Dev-Team Blog
To find yourself, think for yourself © Socrates 469 BC
Team Links
PwnageTool 4.3 Info
DevTeam Wiki
redsn0w.com
ultrasn0w.com
Blog tags
PwnageTool
redsn0w
redsn0w beta
ultrasn0w
Software
Official Torrents
Donations
/dev/null

Twitter
Team
bugout
bushing
comex
Jason Bourne iZsh
marcan
MuscleNerd
planetbeing
pumpkin
pytey
saurik
wizdaz
identi.ca
Team
bushing
Jason Bourne iZsh
MuscleNerd
pytey
saurik
Friends
The Misfits
hackmii.com
Stephen Fry
Woz
CCC - 27C3
HACK LINE
(347) DEV-TEAM
SHAttered iPod touch 4G 

Those of you with Apple’s new iPod touch 4G, or those of you who bought another recent device after the jailbreakme.com exploit was closed, have probably heard about a brand new exploit called SHAtter. The exploit (and payload) was developed by @pod2g a few months after @p0sixninja of the Chronic Dev Team discovered the crash. That team is hard at work bringing you a brand new tool to make use of the exploit. It’s not the sort of thing that can be developed overnight so please be patient while waiting for any announcements from them.

In the meantime, we’ve put @pod2g’s exploit into a beta version of PwnageTool to test the waters. The SHAtter exploit was enough to convince the iPod touch 4G to restore to our custom IPSW. The successful result is shown below!  It’s all working: customized Preferences to show battery percentage, Cydia, root shell…the works!

Although PwnageTool was a useful first test of a full iPod 4G jailbreak via SHAtter, it’s really overkill compared to the faster tools being developed. Its main use in PwnageTool will be for those with iPhone4’s, to allow updates while preserving the baseband and ultrasn0w carrier unlock. In any event, this is another exciting time for iPhone and iPod touch users…the cat and mouse game continues!

UPDATE #1:  It’s looking like SHAtter is going to be the gift that keeps on giving.  Even though the new AppleTV isn’t yet in people’s homes, the firmware is available on Apple’s normal public distribution servers and SHAtter has been used to decrypt its keys!  The main filesystem (“Mojave8M89.K66OS”) key for 018-8609-066.dmg is:

31c700a852f1877c88efc05bc5c63e8c7f081c4cb28d024ed7f9b0dbc98c7e1406e499c6

If you’re familiar with vfdecrypt, you can use that key to decrypt the image and mount it.  If you do so, feel free to use the comments section to discuss what you discover there :)  (And of course, thanks @pod2g!)

UPDATE #2:  It’s confirmed…SHAtter can trick Apple’s new AppleTV 2G into restoring to a pre-jailbroken IPSW from PwnageTool too!   Literally the only UI application on the ATV is Lowtide.app, but now the window is open for jailbroken apps of all varieties.  (Just like the early iPhone days, the only apps you’ll see on the AppleTV will be jailbroken ones).  In the meantime, here’s a video showing root access (via ssh) into Apple’s new product.

12 years ago
Comments