Monday, October 11, 2010

    Drama in the Jailbreak Land: SHAtter Delayed

    Egos are a fact of life.  They run rampant in almost everything, though it seems that the bigger the limelight, the more likely it is that an ego will jump to the front.  This is surely the case in the hacking world, where egos are attached to handles that don't necessarily bear any resemblance to reality.  Such is the case with the latest iOS 4.1 jailbreak.

    Chronic Dev Team, a group of hackers known for developing some of the most capable jailbreaks for the iPhone, have been touting a major bootrom exploit for the latest generations of iOS devices called SHAtter.  With SHAtter, which relies on an unpatchable vulnerability in the bootrom of all current generation iOS devices, jailbreaking would be guaranteed for the life of the device (source: QuickPWN).  The exploit is at such a low level that it would be all but impossible for Apple to patch it with software.

    The exploit was announced several days after iOS 4.1 went live with a message that the jailbreak was verified and would make its way to the wires soon.  The raw jailbreak was announced with this twitpic photo on July 15, 2010.  Note the version of iOS which states 4.1 along with "rooted".  Eventually, this jailbreak was slated to be rolled into a package called "greenpois0n", which would be released on 10.10.10 at 10:10 am (the Geek holiday).

    Drama and egos, though, are apt to ensue with something this highly touted.  On October 9, 2010, one day before greenpois0n was to be released, another member of the iOS hacking community released a different bootrom exploit, rolling it into a package called limera1n.  That hacker, George Francis Hotz (born October 2, 1989), aka geohot, had previously released a tethered jailbreak known as blackra1n.  This release of limera1n was apparently against the express wishes of both the Chronic Dev Team and the iPhone Dev Team.  In a tweet that would come out shortly after the limera1n release, some insight into the drama that must have been running amok is revealed.  The tweet states:

    chronic dev team
    use limera1n at your own risk. it has been untested and geohot screwed over @ who trusted him to wait.
    It is worth noting that limera1n is in beta form and does not work on older devices.  Further, it is rumored to not work on newer bootrom iPhone 3GS devices.  Finally, it is currently only Windows based.

    In the ensuing fallout, the Chronic Dev Team postponed greenpois0n, pulling the SHAtter exploit from it completely and choosing to implement the bootrom exploit which geohot used.

    At issue here is that each bootrom exploit is precious.  Apple can patch and remove these exploits as they iterate hardware.  To release two bootrom exploits at the same time would be a waste, in that Apple could roll up both of them in the next iteration.  By doing the "mature" thing, the Chronic Dev Team is at least giving potential life to SHAtter on another device, and it may serve as the means of a lifetime jailbreak on the next iteration of iOS devices.

    Given the beta nature of limera1n and the timing of its release, it certainly seems as if it was released as a means of grabbing the limelight.  It was also apparently an unpopular thing to do in the small community which is known for turning out solid jailbreaks.  The fact that it does not work on older devices and is rumored to not work on the newer iPhone 3GS devices seems to indicate that it is an inferior jailbreak, as well, which is a true shame:  It is unlikely that the SHAtter exploit will see the light of day anytime soon.

    Greenpois0n will be released soon, according to the Chronic Dev Team.  It may be wise to wait for their fully tested version to be made available before jumping into the hairy landscape of jailbreaking.  If you can't wait, however, limera1n is available and waiting.

    Sources: Chronic Dev Team twitter,,