The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Saffron"
(→Links: source code link) |
m |
||
(26 intermediate revisions by 8 users not shown) | |||
Line 1: | Line 1: | ||
− | [[ |
+ | [[File:Saffron.png|thumb|right|Saffron on an [[N81AP|iPod touch (4th generation)]]]] |
+ | [[File:Saffron unsupported.jpg|thumb|right|Saffron on an (unsupported) [[N94AP|iPhone 4S]]]] |
||
− | '''Saffron''' (also known as '''JailbreakMe 3.0''') is a [[userland]] untethered [[jailbreak]] from [[User:comex|comex]] that utilizes [[JailbreakMe]].com, yet again. It was the first jailbreak made available to the public for the [[iPad 2]] running iOS 4.3.3. Saffron made its official debut on July 6, 2011. A prerelease incomplete version was leaked a few days earlier by someone who stole it from comex' server. |
||
+ | '''Saffron''' (also known as '''JailbreakMe 3.0''') is a [[userland]] untethered [[jailbreak]] from [[User:comex|comex]] that utilizes [[JailbreakMe]].com, yet again. It was the first jailbreak made available to the public for the [[iPad 2]] running iOS 4.3.3. In {{date|2011|06}}, comex began to put up teasers on JailbreakMe. In early {{date|2011|07}}, someone Googled comex's other site and found a prerelease version of "Saffron," the third incarnation of JailbreakMe. Word about this "leak" inevitably spread. On {{date|2011|07|06}}, "Saffron" made its official debut on JailbreakMe. An incomplete prerelease version was leaked on {{date|2011|07|02}}, after it was discovered on comex's server. |
||
− | This jailbreak was patched on |
+ | This jailbreak was patched on {{date|2011|07|15}} with the releases of iOS 4.2.9 (iPhone 4 (iPhone3,3)) and 4.3.4 (all other devices). |
== Exploits Used == |
== Exploits Used == |
||
* [[T1 Font Integer Overflow]] |
* [[T1 Font Integer Overflow]] |
||
* [[IOMobileFrameBuffer Privilege Escalation Exploit]] |
* [[IOMobileFrameBuffer Privilege Escalation Exploit]] |
||
− | * [[ft_var_readpackedpoints Buffer Overflow]] |
||
− | |||
− | {{clear}} |
||
== Compatibility == |
== Compatibility == |
||
{| class="wikitable" style="text-align: center; table-layout: fixed; border-collapse: collapse;" border="1" |
{| class="wikitable" style="text-align: center; table-layout: fixed; border-collapse: collapse;" border="1" |
||
|- |
|- |
||
− | ! rowspan="2" style="width: |
+ | ! rowspan="2" style="width:30%;" | Device |
− | ! colspan=" |
+ | ! colspan="7" | Works with [[firmware]]... |
|- |
|- |
||
− | | style="width: |
+ | | style="width:10%;" | 4.2.6 |
− | | style="width: |
+ | | style="width:10%;" | 4.2.7 |
− | | style="width: |
+ | | style="width:10%;" | 4.2.8 |
− | | style="width: |
+ | | style="width:10%;" | 4.3 |
− | | style="width: |
+ | | style="width:10%;" | 4.3.1 |
− | | style="width: |
+ | | style="width:10%;" | 4.3.2 |
− | | style="width: |
+ | | style="width:10%;" | 4.3.3 |
− | | style="width:9%;" | 4.3.3 |
||
− | | style="width:9%;" | 4.3.4 |
||
|- |
|- |
||
− | | [[ |
+ | | [[K48AP|iPad]] |
− | | |
+ | | rowspan="4" colspan="3" {{n/a}} |
− | | {{yes}} |
+ | | colspan="4" {{yes}} |
− | | {{yes}} |
||
− | | {{yes}} |
||
− | | {{yes}} |
||
− | | {{no}} |
||
|- |
|- |
||
| [[iPad 2]] |
| [[iPad 2]] |
||
− | | colspan=" |
+ | | colspan="3" {{no}} |
| {{yes}} |
| {{yes}} |
||
− | | {{no}} |
||
− | | {{no}} |
||
− | | {{yes}} |
||
− | | {{no}} |
||
|- |
|- |
||
− | | [[iPhone 3GS]] |
+ | | [[N88AP|iPhone 3GS]] |
− | | colspan="4" {{ |
+ | | rowspan="2" colspan="4" {{yes}} |
− | | {{yes}} |
||
− | | {{yes}} |
||
− | | {{yes}} |
||
− | | {{yes}} |
||
− | | {{no}} |
||
|- |
|- |
||
− | | [[ |
+ | | class="rborderplz" | [[N90AP|iPhone 4 (iPhone3,1)]] |
− | | colspan="4" {{no|N/A}} |
||
− | | {{yes}} |
||
− | | {{yes}} |
||
− | | {{yes}} |
||
− | | {{yes}} |
||
− | | {{no}} |
||
|- |
|- |
||
− | | [[ |
+ | | [[N92AP|iPhone 4 (iPhone3,3)]] |
− | | {{yes}} |
+ | | colspan="3" {{yes}} |
− | | {{ |
+ | | colspan="5" {{n/a}} |
− | | {{yes}} |
||
− | | {{no}} |
||
− | | colspan="5" {{no|N/A}} |
||
|- |
|- |
||
− | | [[ |
+ | | [[N18AP|iPod touch (3rd generation)]] |
− | | colspan=" |
+ | | rowspan="2" colspan="3" {{n/a}} |
− | | {{yes}} |
||
− | | {{no}} |
||
− | | {{yes}} |
||
| {{yes}} |
| {{yes}} |
||
| {{no}} |
| {{no}} |
||
+ | | colspan="2" {{yes}} |
||
|- |
|- |
||
− | | [[ |
+ | | [[N81AP|iPod touch (4th generation)]] |
− | | colspan="4" {{ |
+ | | colspan="4" {{yes}} |
− | | {{yes}} |
||
− | | {{yes}} |
||
− | | {{yes}} |
||
− | | {{yes}} |
||
− | | {{no}} |
||
|} |
|} |
||
− | == |
+ | == Problems == |
+ | === Domain owner problem === |
||
− | * [http://www.jailbreakme.com/ Saffron] |
||
+ | On {{date|2011|10|07}}, [[MuscleNerd]] announced that the domain was sold and that the new owner was unknown, so that there is a big danger of the site hosting malware. It turned out that the new owner was friendly and sold it the next day to [[Saurik]] who hosted the site anyway. Problem solved. |
||
− | * [https://github.com/comex/star_ Source code on github] |
||
+ | |||
− | * [http://intrepidusgroup.com/insight/2011/07/reversing-jailbreakme-com-4/ Reversing Saffron] |
||
+ | === Certificate problem === |
||
− | * [http://support.apple.com/kb/HT4802 About the security content of iOS 4.3.4] |
||
+ | Starting early {{date|2015|12}}, the domain started to display a blank homepage. In addition, JailbreakMe began to redirect traffic to HTTPS; however, the TLS certificate it was using was invalid. Turns out comex moved the files to his personal domain. |
||
+ | |||
+ | === References === |
||
+ | *[https://twitter.com/MuscleNerd/status/122266354173739010 sale announcement] |
||
+ | *[https://twitter.com/MuscleNerd/status/122267822280814592 untrusted] |
||
+ | *[https://twitter.com/MuscleNerd/status/122715500349374465 buyback announcement] |
||
+ | |||
+ | == External Links == |
||
+ | * [http://www.jailbreakme.com/ Saffron] (semi-broken) |
||
+ | * [https://github.com/comex/star_ Source Code] |
||
+ | * [http://esec-lab.sogeti.com/post/Analysis-of-the-jailbreakme-v3-font-exploit Analysis of the Exploit] |
||
+ | * [http://support.apple.com/kb/HT4802 Apple KB HT4802] ([[iOS]] 4.2.9/4.3.4 Security Fixes) |
||
+ | |||
+ | [[Category:Jailbreaks]] |
||
+ | [[Category:Jailbreaking]] |
Latest revision as of 01:07, 17 September 2021
Saffron (also known as JailbreakMe 3.0) is a userland untethered jailbreak from comex that utilizes JailbreakMe.com, yet again. It was the first jailbreak made available to the public for the iPad 2 running iOS 4.3.3. In June 2011, comex began to put up teasers on JailbreakMe. In early July 2011, someone Googled comex's other site and found a prerelease version of "Saffron," the third incarnation of JailbreakMe. Word about this "leak" inevitably spread. On 6 July 2011, "Saffron" made its official debut on JailbreakMe. An incomplete prerelease version was leaked on 2 July 2011, after it was discovered on comex's server.
This jailbreak was patched on 15 July 2011 with the releases of iOS 4.2.9 (iPhone 4 (iPhone3,3)) and 4.3.4 (all other devices).
Contents
Exploits Used
Compatibility
Device | Works with firmware... | |||||||
---|---|---|---|---|---|---|---|---|
4.2.6 | 4.2.7 | 4.2.8 | 4.3 | 4.3.1 | 4.3.2 | 4.3.3 | ||
iPad | N/A | Yes | ||||||
iPad 2 | No | Yes | ||||||
iPhone 3GS | Yes | |||||||
iPhone 4 (iPhone3,1) | ||||||||
iPhone 4 (iPhone3,3) | Yes | N/A | ||||||
iPod touch (3rd generation) | N/A | Yes | No | Yes | ||||
iPod touch (4th generation) | Yes |
Problems
Domain owner problem
On 7 October 2011, MuscleNerd announced that the domain was sold and that the new owner was unknown, so that there is a big danger of the site hosting malware. It turned out that the new owner was friendly and sold it the next day to Saurik who hosted the site anyway. Problem solved.
Certificate problem
Starting early December 2015, the domain started to display a blank homepage. In addition, JailbreakMe began to redirect traffic to HTTPS; however, the TLS certificate it was using was invalid. Turns out comex moved the files to his personal domain.
References
External Links
- Saffron (semi-broken)
- Source Code
- Analysis of the Exploit
- Apple KB HT4802 (iOS 4.2.9/4.3.4 Security Fixes)