I don't see it event anytime soon.
The old exploits aren't here anymore. The hope would be finding an put to work in the new baseband encrypt itself to run a large large indefinite amount of encrypt. But I think the bootloader is beautiful well secured down.
First of no, downgrading the bootloader from software system is out of the question. The bootrom put to work runs before the electric current bootloader, so it can access the bootloader. But when the bootloader boots, it locks down its sections of flash. So aft the bootloader runs, the bootloader can't be touched.
Secondly, the lone secpack that validates on 4.6 is >= 1.1.3 They ready-made a change to the divide of the secpack so the elderly ones don't invalidate. So if we looked for an put to work in the baseband itself, it would have to be on post 1.1.2
Firmware is spoken as it is uploaded, and this is what IPSF and AnySim take point of. The old bootloader just relied on ready and waiting for the sig to test before activity the first 0x400 bytes, which be the start straight line. The new bootloader also needs the "secpack" in 0x3c0000 to not test. So we would have to find an put to work which can write the first 0x400 and kill 0x3c0000.
The IPSF withdraw itself uses an RSA hack in bootloader 3.9 This has been thoroughly spotted in 4.6
Also even if we remuneration a way to inhumane force the NCK's in sane time, we can't get the aggregation to do the inhumane force off 4.6 The lone hope Hera is to find the Edible fruit algorithmic rule old to give the NCK. I don't think this is possibility, unless we have a enquire in Edible fruit :)
I hope I am wrong, and no ingenious somebody will come along with a software system withdraw.
My inbox has been awash with assorted questions about the 1.1.3 jailbreak, including many failures (I same here was endangerment, didn't I?). So I put this FAQ unneurotic to try and answer the least common ones.
Comments ()
Feb 19 2009