Wednesday, November 24, 2010

Thanksgiving with Apple

From the ever fabulous iPhone Dev-Team:

With Turkey Day a few days off, today Apple publicly released FW version 4.2.1. As always, ultrasn0w unlockers please stay far far away from this official firmware (and all official firmware). Wait for the ability to create custom 4.2.1. IPSWs that don’t update your baseband! If you’re not an unlocker, read on!

The best news of all is for owners of iPhone3G, older iPhone3GS, and non-MC iPod touch 2G. Due to a combination of our original pwnage2 exploit, the arm7_go exploit, 24kpwn, and limera1n, your device is “just as jailbreakable as ever.” You reap the full benefit of an untethered 4.2.1 jailbreak.

Next are the owners of all the more recent devices. The good news there is that due to geohot’s limera1n exploit, all recent devices can be jailbroken (this will be true until Apple released new hardware that fixes geohot’s limerain exploit in the bootrom). The bad news is that right now, the 4.2.1 jailbreak is *tethered* on all of these recent devices. A tethered jailbreak means that each time your device loses battery power or needs to be rebooted, you must attach it to a PC or Mac to boot into the jailbroken state. @comex is working hard on a method that may untether the 4.2.1 jailbreak, but it will require you to have your 4.1 SHSH blobs in order to use it. No word on how much more effort it will take though (please don’t bug @comex about it!). (We also have an alternative method that may work, but @comex’s method is much more elegant.)

So when does all this 4.2.1 jailbreak action happen? Well if you’re a JB developer or tinkerer, you’ve already probably used the redsn0w mentioned in our last post to jailbreak 4.2.1 and at least get SSH working. But beyond that, there are still some last minute issues with MobileSubstrate and comex’s kernel patches that are being fixed. We’ll tweet and post a blog update when it’s all available (we hate to give ETAs, but barring any unforeseen problems, probably later today). It happens “now’…see Update #1.

In the meantime, please make sure you have your 4.1 SHSH blobs for all your devices. These will be important even for firmware beyond 4.1 (using both comex’s method and our alternative, depending on how each of them turn out.)

ultrasn0w unlock: After redsn0w is officially released with the new Cydia and kernel patches, we’ll be able to assess the unlock situation. It’s already looking very promising though, so expect the unlock for the 3G and 3GS to be coming this week. The i4 unlock is taking more effort though, and no further concrete info is available about that yet.

Feel free to ask questions in our comments section below, where we’ve got some awesome new additional moderators — sherif_hashim, dhlizard, and Frank55!

Update #1: redsn0w version 0.9.6b4 is now available for your 4.2.1 jailbreaking pleasure. Please read all the above to understand what this jailbreak currently entails.


Mirrors -



Update #2: The notion of a “tethered” jailbreak is pretty new to many people, so here’s a quick rundown on what to expect:

If you’re on an iPhone3G, old-bootrom iPhone3GS, or non-MC ipt2g, life is easy. redsn0w installed an untethered jailbreak and so nothing below applies.
“Tethered” does not mean you cannot boot at all without PC/Mac assistance. If you have not installed any tweaks that hook into important programs like SpringBoard or CommCenter, your device will actually boot. However, jailbreak programs like Cydia won’t work (and Cydia may still have a white icon). Also, certain built-in apps that had to be moved by Cydia will fail (Safari being the most noticeable example).
If you’ve installed MobileSubstrate tweaks that hook into SpringBoard or other important programs, your boot will actually fail (you’ll get stuck at the Apple logo). You need to use redsn0w to “Just boot tethered right now”.
Remember, @comex and others are working on a way to untether the 4.2.1 jailbreak. Meanwhile, the above 3 points hopefully will make it all seem less confusing :)

Wednesday, November 3, 2010

redsn0w+limera1n fun

From the Dev-Team:

It looks like geohot’s recent limera1n exploit for iPhone3GS/iPhone4/iPad/ipt3g/ipt4g/atv2g will be very beneficial to jailbreakers and unlockers for the next few months (at least). geohot’s limera1n program and the alternative greenpois1on program both use his same exploit (although greenpois0n refuses to tell you that, FWIW), and hopefully SHAtter can be saved for some later device.

In the meantime, we’ve also incorporated the limera1n exploit into redsn0w. But we’ve added a few extras:

* custom bootlogos for iPhone3G/iPhone3GS/iPod2G users (with qualifying bootroms)
* an option that implements the “DFU” button in PwnageTool. This button (which you can use from Windows) lets you prepare your device for a custom DFU. Even if you’re purely a Windows user, you can get a trusted friend to run PwnageTool over your IPSW to create a custom IPSW. You can now install that custom IPSW on your own Windows box, after you run this redsn0w version.

This latest redsn0w is available at:

* OS X (See update #3)
* Windows (See update #3)

For Windows users who have run redsn0w and chosen “Just enter pwned DFU mode right now”, your device is now completely vulnerable. Running iTunes and selecting a custom IPSW from PwnageTool (choose it by pressing Shift+Restore)….you’ve now convinced your device and iTunes to restore to a custom firmware. Congratulations!

If you are timid about software and running these programs…please just wait! Don’t jeopardize your carrier unlock for a firmware upgrade. Wait for even easier methods than this latest redsn0w release.

Update #1: Today Apple released to developers the GM seed for 4.2. Tinkerers will find that yesterday’s redsn0w jailbreaks today’s 4.2 GM seed, simply by pointing redsn0w at the 4.1 IPSW (rather than the 4.2 one). Right now it mostly only makes sense for JB app developers to do that because many apps (including Cydia itself) need to be updated for 4.2. However, if all you want to do is enable afc2 (to use iFunBox or other file browsers), or to tweak settings like Battery % and Homescreen wallpapers, then go for it (if you have valid paid access to the GM seed). Be sure to uncheck the Cydia box, though! Ultrasn0w unlockers should stay very far away from this!!

Update #2: By all accounts, we’re within a few days of Apple’s official public release of Firmware 4.2. Here’s what you need to know:

* Thanks to geohot’s limera1n exploit, and our original pwnage2 exploit, and @pod2g’s ipod2g-MC exploit, absolutely all devices at all iOS firmware versions are capable of being jailbroken.
* The untethered jailbreak of those very latest FWs and latest devices depends on @comex hacks. His hacks so far extend only to 4.1 and 4.2beta3. He’s working on a way to extend it to 4.2 and beyond. Just wait for him to work out his method.
* iPhone 3G and 3GS unlockers will be covered by our upcoming unlock. Stay away from any updates to Apple FW until our official release and you’ll be okay. Just stay away from all Apple IPSWs :)
* iPhone4 unlockers are not left out in the cold. @sherif_hashim has found some very promising avenues to pursue. Those will be explored as soon as possible after all the 4.2 madness.

What does this mean to you?

* If you’re an unlocker, just stay where you are. Please, just stay where you are. Any mistakes you make now may be permanent.
* If you only care about the jailbreak and you’re absolutely sure you have your personalized 4.1 SHSH hashes, feel free to experiment but keep in mind that any mistakes you make may result in your losing pictures or notes or bookmarks that you’d rather keep. Honestly unless you love living on the bleeding edge, it’s better to just wait for official updates from Cydia/redsn0w/PwnageTool.
* Don’t buy or donate to any unlock or jailbreak scammers. Every legitimate solution you will find for unlocks or jailbreaks will be offered without an extended hand. That’s how the iPhone jailbreak/unlock community has succeeded. It’s about freedom to do what you want with your $300 device — not about donations, egos, tweets, or “interviews.”

Update #3: (Warning: if you use the ultrasn0w unlock, please read no further…this doesn’t apply to you yet!) We’ve made some updates to redsn0w to make it easier for jailbreak developers (and tinkerers) to get their programs ready for 4.2.1. As noted above, the public version of Cydia (and MobileSubstrate too!) is not 4.2.1-compatible. redsn0w will now let you install your own custom bundles independent of Cydia (the bundle can actually be Cydia if you’ve compiled it on your own). These bundles can be up to 15MB in size, and should be in the form of a gzip-compressed tar file.

The new redsn0w 0.9.6b3 is available at:

* OS X
* Windows

It’s very important that you get the file permissions and ownerships right in your custom redsn0w bundles. To give you a practical example of such a bundle, here’s one that includes OpenSSH, OpenSSL, and the basic apt installer programs:

* SSH bundle

redsn0w has also been updated to recognize the 4.2.1GM IPSWs. *However*, as noted above, the 4.2.x jailbreak is not yet untethered for most devices! That means until someone like @comex comes up with a way to untether it, you must use redsn0w (or a similar utility) to boot your device into a jailbroken 4.2.1 state. (The only exceptions to this are the iPhone3G, non-MC iPod touch 2G, and old-bootrom iPhone3GS. redsn0w will jailbreak those untethered!)

With the above redsn0w and SSH bundle, jailbreak developers and tinkerers can jailbreak and SSH into their 4.2.1 devices, provided they’ve done a tethered boot (using redsn0w’s “Just boot tethered right now” option).

Note: The Cydia that’s included in 0.9.6b3 is the same one as in 0.9.6b2, and so it will *not* work on 4.2.1. Don’t try installing it on 4.2.1! Instead, use the SSH bundle, or compile Cydia on your own. If you’re familiar with the apt utilities, you can use “apt-get” to install many programs from the command line. Be sure to do “apt-get update” first to refresh your sources!

It’s not meant for the masses because it involves rather nerdy things like command lines and tar files. But for those who know how to use this new redsn0w feature, have fun!