Everybody knows about pod2g, the guy who has found many bootrom exploits, including SHAtter (the IPT 4G bootrom exploit). Just recently he found a bootrom exploit for the iPod Touch 2G MC Model. This will allow the iPod Touch to be jailbreakable on ALL firmwares. It is the usb_control_msg(0xA1, 1) exploit, which is his 4th bootrom exploit to date. He has contributed much for the jailbreak community, so kudos to you, Mr. pod2g.
The exploit itself is hard to understand.
Also, this exploit will be used in the new sn0wbreeze, which will be released later today by 6:00PM pacific by iH8snow.A heap overflow exists in the iPod touch 2G (both old and new) bootrom’s DFU Mode when sending a USB control message of request type 0xA1, request 0×1.
On newer devices, the same USB message triggers a double free() when the image upload is marked as finished, also rebooting the device (but that’s not exploitable because the double free() happens in a row). posixninja analyzed and explained this one.
Looks like sb2 will have otb support for ipt2g MC models too! :) thx @pod2g
@jonnyboywashere this exploit is only in the ipt2g, thats why pod2g published it on the wiki
Information from spiritjb.org/
No comments:
Post a Comment