All the signs are pointing towards the jailbreak for the 2nd generation iPod Touch being released very soon. The iPhone Dev Team – responsible for the Pwnage jailbreak – has uploaded a photo to their new website redsn0w.com. It now shows a chipset that one of the commenters on their blog has identified as being from the 2nd gen iPod Touch. This is excellent news. It brings the latest Touch up to par with all other devices running iPhone OS, and it shows that Apple’s chain of trust on the device can be broken.
You may remember that the jailbreak for the original iPhone could be done via the website jailbreakme.com, which took advantage of a flaw in Safari. Recently I was reading a Slashdot discussion on the iPhone 3G unlock. Coupled with the Dev Team’s talk at CCC, this brought home to me how far Apple has moved on in securing the 2nd gen iPod Touch, compared to the original iPod Touch and iPhone. I also wondered how far Apple will go. Could the iPhone 3G and the 2nd gen iPod Touch be the last ones that can be jailbroken?
It has taken four months to jailbreak the latest iPod Touch, and five months to unlock the latest iPhone. The iPhone Dev Team was hacking two different things – a new chipset in the iPod Touch, and the baseband in the iPhone 3G. But the central issue on both devices is that Apple signs every almost every binary.
As commenters on /. put it:
The kernel won’t execute a binary in userland unless it’s signed; the firmware loader won’t execute the kernel unless it’s signed; the low-level bootloader won’t execute the firmware loader unless it’s signed.
the only reason they’re able to break it is because the bootrom (initially run by the hardware) is modifiable yet not signature checked. I suppose that’s because they want to be able to upgrade the bootrom but signature checking is only implemented in software and not hardware. All the NOR and NAND flash memory and the processor is built inside an integrated chip, so it is possible that future revisions of the chip will also integrate a TPM to verify the signature of bootrom. Let’s suppose Apple will do that. You will then have a completely working DRM framework on the iPhone.
That is one reason why jailbreaking may be much harder on the next generation of iPhone and iPod Touch. Unlike a PC, you cannot practically swap out the hardware or install a mod chip to defeat the restrictions.
Saying that, even though Apple has implemented some of the tightest security to date in a mobile device, given time and hard work, it has been broken by some very smart people. I’m fairly confident that they will be able to find another hole, but we’ll just have to wait and see.