It turns out the new boot ROM doesn't totally prevent the 24kpwn exploit employed by the Dev Team hackers. [See update below] The result? You can still jailbreak your late-model 3GS, but the device needs to be tethered to your computer in order to boot up. It's a major annoyance, especially given how crash-happy 3.1 phones—especially jailbroken ones—can be, but not necessarily a dealbreaker.

Anyhow, chances are it won't be this way for long—remember the iPod Touch 2G? It was jailbroken fairly quickly after launch, but it had a new, slightly more secure boot ROM, and there needed to be tethered in order to boot. A few weeks later, the hackers finished their thing, and there was moderate rejoicing. This chain of events, which is already under way again, is starting to read like a script.

UPDATE: Evidently, the boot ROM update does disable the 24kpwn exploit, which was the bit of code that allowed for untethered jailbreaks in the first place. For what it's worth, the Dev Team still sounds unfazed. [Gadget Lab]

You see, a firmware update, version 3.0.1, is inevitable, and will probably arrive from Apple sooner rather than later because Cupertino probably feels that it needs to plug a few major holes being exploited by ultrasn0w. So, the team has decided it's best to wait so that the few people who can benefit from the crack now don't become the only people who benefited from it.

Says the Dev Team:

Here's the critical point, the reason why we're delaying our version of the jailbreak: Once the jailbreak is out, Apple will fix the iBoot-family bug we use to accomplish it. They will simply stop signing the old iBoots and only sign the fixed ones. If you bought your phone after Apple has done this, there's nothing you can do…the jailbreak isn't going to work for you.

It is possible that Apple will find the bug we use without our handing it to them on a silver platter (via a public jailbreak). In that case, we will have delayed our jailbreak for "nothing". But we'd rather be safe than sorry!

Apple is surely coming out with a 3.0.1 firmware release shortly. They need to fix ultrasn0w. They need to fix some UI issues. 3.0 is buggy and 3.0.1 is coming. We're going to wait and see what 3.0.1 brings before figuring out the release date for our version of the jailbreak.

In the meantime, we have some remaining 3.0 jailbreak issues to investigate, including push notification. Thanks for being patient with us while we took a 3GS "timeout"!

Patience, people. The fun will arrive, just not tonight. The Star Trek: Wrath of Kahn analogy the Dev Team has decided to go with this evening is spot on, by the way. [Dev Team]

The Dev Team says that the 3GS is vulnerable to the same "24Kpwn" bootrom exploit that plagues the iPod Touch 2G—an unpatchable, un-updatable route of access for jailbreakers. Additionally, they expect to be able to unlock the phone with the ultrasn0w tool, using familiar techniques.

What seems a little odd about this is that the 3GS would be so susceptible to hacking, and in such way that had been identified months ago. The Touch 2G had additional protections that the iPhone 3G didn't, and it was released just a few months after. The 3GS, however, was released well over six months after the Touch 2G and quite some time after its predecessors exploits had been publicly identified, but doesn't appear to have substantially different protections.

There are two possibilities here: either the 3GS development and manufacturing schedule is longer and more rigid than the iPod Touch 2G's (the Dev Team says its bootrom was "cut" in August of 2008, before the 24kpwn exploit was identified) or, more compellingly, Apple just doesn't really care that much about jailbreaking anymore. I'll assume the former, and quietly hope for the latter. [Dev Team—Thanks, Bhoumik and Eric!]

For people with 10.5.6, you're going to have to re-enable DFU mode in order to run Jailbreak. The Dev Team blog has instructions on how to do that, but after you're done, you should disable DFU mode by running the steps backwards, as we documented here. It may screw up your machine if you don't. [iPhone Dev]

As with the yellowsn0w video we showed you last month, this video was brought to us by Dev Team member Muscle Nerd.

redsn0w, quite simply, bypasses the Apple anti-jailbreak protection that causes the device to stop booting up if a jailbreak were detected. It opens up a whole slew of applications that are not, or will never be, offered through the "official" channel, the App Store.

The official release for redsn0w is expected shortly. [Qik]

The Dev Team stumbled upon the break when making yellowsn0w, the iPhone jailbreaker, but says the touch's jailbreak is far too manual to be done by most people at this point. But this is the first big breakthrough and it's become a focus of the Team's efforts. Once again, Apple can't seem to make anything the Team can't break. [iPhone Dev Team Blog]

The target release date for the official unlock is New Year's Eve. The unlock will only be available to iPhone 3G owners that have 2.11.07 baseband or earlier (jailbroken). As you can see in the demo the hack is finished—Dev-Team members say all that's left to do is package it up into a nice, user-friendly package. [Dev-Team Blog]

While it took a little longer than the free iPhone EDGE unlock, it does sound like this is the real deal. The team is claiming a successful unlock—now the next step is to package it up in a user-friendly GUI app like Pwnage Tool.

The only catch is that it will work only with iPhone 3Gs with baseband version 2.11.07 or earlier, and it must be jailbroken. To ensure you preserve an unlockable version of the baseband, the Dev Team has warned against the usage of the QuickPwn jailbreaking tool and against updating via official firmwares without first waiting for Pwnage Tool to work with it. More guidelines for that are here.

Phew, after all this l33t my head is starting to spin, but the good news remains—iPhone 3G unlock is on the way! [Dev Team]

It's a very specific problem, too — the tool still runs, and users who have a pre-modified firmware created on another Mac or Windows machine are able to 'restore' their devices to a jailbroken state without any trouble. It's the creation of modified firmware, which is the central purpose of the Pwnage tool, that has been kneecapped.

Though the hardware is where one sees the most conspicuous changes in the new MacBook, this problem most likely stems from a subtle software modification. It's not clear what specifically changed, but a new build of iTunes, unique to the new MacBooks, seems like a likely culprit. Of course, this news comes just after we're once again reminded of the App Store's awesome competition-busting rules. Your move, Dev Team. [Howard and iPodTouchFans — Thanks, Charles]

Hanging out at sites like Giz may have instilled in you an insatiable, pocket-emptying gadget habit. But now we're entering a new era—the old guys on the TV are saying that soon we may not even have pockets, let alone money for them. Don't panic though: You've probably got a wealth of gadgetry sitting underutilized in your living rooms, closets and basements, just waiting to be given powerful new (not exactly authorized) features. For free.

I've collected the best firmware replacements, software mods and homebrew hacks from the DMCA-flouting, EULA-hating frontiers of gadgetland that'll breathe new life into your stable of hardware and maybe—just maybe—let you feel that lusty new-gadget rush again.

Turn Your Xbox, Old PC or Apple TV into a Genuine Media Center

Xbox Media Center is about as refined as an unauthorized hack can get, playing back virtually any audio and video format, running a bevy of console emulators and still playing your Xbox games. To be honest, this should almost be viewed as a natural update for every Xbox, which at its core is a slow but functional PC with an easy TV connection. (Any actual PCs you have lying around can run a PC-ported version of XBMC.)

Boxee is a very slick fork of the XBMC project for Mac, and it's available for Apple TV. As shipped, the Apple TV works fine within the closed iTunes ecosystem, but Boxee's support for virtually every video codec and free online video like YouTube, CNN, BBC, and Revision3 will suit your new, more destitute lifestyle a bit better.

Difficulty: Easy to Moderate. Installation is pretty straightforward in most cases, with simple Boxee and XBMC setup programs available for Windows, Mac and Linux. Before you load XBMC, though, you have to mod your Xbox with one of these methods, many of which require a specific game. After that it's all install wizards and lollipops.

Installing anything on the locked-down Apple TV used to take some serious finagling, but there are now tools that will create an automated Boxee installer on a flash drive. Just plug the drive in, restart and you're good to go.

XBMC Online Manual

Boxee

Make Over Your iPod, Archos, iRiver or Sandisk with Rockbox

It's hard to look at the current generation of media players and not admire their diverse capabilities and extensible software platforms. That's not to say that your 5th-gen iPod doesn't play back music perfectly well, or that your iRiver H10 still isn't a kickass media player, but they do feel a bit dated. Rockbox replaces your MP3 player's operating system with something more substantial, effectively making it a completely new device. You get endless codec support, advanced audio options, dozens of games, useful apps like a calculator and a text editor, plus you can choose from tons of different interface skins for a unique look and feel. Rockbox's tweaking possibilities mean you will earn admiring "what is that?" questions from friends, and it won't cost you a thing. If your player isn't supported yet just hold on—everything from the Zen Vision:M to the Toshiba Gigabeat S has a fairly active dev team.

Difficulty: Easy. Rockbox has an automated tool called the Rockbox Utility available for Windows, Mac and Linux. It does the work for you. Even better, it often automatically configures your player to dual boot with its original OS.

Rockbox Official Site

Convert Your PC or Notebook Into A Much More Expensive Mac

It's undeniable that Macs are too expensive. For many, they are considered a luxury item whose added cost doesn't justify the benefit. Luckily Apple's switch to an Intel platform opened up a world of unauthorized OS X installations which can turn your existing PC into a powerhouse Mac Pro workstation, or morph your MSI Wind or Asus EeePC into the Mac netbook that should be in their goddamn product line anyway. Check the hardware compatibility list to see if your PC is eligible for the upgrade.

Difficulty: Moderate to Hard. If you're not morally opposed to downloading iATKOS and Kalyway, which are pre-patched Leopard install DVDs (this is bit torrent territory), then the process is much like installing any other OS. If you insist on building your own patched install from a DVD you own, then, well, good luck. Always check hardware lists first, though, because driver support is everything.

OSX86 Project Page

Flash Your Crappy Router Into a Top-Line Piece of Hardware

The DD-WRT project exists for a simple reason: Most routers are physically very similar, but are priced differently because of functionality derived from software. The DD-WRT firmware unlocks the potential of the most basic routers out there—too many to name but damn if yours isn't on the list. As it turns out, your budget model is kind of impressive: Program-specific traffic throttling, professional level wireless security and radical signal boosting are just a few of the dozens of new features that can be enabled.

Difficulty: Easy. If you can't manage this one, then you don't deserve a router—installation just takes a few clicks on the device's default configuration pages. A word of caution, though: Make sure your router configuration page is totally compatible with your browser before the operation, as some choke on Firefox and can botch firmware upgrades. Stick to IE if you have the choice.

DD-WRT Project Page

Download Updated Maps For Your Old GPS

I'm referring of course to capital 'D' downloading here, mainly because at the moment GPS map updates are a racket. You could spend hundreds of dollars on map data that is freely available on Google Maps, Microsoft Live and MapQuest, among others, or you can just, you know, not. Map packs for Garmin, TomTom and Magellan units are floating around torrent sites and usually don't require much more than a simple CD image mount and run routine to set up. (Guilty conscience sold separately.)

Difficulty: Easy to Moderate. If you're just running a copy of a CD, then you'll be able to use the installation wizards. Some more involved methods for Windows CE-based devices require some SSH file transfers, but these are relatively rare.

Jailbreak Your iPhone for Wi-Fi Internet Tethering

Two internet plans are enough, but to sign on to a mobile internet contract when you've already got unlimited iPhone data feels kind of stupid. Jailbreaking your iPhone is now about as easy as performing a firmware upgrade, and there are actually multiple tethering apps. PDANet and iPhoneModem both work a treat, but keep in mind that excessive usage could draw AT&T's attention and ire: Tethering is not allowed on the data plan, even though it works fine. Both apps are available in Cydia, where you can also find a limited assortment of other apps that don't have a place in the app store.

Difficulty: Moderate. Jailbreaking can be managed through the Dev Team's fantastic Quickpwn tool, but it does take a few minutes and can go wrong if instructions aren't followed closely. After jailbreak, Cydia and Installer fill the role of the gray-market app store, functioning as simple package managers that are arguably as polished as their more legitimate younger brother.

PDANet and iPhoneModem take different approaches to tethering, but neither requires more networking expertise than it would take to, say, set up a router.

iPhone Jailbreak

PDANet

iPhoneModem

Turn Your Wii Into a Free Emulation Machine

It's more than a little infuriating to have to repurchase your childhood library of console games from the Virtual Console, especially when free PC emulators and accompanying ROMs abound on the old intertubes. All you need is a copy of Legend of Zelda: The Twilight Princess, an SD card and an SD reader and you're ready to install A Boy and His Blob: Trouble on Blobolonia, which is pretty much all anyone has ever really needed since this whole "Video Gaming Television Machine" thing got under way in the first place. Throw in extended media playback and some helpful widgets for an extra value-add.

Difficulty: Moderate. This is one of the only hacks here that needs additional hardware to work, even if it's basic. The good news is that once you find a copy of Zelda and load up your SD card, the process pretty much takes care of itself. Further app installs are taken care of through a intuitive dedicated channel.

WiiBrew WIki

A great resource for similar projects is our industrious sister site Lifehacker, where you can find a veritable treasure trove of tutorials and tricks. Have you postponed any gadget purchases until you're sure your bank is solvent? Have any other budget hardware resurrection techniques that we missed? Let us know in the comments.

[Hackint0sh]

Whats new? Visible changes are:

• Exchange Support
• Appstore
• Parental Controls
• SDK Support
• Calculator is more advanced
• CISCO VPN support
• Mail mass deletion

Features not included:

• There is no spotlight icon

[Gizmodo's iPhone Hacking Coverage and Hacint0sh]

pwned firmware means it's custom [firmware], you can have it install anything you would ever want :-) Pwned works with some magic, it will be hard to close but nothing is impossible (from Apple) with a mindtwist. But first, we will enjoy :)

They told us that this is all part of their previous Pwnage project, which instead of trying to hack into the iPhone, directly patches the firmware itself to both unlock it, so you can use the iPhone with any carrier you want, and allow you to install any applications you want. You can see how it works here:

According to the Dev Team, the custom 2.0 firmware (technically, 1.2.0,) is now up and running without problems in many of their iPhones, running unsigned applications without a single problem. However, current Installer.app applications need to be changed: "they changed lots of the API, a lot. We will see how much has to be changed to the Toolchain [the previous development tool for iPhone independent developers] to still work after 2.0."

The best news, however, is this: "the hacked 1.2 firmware works with anything. AT&T and others, it's pwned. And Apple will not really be able to patch it this time... somehow :-)"

I'm flabbergasted. As Han Solo would say, "that's one in a million, kid!" Once again.

The cool thing here is that Dev Team told us that this is 1) a true unlock and 2) Apple will have a very difficult time closing this hole. That's the news, not just jailbreak—in fact, it's not even jailbreak in the classic sense. It's built-in the hacked firmware, which allows for installation of any application, unsigned or "Apple Approved"

In other words, true carrier and applications independence. And for a long time.

Note: as you can see, the Dev Team is still working hard in making the iPhone a completely open, carrier-independent platform. If you want to help them, please send a Paypal donation to iphone.devteam@gmail.com or join them at hackint0sh.org.