Hackers have begun to tell the story of the SHAtter exploit, how it was discovered, and how it is being used to bring the next iPhone jailbreak.
SHAtter is an unsigned code execution vulnerability that resides in DFU mode of the S5L8930 bootrom. Uses of this exploit have already involved uploading a pwned iBSS/iBEC to provide access to the AES engine and to run custom ramdisks.
In April 2010 pod2g wrote a USB fuzzer and tested every single USB control message possible on his iPod2,1. The fuzzer found 2 vulnerabilities: - a heap overflow caused by the A1,1 control message - a way to dump the bootrom using USB descriptors request
The team tested both PoC on new generation devices (iPhone2,1, iPod3,1, iPad) and both were already fixed by Apple.
posixninja continued the fuzzing on new gens and found that with a particular sequence of USB messages it was possible to dump the BSS+Heap+Stack (on new gens only). Having a memory dump is really helpful to make exploits and it was also the first time we had this kind of dump, previous bootrom exploits (ex: 24kpwn) were done blind!
Also, his first attempts to dump the memory resulted in rebooting the device. Interesting! We'll see after that this reboot is the base of the SHAtter exploit.
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (9)
Comments are closed for this article.
0
Lizamay - September 30, 2010 at 1:04pm
So - my iPhone 4, 4.0.1, is already jailbroken. But I believe mine is a software exploit, isn't that right? So when the new jailbreak comes out, what should I do? Unjailbreak and then update to 4.2 and re-jailbreak?
0
zexx0r - September 30, 2010 at 6:06pm
If you need an unlock, it means you will build a custom ipsw via PwnageTool (new version, that supports SHAtter exploit) and get 4.1 with old baseband version.
If you do not need an unlock, you just update to 4.1 and then jailbreak it with SHAtter. :)
0
Alan - September 29, 2010 at 5:41pm
Gosh, I'm really anxious for this one. My brand new iPhone 4 thanks you. Great work guys!
0
Nt02 - September 29, 2010 at 4:21pm
So nice of the hackers to give Apple the exact items to fix.
0
Josh - September 29, 2010 at 5:26pm
It's a hardware exploit, so until they change the hardware, the exploit will remain
0
Slekinaz - September 29, 2010 at 6:58pm
I know right. Why would they want to post this to the whole world? I know the shatter exploit is suppose to be very difficult for apple to patch... but aren't jailbreakers better off with apple not knowing?
0
cas - September 29, 2010 at 7:03pm
I think I accidentally marked an item as spam... So sorry, trying to respond from iPhone and finger slipped... But it will take a hardware refresh with will likely happen in new lot numbers but for now there's not much apple can do about it.
0
@Spaolo_Goliaa - September 29, 2010 at 11:34pm
To reiterate: it is a HARDWARE EXPLOIT. Meaning, until a new device. iPhone 4 is set for life.
0
Mark - September 30, 2010 at 6:35pm
what bothers me about a hardware exploit, is it's harder to cover that you've jailbroken your iphone (invalidating your apple warranty). yes I've read everywhere that jailbreaking is no longer illegal, but it still invalidates your warranty! now you can't just restore and leave no trace of it since it is a permanent hardware exploit.......
![Apple 'Completely Screwed Up' AI, Giannandrea Hire Called Tim Cook's Biggest Mistake [Gurman]](/images/news/99786/99786/99786-160.jpg "Apple 'Completely Screwed Up' AI, Giannandrea Hire Called Tim Cook's Biggest Mistake [Gurman]")
![Apple Releases 'Glad I Met You' Chinese New Year Film Shot on iPhone 17 Pro [Video]](/images/news/99788/99788/99788-160.jpg "Apple Releases 'Glad I Met You' Chinese New Year Film Shot on iPhone 17 Pro [Video]")
![Apple to Delay Standard iPhone 18 to 2027, Prioritizing Foldable and Pro Models [Report]](/images/news/99783/99783/99783-160.jpg "Apple to Delay Standard iPhone 18 to 2027, Prioritizing Foldable and Pro Models [Report]")
![AirPods Pro 3 Return to All-Time Low Price of $199 [Deal]](/images/news/99752/99752/99752-160.jpg "AirPods Pro 3 Return to All-Time Low Price of $199 [Deal]")
![Apple's 13-Inch M5 iPad Pro (Silver) Hits New All-Time Low at $1,149.99 [Deal]](/images/news/99729/99729/99729-160.jpg "Apple's 13-Inch M5 iPad Pro (Silver) Hits New All-Time Low at $1,149.99 [Deal]")
![Apple's 13-Inch M5 iPad Pro (1TB) Hits New All-Time Low at $1,706 [Deal]](/images/news/99716/99716/99716-160.jpg "Apple's 13-Inch M5 iPad Pro (1TB) Hits New All-Time Low at $1,706 [Deal]")
![Apple Pro Display XDR Drops to $3,999 With Massive $1,000 Discount [Deal]](/images/news/99684/99684/99684-160.jpg "Apple Pro Display XDR Drops to $3,999 With Massive $1,000 Discount [Deal]")
