, every time Apple releases a software update that patches vulnerabilities used in a jailbreak, some enthusiastic jailbreakers are always quick at calling Apple names and accusing the company to actively fight the jailbreak community. “Apple hates jailbreakers. They just released a software update to kill the jailbreak,” you can often read every time an iOS update that patches a jailbreak is released. But is that really the truth? Does Apple really hate the jailbreak community or is it trying to protect the safety of its most popular operating system?

Comex no longer working at Apple [Updated]

Nicholas Allegra, a.k.a.Comex — the iOS hacker responsible for the popular jailbreak tool JailbreakMe — has parted ways with Apple after interning there for a little over a year.

Last August, Comex broke the news that sent shockwaves through the jailbreak community, announcing that he would be joining the very company whose security he’d successfully undermined more than once.

Is it possible that Comex might pick up where he left off in the jailbreak community?

US Government would’ve paid Comex $250,000 for exclusive use of JailbreakMe

Jailbreak community owes a lot to adept hackers who find and exploit weaknesses in the design of iOS mobile operating system, thus allowing Apple’s mobile gadgets to run unsanctioned software. It’s more often than not a neverending cat-and-mouse game between Apple and hackers that at the end benefits jailbreakers the most.

Say you’re an expert hacker who just figured an exploit in one of Apple’s products. You could report your findings directly to Apple and help them plug those holes with a software update.

But did you know you could also hand over this valuable information to an exploit broker who will sell it to a government agency and net you a decent profit, minus the broker’s commission? A U.S. government agency, to be precise…

Blutrol Jailbreak Tweak Makes iCade Infinitely More Useful

Blutrol is a recently released jailbreak app that allows you to map your iCade control cabinent to pretty much any game that features on screen controls. That means that the iCade is no longer limited to a handful of so-so games, which makes the device a lot more useful and appealing to gamers.

Basically, Blutrol transforms your iCade from a mere conversation piece, into a legitimate gaming machine. All you need is a jailbroken iPad, and you’re good to go…

JailbreakMe is Safe Again

Yesterday the news broke that JailbreakMe.com had been sold to an unknown person, creating a bit of panic in the jailbreak community after a few prominent iOS hackers had suggested not to use the site anymore for security reasons.

As it turns out, JailbreakMe.com is now a safe place again, thanks to saurik, who apparently purchased the domain name from the previous owner…

JailbreakMe.com is Dead

JailbreakMe, the wildly popular web-based jailbreak tool created by comex, is no more. Comex recently announced that he had been hired by Apple, and the JailbreakMe.com domain has been owned by a third party for quite some time.

MuscleNerd, frontman for the Dev Team, has warned jailbreakers to stay clear of JailbreakMe.com from now on…

Comex Wins a Pwnie Award for his JailbreakMe Exploit, GeoHot Wins Best Song

For those who aren’t familiar with the event, the Pwnie Awards is an annual awards show celebrating failures and achievements in the security community. This year’s ceremony took place in Las Vegas, Nevada at the BlackHat security conference.

All together there were 9 awards handed out, and it probably won’t surprise you that a certain iDevice hacker took home one of them. As a matter of fact, 2 well known members of the jailbreak community ended up taking home Pwnies…