Hackers are still scrambling to break into Apple's iPad 2 code and now the scramble has become a race: Well-known iOS hacker George Hotz has apparently accepted a second hacker's challenge to be the first to dump the iPad boot ROM, which then will be reverse-engineered.
The challenge came from Joshua Hill, a Lexington, Ky., iPhone hacker, who uses the Twitter handle @p0sixninja. He's a member of the Chronic Dev Team hacker group which created the Greenpois0n iOS jailbreak.
ACCESSORIES: Drop-proof your iPad
In a tweet on April 30, Hill told his followers, "I challenged geohot [Hotz's online handle] to dump the iPad2 bootrom before me. Maybe having a worthy opponent will motivate me to work harder =P." Later that same day, he posted this news: "he accepted, he said he didn't have an iPad yet but he's getting one really soon." There's been no tweet from Hotz (@GeohotUS) about this.
Hill's invitation grew out of the difficulties he and others are having in dealing with the iPad's new processor and associated software. iPad 2 uses Apple's new dual-core A5 processor, the first in an iOS device. The original iPad, including Hill's own, has been jailbroken.
Hill has been working for some time on a jailbreak for iPad 2, which would let developers and users load applications outside of Apple's iTunes-based App Store. Though his Twitter posts say he's making progress, they also record the difficulty of the work. On March 29, he tweeted, "I really wish I had A5 bootrom to reverse, I should quit being lazy and just dump it myself." On April 8, he replied to another tweeter, "man, I gotta have other hobbies so I don't get burned out on hacking. This sh** is a fulltime job."
"A lot of progress has been made in the past few days, but we're still working on dumping iPad2 BootROM," he tweeted on April 13, followed by, "No ETA [estimated time of arrival for the jailbreak]. Timelines are unpredictable when your working with new and unknown hardware." That same day, he indicated some of the technical challenges in dumping the A5 boot ROM: "it's read only memory code burned into the hardware, protected, and abstracted on multiple layers."
About a week later, Hill tweeted, "Damn, this is one of the slowest progressing jailbreaks ever. I think I kinda miss geohot a bit :-("
Nine days later, he issued the challenge to Hotz. One Twitter follower, Mark Hensley (@markwhensley), has already proposed setting up a "donate account for geohot so he can buy an iPad 2."
Hotz and the Chronic Dev Team cooperated, in a way, in October 2010. The team was close to releasing GreenPois0n RC5, a jailbreak for all Apple devices running iOS 4.2.1, based on an iOS boot ROM vulnerability dubbed SHAtter that they had found. At the last moment, the group decided to delay release, and substitute a different boot ROM vulnerability, one uncovered by Hotz. At least some team members were not happy. The team Twitter account posted, "We still plan on releasing greenpois0n, but will probably have to just do the mature thing and use egohot's exploit, and save SHAtter." "Egohot" is a disparaging reference to Hotz's "Geohot" handle.
The RC5 jailbreak was finally released earlier this year.
John Cox covers wireless networking and mobile computing for Network World.
Email: [email protected]
Blog RSS feed: http://www.networkworld.com/community/blog/2989/feed
Read more about anti-malware in Network World's Anti-malware section.