Redsn0w

redsn0w is a jailbreaking tool released for macOS and Windows. Originally released as QuickPwn, the name was change to redsn0w with version 0.7 due to exploitation of the name by.

Version 0.7 added unlocking of supported devices.

Version 0.8 added support for jailbreaking the iPhone 3GS.

Version 0.9b3 was released for Windows and macOS, and it allows iOS 3.0 through 3.1.2 to be jailbroken. It includes support for all devices except the iPod touch (3rd generation), and supports a tethered jailbreak on iPhone 3GS units and iPod touch (2nd generation) units with new bootroms. In addition, this version supports custom boot and recovery mode logos, as well as verbose mode on bootup.

Version 0.9.2 supports jailbreaking of all iDevices (at the time) with iOS 3.0 through 3.1.2 on Windows and macOS, as well as 3.1.3 on S5L8900 devices. Version 0.9.3 adds support of internet tethering IPCC hack on those devices and 0.9.4 allows jailbreaking of early iPod touch (2nd generation) with iOS 3.1.3.

Version 0.9.5b5-5 supports jailbreaking the iPhone 3G and iPod touch (2nd generation) (old bootrom) with iOS 4.0 on Windows and macOS.

Version 0.9.6b6 supports jailbreaking iOS 3.2.2, 4.1, and 4.2.1 for every device that supports those versions (except Apple TV (2nd generation)), on Windows and macOS.

Version 0.9.10b1 adds support for iOS 4.2.6 through 5.0.1 (though iOS 4.2.9, 4.2.10, 4.3.4, 4.3.5, and 5.0 are tethered on devices invulnerable to the 0x24000 Segment Overflow). This build of redsn0w is not capable of jailbreaking S5L8940 or newer devices.

Exploits used
For iPhone, iPod touch, and iPhone 3G:
 * Pwnage
 * Pwnage 2.0

For iPod touch (2nd generation):
 * 0x24000 Segment Overflow
 * ARM7 Go - used to upload the oversized LLB required to utilize the 0x24000 Segment Overflow.
 * usb_control_msg(0xA1, 1) Exploit - used (in redsn0w 0.9.6b) to upload the oversized LLB to utilize the 0x24000 Segment Overflow, as well as a tethered jailbreak on units with the new bootrom.

For iPhone 3GS:
 * 0x24000 Segment Overflow
 * iBoot Environment Variable Overflow - Exploit has a different implementation from geohot's implementation in purplera1n.
 * usb_control_msg(0x21, 2) Exploit
 * limera1n exploit

For iPod touch (3rd generation):
 * usb_control_msg(0x21, 2) Exploit
 * limera1n exploit

For iPhone 4, iPod touch (4th generation), iPad and Apple TV (2nd generation):
 * limera1n exploit

For iPad, iPad 2, iPad (3rd generation), iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and iPod touch (4th generation):
 * Corona
 * Racoon String Format Overflow Exploit
 * HFS Heap Overflow
 * BackupAgent