jailbreaking
Latest
ultrasn0w bumped to version 1.2.5, now unlocking even more iOS 5.0.1 devices
Given that you're out on Christmas break and all, isn't it about time you finally tried out that whole "unlocking" thing you've been hearing about? A new build of ultrasn0w just hit the Cydia app store, with v1.2.5 adding more support for iOS 5.0.1. Of note, novice jailbreakers may want to reach out to more experienced pals before embarking, as you'll need a a compatible baseband in order for the unlock to work. The iPhone 3GS (running iOS 5.0.1.) is supported with the following basements: 04.26.08 – 05.11.07 – 05.12.01 – 05.13.04 – 06.15.00. The iPhone 4 is supported if your baseband checks in as 01.59.00. If you're looking to upgrade from a dustier firmware, make sure you preserve your baseband before unlocking. Hit the source link for a few tips, and remember: friends don't let friends jailbreak before completing a backup.
Untethered jailbreak for iOS 5.0 showcased on YouTube (video)
Love to jailbreak but hate to tether every time you reboot? Then help could soon be at hand courtesy of hacker Pod2g. He just put out a video showing off a new exploit that continues to work on an iPod Touch even after it has been switched off and on. It appears to be running on iOS 5.0 rather than 5.0.1, so some downgrading might be called for. We don't know when it'll be released to the masses, or how long it'll last once Apple catches wind, but in the meantime there are of course various alternatives if you can stomach the risks and don't mind a bit of USB tomfoolery. [Thanks to everyone who sent this in]
DingleBerry breaks PlayBook free from RIM's chains (again), Android Market access makes a comeback
To root or not to root? For savvy PlayBook owners running beta 2.0, that should no longer be a question. With the recent release of DingleBerry, users comfortable with command lines have been enjoying superuser privileges on the slate, but the fun could've been short-lived. RIM moved swiftly to issue an update that addressed the security hole, effectively crippling the exploit. But as hacker Chris Wade made known via Twitter last night, a new workaround has already been finagled. Full Android Market access has, once again, been restored to the tab, although there's still no fix for Hulu just yet. So, if you're keen to reap the unintended fruits of Waterloo's 7-incher, you'll likely want to sidestep any further OTA updates. Or, y'know, you could actually just buy a proper Honeycomb tablet.
DingleBerry jailbreak hits beta, frees PlayBooks until tomorrow
Been awaiting the release of a PlayBook jailbreak with bated breath? Well if you've got Canada's favorite tablet and are rocking Windows, you're in luck as DingleBerry has just gone live. While beta 0.2 of the tool won't re-enable web access to Hulu, the haxors responsible are adamant it'll come in due time, as will a Mac version. The team pushed up the release schedule as RIM informed them their exploit will be plugged in an update tomorrow -- so we'd skip that OS upgrade if you like being rooted. Want to break the biggest BlackBerry free from the clutches of QNX? Hit the source and let us know how it works out in the comments.
EFF working to make console modding legal
Your Humble Indie Bundle dollars at work! The Copyright Office is taking submissions about possible new exemptions to the Digital Millennium Copyright Act, and the Electronic Frontier Foundation is petitioning the office to protect "jailbreaking" of consoles, tablets, and other devices to run software other than that supported by the manufacturer. A year ago, a similar EFF initiative resulted in an exemption on "jailbreaking" smartphones. "The DMCA is supposed to block copyright infringement," said EFF Intellectual Property Director Corynne McSherry. "But instead it can be misused to threaten creators, innovators, and consumers, discouraging them from making full and fair use of their own property." McSherry asserted that "artists and tinkerers" who want to modify their devices to run whatever they want deserve legal protection. The use of jailbroken consoles -- or any technology -- to violate copyright (by, for example, playing an unauthorized copy of a retail game) would remain illegal. But the act of modding a console itself would no longer be. The Copyright Office will hold hearings on DMCA extensions in the spring.
Jailbroken iOS 5 devices get Siri0us, tap into Nuance's dictation servers (video) (update)
Sure, it's leaps and bounds away from all the parlor tricks that Siri is able to perform, but now, jailbroken iPhone 4, iPhone 3GS and iPod Touch devices -- that have been upgraded to iOS 5 -- may access the dictation portion of Siri's prowess. Thanks to Siri0us, the free app available through Cydia, users will gain the option to speak messages and search queries rather than type them, which could be a huge time saver -- unless there's a series of mistakes, anyway. Rather than accessing Apple's own system, the app works by tapping into Nuance's Dragon Go servers for speech recognition. Rather subversive, don't you think? If you'd like to get in on the fun (before Nuance breaks up the party), just check the video following the break. Update: Well, who didn't see this one coming? Nuance has pulled the rug out from under Siri0us, and the app has been yanked from Cydia while the developer searches for another speech recognition server. Happy hunting, dude.
Getting to know you: Comex, the boy behind iOS' JailbreakMe
See that kid above? That's Nicholas Allegra. He's the hackdom Harry Potter to Apple's Ye-Who-Shall-Not-Jailbreak-Our-Wares, and Forbes managed to sniff him out for a little bold-faced exposé. The 19-year old hero of the iOS community, better known as Comex, got his self-taught start with Visual Basic when he was still in single digits. After graduating through a venerable online forum education, the precocious coding lad set his smarts to homebrew Wii development, and the rest is JailbreakMe history. The self-described Apple fanboy admits his background is atyipcal of the cybersecurity industry, but with a former National Security Agency analyst praising his work as years ahead of his time, we don't think he should worry. For all the trouble his code has caused Cupertino, Allegra's not trying to be the embedded thorn in Jobs' side. Rather, the iPhone hacker claims "it's just about the challenge" and plans to keep on keeping ol' Steve on his billion dollar toes.
iOS 5 beta 3 already jailbroken, new features come to light
Who needs sleep, right? Rather than putting in the tried-and-true "eight hours" that your mum still insists that you get, you're going to be doing something a bit more adventurous this evening. Something involving a "jailbreak" of your recently updated iPod touch, iPhone or iPad. Just hours after Apple pushed out iOS 5 beta 3 to its developers, a Sn0wbreeze update has been confirmed to support jailbreaking on that very build. Sadly, it's still tethered for the time being, and the iPad 2 remains unsupported, but those with nerves of steel (and gobs of vacation days) can hit the source links to get started. Furthermore, we're just starting to see what kind of wacky tricks beta 3 has up its sleeve -- things like custom alerts for text messages and what appears to be a shattering of the app grid on the iPad. For more on that, hop on past the break; for more on the jailbreak, we'd encourage you to talk amongst yourselves in comments below. [Thanks to everyone who sent this in]
Apple iOS 4.3.4 software update may fix iPhone hole, block PDF jailbreak
Remember that PDF exploit from last year that JailbreakMe 2.0 was using to unlock your iPhone with just a few taps? Well, Apple patched it. And now it's apparently back. According to the Wall Street Journal, Apple acknowledged the exploit, and is working on an update at this very moment. In addition to the JailbreakMe 3.0 hack that came to light last week, the hole can also be used for some not-so-noble efforts, like grabbing your contacts database, accessing saved passwords, or activating your iPad or iPhone's built-in camera. And nobody wants that. For one reason or another, German authorities have taken the lead on encouraging Apple to investigate, and have also warned all users to avoid opening PDF docs from untrusted sources. And we're happy to echo that rather solid advice, given the implications. Ironically, JailbreakMe includes a patch for the very hole that allows it to function in the first place, so if you're terrified that rogue PDFs will take over your devices, that's an option to consider in the meantime.
JailbreakMe for the iPad 2 is finally live / not live, just keep refreshing (update: video)
We just mashed our refresh button about a million times to get the screenshot you see above, but it was worth it. JailbreakMe 3.0 with support for the iPad 2 is finally live, and we're already getting word from tipsters who claim to have successfully jailbroken their iPad 2s running iOS 4.3.3, as evidenced by the pseudo-blurry jailbroken Verizon model below. Thankfully, all of this suggests we're not dealing with the dodgy release that was leaked previously, but let us know in the comments how it's working for you this time around and hit the break for another screenshot.Update: Austin wrote in to tell us about a new jailbreaking tutorial from YouTube user Duncan33303 -- head past the break to watch it for yourself.
Leaked iPad 2 jailbreak available now? (updated: better wait)
Can't say it happened at Mach 3, but the iPad 2 jailbreak that we saw teased back in mid-March seems to have made its way out into the wild at long last. According to the video hosted up just past the break, JailbreakMe 3.0 is now available with support for the iPad 2. It's bruited that the version making its way around now was leaked by a beta tester (read: it ain't the final build), and we're seeing mixed success / failure stories in the related YouTube comments. We'd encourage the daring to tap the links below in order to get started, and if you do, let us know how it all works out below. Per usual, you'd be doing yourself a solid by fully syncing and backing things up before diving off the deep end. Update: This is working only for iOS 4.3, so if you've updated, you're sadly out of luck. Update 2: We've received multiple reports that this particular jailbreak is available for iOS 4.3.0, only. It looks like users rocking 4.3.3 will just have to wait. Update 3: We've received notice that this version is actually a pre-release of the upcoming jailbreak that is not finished, not intended for public consumption, and apparently leaked by a beta tester. For this reason we're pulling the video embed because we wouldn't recommend using it -- especially given the final version is probably not far off. [Thanks to everyone who sent this in]
Sony releases statement on PS3 hacking, surprisingly comes out against it
In the wake of recent developments in Sony's war on Geohot, the company has released an "Official Statement Regarding PS3 Circumvention Devices and Pirated Software," which reads, in part: Consumers using circumvention devices or running unauthorized or pirated software will have access to the PlayStation Network and access to Qriocity services through PlayStation 3 system terminated permanently. To avoid this, consumers must immediately cease use and remove all circumvention devices and delete all unauthorized or pirated software from their PlayStation 3 systems. In other words: get caught with custom firmware, find yourself banished from the PlayStation Network forever. Seems rather reasonable. More reasonable than, say, filing a motion in court for the usernames and IP addresses of everyone who posted comments on Geohot's YouTube video. Read the entire statement at the source link.
PS3 firmware 3.56 hacked in less than a day, Sony's lawyers look confused (update)
Sony's taken some strong steps against PS3 cracking in the past week -- not only has it taken to the courts and won a temporary restraining order against Geohot and fail0verflow for cracking the console, but it also released firmware 3.56, which locked things down again. Unfortunately, that restraining order doesn't mean anyone else has to stop a-crackin', and wouldn't you know it: 3.56 was cracked open in less than a day by KaKaRoToKS, who was behind one of the first 3.55 custom firmwares. Now that the 3.56 signing keys are out, we'd guess updated custom firmware is soon to come -- and we'd bet Sony's lawsuit will just inspire an entirely new wave of people to jailbreak once those hit the scene. Way to put that genie back in the bottle, Sony. Update: We're hearing that new custom firmware isn't on the table quite yet, because Sony changed most of the locks, and is reportedly actually storing the all-important ECDSA private key with random-number cryptography this time around. Be warned: if you upgrade to 3.56, there's no easy way back down. In related news, Github complied with a DMCA takedown notice to remove KaKaRoToKS's repositories, so you'll have to head on over to Gitorious (at our more coverage link) to get at the fail0verflow tools. [Thanks, Tomi R]
Visualized: the glamorous lifestyles of WP7 jailbreakers (update: Geohot crashes the party)
To be a jailbreaker means different things depending on the device that you're busy hacking preinstalled walls from. If you're fiddling with consoles, a legal team would come highly recommended, but if you're tweaking mobile code, at least Windows Phone mobile code, you're in for a much sweeter ride. The ChevronWP7 guys that brought us the first jailbreak of Microsoft's Windows Phone 7 are currently in Redmond having a sitdown and a frank exchange of views with WP7 dev experience director Brandon Watson, and the amicable nature of their discourse has been evidenced by the image above. Microsoft is clearly taking a light-hearted and community-friendly approach to handling the (now inevitable) efforts at disabling limitations to its software and we can only congratulate its mobile team for doing so. [Thanks, Tasos] Update: Looks like Microsoft's softie approach really is working. Shortly after the jolly news, notorious hacker Geohot announced on his website that he's going to treat himself to a WP7 device; but before long, Redmond's already reached out to offer him a free handset. [Thanks to everyone who sent this in]
Sony issues more court documents in hacking case, GeoHot's lawyer responds
More court documents have surfaced in the suit between Sony and PS3 hackers, mostly declarations on the part of each of Sony's lawyers in support of the restraining order against George "GeoHot" Hotz and other hackers. One document contains over 280 pages of "evidence" to provide cause for enjoining them against further hacking -- said evidence consisting of full, copy-and-pasted pages from Twitter accounts, forum posts, and news stories relating to the recent discoveries of the PS3's private and root keys. Also included are summons for the hackers, and a document from Sony declining to bring the case before a magistrate judge, requesting a district judge instead. According to PSX-Scene, there's also evidence that Sony sent $1 to Hotz's PayPal account through his email address, in order to prove he is accepting donations, even though he hadn't actually requested donations. NeoGAF's Sangreal also obtained responses from the lawyers representing Hotz. The opposition statement claims that the California court has no jurisdiction over Hotz or any of the other defendants, and that Hotz has no connection to the other hackers. More substantially, Hotz's attorneys' statement asserts that "Defendant Hotz has not produced, manufactured, sold, nor does he have any intent whatsoever to produce, manufacture, or sell, any devices that facilitate piracy." It dismisses Sony's use of other piracy cases for precedent, because those cases involve hardware used to circumvent the PS3's protection, and not software. Moreover, the statement makes the point that enjoining Hotz from his programming activities won't do anything. "Sony's own pleadings admit that the code necessary to jailbreak the Sony PlayStation computer is on the internet," the statement reads. "Sony speaks of 'closing the door', but the simple fact is that there is no door to close. The code sought to be restrained will always be a Google search away."
Address space randomization adds extra security for jailbroken iPhones
Reduced security is among the top reasons given by Apple and enterprise information technology managers for their opposition to iPhone jailbreaking, but at least one white-hat hacker is out to prove them all wrong. German security consultant Stefan Esser of SektionEins will introduce a tool this week called antid0te at the Power of Community conference in Seoul, South Korea. Antid0te will combine the ability to jailbreak iOS devices and then automatically add a capability called Address Space Layout Randomization (ASLR). Since the earliest days of computing, basic system files have typically loaded to the specific addresses in memory, which makes it easier for attackers to directly change the data or code stored there. Randomizing the locations where that code resides adds an extra layer of security. That's why Microsoft has incorporated ASLR into its operating systems since Windows Vista debuted -- even Windows Phone 7 has this feature. Apple, on the other hand, has only done a limited ASLR implementation in OS X and none at all in iOS. The debut of antid0te comes on the heels of the news that Apple has removed a jailbreak detection API from iOS 4.2. This function was used by some corporate IT departments to ensure that company issued iOS devices were not jailbroken. Apple has not said why the API was removed, but at least IT departments can breathe a bit easier as long as employees stick to antid0te for their jailbreaking needs. [via Engadget]
iPhone 3G, 3GS get iOS 4.2.1 unlock, using risky ultrasn0w workaround
Can't wait another minute for your iPhone 3G or iPhone 3GS to be carrier-unlocked once more? If and only if you're already running the latest firmware, you can actually pilfer a bit of iPad code to pick the requisite locks -- though there are some serious risks in doing so. The iPhone Dev Team has a new version of PwnageTool that uses the 6.15.00 baseband from iPad firmware 3.2.2, which just so happens to run perfectly on the iPhone 3G and 3GS since both phones and tablets of that era use the same Infineon radio chip. If you know your way around an IPSW and regularly bench-press SHSH blobs, you can download all the software you need right now -- but if you don't, you might want to steer clear of the proceedings for the time being. We spoke about risks a moment ago, and in this case there are quite a few -- like the inability to downgrade from baseband 6.15 or ever do a full restore unless Apple relations improve, and it's fairly likely that Cupertino won't look kindly on your warranty if they find you running iPad software. Them's the breaks, kid.
OpenVizsla hopes to bring USB sniffing to the everyhacker
Remember that Kinect hack how-to? A key figure in the story was the use of a USB analyzer that was plugged in-between the Kinect and the Xbox to pick up on USB traffic and pull out a log that could be used for hacking. Well, there's a new 'OpenVizsla' project on KickStarter that's aiming to build open source hardware that can put this typically expensive tech ($1,400+) in the hands of more hackers, who use the hardware for anything from jailbreaking locked-down devices to building Linux drivers for hardware. The project was actually started by hackers "bushing" and "pytey," who have worked on hacking the Wii and the iPhone, respectively. They've already raised a good chunk of change for the project in pledges, with backing from folks like Stephen Fry and DVD Jon helping out the momentum, and hopefully we'll be seeing the next generation of hacks enabled by OpenVizsla and its brood before too long.
Limera1n and Greenpois0n iOS 4.1 jailbreaks now available for Mac, Linux
We thought it was a wee bit ridiculous that Geohot's original iOS 4.1 jailbreak only worked on Windows, but that's a thing of the past now -- limera1n now supports Mac as well, and the Chronic Dev Team's greenpois0n variant can purportedly free your device from the Apple shackles of any of OS X, Linux or Windows. Mind you, there's still no working carrier unlock for iOS 4.1, so be sure to back up your baseband and don't expect to be making calls on T-Mobile USA -- and remember kids, there are always risks to playing chicken with the Apple firmware train. [Thanks to everyone who sent this in]
Carry more iPad data with you, using HyperDrive
No matter what size iPad or other portable device you get, many times it seems that you're going to hit that storage limit and find yourself aching for more space. The HyperDrive may not fix that problem for you, but it may be handy in certain circumstances. Using the portable HyperDrive and the iPad Camera Connection Kit, one can transfer movies and photos onto the iPad from either the HyperDrive's internal storage or via memory cards attached to it. Since the iPad only allows attached storage of 32GB or less, the HyperDrive sections off its on-board storage into 32GB "folders," each of which is viewable using the iPad Photos application. It's definitely a hacky way to go about transferring data to your iPad while on the go, but at least it doesn't require jailbreaking to use (if that's a concern of yours). The usefulness of the HyperDrive seems rather limited, though, as it's not able to transfer data off of your iPad, only onto it. The HyperDrive comes in 120GB up to 750GB models, starting at US$299. [via Macworld UK]
