alloc8 – Untethered Bootrom Exploit for iPhone 3GS Released

alloc8 BootROM exploit brings freedom to the iPhone 3GS forever. Even though it has been discovered a bit too late, let’s find out how it works.

How alloc8 Bootrom Exploit Works

alloc8 exploits a powerful vulnerability in the malloc function implemented in the BootROM. This bootrom exploit affects iPhone 3GS (based on old and new bootrom) only.

iphone 3gs jailbreak

It’s not an average heap bug, it’s a bug in the implementation of heap.

Although, axi0mX has found an exploit for legacy devices, it’s still a great achievement.

Hardware-level exploits are very rare in Apple’s devices. Most of the jailbreak tools we use are based on userland exploits.

Hacker axi0mX has implemented this exploit in ipwnedfu jailbreak tool. The ipwnedfu tool is in beta development stage and works with command line only.

ipwnedfu vs p0sixpwn Jailbreak

The main difference between ipwnedfu and p0sixpwn jailbreak is that Apple can never patch ipwnedfu.

If Apple releases a future update for iOS 6.1.6, it can patch p0sixpwn but not alloc8.

untethered jailbreak

alloc8 is a hardware-level exploit that can be patched only if Apple changes the hardware.

Now that Apple is not going to release a new version of iPhone 3GS, alloc8 will forever remain unpatched.

Is alloc8 Useful?

It’s a PoC (proof of concept) and you should steer clear of it. It can brick your device if you don’t know what you are doing.

I have an old 3GS lying around somewhere. If I get my hands on it, I will surely jailbreak it with ipwndfu tool. Other than that, it’s useless and does nothing that can’t already be done.

Hopefully, the developers should find something similar for the iPhone 7 and iPhone 7 plus. Yalu jailbreak for 10.1.1 firmware can be a bit buggy at times.

Leave a Reply