iPod Touch 2G (MC Model) Pwned for Ever !

Pod2g the guy behind the SHAtter exploit which will be used with Greenpois0n to create the new iOS 4.1 jailbreak for iPhone 4, iPod touch 4G and iPad, has discovered a new exploit that will pwn iPod touch 2G for ever, the new exploit called usb_control_msg(0xA1, 1) exploit. This is the fourth exploit discovered by Pod2G, really he is talented guy.

The new exploit technicality is complicated to understand through regular users, you can check this in the quote below to see how it works.

A heap overflow exists in the iPod touch 2G (both old and new) bootrom’s DFU Mode when sending a USB control message of request type 0xA1, request 0×1.

On newer devices, the same USB message triggers a double free() when the image upload is marked as finished, also rebooting the device (but that’s not exploitable because the double free() happens in a row). posixninja analyzed and explained this one.

You also have to know that the new exploit will also be used in the upcoming Sn0wbreeze 2.0, to jailbreak iPod touch 2G (MC Models) for ever.

Looks like sb2 will have otb support for ipt2g MC models too! :) thx @pod2g
@jonnyboywashere this exploit is only in the ipt2g, thats why pod2g published it on the wiki

Any way, we can sum up that the new exploit will pwn iPod touch 2G (MC Model) for ever