iPhone and iPod touch v1.1.1 full jailbreak tested, confirmed!
- Apple releases iPhone, which was obviously cracked six ways from Sunday.
- Through firmwares 1.0.1 and 1.0.2 Apple does not block these hacks in any way.
- Firmware v1.1.1 is released for iPhone and iPod touch, which completely locks out file system access (and thus 3rd party software).
- Awkward silence from Apple fans and the dev community as everyone ponders how to crack the new file system protections.
- Hackers dinopio, edgan discover the symlink hack, which takes v1.0.2 iPhones up to v1.1.1 with read / write file system access. In other words, the hack only works on v1.0.2 iPhones (not the iPod touch) when being upgraded to v1.1.1, and still doesn't grant the ability to execute loaded programs.
- The next version of dinopio & co.'s symlink hack (which hasn't yet been released to the public) grants the coveted execute privilege (so you can run those 3rd party apps), and enables another hack (by pumpkin) to make the new SpringBoard (the application launcher) recognize the freshly recompiled iPhone apps.
- Hacker Niacin (aka toc2rta) and Dre claim they've managed to combine the symlink hack with a TIFF vulnerability found in the v1.1.1 firmware's mobile Safari, which grants access to the file system. This is the hack we're testing here.
Note: Due to the nature of this hack, it's to be considered ephemeral. Apple needs only to patch the TIFF vulnerability and file system access on v1.1.1 is out, with the touch and iPhone back to their previously not-too-hackable state.
Caveats:
- The release has not at this time been released to the public. Niacin claims that will happen in the near future, possibly later this morning.
- Thus far the hack isn't entirely without issues. We're still trying to determine exactly what's what, but we've lost read and write access unexpectedly. This may or may not be a problem with our machine or device, though, and not necessarily the hack.
- We did not test this method on an iPhone, but technically there should be no difference in the effect. Side note: your v1.1.1 iPhone would, at this time, need to be activated to load the TIFF. (How else are you gonna load it?) This is supposedly being worked on.
==Terminal==
iphuc 0.6.1 with tab completion.
>> By The iPhoneDev Team: nightwatch geohot ixtli warren nall mjc operator
CFRunLoop: Waiting for iPhone.
notification: iPhone attached.
AMDeviceStartService 'com.apple.afc': 0
(iPHUC) /: ls
.
..
Applications
Library
System
bin
cores
dev
etc
mach
private
sbin
tmp
usr
var
(iPHUC) /: putfile ./fstab /etc/fstab [That's the money line! No errors.]
(iPHUC) /: exit
==/Terminal==
Can confirm by way of getfile that the uploaded version sticks.
Reader Comments (Page 1 of 2)
Chris @ Oct 10th 2007 3:15AM
Great news, thanks Niacin, Dre and others!
Angelo Ashmore @ Oct 10th 2007 3:16AM
Can't wait to test this out
Moog @ Oct 10th 2007 3:17AM
This doesn't actually have the instructions on how to do it?
I used these instructions to jailbreak my iphone 111 and it worke:
http://www.iphonealley.com/news/iphone-v1-1-1-jailbreak-apptapp-installation-guide
xevnoc @ Oct 10th 2007 3:17AM
credit needs be given to the itouch dev team as well. Much code was contributed to niacin without due credit by him thus far.
dinopio @ Oct 10th 2007 3:18AM
It was a great experience :)
Tehseen @ Oct 10th 2007 3:18AM
amazing! go iphone/itouch dev team!
Al @ Oct 10th 2007 3:19AM
Grats Niacin, good luck on further development.
deucen @ Oct 10th 2007 3:22AM
Thank you guys much appreciated
Angelo @ Oct 10th 2007 3:22AM
was there reading along! Cant wait till this goes public!
Will @ Oct 10th 2007 3:40AM
So for whatever reason I can't bring myself to jailbreak my iPhone, so far none of the additional functionality is compelling enough give the risks of bricking my phone or voiding the warranty. but I sure want to thank you guys that do. It seems like the hacking community forces apple to fix bugs and add new features, just so they can release hackbreaking firmware updates. since They can't just release new firmware with a change log entry like "breaks your hacks", they need to at least fix or add something compelling enough to get people to upgrade. So thanks to you guys who keep apple on your toes, even we scardy cats appreciate your efforts.
Glenn @ Oct 10th 2007 3:48AM
I see something similar to this for the next iPhone update:
"iPhone Update 1.1.2
Critical flaw in Safari allows a hacker to gain access to the file system. Update now to ensure the secure operation of your phone."
huggles @ Oct 10th 2007 3:52AM
Hasn't Apple demonstrated the ability to patch iphones without the users consent?
I can see the Tiff exploit falling under the immediate patched without user consent due to security/exploit risk/full access to root et-al scenario.
Good luck all.
Tom von S. @ Oct 10th 2007 11:41AM
No, Apple hasn't made any iPhone upgrades without the users consent
David @ Oct 10th 2007 4:09AM
On another news Apple releases a new firmware update tomorrow morning.
LordFarkward @ Oct 10th 2007 4:14AM
ooo would the mouse really be released so soon? >:)
Rich @ Oct 10th 2007 4:23AM
Now if Apple only had some iPod Touch 16Gigs in stock to replace my very expensive iPod Touch shaped paperweight, I'd be happy to give this a go...
me @ Oct 10th 2007 4:28AM
This worries me... this hack uses a TIFF exploit in the browser, similar problems IE users experience on Windows; and a proven way "into the OS".
In the start there were no viruses for Windows, but as there was more and more interest in the OS, people started to "hack", tweak and customise the OS; simply through its popularity more and more people understood how to manipulate the environment, and useful hacks tools and customisation developed into other areas less useful and more damaging such as viruses.
The iPhone simply by its popularity is at start of this cycle; the smart people are pulling it apart and understanding how the code is written, testing and pushing to find weak points to find a way in to execute code to unlock the code;
I'm asking with the iPhone having such a high profile aren't these tools, experiences and knowledge found the building blocks for someone with a more personal objective to write a virus? With OS on the iPhone and the Mac so similar, the transfer should be a lot easier?
I can see similarities between Apple and Microsoft here, but it looks like I'm the only one to see it;
MS releases a patch for IE, and within days it's breached and another way in is found...
Apple releases a patch for Safari, and within days it's breached and another way in is found...
... I'll think I'll put a stake in the ground, and say; "This is where it all started..."
Traveller @ Oct 10th 2007 10:44AM
Oh rest assured. Everyone sees the similarity, but people just have yet (as far as we know, since a ton of mac folks continue on without spyware checkers and anti-virus/worm software) to really experience anything nasty appearing or doing significant damage.
slug @ Oct 10th 2007 4:34AM
Are we going to get an updated hack for EVERY firmware update released from apple? Im getting bored of the iPhone hacks!!
Dont get me wrong, im a BIG apple fan. but i thought this site was for gadget updates/new releases and reviews. Not hack after hack for iphone and itouch.
BORING!
Dauphin @ Oct 10th 2007 4:37AM
Excuse my ignorance but, i happen to have a hacked iPhone 1.0.2 and i was wondering.. with this new jailbreak thingy, is it or will it be possible to upgrade the iPhone on its hacked state keeping the sim unlock and and without briking it??? or is this just a hack for 1.1.1 iPhones that are already upgraded???
Twitchy @ Oct 10th 2007 5:14AM
Very interesting question indeed - one to which I would like an answer too.
Perhaps it is time that devs looked into the possibility of Custom Firmwares similar to what is happening in the PSP scene.
Dauphin @ Oct 10th 2007 7:34AM
I mean i live in belgium and well.. i have no problems with my v1.0.2 iPhone but i would like some of the updates, i've said it before, i dont miss them cause i never had them and for me the phone is cool the way it is... but eventually there will be an update with something REALLY cool, like MAYBE ... i dont know file sharing over bluetooth??? a camara software that if it can't make video at least can ZOOM!!!!... nothing too fancy you know what i mean??? some stuff regular phones DO have...
JJV @ Oct 10th 2007 9:58AM
I think right now it is only for ones that are either newly bought, or ones that have benn updated. I recommend you do not upgrade yours as it is unlocked and hacked and it is likely to become your very own iBrick. Just hang in until there is a safe way for your hacked 1.02 iPhones. GREAT JOB DEV TEAM(s)!!!!
Dauphin @ Oct 10th 2007 10:07AM
i'm not planning on updating mine works fine and i love the apps i have so far... i dont really need THAT much much... and i live next to rance, probably the will have to (by law) to sell the iPhone unlocked... so... a guy can only dream right??? untill then... i'll hng to my 1.0.2 wich in any case i love
parrotz @ Oct 10th 2007 5:25AM
One needlessly taken human life = countless IPhones
Amerika obsesses over its toyz while B&C plot to kill a few million more... Perhaps if they threatened to take away the peeplz toyz there would be some outrage?
wslcrew @ Oct 10th 2007 6:04AM
The question is, if I hack my iPod touch, will Apple brick my iPod touch in future updates?
Rich @ Oct 10th 2007 6:43AM
Trust me. They'll brick your Touch even if it isn't hacked...
Lt_Ladle @ Oct 11th 2007 12:52AM
well once i hack mine, I'm not gonna update unless theres a really good reason to. you don't have to update ever, if you want, and if you do, all you have to do is restore the ipod and upgrade away. i sense no danger here
mefm247 @ Oct 10th 2007 6:08AM
I know, the open source community is very open in it's approach to technology, but if you want to keep the iPhone jailbreaked and unlocked, can we please just stop telling Apple how we are breaking into their code. This is not a cat and mouse game, this is a cat (who hides everything) and the mouse who tells the cat exactly what to fix for the next release. Why not just provide the tools (most people don't care or understand what is going on anyway) and let Apple actually invest on trying to guess (just like us) on how we broke it this time.
That is the only way to make this whole thing fair from a development and cracking point of view! Apple could have relocked the phone a few hours after the update just by fixing the symlink and the tiff exploit! Don't give them that vital information keep them in the dark!!!
The dev guys started getting the hint with a developer only irc channel, take it to the next level, and don't release your secrets!
NG @ Oct 10th 2007 6:41AM
don't you think apple also have so call "computer engineer" too?
mefm247 @ Oct 10th 2007 6:46AM
I'm pretty sure they have lots of engineers, but as an engineer myself, when it comes to fixing a problem, it's 90% trying to find what the hell is broken and 10% actually fixing it. If they don't know how we got in, then they will actually have to invest in trying to find out how we broke the system, which will give us a bit of an advantage, sure they might be able to find out how we did it, but right now, we might as well send them a bug report saying that the TIFF handler in Safari has a bug at line 1234.
Q-bert @ Oct 10th 2007 12:01PM
I think that would be highly irresponsible. The efforts of these hackers is admirable, but let's be honest here - they are taking advantage of security vunerabilities. Would you really rather not tell Apple about real flaws in their software, ones that could potentially affect millions of iPhone users if left unfixed, just so the relative handful of hackers & hobbyists can continue to run our SNES emulators and accelerometer hacks?
bugmat @ Oct 10th 2007 1:45PM
I'm somewhat for this too...what's the point of hackers actually spelling out exactly HOW they do something like jailbreak (as the advertisment ultimately leads to Apple countering it) unless that is their aim - for the company (Apple here) to fix it?! I guess the true hope is that Apple will realise that w/o hackers and rogue developers actually being charitably informative (as the IPDT and otehrs have been) there are always exploits they the company will miss that could bite them in the @$$ if used purely maliciously...so play nice with the hackers Apple and provide them with an OPEN SDK so they can become legit contributors to the development of teh OS (mobile OS X in this case)....
Jeremy @ Oct 10th 2007 3:07PM
I think that's kind of a silly approach.
a) By releasing the 'how to', the devs are letting more people try the hack before Apple gets a chance to Patch it. People who use the hack don't have to update to the next official release if they don't want to. This still gives the people an advantage.
b) As Q-Bert said, it would be irresponsible not to bring attention to a security exploit such as that one. Root access from a tiff?
c) I'm willing to bet that, given the knowledge of the hack, the engineers on Apple's staff could figure out how it's done faster than most of the iPhone owners. If that's true, then very few people would actually get a chance to hack their phone before the apple engineers beat them to it. I'm also curious how you plan to let everyone know *without* someone at Apple (or one of the many minions) finding out as well.. secret code words passed around in covert chambers? :)
I'm all for hacking the hell out of the thing and then letting everyone know how it was done. The purpose of most of this hacking is really just to see if it can be done anyway.
wasabi @ Oct 10th 2007 6:50AM
it's simple really. all apple has to do is implement a new system on the iphone where if they don't constantly keep up to date with the updates, they won't be able to use their iphone. that way apple can start controlling users and break the intention of running naughty 3rd party apps. seriously, customers should not have the ability to pick and chose how they wanna use the products they buy. the corporations gotta take the initiative and give them that nudge.
rhodesy22 @ Oct 10th 2007 7:30AM
That wouldn't work because then there would be a hack to get around that too. Windows Genuine Advantage rings a bell here.
wasabi @ Oct 10th 2007 7:49AM
i was being sarcastic. they seem hell bent on telling you want you can and cannot put on your iphone. and i do stress that iphone is under the customer's ownership. sickening.
wasabi @ Oct 10th 2007 6:53AM
it's simple, really. all apple has to do is implement a new system on the iphone where if the user doesn't constantly keep up to date with the updates, he/she won't be able to the iphone. that way, apple can start controlling users and break their intention of running naughty 3rd party apps. seriously, customers should not have the ability to pick and choose how they wanna use the products they buy. the corporations gotta take the initiative and give them that nudge.
Scott Bass @ Oct 10th 2007 7:14AM
I don't know if this is of use to anyone but on my touch I discovered another vulnerability in the current software. I completely filled up my 16gig and only left about 100mb the other day...the touch worked normally but when you went into video the display was very hosed, splashes of solid colors mixed in with the video and a double image effect silmilar to 3d. Fixed by deleteing a movie and doing a reboot. Also discovered that adding one of those urls with the data to bookmarks that is above 2.5 mb consistently caused the touch to reboot.
I am all for 3rd party apps, my only reservation is I would prefer the touch be more stable as a platform first, I think apple still has a lot of work to do and any hack or 3rd party program right now could cause havoc to the operating system
just my 2C
websyndicate @ Oct 10th 2007 7:16AM
Prop to Ryan for the 3am Blog.
PK @ Oct 10th 2007 9:23AM
I was actually impressed by this, too, until I remembered that Ryan lives in San Francisco: makes it a midnight blog post instead... Still cool, just not *as* cool...
Chris Wanja @ Oct 10th 2007 7:19AM
What about a sim hack?? Has there been any news for this??
user @ Oct 10th 2007 7:27AM
Relying on security flaws to actually make the iPhone/iPod useful is.. funny at least.
yacoub @ Oct 10th 2007 7:56AM
The biggest hope is that by gaining read/write access they can install tools that will allow them to more easily investigate just how the firmware update process works between 1.0.2 and 1.1.1. This will allow them to find a way to keep a jailbroken touch/iPhone free even after future firmware updates arrive from Apple. Hopefully they can get in between the update process inside things and prevent Apple from re-incarcerating our devices in the next firmware update. Then users can use 3rd party apps without worrying that all will be lost with a future firmware update.
something @ Oct 10th 2007 8:24AM
The problem is that the majority of hackers are motivated by ego and if they can't brag about how they did something then it's like it never happened.
dudeInAmerica @ Oct 10th 2007 8:40AM
Ahh... corrupt image files. Is there anything they cant do?
Oh, thats right, display images.
kerimeton @ Oct 10th 2007 9:16AM
When's a hack coming for people that dont already have an at&t account?
I live out of the US, so activateing the iphone on at&t is out of the question
Karl Viklund @ Oct 10th 2007 10:01AM
I hope Apple updates the iPhone and iPod touch fast so these hacks will be impossible.
Niacin @ Oct 10th 2007 10:05AM
No problem guys ;o)
Just send your PayPal donations to: imtryingtostealyourdonations@ishouldbeinjail.com
:o)
bogphanny @ Oct 10th 2007 10:16AM
with the ability to access safari, as shown here: www.hackint0sh.org/forum/showthread.php?t=10378 I don't see why this wouldn't be possible on an OTB 1.1.1 unactivated phone.