iOS 9.3.5 iPhone 4S/5 Decryption Keys Are Published | What this means for Jailbreak / iCloud Bypass?

In today's video we're going to discuss about the iOS 9.3.5 iPhone 4S and 5/5C keys that were published on The iPhone Wiki. The keys were extracted by hacker xerub and it is a very nice contribution since these keys were missing for a LOT of time. 
The keys allow decryption of all iOS Firmware components including the Kernel and the iBoot, components that starting with iOS 10 are no longer encrypted anyways, so what can one do with these keys? Well, technically speaking you can decrypt the IPSW components and do patching. For example, you can generate bundles (ASR, iBEC and iBSS patches) because now you have access to iBEC, iBSS and ASR inside the RAMDISK using the keys. You can also build a CFW with Setup.App Removed BUT you WILL NOT BE ABLE TO RESTORE it due to a couple reasons: The first one: An exploit (iBoot or BOOTROM) is REQUIRED in order to restore a modified IPSW either way, error 14 will occur and you can't fix it. (That is on iPhone 4S where iOS 9.3.5 is the latest version). On iPhone 5 and 5C you can't restore iOS 9.3.5 anyways because iOS 10 was supported by these device which means iOS 9.3.5 is NOT signed anymore by Apple and therefore you can't downgrade to it.

Speaking about Jailbreak for 32-Bit still running iOS 9.3.5, there are a LOT of such devices because iPhone 4S, iPod Touch 5 and a couple iPads were dropped when iOS 10 came out so iOS 9.3.5 is the latest available for them. The fact that we have the decryption keys means hackers can now decrypt the kernelcache to find vulnerabilities without having to have an exploit to be able to dump it from the memory of the device, which makes matters way easier. Of course, that doesn't mean developers will jump on 9.3.5 to build a jailbreak right away, but once a developer has the motivation do to it, he'll have a easier way to poke the Kernel for its vulnerabilities.

To sum up, although very useful, these keys CAN'T be used for iCloud Bypass since a CFW would require an EXPLOIT to be restored (and such exploit are currently kept private, with good reasons), but it might help jailbreaking in the future for these legacy devices since the iOS components are now accessible to be disassembled and looked at, a thing that was just not possible up until xerub published these keys. So, a huge thanks to xerub!



==Resources==
iPhone 4S iOS 9.3.5 Keys
iPhone 5 / 5C iOS 9.3.5 Keys
iOS 10.3.2 / iOS 11 Jailbreak ACHIEVED (DEMOED AT MOSEC for 64-Bit Devices + iPhone 7)
iOS 9.3.5 Nalu Jailbreak Project Status – Why It Has Been Removed
How to DualBoot using CoolBooter

GeoSn0w

About GeoSn0w

C#, C, Objective-C Programmer | Beginner iOS Security Researcher | Content Creator | Web Developer I like to bring the latest news from the iOS / iDevice / Jailbreak battlefield to you in a beautiful manner :) I hope you like the site. If you do, don't forget to check out my channel :)

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>