jailbreak for fun and profit
Most jailbreaking tools are tied to a specific firmware release. You can either read your firmware version and then download whichever tool works for you – what most people do or upgrade / downgrade to a version for which you can easily find a jailbreaking tool. I have an iPhone and and iPod and don’t have time or the desire to play with too many applications, especially pirated. I have enough free applications and games to choose from and of the apps on my iPhone, I hardly use only 4 or 5 frequently. As such, I kept my devices as bought for a long time. I recently decided to jailbreak my iPod as I was under the mistaken belief that you cannot use Skype or any VOIP on 3G and was thinking of using the iPod as training for jailbreaking the iPhone. After learning that I can actually use a SIP client, I have no reason to proceed with the jailbreak.
Based on my research, I recommend the following steps:
1. f0recast
Download and run f0recast with your phone connected to your computer and iTunes closed. For my iPhone and iPod I got the following results:
 |  |
This means that both my iPhone and my iPod can be jailbroken. They are also both not tethered, which means that if the battery drains or if I turn the device off, I will not need a computer to boot it up again. Though I’m not sure, I suspect “unlocking” in this context refers to the ability to unlock the phone from my cell phone provider, which would allow me to insert another provider’s SIM card and use it natively (non-roaming) on their network. The application suggests using blacksn0w, the other option, valid only in different circumstances, being ultrasn0w.
2. update (or downgrade) firmware
If necessary, update your device to the latest firmware you can find a jailbreaking tool for. You normally accomplish this by clicking Restore in iTunes device page while holding the Shift key. If that does not work, consider using iREB, which you can download using the link in sources, below. (This step is unconnected to the previous, so you could’ve started here.)
Jailbreaking has a bad habit of not working unless the firmware has been freshly restored. Keep in mind though that restoring is more difficult for the later firmware versions. Some firmware upgrades, such as 3.1.3, are currently a one-way street: once you upgrade, the baseband gets upgraded as well and you cannot downgrade easily. See the previous article for more information on this topic.
3. weapon of choice
To commence jailbreaking, you might want to connect your device by USB, then close iTunes. In Windows XP, it is a good idea to stop iTunes Helper, the service that causes iTunes to start (you can do so by launching services.msc from the Run.. dialogue box, invoked by pressing WindowsKey + R).
My first attempt was with a very old version of redsn0w (possibly the first), which I found in one of my folders – I first wanted to perform this action long time ago but did not, due to lack of time. That was, as expected, unsuccessful:
>redsn0w.exe
redsn0w v0.1
implementation (c) 2009 iPhone Dev Team
vulnerability: pod2g, MuscleNerd
exploit: planetbeing, CPICH, posixninja, chronic
Either connect your iPod in DFU mode to the computer or just push enter
for assisted entry into DFU mode
Hit any key to continue...
DEVICE PREPARATION
------------------
0. Make sure your iPod both turned off and connected to the computer.
Hold down the Hold (top left corner) button until the 'Slide to power
off' message appears, and then slide the button to turn off the
device
Hit any key to continue...
1. Follow the next steps carefully. Things will appear and disappear on
the iPod screen, not necessarily timed with your actions. Ignore
them and focus on the directions
Hit any key to continue...
2. Hold down the Hold (top left corner) button for 3 seconds...
2...
1...
3. WITHOUT releasing the HOLD button, also hold down the Home
(bottom center) button for 10 seconds...
9...
8...
7...
6...
5...
4...
3...
2...
1...
4. WITHOUT releasing the HOME button, release the Hold button. Keep
holding the Home button for 30 seconds...
29...
28...
27...
26...
25...
24...
23...
22...
21...
20...
19...
18...
17...
16...
15...
14...
13...
12...
11...
10...
9...
8...
7...
6...
5...
4...
3...
DFU MODE SUCCESSFUL
------------------
Connecting to server [done]
Downloading iBSS [100%]
Downloading kernel [100%]
Downloading epoch change boot environment [100%]
Downloading ramdisk boot environment [100%]
Downloading NOR manifest [100%]
Downloading LLB.n72ap.RELEASE.img3 [100%]
Downloading iBoot.n72ap.RELEASE.img3 [100%]
Downloading DeviceTree.n72ap.img3 [100%]
Downloading applelogo.s5l8720x.img3 [100%]
Downloading recoverymode.s5l8720x.img3 [100%]
Downloading needservice.s5l8720x.img3 [100%]
Downloading batterylow0.s5l8720x.img3 [100%]
Downloading batterylow1.s5l8720x.img3 [100%]
Downloading glyphcharging.s5l8720x.img3 [100%]
Downloading glyphplugin.s5l8720x.img3 [100%]
Patching kernel [done]
Preparing ramdisk [done]
NOTICE: If Windows says 'USB Device Not Recognized' during a 'Waiting for
reboot' stage, unplug the iPod from the computer and then plug it
back in.
Jailbreaking device
Killing iTunes [done]
Waiting for DFU device [done]
Uploading first stage [100%]
Waiting for reboot [done]
Performing initial exploit [done]
Uploading second stage [100%]
Waiting for reboot [done]
Uploading third stage [100%]
Waiting for reboot [done]
Uploading logo [100%]
Uploading ramdisk [100%]
Uploading device tree [100%]
Uploading kernel [100%]
Rebooting [done]
I also tried the latest stable version of redsn0w but without a fresh firmware:
Needless to say, that was unsuccessful. I even tried sn0wbreeze on my iPod and that failed as well:
Finally, I refreshed once again the firmware only that this time I did not restore the full backup, setting up my iPod as a new. For most situations, the blackra1n gives the fastest and possibly the easiest jailbreak. It is a very simple application, containing a single button:
As for differences between the tools, it is worth mentioning that redsn0w is the only tool that works on Linux, in addition of Windows and Mac. PwnageTool works solely on Mac, while sn0wbreeze is Windows only. Blackra1n aims to be universal, while purplera1n works only on iPhone 3GS. Unlike Blackra1n, redsn0w can also optionally modify your boot logo, make the boot verbose and perform (in version 0.9.3) the IPCC tethering hack, which allows for other, unsigned Carrier Bundles to be installed. This permits tethering (i.e., using your phone as an Internet modem for your laptop).
4. post-install
Blackra1n will install only a black tear – when you click it, you have an option of runnig either Cydia or Rock. Though everybody is using Cydia, you might find it unbearably slow. Rock is supposed to be faster, but I haven’t tried it. Redsn0w installs Cydia by default.
Don’t install both Cydia and Rock or you might run into problems.
Of the many things you can do, you might want to do immediately after the jailbreaking is complete and you installed on “free app store” is to install the MobileTerminal package, which provides terminal emulation. Start the Terminal, the gain root with “su root”. The default password is “alpine”. To change it, issue the command “passwd”. This is an important password that will prevent worms from taking over your device, so make sure you can remember it easily and it’s difficult for others to guess it. You should also change the regular user account password with “passwd mobile”.
Install then the OpenSSH package. Connect from your desktop with “ssh root@<ip-address-of-your-device>”. Your program will generate some crypto keys so that you don’t have to enter a password all the time. If the connection is slow, consider turning off QoS on your Router – though if you are using VOIP behind the router you might not want to do just that.
Other applications you might want to install are:
- Backgrounder – allows for applications to run in the background; e.g., let FlyCast play while you read the news or do your email.
- AppSync & Install0us – allow you to install applications online.
- Winterboard – customization with nested folders.
- SBSettings – quick access to your iControlPanel
- iMobileCinema – Flash. 4 real.
We’ll review such changes in more detail in a future article.
Sources / More info: f0recast, iREB, blackra1n, redns0w, sn0wbreeze, pwnagetool-bt, iphone-dev, firmwares, softpedia-apps, softpedia-tools, yt-jb
Comments