The iPhone Dev Team has found another exploit to unlock iPhone OS 3.1.3 baseband – MuscleNerd of the iPhone Dev Team has tweeted that just re-discovered a crashing command that yellowsn0w, the iPhone unlocking software was originally going to use.

What does that mean? It means he has found another working exploit for the baseband bundled in iPhone OS 3.1.3, which should help them figure out a way to jailbreak and unlock the latest iPhone OS.

The iPhone hacking community has already discovered two working exploits for the baseband 05.12.01 that is bundled in iPhone OS 3.1.3.

MuscleNerd announced on his Twitter page:

Ha just re-found crashing command yellowsn0w was originally going to use before +stkprof. Apple fixed it *accidentally* in 02.28.00.
some commands have come and gone. some command holes have come and gone. this command has come and gone but not the hole:)
it still seems accidental though :) there are no overt signs that they’ve closed the hole, but the byte alignment kills it

Apple has built in this bizzare intepreter into their baseband.

Why is it in production units? Fun!

It is still not clear whether hey’re talking about the same exploit or a different one.

In any case, the iPhone Dev Team and Geohot have at least one working exploit for the 05.12.01 baseband, unlocking iPhone OS 3.1.3 could soon become a reality rather than a dream!

Stay tuned!

- source: iclarified.com

We have good news for anyone who accidentally updated to iPhone OS 3.1.3, which in turn updated the baseband on the device. GeoHot, iPhone Hacking expert and creator of popular unlocking and jailbreaking tools, such as Blackra1n and Blacksn0w, has discovered a working exploit for baseband 05.12.01.

Geohot has tweeted the hash tag of the baseband crash “for safekeeping”:

d8b50dc95d7906e3ff6155331a534b55d0f6cac1=good.

In addition, iHackintosh has also published the conversation between Visnet (iHackintosh reader), Geohot and MuscleNerd:

<visnet_> What does geohot tweet mean?
<geohot> its my bb exploit for safekeeping
<Par4doX> geohot: did you turn that over to the dev team or are you doing something with it?
<geohot> my days of turning things over are done
<geohot> i hope its different from the one they have
<geohot> but they prob already have it
<geohot> its the one i orig wanted to release blacksn0w with
<Par4doX> it’s still there in the new bb
<geohot> yep, just checked
<geohot> but then opted to use xemn since it was public
<Evan> Oo, it carries over from 05.11 to 05.12?
<geohot> why wouldn’t it, apple doesn’t fix things proactivly
<MuscleNerd> geohot we prob should figure out a way to know if we have same exploit double blind, otherwise we may release 2 different ones at same time
<geohot> any suggestions?
<MuscleNerd> not sure how to do that without making it easy to brute force though
<geohot> yea, i salted the hash
<MuscleNerd> yeah
<MuscleNerd> hmm maybe if we both hash the stack dump
<Confucious> Can you two take this out of public sight?
<MuscleNerd> the stack itself, not the header before it or the registers after it
<Her> muscle: any notice about the exploits are the same ?
<geohot> we are working on it
<geohot> cryptography, perfect for people who don’t trust each other

The conversation indicates that both the iPhone Dev Team and Geohot have a working exploit for the latest baseband and could release tools to jailbreak and unlock iPhone OS 3.1.3.

Stay tuned!

- source: ihackintosh.com

The iH8sn0w Dev Team have released sn0wbreeze version 1.5.1 to jailbreak and unlock Apple’s recently released iPhone OS 3.1.3. Sn0wbreeze allows users to upgrade from a jailbroken iPhone OS 3.1.2 or lower to iPhone OS 3.1.3. We encourage you to carefully read below before attempting to use this application.

sn0wbreeze is a tool for Windows that will jailbreak your iPods and iPhones, setup custom boot logos, activate your iPhone, root partition size, build custom IPSW, and more!

Alright, so it all seems fine and dandy so far but here’s the catch: Your iPhone or iPod MUST BE iPhone OS 3.1.2 or lower and it must be jailbroken or pwned prior to using sn0wbreeze. Sn0wbreeze will NOT work if you have already upgraded to iPhone OS 3.1.3. It allows users to upgrade their jailbroken iPhone runing iPhone OS 3.1.2 or lower to jailbroken iPhone OS 3.1.3.

Sn0wbreeze will work with the following devices:

• iPhone 3GS (OLD BOOTROM ONLY. If the 4th/5th digits of the serial # are before 40 then you should have the old bootrom. If your current jailbreak is tethered DO NOT try this.)
• iPhone 3G
• iPhone 2G
• iPod Touch 2G (OLD BOOTROM ONLY. If your current jailbreak is tethered you have the new bootrom so stay away and/or If your model # starts with MC you have the new bootrom so stay away!)
• iPod Touch 1G

In addition, sn0wbreeze can unlock these following devices:

• All iPhone 2G
• iPhones with 04.26.08 Baseband
• iPhones with 05.11.07 Baseband

Note: You can find your baseband/firmware via the Settings app (General->About->Modem Firmware

You can download Sn0wbreeze 1.5.1 for Windows below.
Sn0wbreeze 1.5.1 for Windows Download

- source: ih8sn0w.com

Apple released iPhone OS 3.1.3 recently to improve and fix a few issues with iPhone OS 3.1.2 and the iPhone Dev Team recently released their updated redsn0w software to jailbreak iPhone OS 3.1.2 but an unofficial feature of Redsn0w 0.9.2 is the ability to also jailbreak iPhone OS 3.1.3. That said, lets get jailbreaking that device of yours.

In this tutorial, I will show you how to jailbreak iPhone OS 3.1.3 in the same way you would jailbreak iPhone OS 3.0 with redsn0w 0.9.2.

Please follow these instructions clearly and you’ll be a-o-k. Now, before we begin you may notice that we use the iPhone OS 3.1.2 IPSW to jailbreak our iPhone OS 3.1.3 device, this is no mistake. When you get asked to select the iPhone firmware you have installed then choose the iPhone OS 3.1.2 IPSW. Please make sure you have updated your device to 3.1.3 by either updating officially via iTunes or restoring via iTunes. Keep in mind that restoring your iPhone will erase your iPhone’s content. In this tutorial we use Redsn0w version 0.9.2

Note: We are not responsible if your device blows up in the middle of the jailbreak process or if your device doesn’t turn on after using this. Use, strictly, at your own risk!

1. First is first, download redsn0w 0.9.2 here (for Windows) or here (for Mac OS X)
2. Second, Download iPhone OS 3.1.2 (to Jailbreak 3.1.3) or whatever firmware you’ll be using to jailbreak – here

(more…)

The legendary iPhone Dev Team have updated their nice PwnageTool application to version 3.1.5 to support Apple’s recently released iPhone OS 3.1.3 – PwnageTool 3.1.5 for Mac OS X will let you do so safely, preserving your jailbreak and ultrasn0w unlock. (If you use the blacksn0w unlock (at baseband 05.11.07), you need to stay at 3.1.2.)

iPhone 3G and 3GS unlockers should always be very wary to update their firmware. This is no exception. If you make a mistake along the way you may find yourself updating to official 3.1.3 in which case you will lose your unlock, possibly forever.

iPhone 3GS users (regardless of unlock) should stay away from this and all 3.1.3 jailbreak tools unless you know you have your “SHSH hashes” backed up via Cydia. That’s because if you make a mistake you may find yourself stuck at official 3.1.3 with no way to jailbreak or come back down to 3.1.2 to jailbreak.

If you really truly feel that you need to update, this version creates a custom 3.1.3 IPSW for you to restore to on your iPhone 2G, iPhone 3G, iPhone 3GS with early bootrom, iPod touch 1G, and iPod touch 2G with early bootrom. If you don’t know if you have an early bootrom or not, please avoid updating until you learn more.

You don’t need to be pre-jailbroken on anything but the iPod touch 2G early bootrom. And really for that device, it’s faster and easier to use redsn0w 0.9.4 as mentioned in our last post. For that matter, if you have an ipt1g, iphone2g, or iphone3g(and don’t need an unlock), you should use redsn0w too (but version 0.9.3). It’s faster and you won’t have to go through a full restore process (just do an update then run redsn0w, pointing it at 3.1.2 FW instead of 3.1.3).

If you have an iPhone 3GS, PwnageTool works if you’re currently at version 3.1.2 or below (down to 3.0). You don’t need to be already jailbroken — PwnageTool will ask you if you’re jailbroken after you’ve created the IPSW. Don’t use PwnageTool on the iPhone 3GS if you’re at 3.1.3, it just won’t work. Downgrade to 3.1.2 using the methods described here. If you can’t downgrade because you don’t have your 3GS 3.1.2 hashes on file with Cydia, you’ll need to sit out the 3.1.3 jailbreak.

PwnageTool Download:
PwnageTool 3.1.5 Download for Mac OS X

blog.iphone-dev.org

The only thing missing from the iPhone is Adobe’s Flash Player. Since Apple has taken so long to approve Flash on the iPhone, a clever programmer by the name of Tobias Schneider has managed to get the iPhone to run interactive apps created using Adobe’s Flash platform. This way of running said apps aren’t subject to Apple’s strict rules of the AppStore because it runs under the built-in web browser: Safari.

It’s called Gordon, and the software doesn’t allow Adobe’s Flash itself to work on the iPhone. Gordon is a JavaScript runtime that allows the browser to run and display .swf (Shockware Flash) files. You go to a website, the JavaScript code loads and does its thing — you’re now flash-enabled.

You may be asking yourself, does this mean my iPhone supports Adobe’s Flash? Well, no — it doesn’t. You cannot just go to any flash-based website and expect it to work. The website has to have Gordon installed. The webmaster would have to add this runtime to every instance of Flash, which is only a few lines of code.

While the project is open source and available to the public, it doesn’t solve one of the biggest problems with Flash — Flash hogs the CPU like a fat kid does cookies!

However, this clever Javascript hack potentially opens the door to a new class of interactive, animated mobile websites. While many web developers rely on Flash to accomplish things that can’t easily be done in HTML; those Flash apps won’t run on the iPhone.

If you want to see Gordon in action head over to Paul Irish’s demos by clicking here — prepare yourself to be amazed. The demos work on both MobileSafari or on any desktop web browser. The animations seem to run very smoothly on the iPhone 3G running iPhone OS 3.1.2.

- source:
Gordon Flash Javascript hack Demos
Gordon Flash Javascript hack source code

You know, I had a real good time kicking ass two weeks ago when we ran our Tekken 6 / Fight Night Round 4 contest, and I thought, hey — lets do it again this weekend. Only this time: Modern Warfare 2!

So to keep it active, we’re gonna call this:

Dashhacks MW2: First Blood

Shit’s simple:

• Add the PSN ID “Dashhacks” to your PS3 friends list.
• Be online January, Saturday 23, 2010 @ 12:00 PM EST.
• We’ll send you an invite come game time.
• Take 1st place in any of the five 20 min Deathmatch rounds and you win.

What do you win? A license key ($60 value) to some pretty dope Windows software called, AudialsOne. What’s it do? All this:

• AudialsOne is a powerful search engine to find music and record it.
• AudialsOne can record movies form sites like Netflix, Hulu, YouTube, and others.
• AudialsOne can record everything you hear on any website or streaming application and automatically saves the file as a new MP3 or appropriate file format on your computer.

Sounds awesome, right? It is. You may download a trial version of AudialsOne here to see what I’m talking about.

2nd and 3rd place runner-ups will receive a complimentary Dashhacks T-shirt.

We’ll keep you updated via Facebook and Twitter.

- source: dashhacks

The first known actual iPhone worm has been spreading across jailbroken iPhones in Australia late last week. The worm seeks out jailbroken iPhones with SSH installed in which the default password has not been changed, and installs itself on the device. Once installed, it changes the background to an image of Rick Astley (essentially Rick Rolling you) and looks for other phones on the network to install itself on, though it has the potential to be used for more malicious things.

Sophos, an Anti-Virus firm, has examined several instances of the worm, and has found multiple varianats. They also found comments in the code suggesting that this was an experiment, and was created as a stunt to spotlight how insecure most jailbroken iPhone’s are.

A forum member on an Australian form, where the exploit was first discussed by the alias ike_x has taken credit for the iPhone worm and has been assisting users in removing it.

One individual going by the online surname JD interviewed Ikee over IRC chat, and published it to his blog, in which Ikee answers questions like why he did it.

First i was curious to how far something like this would actually spread, i think what most people were unaware of is the fact it IS a worm and every phone that got infected with it was spreading it (I initially only infected 3 phones when I woke up i checked google and found out a fair few people were hit with it)
Secondly i was quite amazed by the number of people who didn’t RTFM and change their default passwords.

Luckily for people outside of Australia, there have been no reports of the worm outside of Australia.

- source: TUAW

GeoHot has released his latest tool to jailbreak iPhone OS 3.1.2 on the Mac platform, so for all those Mac users wanting a 30s or less jailbreak can now do so. Along with Blackra1n for Mac OS X, Blackra1n was updated for the Windows platform to fix various bugs on the Windows application.

So, what is blackra1n? blackra1n is a 30 second ALL device 3.1.2 jailbreak. Even the ipt3, but the ipt3 is tethered. In order to boot it, just rerun blackra1n.

Warning 3g and 3gs unlockers, do not upgrade to 3.1.2 using iTunes if you want to keep your unlock. Check out the dev team’s offerings. Also blackra1n doesn’t hacktivate.

Updates to blackra1n:

• Unlock
• Hacktivation
• Keep legit activation if activated before running app
• 15 seconds faster
• Tiger + PPC support

Download:
GeoHot’s blackra1n for Mac Download

GeoHot’s blackra1n RC3 for Windows Download

- source: blackra1n.com

Current ORP Bounty: $1,515.

Update: All right; ORP the Bounty Hunter here… Dashhacks will put $1,000 towards the bounty, and should you want ORP on the iPhone as much as the next guy (or girl to be politically correct), then feel free to donate using the PayPal button below. The first person to deliver a working ORP iPhone client takes home the whole she-bang — $1,000 + all donations.

Are you a developer? Do you have skills? What about a PS3: you have one of those? If you answered yes to all 3 questions then boy, do we have something for [one of] you…

Dashhacks is putting out a bounty… Be the first to port Open Remote Play (ORP) to the iPhone, creating a fully functional touch-enabled ORP experience, and get paid $1,000 CAD. That’s 10 cold hard Canadian brown skins.

The heavy lifting is already done… Check my main man, Dashhacker; he’s got the key to success over at the Open Remote Play project page — code and all.

Bounty rules and stipulations:

1. Open Remote Play is licensed under the GNU General Public License v2; you must agree to that.
2. We’re paying $1,000 CAD via PayPal; sorry no cheques, money orders, or wire transfers.
3. Upon completion your final code will be committed to the ORP SVN repository.
4. You must email your final entry to orp@dashhacks.com.
5. After we test & confirm the first working client, we will announce the winner, which will effectively end the contest.
6. Feel free to email orp@dashhacks.com with any questions or concerns.

All right… You good? Good. Be the first — it’s success and nothin’ less.

svn checkout http://open-rp.googlecode.com/svn/trunk/ open-rp

Related links:
open-rp project page | dashhacks | ps3-hacks