Most iOS users have been eagerly waiting for an untethered jailbreak of their devices even since Apple rolled out iOS 5.1.1. Updating to a latest firmware version ends a jailbreak and that’s why many have been waiting for the jailbreak so that they can finally upgrade to iOS 5.1.1. We reported earlier that Absinthe 2.0 is expected to arrive at the Hack in the Box hackers event in Amsterdam and now it has proved to be true.
To bring out the version 2.0 of Absinthe, two of the most able iOS hackers’ teams, Chronic Dev Team and iPhone Dev Team worked together. With the help of Absinthe 2.0, users can now accomplish untethered jailbreak on their iOS 5.1.1 devices. An untethered jailbreak means that a user doesn’t have to boot his iDevice through an external machine every time to keep jailbreak, rather the jailbreak remains intact even if he reboots or restarts the device.
The good news is that Absinthe 2.0 is effective with nearly all the device that run iOS 5.1.1 and have a A4 or A5 chip, which also include the latest iPad from Apple. By accomplishing a jailbreak, users can then download a number of such apps and extensions which are not available in the official App Store.
The devices on which the jailbreak works:
Absinthe 2.0 is effective in jailbreaking a number of devices which include all iPad tablets, iPhone 3G, iPhone 4 and iPhone 4S, 3rd and 4th generation iPod touch, and 2nd generation Apple TV. Apple’s 8GB iPad 2 is a rather recent release and features an A5 chip, so support for it is not yet available and may be here in a few days.
During the Hack in the Box event, hackers not only released the Absinthe 2.0 version, they also went on to explain how they made it work. In their own words:
“GreenPois0n Absinthe was built upon @pod2g’s Corona untether jailbreak to create the first public jailbreak for the iPhone 4S and iPad 2 on for the 5.0.1 firmware. In this paper, we present a chain of multiple exploits to accomplish sandbox breakout, kernel unsigned code injection and execution that result in a fully-featured and untethered jailbreak.
Corona is an acronym for “racoon”, which is the primary victim for this attack. A format string vulnerability was located in racoon’s error handling routines, allowing the researchers to write arbitrary data to racoon’s stack, one byte at a time, if they can control racoon’s configuration file. Using this technique researchers were able to build a ROP payload on racoon’s stack to mount a rogue HFS volume that injects code at the kernel level and patch its code-signing routines.
The original Corona untether exploit made use of the LimeRa1n bootrom exploit as an injection vector, to allow developers to disable ASLR and sandboxing, and call racoon with a custom configuration script. This however left it unusable for newer A5 devices like the iPad2 and iPhone 4S, which weren’t exploitable to LimeRa1n, so another injection vector was needed.”
Absinthe 2.0.1 for Windows