Limera1n

From The iPhone Wiki
Revision as of 05:03, 10 October 2010 by Dialexio (talk | contribs) (Making the article fit more in line with the other jailbreak apps.)
Jump to: navigation, search

This is geohot's jailbreak utility. It uses his undisclosed exploit, along with comex's userland exploit, to achieve an untethered jailbreak on newer devices.

It has been demonstrated multiple times by geohot, using blog posts on his now private blog. Geohot showed off a high-res picture of Cydia on an iPhone 4. He displayed an iPod touch 3G with an untethered jailbreak that met MuscleNerd's requirements for a good video. In addition, he took a picture of Cydia and blackra1n icons on his iPad's SpringBoard.

limera1n was released on October 9, 2010, delaying the release of greenpois0n. It only supports Windows at the moment and a large number of devices have issues.

Credit

geohot

Changelog

RC1 beta 1

First release.

RC1 beta 2

Fixed kernel patching magic. Rerun BETA2+ over BETA1.

RC1 beta 3

Fixed an issue with iPhone 3GS (new bootrom)

Technical Information

Basics

  • This does not use SHAtter.
  • This uses a bootrom exploit (different than the greenpois0n one) to achieve the tethered jailbreak and unsigned code execution
  • This uses a userland exploit to make the jailbreak untethered, which geohot obtained under questionable circumstances from comex.
  • Chronic Dev knows about this exploit and has confirmed its legitimacy

Exploits

limera1n uses an undisclosed bootrom exploit.

Process

The jailbreak appears to execute something like the following (in no particular order):

  • In recovery1,
"setenv debug-uarts 1
setenv auto-boot false
saveenv"
  • In DFU, it uploads a payload.
  • In recovery2, it uploads another payload and its ramdisk.

Controversy

The release of this jailbreak is specifically designed to pressure Chronic Dev into implementing the exploits in limera1n into greenpois0n. Now that geohot has released limera1n, SHAtter can't be released without major negative backlash from other hackers, as this would burn a bootrom exploit.

External Links