|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Limera1n"
(i have done it and it works fine) |
|||
| Line 12: | Line 12: | ||
It has been demonstrated multiple times by [[User:Geohot|geohot]], using blog posts on his now private blog. [[User:Geohot|Geohot]] [http://1.bp.blogspot.com/_NJ4JFBfr1tY/TDgkAsTQEmI/AAAAAAAAAcw/ZNHDxMNNL4Y/s1600/iphone4.png showed off a high-res picture of Cydia on an iPhone 4]. He [http://www.youtube.com/watch?v=__TR86PLiHw displayed an iPod touch 3G with an untethered jailbreak] that met MuscleNerd's requirements for a good video. In addition, he took a [http://4.bp.blogspot.com/_NJ4JFBfr1tY/S7_OvGMqJMI/AAAAAAAAAcE/R5WLrCizGw0/s1600/ipad_jb.jpg picture of Cydia and blackra1n icons on his iPad's SpringBoard]. |
It has been demonstrated multiple times by [[User:Geohot|geohot]], using blog posts on his now private blog. [[User:Geohot|Geohot]] [http://1.bp.blogspot.com/_NJ4JFBfr1tY/TDgkAsTQEmI/AAAAAAAAAcw/ZNHDxMNNL4Y/s1600/iphone4.png showed off a high-res picture of Cydia on an iPhone 4]. He [http://www.youtube.com/watch?v=__TR86PLiHw displayed an iPod touch 3G with an untethered jailbreak] that met MuscleNerd's requirements for a good video. In addition, he took a [http://4.bp.blogspot.com/_NJ4JFBfr1tY/S7_OvGMqJMI/AAAAAAAAAcE/R5WLrCizGw0/s1600/ipad_jb.jpg picture of Cydia and blackra1n icons on his iPad's SpringBoard]. |
||
| − | limera1n was released to the public on October 9, 2010, delaying the release of [[greenpois0n]] |
+ | limera1n was released to the public on October 9, 2010, delaying the release of [[greenpois0n]] using the [[SHAtter]] exploit. [[greenpois0n]] is currently being rewritten to use the same exploit that limera1n uses. It only supports Windows at the moment, and there are some devices with issues. |
==Release text== |
==Release text== |
||
| Line 76: | Line 76: | ||
==Technical Information== |
==Technical Information== |
||
=== Basics === |
=== Basics === |
||
| − | * limera1n |
+ | * limera1n uses a different exploit to [[SHAtter]]. |
* limera1n uses a [[bootrom exploit]] to achieve the [[tethered jailbreak]] and [[unsigned code execution]]. |
* limera1n uses a [[bootrom exploit]] to achieve the [[tethered jailbreak]] and [[unsigned code execution]]. |
||
* limera1n uses a userland exploit to make the jailbreak [[Untethered jailbreak|untethered]], which was developed by [[User:Comex|comex]]. |
* limera1n uses a userland exploit to make the jailbreak [[Untethered jailbreak|untethered]], which was developed by [[User:Comex|comex]]. |
||
| Line 124: | Line 124: | ||
==Controversy== |
==Controversy== |
||
| − | The release of this jailbreak |
+ | The release of this jailbreak was specifically designed to pressure [[Chronic Dev]] into not releasing the SHAtter exploit, instead implementing the limera1n exploit into [[greenpois0n]]. |
| + | After releasing limera1n, releasing [[SHAtter]] would uselessly disclose another [[bootrom exploit]] to Apple. |
||
| − | [[User:Geohot|geohot]]'s rationale is that Apple |
+ | [[User:Geohot|geohot]]'s rationale is that Apple already discovered, through internal testing, the limera1n exploit, making it very likely that it will be fixed in the next bootrom. Because [[iBoot]] code is present both in the bootrom and firmware, and because firmware is refreshed much more often that bootrom code, any fix in this code branch would appear first in firmware. geohot observed his limera1n exploit was closed in firmware and concluded that it would almost certainly be fixed in the next bootrom revision, whereas SHAtter still has a chance of remaining useful in the 5th generation iPhone should it not be disclosed at this time. |
| − | limera1n's [[Untethered jailbreak|untethered]] userland exploit was obtained by [[User:Geohot|geohot]] under questionable circumstances from [[User:Comex|comex]]. [[User:Comex|comex]] did in fact end up giving his approval for the exploit to be included in limera1n. |
+ | limera1n's [[Untethered jailbreak|untethered]] userland exploit for iOS 4.0 and 4.1 was obtained by [[User:Geohot|geohot]] under questionable circumstances from [[User:Comex|comex]]. [[User:Comex|comex]] did in fact end up giving his approval for the exploit to be included in limera1n as of beta 2. |
==External Links== |
==External Links== |
||
* [http://loadingchanges.com/wp-content/uploads/2010/10/limetime.jpg Picture of limera1n in action] |
* [http://loadingchanges.com/wp-content/uploads/2010/10/limetime.jpg Picture of limera1n in action] |
||
| − | * [http://limera1n.com/ |
+ | * [http://limera1n.com/ Official domain] |
| − | * [http://theiphonewiki.com/limera1n |
+ | * [http://theiphonewiki.com/limera1n The iPhone Wiki Mirror] |
| − | * [http://www.mediafire.com/?5sovoo41rbcdspw Limera1n RC Beta2 Dump on Mediafire] |
+ | * [http://www.mediafire.com/?5sovoo41rbcdspw Limera1n RC Beta2 Dump on Mediafire provided by iH8sn0w.] |
* [http://www.pastie.org/1210054 Veence's explanation for release] |
* [http://www.pastie.org/1210054 Veence's explanation for release] |
||
Revision as of 03:57, 12 October 2010
This is geohot's latest jailbreak utility. It uses his undisclosed exploit, along with comex's userland exploit, to achieve an untethered jailbreak on newer devices.
- iPhone 3GS
- iPhone 4
- iPod touch 2G (both bootroms)
- iPod touch 3G
- iPod touch 4G
- iPad
- AppleTV (However it's current usefulness is debatable)
It has been demonstrated multiple times by geohot, using blog posts on his now private blog. Geohot showed off a high-res picture of Cydia on an iPhone 4. He displayed an iPod touch 3G with an untethered jailbreak that met MuscleNerd's requirements for a good video. In addition, he took a picture of Cydia and blackra1n icons on his iPad's SpringBoard.
limera1n was released to the public on October 9, 2010, delaying the release of greenpois0n using the SHAtter exploit. greenpois0n is currently being rewritten to use the same exploit that limera1n uses. It only supports Windows at the moment, and there are some devices with issues.
Contents
Release text
iPhone 3GS, iPod Touch 3G, iPad, iPhone 4, iPod Touch 4G
4.0-4.1 and beyond+++
limera1n is unpatchable
untethered thanks to jailbreakme star comex
brought to you by geohot
hacktivates
Mac coming in 7 years
donations keep support alive
Credit
- geohot - the program itself, and bootrom exploit.
- comex - userland exploit that allows limera1n to run untethered.
Changelog
| BETA 1 | 9 Oct 2010 XX:XX GMT | 2f2b09a6ed5c5613d5361d8a9d0696b6 | First release. |
| BETA 2 | 10 Oct 2010 XX:XX GMT | a70dccb3dfc0e505687424184dc3d1ce | Fixed kernel patching magic. Rerun BETA2+ over BETA1. |
| BETA 3 | 10 Oct 2010 XX:XX GMT | 81730090f7de1576268ee8c2407c3d35 | Fixed an issue with iPhone 3GS (new bootrom) |
| BETA 4 | 10 Oct 2010 XX:XX GMT | d901c4b3a544983f095b0d03eb94e4db | Uninstall fixed, respring fixed |
| RC1 | 11 Oct 2010 XX:XX GMT | 0622d99ffe4c25f75c720a689853845f | out of beta! afc2, reliability improvements, no reboot for cydia, 2kb smaller |
| RC1b | 11 Oct 2010 XX:XX GMT | fc6f7d696a57c3baede49bdff8a7f43f | addresses an install issue, mainly with iPads |
| Final | 11 Oct 2010 23:XX GMT | fc6f7d696a57c3baede49bdff8a7f43f | (same as RC1b) |
Technical Information
Basics
- limera1n uses a different exploit to SHAtter.
- limera1n uses a bootrom exploit to achieve the tethered jailbreak and unsigned code execution.
- limera1n uses a userland exploit to make the jailbreak untethered, which was developed by comex.
Exploits
Details of the bootrom exploit to follow.
Process
The jailbreak appears to execute something like the following (in no particular order):
- In recovery1,
"setenv debug-uarts 1 setenv auto-boot false saveenv"
"setenv auto-boot true reset geohot done"
Interesting Messages
"geohot black is the new purple"
"blackra1n start: %d current IRQ mask is %8.8X usb irq disabled...shhh fxns found @ %8.8X %8.8X found iBoot @ %8.8X i'm back from IRQland... 3g detected, kicking nor nor kicked memcpy done iBoot restored!!! found command table @ %8.8X cmd_geohot added time to pray...%8.8X"
"2.2X send command(%d): %s
send exploit!!!
sent data to copy: %X
sent shellcode: %X has real length %X
never freed: %X
sent fake data to timeout: %X
sent exploit to heap overflow: %X
sending file with length: 0x%X Mingw runtime failure:
VirtualQuery failed for %d bytes at address %p Unknown pseudo relocation protocol version %d.
Unknown pseudo relocation bit size %d."
Controversy
The release of this jailbreak was specifically designed to pressure Chronic Dev into not releasing the SHAtter exploit, instead implementing the limera1n exploit into greenpois0n. After releasing limera1n, releasing SHAtter would uselessly disclose another bootrom exploit to Apple.
geohot's rationale is that Apple already discovered, through internal testing, the limera1n exploit, making it very likely that it will be fixed in the next bootrom. Because iBoot code is present both in the bootrom and firmware, and because firmware is refreshed much more often that bootrom code, any fix in this code branch would appear first in firmware. geohot observed his limera1n exploit was closed in firmware and concluded that it would almost certainly be fixed in the next bootrom revision, whereas SHAtter still has a chance of remaining useful in the 5th generation iPhone should it not be disclosed at this time.
limera1n's untethered userland exploit for iOS 4.0 and 4.1 was obtained by geohot under questionable circumstances from comex. comex did in fact end up giving his approval for the exploit to be included in limera1n as of beta 2.
