Unfinished JailbreakMe 3.0 Jailbreak has been Leaked
@Comex much anticipated JailbreakMe 3.0 jailbreak, which was being developed to jailbreak the iPad2, has now been leaked onto the internet. A Computer Science major, Ryan Lobbins, from Arizona was digging around on one of the websites Comex linked to earlier this week and discovered that he had been storing the not-even-finished saffron jailbreak files on this site. He downloaded the files and uploaded them to his own website and from there the files spread like wild fire. Comex has already announced that this jailbreak was not yet finished and is very buggy.
Unfortunately, this means that iOS 4.3.4 is right around the corner and Apple could possibly patch the exploit before the jailbreak is ever even released. Because of this, we must remind everyone(especially iPad2 users) to back up their SHSH blobs for 4.3.3 immediately. Since JBME is a userland exploit, Apple will probably act much faster to get the new firmware update out that patches the exploit.
In the future, leaks like this will be even more hurtful to the community with Apple's new initiatiatives to prevent firmware downgrading once iOS 5 is released.
In unrelated news, the domain jailbreakme.com is now for sale via auction from GoDaddy. Comex has already stated that he is not the owner of the domain, nor has he ever been the owner, so the sale of the domain is seemingly unrelated to the exploit leak.
The entire story, according to Ryan, can be seen below:
This all started late one night on the 27th of June. I was playing Star Craft with some friends reading Comex's twitter updates like every other person waiting for the jailbreak. That is when I had a crazy idea just to search a site he posted in a previous tweet. That site was www.qoid.us , during my initial search, the main thing that came up was comex's bannerbomb exploit for the wii. This lead me to believe even more that the site was his. The next thing I did was just do a search for directories on his site and that is when I stumbled upon it. I saw a folder called saffron that grabbed my attention, mainly because jbme 2.0 was star.
So what would you do if you stumbled on a website that had all the data for the jailbreak people have been waiting months for? At first I wasn't sure what to do, let alone believe I found the files. The only true indication that I found them was all the pdf files, deb files named after different iOS devices, and a php file. The last thing I wanted was to just send out all the files saying here they are. As someone who has worked on a project for years in the past I would hate for my work to leak out before my self or the team was ready. Comex had been working on this for almost a year.
The first thing I did was the obvious, test the files. From comex's tweets at the time I figured they were close to completion and wouldn't completely brick my iPad. The next was I made a copy of the files for my own purpose of trying on other devices, not to leak them. I didn't know if comex would have the files moved before I woke up the next day. Then as proof to my friends who had no reason to even want the jailbreak, but wanted to see it I uploaded them to this site. Worst mistake ever.
Now comes the next day, what would you do with the information you gained from decompiling and decompressing the files. You don't want to leak them, but there has been no information on any updates. People are starting to doubt the jailbreak is even real. What I did was just spread information about the jailbreak, no pictures, no files, just me posting on forums what I know. Of course there were people calling me names saying I am a troll and other names. Next I sent off private messages to two people on the forums I was posting on. At that point after a few messages the only thing I sent was a picture. That was the first and only thing I sent. The picture was of the new jailbreakme website, with the url removed so the site didn't get out. That was the end of it on June 28th.
I went on vacation on the 30th and won't be home until July 15th, but my curiosity started to get the better of me last night. I have these files that didn't work on my iPad, but I wondered if they would work at all. I contacted another person on the forums who was multimediawill aka appreviewer will aka Will Sayer. He tried one of the pdf files and it jailbroke his iPad. I was surprised, he was surprised. He swore up and down he wouldn't leak it, and I went to bed. That is when I woke up and saw my list of emails streaming in. Immediately the files were deleted, I felt stupid and horrible that my curiosity got the best of me and caused this. I never intended for it to get leaked out this big. In all I apologize to comex for my actions. I don't want attention, and never wanted to spread his work like Will did. I was just curious, and this curiosity caused this. So in the grand scheme of things the leak was probably 10% my fault, I found the files, made a copy and re-hosted them, but Will was the exact opposite. He wanted attention and spread the news to tech blogs made videos and even spread the links to the files on my site.