Tons of people are asking me on twitter if they can do a custom boot logo on their newly jailbroken device which was done by JailbreakMe.
I’m going to explain why userland jailbreaks can’t have custom boot logos and why they can’t restore to custom firmware.
When your device is given power, the device’s bootrom is mapped to an address in the RAM. Then the bootrom signature checks LLB. LLB is then overwritten on top of the Bootrom. Then LLB signature checks iBoot.
In order to display a custom boot logo, iBoot needs to be patched. However, if LLB detects that iBoot is pwned, it will enter a DFU loop. If you didn’t pwn iBoot but added a custom bootlogo, You would see a black screen instead of a custom logo because custom logos are not signed code.
Why not pwn LLB? Well, all devices except the 3GS (New Bootrom)/iPad/iPhone 4/iPod 3 cannot because the bootrom can detect that LLB is not valid, and therefore enter a DFU loop. However, All other devices have an exploit available to bypass the check.
Those devices include the iPhone 2G/3G/3GS (old bootrom) & iPod Touch 1G/2G (MB).
Awhile ago, when Spirit came out. msft.guy developed Spirit2Pwn which allowed devices listed above to accept Custom Firmwares or Custom Boot logos. Surely, this can easily be upgraded to work on 4.0 for those devices above, but not with the new ones. Why?
Spirit2Pwn basically flashes the NOR which contains your BootLogos/LLB/iBoot/and more. Remember, if new bootrom devices have an invalidated LLB, it will enter a DFU loop. Not allowing the device to boot until a restore.
So people with an iPhone 3GS (new bootrom)/iPod Touch 2G (MC)/iPod Touch 3/iPad/iPhone 4 cannot have custom boot logos at this time.
What is required?
Simple. A bootrom or iBoot exploit.
However, as far as I know, the private bootrom exploit is tethered. But there is also another iBoot exploit demo’d by geohot on his YouTube channel which can make it untethered for ONE firmware. So, The new devices would most likely only have custom boot logos while booting tethered.
What is tethered?
Booting your device with the assistance of your Computer.
ACCEPTING CUSTOM FIRMWARE WORKS THE SAME WAY.
*For those thinking that since they see this on their device on boot :
| its just some shell code that comex’s new jailbreak uses. It stores it in the framebuffer which makes you see that.*
This should clear things up if you read it all.