What's new

Solved iPod Touch 2G Jailbreak- redsn0w

C

Carson

Retired
Retired
Messages
7,370
Reaction score
2,571
Points
755
Sin$
7
redsn0w.com

MuscleNerd said:
[32957a35889c4dd2f8dfe483dd9023eafb6b4a22 is a] "escrow" hash of decrypted iBoot for ipt2g (length=0x29000). Not otherwise obtainable except via an exploit (afaict).
The official news came out that redsn0w is going to be a jailbreak developed within the next few days. The Dev-Team was able to find an exploit after further reviewing the 2g and were able to get a jailbreak. The jailbreak will be released within a couple of days and will work on both firmwares.

Very surprisingly this was done even though only 2 members of the Dev-Team actually own iPods and the total time spent working on a 2g jailbreak was roughly 1-2 hours.

Here is a bit more technical stuff.

Quote:
Originally Posted by Chronic
In firmware 2.1.1, only in the iPod Touch 2G firmware. there is a little something that apple lefy behind that they probably should not have. It was most likely for diagnostics, but was not fixed until 2.2, but no big deal there because you can load a 2.1 iBEC over DFU and use that.

For the past few days I have been trying to mess witg it, but I am not able to really look into it because I have no other exploit to, for example, read forbidden areas of memory. Also, it has some hate for n***d binaries being passed to it apparently, and i do not know the wrapper format.

Good for the JB community, dev team found a way to
1. pass the new bootrom sigcheck
2. be able to craft their code in a way that the specific thing will execute it


Quote:
Originally Posted by Chronic
This exploit is in the 2.1.1 iBoot / iBEC / iBSS
So when DevTeam releases their tool, there would be two methods, since they can very easily make it work on 2.2 and beyond. For 2.1 users, it can be fully automated. Their RedSn0w tool would be able to use the md librarry to tell the device to go to recovery mode, and from there, it can be Pwned. For people on 2.2, it is still ridiculously easy. The only difference is, it would have to be QuickPwn style. You would need to be told to hold home and power for X amount of seconds, etc. etc, and it would also need a 2.1.1 ipsw so it can upload the 2.1.1 iBSS, so that the exploit can be utilized. Please note that I am not involved in RedSn0w development, but have already came across the exploit myself, I just did not know how to utilize it properly. The main point here is that it is gone in 2.2, but a tool they make can easily upload a 2.1.1 iBSS to DFU since it would be considered legit Apple code. It was something that was most likely for testing a certain extra something that is included, and was not removed, nor were any signature checks or anything placed upon it


Source:
http://www.ipodtouchfans.com/forums/...postcount=2127
http://blog.iphone-dev.org/post/7040...rmonuclear-pop
http://chronic-dev.org/blog/2009/01/exploit/
http://chronic-dev.org/blog/2009/01/clarification/
 
Operating System
  1. iOS
C

Carson

Retired
Retired
Messages
7,370
Reaction score
2,571
Points
755
Sin$
7
A mystery.

However, inside the star is a picture of the IC CHip which contains the ARM Processor, which is where all the work is done.
 
Hovi

Hovi

Aaron is forever my *****
VIP
Retired
Messages
6,884
Reaction score
4,795
Points
2,025
Sin$
0
So they said they havnt got a whole lot to work, does that mean no installer or non-apple apps? Im a absolute noob as far as jailbreaking
 
N

nickcas

Getting There
Messages
1,681
Reaction score
877
Points
260
Sin$
7
hovi said:
So they said they havnt got a whole lot to work, does that mean no installer or non-apple apps? Im a absolute noob as far as jailbreaking


lol, no. They got a jailbreak working and they're releasing an app to do it in the next few days.
 
C

Carson

Retired
Retired
Messages
7,370
Reaction score
2,571
Points
755
Sin$
7
Update 1: Here is the first screenshot of a jailbroken iPod Touch 2G. Right now the jailbreak process is far too manual to be useful to most people. But this is a first step (well, second step if you include the initial exploit).
When we announced yellowsn0w, we made the mistake of giving an ETA for its release…and that really clobbered the last day of 2008 for us. So we won’t be issuing a formal ETA for the ipt2G jailbreak. But we are putting a lot of energy into it.
ipt2gmt.png

Update 2: A picture is worth a 1000 words but a video might be better in this day of Photoshop and fake YouTube videos. So we’re thinking of doing what we did before Christmas for yellowsn0w — show a demo of the jailbreak on Musclenerd’s Qik account (announced via his twitter account over there on the right hand side). Since Qik provides a live chatroom right next to the video, we’ll probably be in there too right after the video’s over. Note: anybody posing as any devteam member on that chat right now is faking it. We won’t be on that chat except for a very specific time that we’ll announce. (We may possibly not even do the chat since it’s so ripe for abuse).
 
Top Bottom
Login
Register