Ex-Chronic Dev Team member pod2g has just discovered another exploit (his fourth) that will pwn iPod touch 2G for life! It’s called the usb_control_msg(0xA1, 1) Exploit. The exploit is different from the SHAtter exploit which is expected to jailbreak iOS 4.1 on the newer iPhone 4 / iPod touch 4G and iPad. It is a buffer overflow that is triggered when a USB control message of the type 0xA1.. oh screw it, if you’re the techy type, you can just read the quote below to see how it works.

All I know is: it will pwn iPod touch 2G (MC Model) for here on till eternity, just like iPhone 3G and iPod touch 2G (Non-MC Model).

iPod touch 2G

From The iPhone Wiki:

A heap overflow exists in the iPod touch 2G (both old and new) bootrom’s DFU Mode when sending a USB control message of request type 0xA1, request 0x1.

On newer devices, the same USB message triggers a double free() when the image upload is marked as finished, also rebooting the device (but that’s not exploitable because the double free() happens in a row). posixninja analyzed and explained this one.

Oh and the good news is that upcoming Sn0wbreeze 2.0 will be using this exploit to jailbreak iPod touch 2G (MC Models) for life!

Looks like sb2 will have otb support for ipt2g MC models too! 🙂 thx @pod2g

@jonnyboywashere this exploit is only in the ipt2g, thats why pod2g published it on the wiki.

Stay tuned as we will cover all the how-to guides once Sn0wbreeze 2.0 is RTW (released-to-web) tomorrow night.

You may also like to check out:

You can follow me on twitter or join our facebook fanpage to keep yourself updated on all the latest iPhone jailbreaking and unlocking releases.

Related Stories