Well understood developer iH8sn0w has managed to untether jailbreak iOS 9. He has actually published a video of it revealing the jailbreak working on last iOS 9 GM version which Apple launched just the other day.
The public release of iOS 9 is set for September 16, which in itself is great news. There’s also some additionally great news for those iPhone and iPad owners who love nothing more than liberating their hardware from Apple’s walled garden of control. Prominent developer iH8Sn0w, who has previously been responsible for the work behind tools such as Sn0wbreeze and P0sixspwn, has released a video demonstrating an untethered jailbreak on Apple’s latest iOS 9 platform.
The video has been uploaded to the developer’s personal YouTube channel and comes in at just over three minutes long. As we have come to expect from the jailbreak community, it’s one thing to say you have the necessary vulnerabilities and tools to jailbreak a device, but another thing altogether when it comes to proving such a claim. The video acts as proof of the claim, showing off a fully untethered jailbreak featuring verbose booting, integration of custom boot logos, and code injection.
Here’s a video of it in action:
A recent admission from the Pangu jailbreak team that Apple had patched two exploits used in its latest iOS 8.4.1 untethered jailbreak led a number of those within the jailbreak community to believe that liberating iOS 9 would be extremely troublesome. With that said, it seems that iH8sn0w has managed to get to grips with the new security measures within iOS 9, or lack of them, and bypass them in almost record time. As part of the video upload the developer had a few things to say about his research into the platform and his findings:
Worth noting, iOS 9+ arm64 iDevices now enforce a checksum on __TEXT/DATA.const regions of the kernel through the use of TrustZone. Modifying said sections will cause the device to panic (either at kernel or EL3 will force a reboot if the kernel refused to gracefully panic). Essentially, it’s KPP (Kernel Patch Protection). You can race it though if you want to play with things. Just be quick! ;P
Also, there should technically now be two additional partitions (baseband_data [s1s3] and logs [s1s4]) but didn’t really bother with those as they weren’t critical.
Given the fact that the public release of iOS 9 is likely to be a copy of the recently released golden Master seed, it’s highly likely that the same tactics used to provide the untethered jailbreak in this video will actually be able to afford the same luxury to end-users when iOS 9 finally drops. No doubt we’ll hear more from iH8sn0w on the subject as the time approaches.