Congrats to the dev team for finding the ultimate exploit in the S5L. We may not agree on many things, but I certainly respect your skills.
Pwnage uses an incredible exploit actually at the DFU level, which means it’s locked into the hardware. I have managed to reproduce the exploit, but in no way understand it. I can’t wait for your explanation. This is akin to finding a soft-exploitable exploit in the bootrom of the baseband.
Apple attempted to cover it up by having the new WTF downloaded as soon as iTunes sees the phone(0×1227) vs DFU(0×1222). I thought they might be covering an exploit but then just figured they didn’t want the iBoots unencrypted. Good thing dev looked closer.
Also it’s unbelievable they left the LLB unsigchecked in the 3G. They have all the code in the DFU to sig check, they just don’t call it.
This is also great news for iphonelinux. We’ll be able to boot code without the need for any of Apple’s copyrighted software(and maybe without their cert).
Today is a good day for iPhone