Originally Posted by Dev BlogRush, rush, rush....
Over the last year we’ve discovered some interesting things about the software used in the iPhone. These “hacks” , “exploits” and “techniques”, or whatever you want to call them, are valuable - not only from a financial perspective (so scummy people can sell unlocking software) but also from a strategic point of view. Think of it like a game of poker, showing your hand too early would certainly make you lose “the game”.
The majority of iPhone users are not technical - they want an easy, one-stop, simple application that will allow them to quickly and painlessly unlock their phone. If we were to release a crummy command-line based tool that does the immediate job that everyone is screaming for, we’d only end up in the following situation:
1) The technique is released to the world and people use this technique to quickly create GUI apps that they charge cash-money for, or re-release something hacky and horrible that bricks lots of devices, or for example disables the WiFi that then causes more stress that ultimately comes back to us
2) The technique is exposed to the vendor, allowing them to locate and repair the security hole. Sometimes these security holes span product versions, for example: between the first generation and second generation iPhone. In such a case releasing the knowledge in the middle of the product development cycle is pointless and risks the “usefulness” of the technique - especially if there are existing hacks/techniques that work just fine.
The iPhone DevTeam is comprised of a group of people who work together over IRC from various parts of the world. This distributed method of working happens 24 hours a day with people performing tasks in the time that best suits their time-zones. It is a completely self-managing, self-regulating and member-funded organization. Most of us have never met face-to-face and we rarely know real names - in fact, we would more than likely not recognize each other if we walk past one another on the street. Despite this we follow a strict “hacker code”: ground rules by which we all abide.
Perhaps the foremost of these rules is management of knowledge. We keep certain information private, restricted to members of the team only (to help with points 1 and 2 above), and members are entrusted to make sure this secrecy is consistently enforced. This makes the team. Only when there is a majority vote from the team do we make any announcement or release.
So now we come onto Geohot, the self appointed media frontman for last year’s iPhone hacks. Geohot actually worked with us a month or so before the media-circus that he led. Geohot is certainly a bright guy, but he couldn’t abide by rules that I described in the last paragraph and because of this he was asked to leave the team. Of course like any hacker Geohot continued on for his goal.
Using some of our techniques and tools (and some of his) and using his own brain power (and that of an unnamed Russian) he was able to release his hardware hack and demonstrate the first unlocked iPhone to the world, he has also demonstrated other things during the last year and some of those releases have helped us with our work.
We thought that Geohot would have matured somewhat in the last year, but this clearly isn’t the case, as sadly one of the team members has leaked a copy of our exploit to Geohot and he is now using this to try and provoke us into making an early release :-(
So finally, just in case some of you were wondering, we’re not sitting on this tool because we’re full of ourselves or stuck up our own asses. We’re not sitting on it cause we like to see you writhe. We are testing it to make sure it’s as glitch-free as we can make it. We want to avoid releasing something that turns expensive phones into pretty looking paperweights. Don’t you agree it’s worth the wait?
If others want to feel like they’re in control by posting all-knowing entries on their blogs, we can’t stop that, but the new PwnageTool will be released when it’s ready, and not a moment later.Whats going on?????Originally Posted by Geohot BlogPost beta 4, the ramdisk hack stopped working. Sorry Zibri, guess you'll have to steal another exploit. They also changed the recovery mode USB protocol to use the control endpoint to send commands.
The possiblity of unlocking, which is very distinct from jailbreaking, is based entirely on the baseband bootloader. Apple doesn't appear to upgrade the bootloader on phones in the field, probably for fear of breaks. So any old iPhones out there today, regardless of version, can be unlocked.
The iPhone 3G uses a different bootloader, which I believe there aren't any known exploits in yet. So no unlock.
There is a known exploit in iBoot, on both the old and 3G iPhones. The "the specific date/time is not firm yet" pwnage tool will leverage it to jailbreak all 2.0 software iPhones, 3G and otherwise. Dev team, that date better be soon or I might just have to release yiPhone. The iBoot exploit is yours, use it. You wouldn't want a repeat of ZiPhone now...