The iPhone Dev-Team has verified that the exploit earlier found in the iPod Touch 2G, called 24kpwn, has been left unpatched by Apple and is still applicable to the bootrom of the iPhone 3GS.
About 5 hours ago (Thursday evening, less than a week after the 3GS launch), we were able to verify that the 24Kpwn exploit that the hybrid team used on the iPod Touch 2G is still applicable to the bootrom of the iPhone 3GS. That means we can use the same sort of technique used by our current redsn0w tool to jailbreak and unlock the iPhone 3GS.
This is great news, but how did it happen? Why didn’t Apple fix this in their normal cat&mouse fashion? Well it seems this bootrom was cut in about the August 2008 timeframe, so the unintended early reveal of 24Kpwn earlier this year didn’t affect the iPhone 3GS.
Meanwhile, GeoHot, the first person to jailbreak the original iPhone, has found a new security layer on the iPhone 3GS, called ECID field. According to him, when iTunes starts the restore process, it contacts Apple servers to generate signatures for the particular device. It’s important to get these signatures before a new version of the software comes out.
Since I don’t have an iPhone 3GS, you can check out the guide from iClarified on how to generate the unique certificate for your iPhone 3GS.