The jailbreak community got some big news today. iOS hacker iH8sn0w, the developer behind Sn0wBreeze and other jailbreak apps, has recently discovered a way to untether jailbreak devices running on Apple’s A5(X) chip for life. The developer has tweeted about this news, and it caused quite a stir in the jailbreak scene, especially because the developer claims that the jailbreak will be in effect for the entire life of the device, something that we have never seen.
Apple A5(X) devices jailbroken for life
The details at this time are scarce but as per the developer, he doesn’t have a bootrom exploit, but rather a “powerful iBoot exploit.” iH8sn0w tweeted that “all my A5(X) devices are fully untethered and jailbroken for life now.” He has also posted A5 AES keys on his Twitter.
iH8sn0w is currently in no mood to release this jailbreak in the public. He says, “iBoot exploits are super rare. Better off just keeping it private for future jailbreak development and key extraction.” Well, that’s sad indeed but still it is a new breakthrough in the world of jailbreak.
Saurik, developer of Cydia has posted interesting comment on the Reddit thread stating his thoughts:
For informational purposes (as many people reading might not appreciate the difference), to get the encryption keys you only need an “iBoot exploit”, not a “bootrom exploit”. It is easier to find iBoot exploits (being later in the boot sequence, it has a larger attack surface: it has to be able to parse filesystems, for example), and they do afford more power over the device than an untethered userland exploit (in addition to letting you derive firmware encryption keys, you can boot custom kernels, and you might be able to dump the bootrom itself), but they are software updatable as part of new firmware releases from Apple and may have “insane setup requirements” (like, you might pretty much need an already-jailbroken device to actually setup the exploit). You thereby wouldn’t see an iBoot exploit used for a jailbreak (unless everyone is out of ideas for a very long time): instead, you’d see it hoarded away as a “secret weapon” used by jailbreakers to derive these encryption keys, making it easier to find and implement exploits on newer firmware updates for the same device (especially kernel exploits, where even if you have an arbitrary write vulnerability you are “flying blind” and thinking “ok, now where should I write? I can’t see anything.
For you and me, right now this doesn’t changes anything. But it might prove to be valuable in future jailbreaks, where Apple constantly tightens up iOS security. Thanks to such smart hackers, we do get our devices jailbroken sooner or later.