3g s jailbreak question

Discussion in 'iPhone' started by bseels13, Jul 9, 2009.

  1. bseels13

    bseels13 New Member

    Joined:
    Apr 6, 2009
    Messages:
    182
    Likes Received:
    0
    Device:
    iPad
    im really not a noob, and i understand jailbreaking and unlocking quite well, but i want to know why the 3g s has the 24kpwn exploit, which is in the hardware, but apple can patch the jailbreak. i dont understand why the ipt2g is pwned for life, but the 3g s jailbreak can be stopped. im getting a 3g s when my contract ends in late August and i figure it will be running something like 3.1.1 fw at that point, so why won't that be able to be immediately jailbroken? thank you.
  2. flyingguitar

    flyingguitar Active Member

    Joined:
    May 14, 2008
    Messages:
    1,860
    Likes Received:
    11
    Device:
    iPhone 6
    Because the 3GS has an extra layer of hardware encryption.
  3. bseels13

    bseels13 New Member

    Joined:
    Apr 6, 2009
    Messages:
    182
    Likes Received:
    0
    Device:
    iPad
    so does this mean there will never be a jailbreak that will last forever on every firmware?
  4. Fire-Coon

    Fire-Coon Member

    Joined:
    Jan 24, 2008
    Messages:
    62
    Likes Received:
    0
    Device:
    iPhone 4 (Black)
    if you have the ibbs or whatever files then its jailbreakable for life according to the dev team. so get one before they start coming with 3.1 from factory.
  5. .deb

    .deb Banned

    Joined:
    Jul 7, 2009
    Messages:
    26
    Likes Received:
    0
    Device:
    iPhone 3GS (Black)
    The iPhone 3GS has a unique ID, different on every device, called the ECID. This is sent to Apple when a stock firmware is being restored to sign the iBSS and iBEC. This is bascially to try to stop hackers from restoring with custom firmware files. This can easily be overrided by getting your signed iBSS and iBEC files. You can do this by following one of these guides, Mac or Windows. Good luck!
  6. Jaikob

    Jaikob New Member

    Joined:
    Jan 18, 2009
    Messages:
    473
    Likes Received:
    0
    Device:
    iPhone 3GS (Black)
    Think of it this way.

    You have an iPhone boot sequence like so:

    1. Bootrom
    2. LLB (Low Level Boot Loader)
    3. iBSS
    4. iBEC
    5. iBoot
    6. Kernel (iPhone OS)

    24kpwn is located in the Bootrom, but, this is where everything gets tricky. When you restore your iPhone in Recovery Mode, you must first upload a restore iBoot to your iPhone so the device can be put into recovery mode, this is achieved by iBSS (DFU) and iBEC. These restore files are found in a firmware .ipsw file. So, in a nutshell, you need to find an iBoot exploit, in order to upload unsigned code.

    Why can't we just go straight to the bootrom during the restore though? The answer to that is a restore is not possible on that low of a level. So we need to first find an iBoot exploit, and upload it so we can replace the LLB with our own modified version.

    The iPhone 3GS however has a nice new cookie for us, the ECID field. ALL files are signed before they are uploaded to the device, and there is speculation that apple will not allow us to upload older firmware, ex iBoot 3.0 because they sign and make sure it is an uptodate firmware file. We need to capture a signed iBSS and iBEC so we can upload an unsigned pwned iBoot to upload a modified LLB. Your iPhone 3GS verifies itself with apple.

    If you have captured a signed iBSS and iBEC file, you are Jailbroken for life.
    If you did not capture those files before 3.1 comes out, a new iBoot vulnerability will need to be found in 3.1 for you to jailbreak. Otherwise your screwed until a new exploit is found.

    Hope this helps

    Please Register or Log in to view images

  7. bseels13

    bseels13 New Member

    Joined:
    Apr 6, 2009
    Messages:
    182
    Likes Received:
    0
    Device:
    iPad
    Do you think the dev team is going to start looking for new iBoot exploits in new firmwares as their top priority? Because, as I said, when I get my 3g s it will probably have something like 3.1.1 on it, so I'm just wondering if the dev team will be looking for new iBoot exploits over everything else they deal with.

Share This Page