New BootRom Exploit For Untethered Downgrades / Jailbreak (S5L8920)

In today's video I have some very interesting news about alloc8, a new Bootrom Exploit created for S5L8920 (iPhone 3GS). This is the second most powerful BOOTROM Exploit ever released for iOS, and has some cool features, such as untethered iOS Downgrades without SHSH blobs, untethered Jailbreak, SecureROM Dump, NOR Dump, and so on. The exploit, developed by axi0mX is fully compatible with the NEW Bootrom of the iPhone 3GS. For those of you who don't know, iPhone 3GS comes in two different revisions: OLD Bootrom (vulnerable to 24kpwn exploit, pretty rare nowadays) and NEW Bootrom (most common, began shipping on September 2009, the only untethered exploit, 24kpwn is not compatible with it). 

Why is this even important?
Although we're speaking about iPhone 3GS, a BOOTROM Exploit is something VERY VERY rare! In fact, there were only 2 available, and the last time someone found a vulnerability exploitable in the BOOTROM was 2009! That's 8 years ago, no wonder this is an important day. This means the end of the tethered downgrades on iPhone 3GS, both old and new bootroom forever. This can easily be considered better than limera1n exploit because it is untethered. Soon this exploit will allow Verbose Boot and custom boot logo on untethered jailbreak for the S5L8920.

Of course, being a BOOTROM exploit, it can be used for CFW flashing as well. Let's understand the differences: There are iBOOT Exploits and BOOTROM exploits. iBOOT means software, an iBOOT exploit can easily be patched by Apple. BOOTROM means hardware level, which means it can't be updated without a hardware revision, and therefore a bootrom exploit = jailbreak / downgrades for life as Apple isn't able to close the vulnerability down.

==Resources==
axi0mX's post: https://goo.gl/ZHMPq4
The Tool for Jailbreaking with alloc8: https://github.com/axi0mX/ipwndfu
Alloc8 Exploit's Documentation: https://github.com/axi0mX/alloc8
24Kpwn Documentation: https://goo.gl/jqQcY2
iOS Application Hacking – Bypassing In-App Locks (Reverse Engineering): https://youtu.be/DVoCJJhN9HI

GeoSn0w

About GeoSn0w

C#, C, Objective-C Programmer | Beginner iOS Security Researcher | Content Creator | Web Developer I like to bring the latest news from the iOS / iDevice / Jailbreak battlefield to you in a beautiful manner :) I hope you like the site. If you do, don't forget to check out my channel :)

Leave a Reply