Ex-Chronic Dev Team member pod2g has just discovered another exploit (his fourth) that will pwn iPod touch 2G for life! It’s called the usb_control_msg(0xA1, 1) Exploit. The exploit is different from the SHAtter exploit which is expected to jailbreak iOS 4.1 on the newer iPhone 4 / iPod touch 4G and iPad. It is a buffer overflow that is triggered when a USB control message of the type 0xA1.. oh screw it, if you’re the techy type, you can just read the quote below to see how it works.
All I know is: it will pwn iPod touch 2G (MC Model) for here on till eternity, just like iPhone 3G and iPod touch 2G (Non-MC Model).
From The iPhone Wiki:
A heap overflow exists in the iPod touch 2G (both old and new) bootrom’s DFU Mode when sending a USB control message of request type 0xA1, request 0x1.
On newer devices, the same USB message triggers a double free() when the image upload is marked as finished, also rebooting the device (but that’s not exploitable because the double free() happens in a row). posixninja analyzed and explained this one.
Looks like sb2 will have otb support for ipt2g MC models too! 🙂 thx @pod2g
@jonnyboywashere this exploit is only in the ipt2g, thats why pod2g published it on the wiki.
Stay tuned as we will cover all the how-to guides once Sn0wbreeze 2.0 is RTW (released-to-web) tomorrow night.
You may also like to check out:
- How to Jailbreak iPhone 4, 3GS, iPod touch 3G / 2G, and iPad 3.2.1 with JailbreakMe 2.0
- How to Unlock iOS 4.0.1 on iPhone 3GS, iPhone 3G [Guide]
- How to Jailbreak (PwnageTool, Redsn0w), Unlock and Downgrade iOS 4.0.2 [Guide]
- How to Jailbreak and Unlock iOS 4.1 on iPhone 3G and iPod touch 2G with Redsn0w, Ultrasn0w, PwnageTool, GreenPois0n, and, SHAtter [Downgrade]
- How to Jailbreak iOS 4.2 with PwnageTool and Sn0wbreeze [Downgrade]