Warning: It's Possible for a Jailbreak Tweak to Permanently Brick Your iPhone
LIKE
TWEET
SHARE
PIN
SHARE
POST
MAIL
MORE
Posted February 17, 2015 at 7:53pm by iClarified
The jailbreak community is at risk of malware following a release of a proof of concept that demonstrates it's possible for a tweak to permanently brick your iPhone.
Arcticsn0w announced the PoC on reddit. It was created after users who were trying to follow dayt0n's bootcolor changing method (that messes with the device's nvram) reported completely bricked devices due to a misstep in following the instructions.
I have released a very, very, very, very dangerous package as a proof of concept called "KilliOS" on my personal Cydia repository (http://arcticsn0w.github.io). It is an empty package which messes with nvram values in the postinst script, and then forces a reboot. Installing this package will instantly kill your device.
Installation of the tweak results in "instant death of your device". Something which is stressed repeatedly by acticsn0w.
"TL;DR Be very careful. Please, I swear to god, do not install KilliOS. Please. If you do, I can't help you fix your device. It's very dangerous. It is only a proof of concept saying "Tweaks CAN do this". Do not install. Do not install. Do not install. Do not install. Do not install. Do not install. Do not install. Do not install. Do not install. Do not install. Do not install."
The tweak was eventually pulled because it was so dangerous and the code has been made available in GitHub.
All of this is based on changing a nvram variable called DClr_override.
If this is changed to an invalid value for the device (valid values are not the same on all devices), and the device is rebooted, the device will permanently not be able to boot. This cannot be fixed with a DFU restore or any other method.
DClr is the variable inside of iBoot that determines what color the Apple logo should be on boot, notes dayt0n. It only exists on the iPhone 5 and up. It is composed of 32 hex characters, consisting of 16 bytes, and it determines the color of the logo until SpringBoard begins to launch.
It's pretty simple to change the DClr value but some users attempting to follow the instructions discovered that a mistake led to the bricking of their device.
Now that a very simple method for bricking devices has been made public, users are in danger of installing a malicious tweak that can kill their device.
To protect yourself we strongly suggest that you only install tweaks from respected repositories and developers. Pirated tweaks and questionable repos could put your device at risk.
Thankfully developers are working on a fix and there is already a temporary failsafe by ktechmidas that offers some protection. More details here.
Well I guess Iphone is taking Samsung path.
Or the guy who released the code could be Samsung guy!! Haha just kidding.
Samsung had this problem long time ago, when you try to root or install wrong device firmware and bricked the phone.
For those who blame the guy of releasing the code. I said good for him to let us know there is a big danger for jailbroken iPhone. So jailbreak community can try to find a solution.
Or you rather he didn't released or said anything, and someone (apple cough! Don't like jailbreak) release it do bunch of jailbroken devices become bricked, so people would not jailbreak their iPhone anymore?
Actually on the iphone 6, there's only one Water Damage sticker and it's on the motherboard so it's possible that it didn't turn red. on the iphone 4/4s, theres 3, headphone jack, USB and motherboard. iphone 5/5c/5s there's 3, sim tray, and two on the motherboard. on the 6 plus there's 3, two on the motherboard and one big one near the sim tray but you kinda can't see it unless you pull the screen up.
Well because the way DFU mode works is kinda like a stripped down version of regular mode. There's two partitions in the iphone, one is 16gb or 8gb or 32gb or 64gb or 128gb depending on what the phone is, and the second partition is like 200mb or something small. This second partion is the DFU partition that's only instructions is to boot into recovery mode using the same instruction set from the NVRam as the regular mode. This DFU partition doesn't have the support to display anything on the screen or access the GPS or WIFI or camera or anything like that. Just boot into recovery mode and be able to access the Primary partition to completely erase it and do a complete iOS restore. Now when it's booting up into recovery mode, it still accesses the NVram to call up some commands that this tweak alters and breaks the phone from booting up.
Never hear anyone bricking ios-device until this news! And been Following thescene and jailbreaking all my Apple devices since iphone 1. Its always been possible to restore via dfu until this one.
Nothing new about this risk. It is amazing that 'jailbrick deniers' have refused to accept this reality, which has been true from the very first jailbreak. Maybe this will finally convince people.
Jefferson,
Don't speak of things you know nothing about. Until this, the only way to brick your iPhone is to hit it with a brick. You were ALWAYS able to recover from a software mishap with a restore via DFU mode.
BS - never head of bricked phone before since iPhone1 - the first jailbreak! I seriously doubt that you can provide any evidence to support your claim. All problems with jailbreaks been able to restore via DFU. Personally had some serious hangups while some of the jb-versions but always - read - always been able to reset - restore via dfu.
I have also received new iPhone since battery problems but did restore before returning the it to Apple store but it proves that they cannot see any traces of JB if restored. Thats that for losing the warranty discussion.
I don't understand... You don't count the first jailbreak? You're saying that the first jailbreak caused some bricks, but since then there haven't been any? If that's what you're saying, how is what I wrote BS? Remember too that the first jailbreaks actually came with warnings about bricking iPhones. I don't get what's getting you fired up, dude. Chillax.
The first jailbreak did not result in any bricked phones. People's knowledge were very limited. Most people only knew how to put their phone in recovery mode which is very different from DFU mode. Like i said, until this hack, you could always recover your phone through a DFU mode restore unless you have hardware issues.
Exactly - sorry misleading "since" but as you probably already noticed English is not my native language. I meant that there hasn't been any bricks ever - in the history of Jailbreaking (thats been possible since iphone1).
@SimonSays: If they can keep track of what you download through App store and iTunes, they have the means to know what you do with you iDevices. They would not admit to it but they know everything you did with it. @Drew2648562: Don't be ignoramus...
That is complete bullshit. I have taken them bricked jail broken iPhones and they replaced it without question. All they check is the white dots that show if the phone has seen water.
And i've taken them phones that i've dfu restore to erase the jailbreak and they've saw that my backup data had leftover jailbreak data in it and said they couldn't replace it because it's been jailbroken before. Just because you were lucky doesn't mean you will always be lucky.
Not true, jailbreak doesn't kill warranty.
I bring them a jailbroken iphone to replace it under warranty and they replace it with any problem. This is myth !
Just as SBlow said...do not always presume you will be as lucky as next...most Apple Geniuses at their store are not that genius...most of them are just too laid back to do the extra investigation. Although there are some hardcore technical (real geniuses) ones that will check...but think about it, since they just work there and not really their lost, as long they do the standard checks (i.e. verify no crack screen, visible drop damage, and water damage...they will just replace your devices and send your original devices to be repaired/refurbished. During that repair that's when they will find out what you did with it. But since they've already accepted your "faulty" device and replaced it, they have no grounds for them to take back what they've already given.
Yeah, that's pretty much what my luck has been based on, back when iOS 7 first came out, I was able to warranty exchange some locked iCloud devices before Apple started to make it mandatory for find my iPhone to be taken off. Same with other random things that some apple techs catch and others don't.
![iPhone's Share of New Smartphone Activations Declines to 33% in the U.S. [Chart]](/images/news/93409/93409/93409-160.jpg "iPhone's Share of New Smartphone Activations Declines to 33% in the U.S. [Chart]")
![Apple Shares Offical Trailer for 'Trying' Season 4 [Video]](/images/news/93403/93403/93403-160.jpg "Apple Shares Offical Trailer for 'Trying' Season 4 [Video]")
![New 15-inch M3 MacBook Air On Sale for $149.01 Off! [Lowest Price Ever]](/images/news/93314/93314/93314-160.jpg "New 15-inch M3 MacBook Air On Sale for $149.01 Off! [Lowest Price Ever]")
![Apple 96W USB-C Power Adapter On Sale for 49% Off [Deal]](/images/news/93302/93302/93302-160.jpg "Apple 96W USB-C Power Adapter On Sale for 49% Off [Deal]")
![AirPods Pro 2 With USB-C On Sale for $189! [Deal]](/images/news/92932/92932/92932-160.jpg "AirPods Pro 2 With USB-C On Sale for $189! [Deal]")
