Difference between revisions of "Jailbreak"

Revision as of 10:51, 17 February 2014

1 See Also
2 Exploits which were used in order to jailbreak 1.x
3 Exploits which are used in order to jailbreak 2.x
4 Exploits which are used in order to jailbreak 3.x
5 Exploits which are used in order to jailbreak 4.x
6 Exploits which are used in order to jailbreak 5.x
- 6.1 5.0
- 6.2 5.0.1
- 6.3 5.1
- 6.4 5.1.1
7 Exploits which are used in order to jailbreak 6.x
- 7.1 6.0 / 6.0.1 / 6.0.2 / 6.1 / 6.1.1 / 6.1.2
8 Exploits which are used in order to jailbreak 7.x
9 Jailbreak Tools

This is the process by which full execute and write access is obtained on all the partitions of the iPhone. It is done by patching /private/etc/fstab to mount the System partition as read-write. This is entirely different from an unlock. Jailbreaking is the first action that must be taken before things like unofficial activation (hacktivation), and unofficial unlocking can be applied.

The original jailbreak also included modifying the AFC service (used by iTunes to access the filesystem) to give full filesystem access from root. This was later updated to create a new service (AFC2) that allows access to the full filesystem.

Modern jailbreaks also include patching the kernel to get around code signing and other restrictions. See Kernel Patches.

NOTE: The legality of jailbreaking your device varies with each country/region. Wikipedia has a summary of legality for some countries.

Version numbers are the first to jailbreak and last is the last supported version. Last will only be listed if a newer version is out that does not support the device and iOS.

Exploits which were used in order to jailbreak 1.x

1.0.2

Restore Mode (iBoot had a command named cp, which had access to the whole filesystem)

1.1.1

Symlinks (an upgrade jailbreak)
libtiff exploit (Adapted from the PSP scene, used by JailbreakMe)

1.1.2

Mknod (an upgrade jailbreak)

1.1.3 / 1.1.4 / 1.1.5

Soft Upgrade (an upgrade jailbreak)
Ramdisk Hack
Dual Boot Exploit - Works up to iOS 2.0 beta 3
diags - Works up to iOS 2.0 beta 5

Exploits which are used in order to jailbreak 2.x

Exploits which are used in order to jailbreak 3.x

3.0 / 3.0.1

Pwnage + Pwnage 2.0 (iPhone, iPod touch, and iPhone 3G)
ARM7 Go (from iOS 2.1.1) + 0x24000 Segment Overflow ( iPod touch 2G)
Pwnage + iBoot Environment Variable Overflow (iPhone, iPod touch, and iPhone 3G)
0x24000 Segment Overflow + iBoot Environment Variable Overflow (iPod touch 2G and iPhone 3GS)

3.1 / 3.1.1

Pwnage + Pwnage 2.0 (together for untethered jailbreak on iPhone, iPod touch, and iPhone 3G)
usb_control_msg(0x21, 2) Exploit (tethered jailbreak on iPod touch 2G new bootrom, iPhone 3GS new bootrom, and iPod touch 3G)
0x24000 Segment Overflow + usb_control_msg(0x21, 2) Exploit (iPod touch 2G old bootrom and iPhone 3GS old bootrom)

3.1.2

Pwnage + Pwnage 2.0 (together for untethered jailbreak on iPhone, iPod touch, and iPhone 3G)
usb_control_msg(0x21, 2) Exploit (tethered jailbreak on iPod touch 2G new bootrom, iPhone 3GS new bootrom, and iPod touch 3G)
0x24000 Segment Overflow + usb_control_msg(0x21, 2) Exploit (iPod touch 2G old bootrom and iPhone 3GS old bootrom)
MobileBackup Copy Exploit + Incomplete Codesign Exploit + BPF_STX Kernel Write Exploit (all devices, used in Spirit)
Malformed CFF Vulnerability + Incomplete Codesign Exploit + IOSurface Kernel Exploit (all devices, used in Star)

3.1.3

Pwnage + Pwnage 2.0 (together for untethered jailbreak on iPhone, iPod touch, and iPhone 3G)
0x24000 Segment Overflow (for iPod touch 2G and iPhone 3GS devices with older bootroms)
- + Limera1n Exploit (iPhone 3GS old bootrom, used in sn0wbreeze)
- + usb_control_msg(0xA1, 1) Exploit (iPod touch 2G old bootrom, used in sn0wbreeze)
usb_control_msg(0xA1, 1) Exploit+ Incomplete Codesign Exploit + BPF_STX Kernel Write Exploit (iPod touch 2G new bootrom, used in sn0wbreeze)
Limera1n Exploit + Incomplete Codesign Exploit + BPF_STX Kernel Write Exploit (iPod touch 3G and iPhone 3GS new bootrom, used in sn0wbreeze)
MobileBackup Copy Exploit + Incomplete Codesign Exploit + BPF_STX Kernel Write Exploit (all devices, used in Spirit)
Malformed CFF Vulnerability + Incomplete Codesign Exploit + IOSurface Kernel Exploit (all devices, used in Star)

3.2

MobileBackup Copy Exploit + Incomplete Codesign Exploit + BPF_STX Kernel Write Exploit (all devices, used in Spirit)
Malformed CFF Vulnerability + Incomplete Codesign Exploit + IOSurface Kernel Exploit (iPad, used in Star)
Limera1n Exploit + Incomplete Codesign Exploit + BPF_STX Kernel Write Exploit (iPad used in sn0wbreeze 2.9.x)

3.2.1

Malformed CFF Vulnerability + Incomplete Codesign Exploit + IOSurface Kernel Exploit (iPad, used in Star)
Limera1n Exploit + Incomplete Codesign Exploit + IOSurface Kernel Exploit (iPad, used in sn0wbreeze 2.9.x)

3.2.2

Limera1n Exploit + Packet Filter Kernel Exploit (iPad)

Exploits which are used in order to jailbreak 4.x

4.0 / 4.0.1

Pwnage + Pwnage 2.0 (iPhone 3G)
0x24000 Segment Overflow (iPod touch 2G and iPhone 3GS devices with older bootroms)
Malformed CFF Vulnerability + Incomplete Codesign Exploit + IOSurface Kernel Exploit (all devices, used in Star)
Limera1n Exploit + Packet Filter Kernel Exploit (iPhone 3GS New bootrom, iPod touch 3G, iPhone 4 (iPhone3,1))

4.0.2

Pwnage + Pwnage 2.0 (iPhone 3G)
ARM7 Go (from iOS 2.1.1) + 0x24000 Segment Overflow (iPod touch 2G)
0x24000 Segment Overflow (iPhone 3GS)
limera1n's bootrom exploit + Packet Filter Kernel Exploit (iPhone 3GS new bootrom, iPod touch 3G, iPhone 4 (iPhone3,1), and iPod touch 4G)

4.1

Pwnage + Pwnage 2.0 (together to jailbreak the iPhone 3G)
ARM7 Go (from iOS 2.1.1) + 0x24000 Segment Overflow (together for untethered jailbreak on iPod touch 2G old bootrom)
limera1n's bootrom exploit + 0x24000 Segment Overflow (together for untethered jailbreak on iPhone 3GS old bootrom)
limera1n's bootrom exploit + Packet Filter Kernel Exploit (together for untethered jailbreak on iPhone 3GS new bootrom, iPod touch 3G, iPhone 4 (iPhone3,1), iPod touch 4G, and Apple TV 2G))
usb_control_msg(0xA1, 1) Exploit + Packet Filter Kernel Exploit (together for untethered jailbreak on iPod touch 2G)

4.2.1

Pwnage + Pwnage 2.0 (together to jailbreak the iPhone 3G)
ARM7 Go (from iOS 2.1.1) + 0x24000 Segment Overflow (together for untethered jailbreak on iPod touch 2G old bootrom)
limera1n's bootrom exploit + 0x24000 Segment Overflow (together for untethered jailbreak on iPhone 3GS old bootrom)
limera1n's bootrom exploit + HFS Legacy Volume Name Stack Buffer Overflow (together for untethered jailbreak on iPhone 3GS new bootrom, iPod touch 3G, iPad, iPhone 4 (iPhone3,1), iPod touch 4G, and Apple TV 2G)
usb_control_msg(0xA1, 1) Exploit + HFS Legacy Volume Name Stack Buffer Overflow (together for untethered jailbreak on iPod touch 2G)

4.2.6 / 4.2.7 / 4.2.8

limera1n's bootrom exploit + HFS Legacy Volume Name Stack Buffer Overflow (together for untethered jailbreak on iPhone 4 (iPhone3,3))
T1 Font Integer Overflow (used for Saffron)

4.2.9 / 4.2.10

limera1n's bootrom exploit (Tethered jailbreak on iPhone 4 (iPhone3,3))

4.3

limera1n's bootrom exploit + 0x24000 Segment Overflow (together for untethered jailbreak on iPhone 3GS old bootrom)
limera1n's bootrom exploit (tethered jailbreak on iPhone 3GS new bootrom, iPod touch 3G, iPad, iPhone 4 (iPhone3,1), iPod touch 4G, and Apple TV 2G)
T1 Font Integer Overflow (used for Saffron)

4.3.1 / 4.3.2 / 4.3.3

limera1n's bootrom exploit + 0x24000 Segment Overflow (together for untethered jailbreak on iPhone 3GS old bootrom)
limera1n's bootrom exploit + ndrv_setspec() Integer Overflow (together for untethered jailbreak on iPhone 3GS new bootrom, iPod touch 3G, iPad, iPhone 4 (iPhone3,1), and iPod touch 4G)
T1 Font Integer Overflow (used for Saffron)

4.3.4 / 4.3.5

limera1n's bootrom exploit + 0x24000 Segment Overflow (together for untethered jailbreak on iPhone 3GS with old bootrom)
limera1n's bootrom exploit (Tethered jailbreak) on iPhone 3GS with new bootrom, iPod touch 3G, iPad, iPhone 4 (iPhone3,1), and iPod touch 4G)

Exploits which are used in order to jailbreak 5.x

5.0

limera1n's bootrom exploit + 0x24000 Segment Overflow (together for untethered jailbreak on iPhone 3GS with old bootrom)
limera1n's bootrom exploit (Tethered jailbreak) on iPhone 3GS with new bootrom, iPod touch 3G, iPad, iPhone 4, and iPod touch 4G)
Racoon String Format Overflow Exploit (used both for payload injection and untether)+HFS Heap Overflow- iPhone 4S only

5.0.1

limera1n's bootrom exploit + 0x24000 Segment Overflow (together for untethered jailbreak on iPhone 3GS with old bootrom)
limera1n's bootrom exploit + Racoon String Format Overflow Exploit+HFS Heap Overflow on iPhone 3GS with new bootrom, iPod touch 3G, iPad, iPhone 4, and iPod touch 4G)
Racoon String Format Overflow Exploit (used both for payload injection and untether)+HFS Heap Overflow - iPad 2 and iPhone 4S with Absinthe

5.1

limera1n's bootrom exploit (Tethered jailbreak) on iPhone 3GS with new bootrom, iPod touch 3G, iPad, iPhone 4, and iPod touch 4G)
limera1n's bootrom exploit + 0x24000 Segment Overflow (together for untethered jailbreak on iPhone 3GS with old bootrom)

5.1.1

limera1n Exploit + 0x24000 Segment Overflow (together for untethered jailbreak on iPhone 3GS with old bootrom)
limera1n Exploit + Rocky Racoon (together for untethered jailbreak on iPhone 3GS with new bootrom, iPhone 4, iPod touch 3G, and iPod touch 4G)

Exploits which are used in order to jailbreak 6.x

6.0 / 6.0.1 / 6.0.2 / 6.1 / 6.1.1 / 6.1.2

limera1n's bootrom exploit (Tethered jailbreak) on iPhone 3GS with new bootrom, iPhone 4, and iPod touch 4G)
limera1n's bootrom exploit + 0x24000 Segment Overflow (together for untethered jailbreak on iPhone 3GS with old bootrom)
Symbolic Link Vulnerability
Timezone Vulnerability
Shebang Trick
AMFID code signing evasion
launchd.conf untether
IOUSBDeviceFamily Vulnerability
ARM Exception Vector Info Leak
dynamic memmove() locating
vm_map_copy_t corruption for arbitrary memory disclosure
kernel memory write via ROP gadget

Exploits which are used in order to jailbreak 7.x

?

Jailbreak Tools

Apple TV 2G

Jailbreak Tool	Works with firmware...
Jailbreak Tool	4.1/4.0	4.2/4.1	4.2.1/4.1.1	4.3/4.2	4.3/4.2.1	4.3/4.2.2	4.3	4.4/5.0	4.4.1/5.0	4.4.2/5.0	4.4.3/5.0.1	4.4.4/5.0.1	5.0/5.1	5.0.1/5.1.1	5.0.2/5.1.1	5.1/6.0	5.1.1/6.0.1	5.2/6.1	5.2.1/6.1.3	5.3/6.1.4	6.0/7.0.1	6.0/7.0.2	6.0.1/7.0.3	6.0.2/7.0.4
evasi0n	No															1.0			No
greenpois0n	no package management GUI	No	RC6-RC6.1	No
limera1n	no package management GUI	No
p0sixspwn	No																		1.0		No
PwnageTool	no package management GUI	Restore from a custom firmware with unofficial bundle¹	4.2	No	4.3-4.3.3.1	4.3-4.3.3.1²	No							5.1.1 (no package management GUI)	No
redsn0w	No				0.9.6rc16	No										0.9.15b1¹	0.9.15b3³					No
Seas0nPass (Mac)	No		0.6.7¹ - 0.7.1	0.7.2¹	0.7.3¹ - 0.7.5	0.7.6.??? - 0.7.7.???	0.7.8.???	0.7.9.???¹	0.7.9.210¹	0.7.9.230¹	0.7.9.270¹	0.7.9.290¹ - 0.8.0.320	0.8.3.470¹	0.8.4.518¹ - 0.8.5.555	0.8.6.565	No		0.8.9.655	No	2.4	No
Seas0nPass (Windows)	No				0.3.7.????	0.3.13.????	0.3.29.???? - 0.3.45.4035	0.3.37.????¹		0.3.42.3335¹	0.3.44.????¹	0.3.45.4035¹ - 0.8.3.5592	0.8.3.5592¹	0.8.4.6306¹ - 0.8.5.6546	0.8.6.7558	No		0.8.9.11241	No	2.4	No
sn0wbreeze	no package management GUI	No			2.5-2.7.1	No										2.9.8			No
unthredera1n	no package management GUI	Yes														No

¹ Tethered jailbreak.
² User needs to manually add PwnageTool firmware bundle into application.
³ Point at 6.0 IPSW. Also Tethered jailbreak.

Apple TV 3G (AppleTV3,1)

Jailbreak Tool	Works with firmware...
Jailbreak Tool	5.0/5.1	5.0.1/5.1	5.0.2/5.1.1	5.1/6.0	5.1.1/6.0.1	5.2/6.1	5.2.1/6.1.3	5.3/6.1.4	6.0/7.0.1	6.0/7.0.2	6.0.1/7.0.3	6.0.2/7.0.4
Absinthe	No
evasi0n	No
redsn0w	No
Seas0npass	No
Sn0wbreeze	No

Apple TV 3G (AppleTV3,2)

Jailbreak Tool	Works with firmware...
Jailbreak Tool	5.2/6.1	5.2.1/6.1.3	5.3/6.1.4	6.0/7.0.1	6.0/7.0.2	6.0.1/7.0.3	6.0.2/7.0.4
Absinthe	No
evasi0n	No
redsn0w	No
Seas0npass	No
Sn0wbreeze	No

Jailbreak/Deprecated iPads

iPad 2

Jailbreak Tool	Works with firmware...
Jailbreak Tool	4.3	4.3.1	4.3.2	4.3.3	4.3.4	4.3.5	5.0	5.0.1	5.1	5.1.1	6.0	6.0.1	6.1	6.1.2	6.1.3	7.0	7.0.2	7.0.3	7.0.4
Absinthe	No							0.2-0.4	No	2.0¹-2.0.4	No
evasi0n	No										1.0			1.4	No
evasi0n7	No															1.0.0
p0sixspwn	No														1.0	No
redsn0w	No							0.9.10b7-0.9.11b4	No	0.9.12b1	No
Saffron	No			Yes	No

¹ Not compatible with iPad2,4

iPad 3

Jailbreak Tool	Works with firmware...
Jailbreak Tool	5.1	5.1.1	6.0	6.0.1	6.1	6.1.2	6.1.3	7.0	7.0.2	7.0.3	7.0.4
Absinthe	No	2.0-2.0.4	No
evasi0n	No		1.0			1.4	No
evasi0n7	No							1.0.0
p0sixspwn	No						1.0	No
redsn0w	No	0.9.12b1	No

iPad 4

Jailbreak Tool	Works with firmware...
Jailbreak Tool	6.0	6.0.1	6.1	6.1.2	6.1.3	7.0	7.0.2	7.0.3	7.0.4
evasi0n	1.0			1.4	No
evasi0n7	No					1.0.0
p0sixspwn	No				1.0	No

iPad Air

Jailbreak Tool	Works with firmware...
Jailbreak Tool	7.0.3	7.0.4
evasi0n7	1.0.0

iPad mini 1G

Jailbreak Tool	Works with firmware...
Jailbreak Tool	6.0	6.0.1	6.0.2	6.1	6.1.2	6.1.3	7.0	7.0.2	7.0.3	7.0.4
evasi0n	1.0				1.4	No
evasi0n7	No						1.0.0
p0sixspwn	No					1.0	No

iPad mini 2G

Jailbreak Tool	Works with firmware...
Jailbreak Tool	7.0.3	7.0.4
evasi0n7	1.0.0

Jailbreak/Deprecated iPhones

iPhone 4 (iPhone3,1)

Jailbreak Tool	Works with firmware...
Jailbreak Tool	4.0	4.0.1	4.0.2	4.1	4.2.1	4.3	4.3.1	4.3.2	4.3.3	4.3.4	4.3.5	5.0	5.0.1	5.1	5.1.1 (9B206)	5.1.1 (9B208)	6.0	6.0.1	6.1	6.1.2	6.1.3	7.0	7.0.2	7.0.3	7.0.4
Absinthe	No														2.0	2.0.2	No
evasi0n	No																1.0			1.4	No
evasi0n7	No																					1.0.0
greenpois0n	No			RC4	RC5-RC6.1	No
limera1n	Yes				No
p0sixspwn	No																				1.0	No
PwnageTool	No			4.1-4.1.3	4.2	4.2^{1 3}	4.3	4.3.2	4.3.3-4.3.3.1	4.3.3^{1 3}			5.0.1	No	5.1.1		No
redsn0w	No			0.9.6b2-0.9.6rc16	0.9.6b4¹-0.9.6rc16 or 0.9.7b6^{1 2}	0.9.6rc9¹-0.9.6rc16¹	0.9.6rc9¹-0.9.6rc16	0.9.6rc13¹-0.9.6rc16	0.9.6rc16	0.9.8b3¹	0.9.8b7¹	0.9.9b3¹	0.9.10b6	0.9.10b6¹	0.9.12b1-0.9.14b2		0.9.15b1¹	0.9.15b1⁴				No
Saffron	No					Yes				No
sn0wbreeze	No			2.1	2.2	2.3b4¹	2.5	2.6-2.6.1	2.7-2.7.1	No		2.8b8¹	2.9.1	No	2.9.6		2.9.8			2.9.10	2.9.14¹	No
Star	Yes		No
unthredera1n	No					Yes											No

¹ Tethered jailbreak.
² If SHSHs were saved for iOS 4.2b3 and if you have a developer access to its IPSW, Jailbreak Monte can be used.
³ Requires an unofficial firmware bundle.
⁴ Requires pointing redsn0w at 6.0 IPSW. Also Tethered jailbreak.

iPhone 4 (iPhone3,2)

Jailbreak Tool	Works with firmware...
Jailbreak Tool	6.0	6.0.1	6.1	6.1.2	6.1.3	7.0	7.0.2	7.0.3	7.0.4
evasi0n	1.0			1.4	No
evasi0n7	No					1.0.0
p0sixspwn	No				1.0	No
redsn0w	0.9.15b3					No
sn0wbreeze	2.9.8			2.9.10	2.9.14¹	No

Must point redsn0w at the 6.0 IPSW. Tethered.

iPhone 4 (iPhone3,3)

Jailbreak Tool	Works with firmware...
Jailbreak Tool	4.2.5	4.2.6	4.2.7	4.2.8	4.2.9	4.2.10	5.0	5.0.1	5.1	5.1.1	6.0	6.0.1	6.1	6.1.2	6.1.3	7.0	7.0.2	7.0.3	7.0.4
Absinthe	No							2.0	No	2.0	No
evasi0n	No										1.0			1.4	No
evasi0n7	No															1.0.0
greenpois0n	No	RC5 b4-RC6.1	No
p0sixspwn	No														1.0	No
PwnageTool	No	4.2	No	4.2²	No			5.0.1	No
redsn0w	No	0.9.6rc9-0.9.10b8b	0.9.8b2-0.9.10b8b	0.9.6rc18-0.9.10b8b	0.9.8b3¹-0.9.10b8b¹	0.9.8b7¹-0.9.10b8b¹	0.9.9b3¹-0.9.10b8b¹	0.9.9b9¹-0.9.10b8b	0.9.10b6¹-0.9.10b8b¹	0.9.12b1	0.9.14b1¹	0.9.15b3³				No
Saffron	No	Yes			No
sn0wbreeze	No	2.2-2.9.3	2.6-2.9.3	2.7-2.9.3	No		2.8b9¹-2.9.3¹	2.8b11¹-2.9.3	2.9.2¹-2.9.3¹	2.9.7	2.9.8			2.9.10	2.9.14¹	No
unthredera1n	No	Yes									No

¹ Tethered jailbreak.
² Requires unofficial bundle.
³ Requires pointing redsn0w at 6.0 IPSW. Also Tethered jailbreak.

iPhone 4S

Jailbreak Tool	Works with firmware...
Jailbreak Tool	5.0	5.0.1 (9A405)	5.0.1 (9A406)	5.1	5.1.1	6.0	6.0.1	6.1	6.1.1	6.1.2	6.1.3	7.0	7.0.2	7.0.3	7.0.4
Absinthe	0.1.2-1			No	2.0	No
evasi0n	No					1.0			1.3	1.4	No
evasi0n7	No											1.0.0
p0sixspwn	No										1.0	No
redsn0w	No	0.9.10b7	0.9.11b2	No	0.9.12b1	No

iPhone 5

Jailbreak Tool	Works with firmware...
Jailbreak Tool	6.0	6.0.1	6.0.2	6.1	6.1.2	6.1.3	6.1.4	7.0	7.0.2	7.0.3	7.0.4
evasi0n	1.0					1.4	No
evasi0n7	No							1.0.0
p0sixspwn	No					1.0		No

iPhone 5c (iPhone5,3)

Jailbreak Tool	Works with firmware...
Jailbreak Tool	7.0	7.0.1	7.0.2	7.0.3	7.0.4
evasi0n7	1.0.0

iPhone 5c (iPhone5,4)

Jailbreak Tool	Works with firmware...
Jailbreak Tool	7.0	7.0.1	7.0.2	7.0.3	7.0.4	7.0.5
evasi0n7	1.0.0					1.0.5

iPhone 5s (iPhone6,1)

Jailbreak Tool	Works with firmware...
Jailbreak Tool	7.0	7.0.1	7.0.2	7.0.3	7.0.4
evasi0n7	1.0.0

iPhone 5s (iPhone6,2)

Jailbreak Tool	Works with firmware...
Jailbreak Tool	7.0	7.0.1	7.0.2	7.0.3	7.0.4	7.0.5
evasi0n7	1.0.0					1.0.5

Jailbreak/Deprecated iPod touches

iPod touch 5G

Jailbreak Tool	Works with firmware...
Jailbreak Tool	6.0	6.0.1	6.1	6.1.2	6.1.3	7.0	7.0.2	7.0.3	7.0.4
evasi0n	1.0			1.4	No
evasi0n7	No					1.0.0
p0sixspwn	No				1.0	No

@@ Line 79: / Line 79: @@
 * [[0x24000 Segment Overflow]] ([[n72ap|iPod touch 2G]] and [[n88ap|iPhone 3GS]] devices with older bootroms)
 * [[Malformed CFF Vulnerability]] + [[Incomplete Codesign Exploit]] + [[IOSurface Kernel Exploit]] (all devices, used in [[Star]])
-* [[Limera1n Exploit]] + [[Packet Filter Kernel Exploit]] ([[n88ap|iPhone 3GS]] New bootrom, [[N18ap|iPod touch 3G]], [[n90ap|iPhone 4 GSM model]])
+* [[Limera1n Exploit]] + [[Packet Filter Kernel Exploit]] ([[n88ap|iPhone 3GS]] New bootrom, [[N18ap|iPod touch 3G]], [[n90ap|iPhone 4 (iPhone3,1)]])
 === 4.0.2 ===
@@ Line 85: / Line 85: @@
 * [[ARM7 Go]] (from iOS 2.1.1) + [[0x24000 Segment Overflow]] ([[n72ap|iPod touch 2G]])
 * [[0x24000 Segment Overflow]] ([[n88ap|iPhone 3GS]])
-* [[limera1n]]'s bootrom exploit + [[Packet Filter Kernel Exploit]] ([[n88ap|iPhone 3GS]] [[Bootrom 359.3.2|new bootrom]], [[n18ap|iPod touch 3G]], [[n90ap|iPhone 4 GSM model]], and [[n81ap|iPod touch 4G]])
+* [[limera1n]]'s bootrom exploit + [[Packet Filter Kernel Exploit]] ([[n88ap|iPhone 3GS]] [[Bootrom 359.3.2|new bootrom]], [[n18ap|iPod touch 3G]], [[n90ap|iPhone 4 (iPhone3,1)]], and [[n81ap|iPod touch 4G]])
 === 4.1 ===
@@ Line 91: / Line 91: @@
 * [[ARM7 Go]] (from iOS 2.1.1) + [[0x24000 Segment Overflow]] (together for [[untethered jailbreak]] on [[n72ap|iPod touch 2G]] [[Bootrom 240.4|old bootrom]])
 * [[limera1n]]'s bootrom exploit + [[0x24000 Segment Overflow]] (together for [[untethered jailbreak]] on [[n88ap|iPhone 3GS]] [[Bootrom 359.3|old bootrom]])
-* [[limera1n]]'s bootrom exploit + [[Packet Filter Kernel Exploit]] (together for [[untethered jailbreak]] on [[n88ap|iPhone 3GS]] [[Bootrom 359.3.2|new bootrom]], [[n18ap|iPod touch 3G]], [[n90ap|iPhone 4 GSM model]], [[n81ap|iPod touch 4G]], and [[k66ap|Apple TV 2G]]))
+* [[limera1n]]'s bootrom exploit + [[Packet Filter Kernel Exploit]] (together for [[untethered jailbreak]] on [[n88ap|iPhone 3GS]] [[Bootrom 359.3.2|new bootrom]], [[n18ap|iPod touch 3G]], [[n90ap|iPhone 4 (iPhone3,1)]], [[n81ap|iPod touch 4G]], and [[k66ap|Apple TV 2G]]))
 * [[usb_control_msg(0xA1, 1) Exploit]] + [[Packet Filter Kernel Exploit]] (together for [[untethered jailbreak]] on [[n72ap|iPod touch 2G]])
@@ Line 98: / Line 98: @@
 * [[ARM7 Go]] (from iOS 2.1.1) + [[0x24000 Segment Overflow]] (together for [[untethered jailbreak]] on [[n72ap|iPod touch 2G]] [[Bootrom 240.4|old bootrom]])
 * [[limera1n]]'s bootrom exploit + [[0x24000 Segment Overflow]] (together for [[untethered jailbreak]] on [[n88ap|iPhone 3GS]] [[Bootrom 359.3|old bootrom]])
-* [[limera1n]]'s bootrom exploit + [[HFS Legacy Volume Name Stack Buffer Overflow]] (together for [[untethered jailbreak]] on [[n88ap|iPhone 3GS]] [[Bootrom 359.3.2|new bootrom]], [[n18ap|iPod touch 3G]], [[k48ap|iPad]], [[n90ap|iPhone 4 GSM model]], [[n81ap|iPod touch 4G]], and [[k66ap|Apple TV 2G]])
+* [[limera1n]]'s bootrom exploit + [[HFS Legacy Volume Name Stack Buffer Overflow]] (together for [[untethered jailbreak]] on [[n88ap|iPhone 3GS]] [[Bootrom 359.3.2|new bootrom]], [[n18ap|iPod touch 3G]], [[k48ap|iPad]], [[n90ap|iPhone 4 (iPhone3,1)]], [[n81ap|iPod touch 4G]], and [[k66ap|Apple TV 2G]])
 * [[usb_control_msg(0xA1, 1) Exploit]] + [[HFS Legacy Volume Name Stack Buffer Overflow]] (together for [[untethered jailbreak]] on [[n72ap|iPod touch 2G]])
 === 4.2.6 / 4.2.7 / 4.2.8 ===
-* [[limera1n]]'s bootrom exploit + [[HFS Legacy Volume Name Stack Buffer Overflow]] (together for [[untethered jailbreak]] on [[n92ap|iPhone 4 CDMA model]])
+* [[limera1n]]'s bootrom exploit + [[HFS Legacy Volume Name Stack Buffer Overflow]] (together for [[untethered jailbreak]] on [[n92ap|iPhone 4 (iPhone3,3)]])
 * [[T1 Font Integer Overflow]] (used for [[Saffron]])
 === 4.2.9 / 4.2.10 ===
-* [[limera1n]]'s bootrom exploit (Tethered jailbreak on [[n92ap|iPhone 4 CDMA model]])
+* [[limera1n]]'s bootrom exploit (Tethered jailbreak on [[n92ap|iPhone 4 (iPhone3,3)]])
 === 4.3 ===
 * [[limera1n]]'s bootrom exploit + [[0x24000 Segment Overflow]] (together for [[untethered jailbreak]] on [[n88ap|iPhone 3GS]] [[Bootrom 359.3|old bootrom]])
-* [[limera1n]]'s bootrom exploit ([[tethered jailbreak]] on [[n88ap|iPhone 3GS]] [[Bootrom 359.3.2|new bootrom]], [[n18ap|iPod touch 3G]], [[k48ap|iPad]], [[n90ap|iPhone 4 GSM model]], [[n81ap|iPod touch 4G]], and [[k66ap|Apple TV 2G]])
+* [[limera1n]]'s bootrom exploit ([[tethered jailbreak]] on [[n88ap|iPhone 3GS]] [[Bootrom 359.3.2|new bootrom]], [[n18ap|iPod touch 3G]], [[k48ap|iPad]], [[n90ap|iPhone 4 (iPhone3,1)]], [[n81ap|iPod touch 4G]], and [[k66ap|Apple TV 2G]])
 * [[T1 Font Integer Overflow]] (used for [[Saffron]])
 === 4.3.1 / 4.3.2 / 4.3.3 ===
 * [[limera1n]]'s bootrom exploit + [[0x24000 Segment Overflow]] (together for [[untethered jailbreak]] on [[n88ap|iPhone 3GS]] [[Bootrom 359.3|old bootrom]])
-* [[limera1n]]'s bootrom exploit + [[ndrv_setspec() Integer Overflow]] (together for [[untethered jailbreak]] on [[n88ap|iPhone 3GS]] [[Bootrom 359.3.2|new bootrom]], [[n18ap|iPod touch 3G]], [[k48ap|iPad]], [[n90ap|iPhone 4 GSM model]], and [[n81ap|iPod touch 4G]])
+* [[limera1n]]'s bootrom exploit + [[ndrv_setspec() Integer Overflow]] (together for [[untethered jailbreak]] on [[n88ap|iPhone 3GS]] [[Bootrom 359.3.2|new bootrom]], [[n18ap|iPod touch 3G]], [[k48ap|iPad]], [[n90ap|iPhone 4 (iPhone3,1)]], and [[n81ap|iPod touch 4G]])
 * [[T1 Font Integer Overflow]] (used for [[Saffron]])
 === 4.3.4 / 4.3.5 ===
 * [[limera1n]]'s bootrom exploit + [[0x24000 Segment Overflow]] (together for [[untethered jailbreak]] on [[n88ap|iPhone 3GS]] with [[Bootrom 359.3|old bootrom]])
-* [[limera1n]]'s bootrom exploit (Tethered jailbreak) on [[n88ap|iPhone 3GS]] with [[Bootrom 359.3.2|new bootrom]], [[n18ap|iPod touch 3G]], [[k48ap|iPad]], [[n90ap|iPhone 4 GSM model]], and [[n81ap|iPod touch 4G]])
+* [[limera1n]]'s bootrom exploit (Tethered jailbreak) on [[n88ap|iPhone 3GS]] with [[Bootrom 359.3.2|new bootrom]], [[n18ap|iPod touch 3G]], [[k48ap|iPad]], [[n90ap|iPhone 4 (iPhone3,1)]], and [[n81ap|iPod touch 4G]])
 == Exploits which are used in order to jailbreak 5.x ==
@@ Line 556: / Line 556: @@
 ! colspan="25" | Works with [[firmware]]...
 |-
-| [[Apex 8A293 (iPhone 4 GSM)|4.0]]
+| [[Apex 8A293 (iPhone3,1)|4.0]]
-| [[Apex 8A306 (iPhone 4 GSM)|4.0.1]]
+| [[Apex 8A306 (iPhone3,1)|4.0.1]]
-| [[Apex 8A400 (iPhone 4 GSM)|4.0.2]]
+| [[Apex 8A400 (iPhone3,1)|4.0.2]]
-| [[Baker 8B117 (iPhone 4 GSM)|4.1]]
+| [[Baker 8B117 (iPhone3,1)|4.1]]
-| [[Jasper 8C148 (iPhone 4 GSM)|4.2.1]]
+| [[Jasper 8C148 (iPhone3,1)|4.2.1]]
-| [[Durango 8F190 (iPhone 4 GSM)|4.3]]
+| [[Durango 8F190 (iPhone3,1)|4.3]]
-| [[Durango 8G4 (iPhone 4 GSM)|4.3.1]]
+| [[Durango 8G4 (iPhone3,1)|4.3.1]]
-| [[Durango 8H7 (iPhone 4 GSM)|4.3.2]]
+| [[Durango 8H7 (iPhone3,1)|4.3.2]]
-| [[Durango 8J2 (iPhone 4 GSM)|4.3.3]]
+| [[Durango 8J2 (iPhone3,1)|4.3.3]]
-| [[Durango 8K2 (iPhone 4 GSM)|4.3.4]]
+| [[Durango 8K2 (iPhone3,1)|4.3.4]]
-| [[Durango 8L1 (iPhone 4 GSM)|4.3.5]]
+| [[Durango 8L1 (iPhone3,1)|4.3.5]]
-| [[Telluride 9A334 (iPhone 4 GSM)|5.0]]
+| [[Telluride 9A334 (iPhone3,1)|5.0]]
-| [[Telluride 9A405 (iPhone 4 GSM)|5.0.1]]
+| [[Telluride 9A405 (iPhone3,1)|5.0.1]]
-| [[Hoodoo 9B176 (iPhone 4 GSM)|5.1]]
+| [[Hoodoo 9B176 (iPhone3,1)|5.1]]
-| [[Hoodoo 9B206 (iPhone 4 GSM)|5.1.1 (9B206)]]
+| [[Hoodoo 9B206 (iPhone3,1)|5.1.1 (9B206)]]
-| [[Hoodoo 9B208 (iPhone 4 GSM)|5.1.1 (9B208)]]
+| [[Hoodoo 9B208 (iPhone3,1)|5.1.1 (9B208)]]
-| [[Sundance 10A403 (iPhone 4 GSM)|6.0]]
+| [[Sundance 10A403 (iPhone3,1)|6.0]]
-| [[Sundance 10A523 (iPhone 4 GSM)|6.0.1]]
+| [[Sundance 10A523 (iPhone3,1)|6.0.1]]
-| [[Brighton 10B144 (iPhone 4 GSM)|6.1]]
+| [[Brighton 10B144 (iPhone3,1)|6.1]]
-| [[Brighton 10B146 (iPhone 4 GSM)|6.1.2]]
+| [[Brighton 10B146 ()|6.1.2]]
-| [[BrightonMaps 10B329 (iPhone 4 GSM)|6.1.3]]
+| [[BrightonMaps 10B329 (iPhone3,1)|6.1.3]]
-| [[Innsbruck 11A465 (iPhone 4 GSM)|7.0]]
+| [[Innsbruck 11A465 (iPhone3,1)|7.0]]
-| [[Innsbruck 11A501 (iPhone 4 GSM)|7.0.2]]
+| [[Innsbruck 11A501 (iPhone3,1)|7.0.2]]
-| [[InnsbruckTaos 11B511 (iPhone 4 GSM)|7.0.3]]
+| [[InnsbruckTaos 11B511 (iPhone3,1)|7.0.3]]
-| [[InnsbruckTaos 11B554a (iPhone 4 GSM)|7.0.4]]
+| [[InnsbruckTaos 11B554a (iPhone3,1)|7.0.4]]
 |-
 | [[Absinthe]]
@@ Line 688: / Line 688: @@
 ! colspan="9" | Works with [[firmware]]...
 |-
-| [[Sundance 10A403 (iPhone 4 (Rev A) GSM)|6.0]]
+| [[Sundance 10A403 (iPhone3,2)|6.0]]
-| [[Sundance 10A523 (iPhone 4 (Rev A) GSM)|6.0.1]]
+| [[Sundance 10A523 (iPhone3,2)|6.0.1]]
-| [[Brighton 10B144 (iPhone 4 (Rev A) GSM)|6.1]]
+| [[Brighton 10B144 (iPhone3,2)|6.1]]
-| [[Brighton 10B146 (iPhone 4 (Rev A) GSM)|6.1.2]]
+| [[Brighton 10B146 (iPhone3,2)|6.1.2]]
-| [[BrightonMaps 10B329 (iPhone 4 GSM Rev A)|6.1.3]]
+| [[BrightonMaps 10B329 (iPhone3,2)|6.1.3]]
-| [[Innsbruck 11A465 (iPhone 4 GSM Rev A)|7.0]]
+| [[Innsbruck 11A465 (iPhone3,2)|7.0]]
-| [[Innsbruck 11A501 (iPhone 4 GSM Rev A)|7.0.2]]
+| [[Innsbruck 11A501 (iPhone3,2)|7.0.2]]
-| [[InnsbruckTaos 11B511 (iPhone 4 GSM Rev A)|7.0.3]]
+| [[InnsbruckTaos 11B511 (iPhone3,2)|7.0.3]]
-| [[InnsbruckTaos 11B554a (iPhone 4 GSM Rev A)|7.0.4]]
+| [[InnsbruckTaos 11B554a (iPhone3,2)|7.0.4]]
 |-
 | [[evasi0n]]
@@ Line 731: / Line 731: @@
 ! colspan="19" | Works with [[firmware]]...
 |-
-| [[Phoenix 8E128 (iPhone 4 CDMA)|4.2.5]]
+| [[Phoenix 8E128 (iPhone3,3)|4.2.5]]
-| [[Phoenix 8E200 (iPhone 4 CDMA)|4.2.6]]
+| [[Phoenix 8E200 (iPhone3,3)|4.2.6]]
-| [[Phoenix 8E303 (iPhone 4 CDMA)|4.2.7]]
+| [[Phoenix 8E303 (iPhone3,3)|4.2.7]]
-| [[Phoenix 8E401 (iPhone 4 CDMA)|4.2.8]]
+| [[Phoenix 8E401 (iPhone3,3)|4.2.8]]
-| [[Phoenix 8E501 (iPhone 4 CDMA)|4.2.9]]
+| [[Phoenix 8E501 (iPhone3,3)|4.2.9]]
-| [[Phoenix 8E600 (iPhone 4 CDMA)|4.2.10]]
+| [[Phoenix 8E600 (iPhone3,3)|4.2.10]]
-| [[Telluride 9A334 (iPhone 4 CDMA)|5.0]]
+| [[Telluride 9A334 (iPhone3,3)|5.0]]
-| [[Telluride 9A405 (iPhone 4 CDMA)|5.0.1]]
+| [[Telluride 9A405 (iPhone3,3)|5.0.1]]
-| [[Hoodoo 9B176 (iPhone 4 CDMA)|5.1]]
+| [[Hoodoo 9B176 (iPhone3,3)|5.1]]
-| [[Hoodoo 9B206 (iPhone 4 CDMA)|5.1.1]]
+| [[Hoodoo 9B206 (iPhone3,3)|5.1.1]]
-| [[Sundance 10A403 (iPhone 4 CDMA)|6.0]]
+| [[Sundance 10A403 (iPhone3,3)|6.0]]
-| [[Sundance 10A523 (iPhone 4 CDMA)|6.0.1]]
+| [[Sundance 10A523 (iPhone3,3)|6.0.1]]
-| [[Brighton 10B141 (iPhone 4 CDMA)|6.1]]
+| [[Brighton 10B141 (iPhone3,3)|6.1]]
-| [[Brighton 10B146 (iPhone 4 CDMA)|6.1.2]]
+| [[Brighton 10B146 (iPhone3,3)|6.1.2]]
-| [[BrightonMaps 10B329 (iPhone 4 CDMA)|6.1.3]]
+| [[BrightonMaps 10B329 (iPhone3,3)|6.1.3]]
-| [[Innsbruck 11A465 (iPhone 4 CDMA)|7.0]]
+| [[Innsbruck 11A465 (iPhone3,3)|7.0]]
-| [[Innsbruck 11A501 (iPhone 4 CDMA)|7.0.2]]
+| [[Innsbruck 11A501 (iPhone3,3)|7.0.2]]
-| [[InnsbruckTaos 11B511 (iPhone 4 CDMA)|7.0.3]]
+| [[InnsbruckTaos 11B511 (iPhone3,3)|7.0.3]]
-| [[InnsbruckTaos 11B554a (iPhone 4 CDMA)|7.0.4]]
+| [[InnsbruckTaos 11B554a (iPhone3,3)|7.0.4]]
 |-
 | [[Absinthe]]