Whats PWNED ?

Pwnage is based on an exploit found in the lower levels of the iPhone/iTouch bootloader. We can now “pwn” Apple by patching the device to allow unsigned code. This opens the door to unlimited possibilities. Once your iPhone/iTouch has been “pwned”, you can do things like installing custom made .ipsw files - straight from iTunes.

How Pwnage Works...

Pwnage exploits a bad chain of trust in the boot sequence of the S5L8900 device. The boot sequence includes LLB and iBoot modules which are stored in device NOR flash and are typically encrypted (as of 1.1.*). However, they are not signed with RSA signature at that point, because the 8900 container is dropped away before the file is written to NOR flash. Pwnage exploits this vulnerability.

When an iPhone is PWNED, a new tool called BootNeuter is installed which allows the phone to be booted in a special mode and users can select in which bootloader they want to start the phone (3.9/4.6)

ZiPhone/iLiberty/iPlus are already there, why PWN ?
Look into the future, the new upcoming firmare of June (1.2) 2.0 can be unlocked using PWN !

Take a look at the video by the Dev Team:


0 comments

Post a Comment