Apple The SHAtter story continues...

[alidsl]

This is NOT a release

The research started and the main actor of this story is posixninja. He found why the device reboots and proposed different ideas to exploit this. posixninja also reversed tons of assembly code of the bootrom in this period, giving a support discussion to the team. We're not talking about days, but months of work. So, major props to posixninja: SHAtter would not have been possible without the clever vulnerability he found and the research he did on the bootrom.
In the meanwhile, pod2g helped on the USB reversing side and found a way to have more control over the size of the USB packets sent. The finer-grained control of the packet sizes is the key of SHAtter.

Source

I think we can expect a release soon

 

[Sotoro]

Hopefully, can't wait to jailbreak my new ipod touch 4....

 

[gameguy95]

if this is not released soon, i will kill something. something fuzzy...

 

[Joktan]

sounding like good newscant wait

 

[iFish]

if this is not released soon, i will kill something. something fuzzy...

Why can you not wait?

You have an iPod touch 2G MC model.... this exploit only works on Apple A4 devices...

Anyway. i am excited.

 

[Joktan]

if this is not released soon, i will kill something. something fuzzy...

Why can you not wait?

You have an iPod touch 2G MC model.... this exploit only works on Apple A4 devices...

Anyway. i am excited.

um i heard its for every bootrom since the new one.so it will work with everything out so far,

 

[gameguy95]

if this does not work on my MC ipod, i will find a way to delete the website and replace it with your mom's tail. and boy, it sure is better looking than your girls. trust me i saw enough of each of them to compare.

 

[iFish]

if this does not work on my MC ipod, i will find a way to delete the website and replace it with your mom's tail. and boy, it sure is better looking than your girls. trust me i saw enough of each of them to compare.

Start hacking the site right now. Since I am willing to bet that it will not work. SINCE THERE IS ALREADY AN EXPLOIT FOR MC MODEL!!

 

[gameguy95]

^not a bootrom exploit. besides, i tried redsnow, snowbreeze, spirit, and jailbreakme.com but none of them work with 4.1

 

[iFish]

^not a bootrom exploit. besides, i tried redsnow, snowbreeze, spirit, and jailbreakme.com but none of them work with 4.1

Jailbreak me obviously, spirit obviously.

redsn0w works with it!!! I AM TELLING YOU IT DOES!!! show me how it does not work. make a video of it and show me.

 

[SifJar]

I'm pretty sure SHAtter will work with ALL models, ALL bootroms. The only reason for the specific mention of the A4 is because it was due to the A4 that the bootrom got dumped, I think. But by the looks of that page, it works on 3GS and 3rd gen Touch, and for everything before that there already is a bootrom exploit.

also, ifish: if there is no bootrom exploit for a particular device, redsn0w will NOT work, it relies on bootrom exploits. Not sure if the "MC Model" mentioned has a bootrom exploit or not, but i thought not, in which case redsn0w will NOT work.

EDIT: Actually a closer inspection of the wiki page implies it may be true that this only works for A4 chip (S5L8930):

This is an unsigned code execution vulnerability that resides in DFU Mode of the S5L8930 bootrom.

 

[iFish]

I'm pretty sure SHAtter will work with ALL models, ALL bootroms. The only reason for the specific mention of the A4 is because it was due to the A4 that the bootrom got dumped, I think. But by the looks of that page, it works on 3GS and 3rd gen Touch, and for everything before that there already is a bootrom exploit.

also, ifish: if there is no bootrom exploit for a particular device, redsn0w will NOT work, it relies on bootrom exploits. Not sure if the "MC Model" mentioned has a bootrom exploit or not, but i thought not, in which case redsn0w will NOT work.

EDIT: Actually a closer inspection of the wiki page implies it may be true that this only works for A4 chip (S5L8930):

This is an unsigned code execution vulnerability that resides in DFU Mode of the S5L8930 bootrom.

Wanna bet there is no bootrom exploit for the MC model iPod touch 2G?

http://theiphonewiki.com/wiki/index.php?ti...2C_1%29_Exploit

And that has been added to redsn0w

 

[SifJar]

Like I said, I didn't know whether there was or not. I own no iOS devices, and don't follow the iOS "scene". I just vaguely remember before hearing talk of MC devices not being jailbreak-able.

 

[gameguy95]

I'm pretty sure SHAtter will work with ALL models, ALL bootroms. The only reason for the specific mention of the A4 is because it was due to the A4 that the bootrom got dumped, I think. But by the looks of that page, it works on 3GS and 3rd gen Touch, and for everything before that there already is a bootrom exploit.

also, ifish: if there is no bootrom exploit for a particular device, redsn0w will NOT work, it relies on bootrom exploits. Not sure if the "MC Model" mentioned has a bootrom exploit or not, but i thought not, in which case redsn0w will NOT work.

EDIT: Actually a closer inspection of the wiki page implies it may be true that this only works for A4 chip (S5L8930):

This is an unsigned code execution vulnerability that resides in DFU Mode of the S5L8930 bootrom.

Wanna bet there is no bootrom exploit for the MC model iPod touch 2G?

http://theiphonewiki.com/wiki/index.php?ti...2C_1%29_Exploit

And that has been added to redsn0w

but does it work or firmware 4.0+

 

[iFish]

I'm pretty sure SHAtter will work with ALL models, ALL bootroms. The only reason for the specific mention of the A4 is because it was due to the A4 that the bootrom got dumped, I think. But by the looks of that page, it works on 3GS and 3rd gen Touch, and for everything before that there already is a bootrom exploit.

also, ifish: if there is no bootrom exploit for a particular device, redsn0w will NOT work, it relies on bootrom exploits. Not sure if the "MC Model" mentioned has a bootrom exploit or not, but i thought not, in which case redsn0w will NOT work.

EDIT: Actually a closer inspection of the wiki page implies it may be true that this only works for A4 chip (S5L8930):

This is an unsigned code execution vulnerability that resides in DFU Mode of the S5L8930 bootrom.

Wanna bet there is no bootrom exploit for the MC model iPod touch 2G?

http://theiphonewiki.com/wiki/index.php?ti...2C_1%29_Exploit

And that has been added to redsn0w

but does it work or firmware 4.0+

Can you look at the link?

 

[gameguy95]

^i did but it says nothing about working with 4.0/1 on the link

 

[Joktan]

its said to jailbreak EVERYTHING since the new bootrom that they put in the 3gs..

 

[SifJar]

but does it work or firmware 4.0+

http://wikee.iphwn.org/howto:rsbeta

Read that.

EDIT: It'll be tethered with your MC model, if you don't like that, you'll have to downgrade to 4.0 and use JailbreakMe, which is of course userland

 

[gameguy95]

I already tried redsn0w you dipshit! it gets tuck on the "waiting for reboot" screen

 

[iFish]

I already tried redsn0w you dipshit! it gets tuck on the "waiting for reboot" screen

Calling people names will get you plenty of help