Hacker cracks Apple's latest iPhone 3GS security measures

Posted:
in iPhone edited January 2014
A hacker this week released a new exploit that allows users to circumvent Apple's preventative measures that have blocked unauthorized code from being run on the new iPhone 3GS.



In October, Apple unexpectedly began shipping new iPhone 3GS models to ward off hackers who run unauthorized software in a practice known as "jailbreaking." In addition to unlocking the handset for use on other carriers, the practice can also be used to run unsigned code.



Hacker George Hotz this week released "blacksn0w," a combination jailbreak and unlock tool that works for the iPhone 3G and iPhone 3GS. The free software is noteworthy because it is the first known successful jailbreak and unlock for the iPhone 3GS with iPhone OS 3.1.2 and baseband 05.11.07.



Apple updated the BootROM for the iPhone 3GS to iBoot-359.32 in with a mid-cycle hardware release in October -- the first time ever that the handset maker had modified its hardware in the middle of a product line, without a new model released.



Hotz is a teenager who made headlines two years ago when he was the first to successfully unlock Apple's original iPhone all by himself. This summer, he also released the first jailbreaking tool for the iPhone 3GS.



Prior to the new BootROM, hackers relied on an exploit known as "24kpwn," which allowed users to run unauthorized code on the OS. But the latest update had prevented that exploit.



The latest hack for the newly updated iPhone 3GS hardware is not as seamless as some previous exploits. The blacksn0w software applies what is known as a "tethered jailbreak" for the October-and-later iPhone 3GS (and latest iPod touch), meaning users cannot perform a hardware reset of the phone without connecting it via USB cable to a computer. Users of an iPhone 3G or iPhone 3GS sold prior to the latest hardware upgrade are said to be able to restart without the tethered jailbreak.



Apple and the jailbreaking community, led by Hotz and a separate group of hackers known as the iPhone Dev Team, have gone back and forth for some time, as the Cupertino, Calif., company has looked to close avenues used by hackers. One of the main concerns about jailbreaking is piracy, as the procedure can allow users to steal software from the App Store.
«1345

Comments

  • Reply 1 of 90
    Can it enable iPhone tethering? If I had that, I'd be ridiculously happy, I could ditch my USB EVDO card!
  • Reply 2 of 90
    I love this cat and mouse game

    And just like in Tommy & Jerry.... I love that the mouse keeps getting himself ahead :P



    Quote:
    Originally Posted by AppleInsider View Post


    A hacker this week released a new exploit that allows users to circumvent Apple's preventative measures that have blocked unauthorized code from being run on the new iPhone 3GS.



    In October, Apple unexpectedly began shipping new iPhone 3GS models to ward off hackers who run unauthorized software in a practice known as "jailbreaking." In addition to unlocking the handset for use on other carriers, the practice can also be used to run unsigned code.



    Hacker George Hotz this week released "blacksn0w," a combination jailbreak and unlock tool that works for the iPhone 3G and iPhone 3GS. The free software is noteworthy because it is the first known successful jailbreak and unlock for the iPhone 3GS with iPhone OS 3.1.2 and baseband 05.11.07.



    Apple updated the BootROM for the iPhone 3GS to iBoot-359.32 in with a mid-cycle hardware release in October -- the first time ever that the handset maker had modified its hardware in the middle of a product line, without a new model released.



    Hotz is a teenager who made headlines two years ago when he was the first to successfully unlock Apple's original iPhone all by himself. This summer, he also released the first jailbreaking tool for the iPhone 3GS.



    Prior to the new BootROM, hackers relied on an exploit known as "24kpwn," which allowed users to run unauthorized code on the OS. But the latest update had prevented that exploit.



    The latest hack for the newly updated iPhone 3GS hardware is not as seamless as some previous exploits. The blacksn0w software applies what is known as a "tethered jailbreak" for the October-and-later iPhone 3GS (and latest iPod touch), meaning users cannot perform a hardware reset of the phone without connecting it via USB cable to a computer. Users of an iPhone 3G or iPhone 3GS sold prior to the latest hardware upgrade are said to be able to restart without the tethered jailbreak.



    Apple and the jailbreaking community, led by Hotz and a separate group of hackers known as the iPhone Dev Team, have gone back and forth for some time, as the Cupertino, Calif., company has looked to close avenues used by hackers. One of the main concerns about jailbreaking is piracy, as the procedure can allow users to steal software from the App Store.



  • Reply 3 of 90
    solipsismsolipsism Posts: 25,726member
    Very impressive work, Hotz.



    You may not be doing too great with the ladies right now (assumption), but you’ll be wealthy and have your pick soon enough.





    PS: Can someone get with Dev Team and have them name their PwnageTool app to reflect the version of iPhone OS it’s designed for, using a letter at the end to represent any point releases? For example, PwnageTool v3.1.2.c would be the third update to be used for iPhone OS v3.1.2.
  • Reply 4 of 90
    Quote:
    Originally Posted by infinite_entropy View Post


    Can it enable iPhone tethering? If I had that, I'd be ridiculously happy, I could ditch my USB EVDO card!



    It is enabled... but you should load a customized ipcc from itunes to get the correct configurations for that. Just like you use to do in 3.0.



    Just update the version inside the .plists on the .ipcc to a higher number (8.0 or something like that) so when you restore the ipcc it gets used as a newer version.
  • Reply 5 of 90
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by infinite_entropy View Post


    Can it enable iPhone tethering? If I had that, I'd be ridiculously happy, I could ditch my USB EVDO card!



    Only if you can find not-so-simple tethering in Cydia or Icy. The elegant tethering by Apple started using signed profiles in v3.1 so even went jailbroken that option is out. I am still on v3.0.1 specifically for that reason. I don?t get the nifty iTunes-based Home Screen editing, but I can live with that.



    PS: What is really lame is that even if you needed tethering while on WiFi because the machine you were using no longer had it (for whatever reason) you still won?t be able to use WiFi tethering until you can pay for carrier tethering.
  • Reply 6 of 90
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by DonGus View Post


    It is enabled... but you should load a customized ipcc from itunes to get the correct configurations for that. Just like you use to do in 3.0.



    Just update the version inside the .plists on the .ipcc to a higher number (8.0 or something like that) so when you restore the ipcc it gets used as a newer version.



    Do you have a link as to how to do that? All the data I?ve read says not to update to 3.1.x if you want to maintain tethering. I figure they?ll crack the profiles at some point, but I haven?t read that they?ve done it yet.
  • Reply 7 of 90
    Co-worker pointed me to this: http://www.mobilecrunch.com/2009/11/...ning-os-3-1-2/



    Trying it now, will report back!
  • Reply 8 of 90
    One of the main concerns is piracy? From the App Store? I have been involved in the jailbreaking community for a while and I havent ever heard of such a thing! Apple just wants to control what you do and doesnt want you to buy from Cydia!
  • Reply 9 of 90
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by DonGus View Post


    It is enabled... but you should load a customized ipcc from itunes to get the correct configurations for that. Just like you use to do in 3.0.



    Just update the version inside the .plists on the .ipcc to a higher number (8.0 or something like that) so when you restore the ipcc it gets used as a newer version.



    Quote:
    Originally Posted by infinite_entropy View Post


    Co-worker pointed me to this: http://www.mobilecrunch.com/2009/11/...ning-os-3-1-2/



    Trying it now, will report back!



    I LOVE THIS KID! From the link above?
    Quote:

    Blacksn0w still has its perks. Namely, it brings the aforementioned unauthorized data tethering right on back.



  • Reply 10 of 90
    Quote:
    Originally Posted by solipsism View Post


    PS: Can someone get with Dev Team and have them name their PwnageTool app to reflect the version of iPhone OS it?s designed for, using a letter at the end to represent any point releases? For example, PwnageTool v3.1.2.c would be the third update to be used for iPhone OS v3.1.2.



    It's a good suggestion, but why not tell them yourself?



    The Dev-Team has a blog at http://blog.iphone-dev.org/ with an active and monitored comments section, and there are also several members who are active on Twitter (@MuscleNerd and @iphone_dev to start with).
  • Reply 11 of 90
    Quote:
    Originally Posted by shavex View Post


    One of the main concerns is piracy? From the App Store? I have been involved in the jailbreaking community for a while and I havent ever heard of such a thing! Apple just wants to control what you do and doesnt want you to buy from Cydia!



    There are multiple user-addable Cydia repos that offer up cracked iTunes App Store applications. It's a valid concern, and probably the most valid concern.



    You must jailbreak to pirate, but you don't have to be a pirate to enjoy the many benefits of jailbreaking.
  • Reply 12 of 90
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by DistortedLoop View Post


    It's a good suggestion, but why not tell them yourself?



    The Dev-Team has a blog at http://blog.iphone-dev.org/ with an active and monitored comments section, and there are also several members who are active on Twitter (@MuscleNerd and @iphone_dev to start with).



    I have made my suggestion. Now I?ve made it here hoping that perhaps it will spark a reader who jailbreaks to offer it themselves, perhaps, but I shall never speak of it again.
  • Reply 13 of 90
    Hahaha. Another reason to buy an iPhone.
  • Reply 14 of 90
    Okay, so this was the process:



    Ran the app, unlock etc. went perfectly. Installed new carrier file.



    Rebooted, took about FIVE MINUTES during which I was fairly frightened.



    Started tethering thru my MacBook Air, was awesomeness, could even get calls while on 3G. SpeedTest said 1.25Mbps down, 0.20 Mbps up (acceptable for sure).



    Problems: WiFi broken as in sees NO networks. Cannot receive calls properly when on EDGE. Basically except for tethering the device became less-than-usable for actually being mobile. Now restoring back to factory defaults. Total fail.
  • Reply 15 of 90
    Quote:
    Originally Posted by infinite_entropy View Post


    Can it enable iPhone tethering? If I had that, I'd be ridiculously happy, I could ditch my USB EVDO card!



    Yup, it does enable tethering.



    Adi
  • Reply 16 of 90
    Quote:
    Originally Posted by solipsism View Post


    I have made my suggestion. Now I?ve made it here hoping that perhaps it will spark a reader who jailbreaks to offer it themselves, perhaps, but I shall never speak of it again.



    I'll second your suggestion to them, but if they liked the idea, they'd probably have done it by now.
  • Reply 17 of 90
    gazoobeegazoobee Posts: 3,754member
    Quote:
    Originally Posted by shavex View Post


    One of the main concerns is piracy? From the App Store? I have been involved in the jailbreaking community for a while and I havent ever heard of such a thing! Apple just wants to control what you do and doesnt want you to buy from Cydia!



    This is total BS. You are either wilfully blind, don't care or are just pushing propaganda here.



    On average about 30% of apps in use are stolen apps made possible by the two main websites anyone with a jail-broken iPhone visits although most developers don't check the numbers. The two high-profile development houses that *have* checked found that 95% of the people using their apps were using stolen copies.



    Please go buy a fairy-tale book and read "The Goose with the Golden Eggs." It might be enlightening for you.
  • Reply 18 of 90
    irelandireland Posts: 17,521member
    Hacker.
  • Reply 19 of 90
    Quote:
    Originally Posted by infinite_entropy View Post


    Okay, so this was the process:



    Ran the app, unlock etc. went perfectly. Installed new carrier file.



    Rebooted, took about FIVE MINUTES during which I was fairly frightened.



    Started tethering thru my MacBook Air, was awesomeness, could even get calls while on 3G. SpeedTest said 1.25Mbps down, 0.20 Mbps up (acceptable for sure).



    Problems: WiFi broken as in sees NO networks. Cannot receive calls properly when on EDGE. Basically except for tethering the device became less-than-usable for actually being mobile. Now restoring back to factory defaults. Total fail.





    It killed my wifi as well, I hope a fix comes out. I went ahead and restored till then.
  • Reply 20 of 90
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by Gazoobee View Post


    This is total BS. You are either wilfully blind, don't care or are just pushing propaganda here.



    On average about 30% of apps in use are stolen apps made possible by the two main websites anyone with a jail-broken iPhone visits although most developers don't check the numbers. The two high-profile development houses that *have* checked found that 95% of the people using their apps were using stolen copies.



    Please go buy a fairy-tale book and read "The Goose with the Golden Eggs." It might be enlightening for you.



    I think one way to counter piracy is convenience. I?ve spent more in iPhone apps over the last 1.5 years than I may have ever spent in computer software in my entire life (never been a gamer). Part of that reason is the convenience of the getting the apps, but one app I felt was worth testing before I bought was the TomTom app at around $100. Turns out, I preferred my dedicated GPS, but if I had liked it, I may not have bothered with buying the legal copy. May have just forgotten about it altogether. i think Apple needs to use that exploding-DRM they use for movie rentals on their apps so trial periods of full apps can be had. If you exceed the trial period before completely removing it then you are charged for the app. I think they?d combat some of the piracy that, but maybe not.
Sign In or Register to comment.