Well known iOS hacker, iH8sn0w has recently discovered an iBoot exploit, which makes the A5(X) powered devices jailbreakable for life.

A5(X) SoC
iBoot exploit discovered to jailbreak A5 (X) devices for ilfe. .

The iBoot exploit supports A5 devices such as iPhone 4s, iPod touch 5, iPad 2, iPad 3, iPad mini and Apple TV 3G. Currently, there is no much information about the iBoot exploit, even if the exploits were bound together and released as a jailbreak utility, notes Redmond Pie.

Compatible devices

iPhone 4s

iPod touch 5

iPad 2, iPad 3, iPad mini

Apple TV 3G

Steven De Franco, commonly known as iH8sn0w, announced via Twitter that all A5(X) AES keys will be posted on @icj_'s icj.me/ios/keys soon.

So looks like all my A5(X) devices are fully untethered and jailbroken for life now. :)

— iH8sn0w (@iH8sn0w) February 1, 2014

Man. That took years to bruteforce… loljk ;P

— iH8sn0w (@iH8sn0w) February 1, 2014

All A5(X) AES Keys will be posted on @icj_’s http://t.co/kB112y35En as soon as I clean this up a bit more :)

— iH8sn0w (@iH8sn0w) February 1, 2014

A5 AES Keys anyone? 4S 7.0.4 iBSS -iv 3a0fc879691a5a359973792bcd367277 -k 371e3aea9121d90b8106228bf2b5ee4c638a0b4837fefbd87a3c0aca646e5996

— iH8sn0w (@iH8sn0w) February 1, 2014

Besides, the hacker has also confirmed that although the iBoot exploit is not a bootrom exploit, it is very powerful and makes the iOS devices untether jailbreak for life.

iH8sn0w has also noted in his reply to iBoot exploits can be patched by Apple, if these exploits are published publicly.

No. This isn’t a bootrom exploit. Still a very powerful iBoot exploit though (when exploited properly ;P /cc @winocm).

— iH8sn0w (@iH8sn0w) February 1, 2014

@iH8sn0w @winocm iBoot exploits can ne patched by Apple

— Habesha (@livealex13) February 1, 2014

@livealex13 @winocm (if published publicly)

— iH8sn0w (@iH8sn0w) February 1, 2014

Renowned iOS hacker winocm has mentioned this iBoot exploit will never go public.This is because iH8sn0w has planned to keep the exploit private as this could be used in future jailbreaks.

@Pacman4484 @AmaznSpoderman nah. I’ll probably keep it private for development of future jailbreaks.

— iH8sn0w (@iH8sn0w) February 1, 2014

Meanwhile, Jay Freeman, also known as saurik, the creator of Cydia, WinterBoard and Mobile Substrate, took the argument to Reddit to explain the significance of iBoot exploit.

"For informational purposes (as many people reading might not appreciate the difference), to get the encryption keys you only need an "iBoot exploit", not a "bootrom exploit". It is easier to find iBoot exploits (being later in the boot sequence, it has a larger attack surface: it has to be able to parse file systems, for example), and they do afford more power over the device than an untethered userland exploit (in addition to letting you derive firmware encryption keys, you can boot custom kernels, and you might be able to dump the bootrom itself), but they are software updatable as part of new firmware releases from Apple and may have "insane setup requirements" (like, you might pretty much need an already-jailbroken device to actually setup the exploit). You thereby wouldn't see an iBoot exploit used for a jailbreak (unless everyone is out of ideas for a very long time): instead, you'd see it hoarded away as a "secret weapon" used by jailbreakers to derive these encryption keys, making it easier to find and implement exploits on newer firmware updates for the same device (especially kernel exploits, where even if you have an arbitrary write vulnerability you are "flying blind" and thinking "ok, now where should I write? I can't see anything... :'(")," notes saurik.

Related