Apple iOS 5.1 Jailbreak Released; Only For iPad and iPhone 3GS!

Last night, Apple released the iOS 5.1 update for the existing iDevices including the iPhone 4S, iPhone 4, iPhone 3GS, iPod Touch 3G/4G and the iPad 1 and 2. Now, just a day after its public releases, the popular iOS jailbreaking group – The iPhone Dev Team – has updated their jailbreaking utility, redsn0w, to add support for iOS 5.1.

Sadly, there is some bad news here as well. This new jailbreak is only a tethered one at the moment, which means that users will need to jailbreak their Apple iDevice every time they restart it. Secondly, this jailbreak only supports non-A5 SoC based Apple product. This includes the iPhone 3GS, the original iPad, iPhone 4 and the 3rd generation iPod Touch. The jailbreak might also be an un-tethered one if you own an iPhone 3GS with a very old bootrom. So consider yourself to be really lucky, and your iPhone 3GS really old for that to happen.

For Apple iPhone owners, who have unlocked their device using Ultrasn0w, please make sure to make a custom iOS 5.1 IPSW before proceeding to upgrade to iOS 5.1. Otherwise, you will lose your unlock.Readers interested in jailbreaking their non-A5 Apple device can find more info here.

iPhone 4S & iPad 2 Untethered iOS 5.0.1 Jailbreak Available

Jailbreakers rejoice, the long awaited and highly anticipated untethered jailbreak for iOS 5.0.1 on the iPhone 4S and iPad 2 is finally available.

It was only a few days ago that the first untethered iOS 5.0.1 jailbreak was shown off on video. It was functional, but declared to still be in testing. Fast forward just 4 days later, and a public release is available for all to download. The Chronic Dev team have announced they have packaged the exploits that allow execution of unsigned code (code named Absinthe A5) into a working untethered jailbreak. Both the iPhone 4S (GSM and CDMA variants), as well as the iPad 2 (GSM, CDMA and Wi-Fi only variants) are targeted and supported in this release.

It took a mass of crash reports, over 10 million, and almost 10 months of work for the team to find an entry point and exploit the new A5 chip. The exploit consists of a series of both userland and kernel level exploits that were dubbed ‘corona’.  The name comes from a vulnerability that was in Apple’s IPSec IKE daemon, named ‘racoon’. Although the app released today, for jailbreaking current iPhone 4S and iPad 2 devices, is only available for Mac OS X users, there is a placeholder for Windows and Linux users. Their respective applications will likely be available soon and will be as simple as a point and click.

In addition to the tools being released, the “iOS Hacking Dream Team” has spawned. It consists of members from the Chronic Dev team (posixninja, pod2g and nikias) and the iPhone-dev team (planetbeing). Both teams have donation pages to thank them for their work and provide funds for hardware upgrades to ensure future devices can be jailbroken.

iOS 5.0.1 Untethered Jailbreak For iPhone 3GS, iPhone 4 and iPad Released

The iOS jailbreak developers have finally got a break through and have released an untethered jailbreak for non-A5 iOS devices running iOS 5.0.1.

@pod2g – the developer who found the Jailbreak exploit – gave the exploit to both the iPhone Dev team and the Chronic Dev Team a few days ago. Both the Dev. team have updated their respective apps – PwnageTool, redsn0w and the Cydia package.  The untethered iOS 5.0.1 Jailbreak is meant only for non-A5 devices from Apple which includes the iPhone 3GS, iPhone 4, iPad 1, and the iPod Touch 3G/4G. Interested readers can find the required download link, and the  necessary  instructions over at this link.

The developer is also working hard on trying to port this exploit to the current generation A5 devices from Apple.

I would also encourage our readers to support the developer by donating a small amount to him via Paypal. The whole exploit was single handedly found and developed by @pod2g, and he has been working hard on it for quite a few months now. The donate link can be found at the above mentioned download link.


Kindle Touch XSS JailBreak

The recently release Kindle Touch has been freed. Yifan Lu, freelance developer, has dug down and posted details on an exploit used to jailbreak Kindle OS 5.

Although it might look completely innocuous due to the e-ink display, the Kindle Touch is a relatively complex device. At the core of the device is an operating system built around HTML5 and Javascript. Unfortunately, the engineers at Amazon left some gaping holes in the system, allowing for a straight-forward XSS (cross site scripting) attack vector to be used.

By embedding HTML and JS calls into an MP3, Yifan Lu was able to hook into undocumented debug functions in order to execute code at root level. Not only did Amazon leave a function that allowed any process to be spawned as root, they also didn’t bother to sanitize inputs when reading the ID3 tag for display. With root access, a simple SSH package was created and pushed, providing unfettered access to the device.

Yifan Fu is encouraging other developers to start writing plugins for the device. Open formats such as ePub or Mobi can be supported as well. While apps and games are a possibility, the e-ink display will really limit the possibilities due to the slower refresh rate, lack of color as well as lack of multitouch.
It’s very possible that the Kindle Fire isn’t the only device that Amazon is selling at a loss, with attempts to make up revenues by users purchasing content. Amazon should be concerned as it may open the door for users to permanently store content past the expiration date.


ChevronWP7: Windows Phone Unlocker Now Live

ChevronWP7 Labs

ChevronWP7 Labs

The ChevronWP7 team launched the ChevronWP7 Labs site today. This site provides a tool which allows anybody to unlock their Windows Phone so they can load applications which are not in the Windows Phone Marketplace.

If you are not a Windows Phone registered developer, there is no (easy) way for you to sideloadan application. Sideloading is the act of bypassing the Windows Phone Marketplace to load applications on your device. Now enthusiasts and hobbyists can sideload applications like Screencapture v3 on their device without registering as an AppHub developer with Microsoft.

ChevronWP7 is the brainchild of Rafael Rivera, Chris Walsh and Long Zheng, who had earlier released a hack which enabled the same functionality via undocumented APIs. That hack was later pulled by the team, which they said, was based on Microsoft’s direction.

Despite that move, the team’s relationship with Microsoft remained positive. In fact, Microsoft developer relations team invited the ChevronWP7 team to Redmond to talk about the best way to support the enthusiast community without possibly breaking warranty and making the phone unusable. ChevronWP7 Labs is the result of the cooperation.

All you need is a Windows Live ID (for authentication purposes only), $9 and a Windows Phone device. After paying the fee, and downloading the tool, the phone is unlocked so you can deploy any application you want to on your device. If you get to a point where you have an app you would like to publish, it would have to be done with the AppHub, which requires a $99 USD/year fee. ChevronWP7 Labs even has a step on their site, which enables de-activation of the ChevronWP7 lock so you can developer-unlock the device.

Step 1: Paypal

Step 1: Paypal

Step 2: Unlock tool

Step 2: Unlock tool

This is a very good move (originally spearheaded by Brandon Watson, Senior Director of Developer Evangelism) by Microsoft to encourage and support enthusiasts in the Windows Phone community. With this tool, and the fact that it is inexpensive, jailbreakingis not necessary on the Windows Phone platform.

Congratulations to the ChevronWP7 team, and a big thank you for doing this, from an enthusiast!

Update: I had a quick chat with Chris Walsh on Twitter about ChevronWP7. Interestingly, they are going to have a place to list homebrew apps, and anyone who has an unlocked device will be able to sideload those apps, not just ChevronWP7-unlocked. More good news!


Hacker Behind Hired As Apple Intern

Comex's TweetAnnounced via Twitter, “Comex”, the famous hacker behind is joining Apple as an intern. He became famous last year when he released a web-based JailbreakMe exploit for iPhone 4. made it extremely easy for iOS users to jailbreak their devices by simply visiting the site.

It’s been really, really fun, but it’s also been a while and I’ve been getting bored. So, the week after next I will be starting an internship with Apple.

Forbes first interviewed Comex as Nicholas Allegra, a 19-year old Brown University student from  Chappaqua, NY. In the interview, Allegra said jailbreaking is    “like editing an English paper… You just go through and look for errors. I don’t know why I seem to be so effective at it.” Allegra has been on leave from Brown University since last winter looking for an internship.

Charlie Miller, a former National Security Agency analyst and one of the first people to hack the original iPhone in 2007, was impressed by Allegra’s hack. I didn’t think anyone would be able to do what he’s done for years,he said. Now it’s been done by some kid we had never even heard of. He’s totally blown me away.

In addition, Allegra discovered a new exploit in Apple’s PDF renderer to run custom software to crack iOS devices. A few days after, Apple patched the bug.  Allegra didn’t specify what he will be working on at Apple.


Jailbreak iPad 2 and iPhone 4 Running iOS 4.3 Using

Apple announced the iPad 2 way back in March this year. The second generation iPad boasts of a dual-core A5 processor, and was slimmer and lighter than its predecessor.

However, the iPad 2 was made insanely secure from jailbreaking by Apple. All the hardware level exploits used by the jailbreakers, were patched by Apple in iPad 2.

Nevertheless, popular hacker comex has finally released a way to jailbreak the iPad 2. The jailbreak works via a PDF exploit found, which was first discovered in 2010.


To jailbreak your iPad 2, owners just need to head over to from their iDevice, and press the Free’ button on the site. Then, users need to select the Install button which comes up on the screen. The site will then load a PDF, which may crash Safari.

Afterwards, users will find the Cydia shortcut on their iOS home screen. Tap on free and install button only once, even if it may look like Safari is not responding.

This jailbreak is also compatible with iPhone 3GS, iPhone 4, iPod Touch 3G and 4G, running on iOS 4.3.3.

iOS 5 Jailbroken Already

Within a day of its unveiling, and months before it will be launched, iOS 5 has already been jailbroken.

MuscleNerd, a member of the iPhone Dev Team announced on Twitter that he has already jailbroken iOS 5.

“iOS5 jailbroken on ipt4g: via limera1n + tethered boot..not too many surprises :)”

The jailbreak was done using Limera1n, but there is a catch. It is a tethered boot jailbreak, which means that you would need to connect your iPhone to a computer every time you reboot it.

Cydia works well on the jailbroken device running iOS 5, and he was also able to install iSSH successfully.

Since Apple won’t be launching iOS 5 until Fall 2011, this exploit isn’t very useful now, but MuscleNerd says that it can be used to jailbreak the final version of iOS 5 as well, when it launches. It would be quite realistic to expect a much more usable and convenient version of the jailbreak within a day or two of iOS 5’s launch.

Here are some images of iOS 5, jailbroken, with Cydia installed.

Apple iOS 5 Jailbreak

Check out our detailed coverage of iOS 5 – iOS5 Everything You Need To Know About It

Jailbreak iPhone 4/iPad/iPod Touch Running iOS 4.3.2

Apple recently rolled out iOS 4.3.2 for the iPad 1/2, iPod Touch 3G/4G and the iPhone 4. The update was a minor one and was mainly aimed at fixing bugs, and improving the battery life.

Thankfully, Apple did not patch the exploit used by hackers to untether’ jailbreak iOS 4.3.1. Now, @i0n1c has made changes in his jailbreak code so as to make it compatible with iOS 4.3.2.


The iPhone Dev. Team has also released an updated version of redsn0w incorporating the code. This means iPhone 3GS, iPod Touch 3G/4G and iPad 1 owners can now jailbreak their device running iOS 4.3.2.

There is some problem jailbreaking the iPhone 4 with this version of redsn0w, so users need to wait until the Dev. Team releases a fix for it. Until then, they can use redsn0w to tether’ jailbreak their iPhone 4.

iPhone 4 users who have unlocked their handset using Ultrasn0w are recommended to stay away from updating to iOS 4.3.2. They should wait until an updated version of the app supporting iOS 4.3.2 is released.

iDevice jailbreaks can download the latest version of redsn0w from here.

Jailbreak For iPhone/iPad Running iOS 4.3.1 Released

The iPhone Dev. Team has just released a new jailbreak for iOS 4.3.1, about which we reported a couple of days ago.

The new jailbreak is an untethered one, unlike the previous jailbreak released for iOS 4.3.1. The new jailbreak supports iPhone 3GS, iPhone 4, iPod Touch 3G/4G, Apple TV 2G and iPad 1 running on the latest version of iOS.


The jailbreak is also available for all Windows and Mac owners via Redsn0w or PwnageTool. Readers can download the application from here.

iPhone 4 owners, who have unlocked their handsets using Ultrasn0w, need to wait until an updated version of the app comes out. Right now, Ultrasn0w unlock is incompatible with iOS 4.3.1.

Sadly, iPad 2 owners need to wait for a jailbreak, until a boot rom level exploit is found for their device.

Incidentally, the first version of PwnageTool was released on this very day, three years ago!