Difference between revisions of "IPhone Hacking"

From ivc wiki
Jump to navigationJump to search
Line 25: Line 25:
# Upload the iPhoneActivation.pem file to the iPhone and put it in /Library/System/Lockdown/ using the upload function iBrickr.
# Upload the iPhoneActivation.pem file to the iPhone and put it in /Library/System/Lockdown/ using the upload function iBrickr.
# Open a command-prompt (Start -> Run -> cmd) and change directory (cd) to the iAsign folder.
# Open a command-prompt (Start -> Run -> cmd) and change directory (cd) to the iAsign folder.
# Run iAsign --automatic iPhoneActivation_private.pem to generate a new activated certificate.
# Run 'iAsign --automatic iPhoneActivation_private.pem' to generate a new activated certificate on the iPhone.
# The 'Slide to emergency'-message should have changed to 'Slide to unlock'.
# The 'Slide to emergency'-message should have changed to 'Slide to unlock'.
# You now see the Springboard and the 'Installer' application.
# You now see the Springboard and the 'Installer' application.

Revision as of 00:00, 20 October 2007

The iPhone was released in the USA 29th June 2007, and after 2 months it was finally possible to hack the iPhone to allow it run true native third-party applications, aka homebrew applications.

Downgrade

If the phone came with v1.1.1, it's as of writing necessary to downgrade to v1.0.2.

  1. Download the iPhone v1.0.2 firmware from Apple.
  2. Download and install iTunes v7.3.2. Select a new folder if iTunes is already installed.
  3. On the iPhone, press and hold both the SLEEP and HOME buttons for 8-10 seconds.
  4. The screen should go completely black, release the SLEEP button and continue to hold the HOME button.
  5. When the iPhone says 'Connect to iTunes' release the button and connect the USB-cable.
  6. Open iTunes and click 'Ok' when it prompts that a restore is needed. Hold SHIFT (on Windows) and select the v1.0.2 firmware file.
  7. The restore should complete with a 1013 error. A yellow triangle on the iPhone indicates that v1.0.2 has been installed.

Jailbreak

Jailbreaking means to escape the 'Media'-partition of the iPhone where only some settings and all the media files is stored. Technically the jailbreak is essentially 'chroot /var/root/Media'.

  1. There are two ways to jailbreak on Windows, Apptapp installer or iBrickr. Download the recommended Apptapp installer.
  2. With the iPhone still in the yellow-triangle-restore-mode, run Apptapp and let it process through all the steps. It will jailbreak and install Installer.app.
  3. Once jailbreaked, the iPhone will return to the 'Slide for emergency' and still needs activation to load the normal Springboard.

Activate

A normal iPhone can only work and be activated on the AT&T operator. Faking the activation tricks the iPhone into 'Activated'-state and all the functions except phone is available.

  1. Download the iAsign package for Mac and then the Windows (Win32) update. Put iAsign.exe in the 'bin'-folder.
  2. Upload the iPhoneActivation.pem file to the iPhone and put it in /Library/System/Lockdown/ using the upload function iBrickr.
  3. Open a command-prompt (Start -> Run -> cmd) and change directory (cd) to the iAsign folder.
  4. Run 'iAsign --automatic iPhoneActivation_private.pem' to generate a new activated certificate on the iPhone.
  5. The 'Slide to emergency'-message should have changed to 'Slide to unlock'.
  6. You now see the Springboard and the 'Installer' application.
  7. To make it easy to upload files and execute commands on the iPhone, open Installer, install 'BSD Subsystem' and 'OpenSSH'. Use WinSCP to connect using username 'root' and password 'dottie' (first connect takes time).

Youtube

Youtube requires some certificates to work properly.

  1. Download the 3 required Youtube files.
  2. Upload the data_ark.plist, device_private_key.pem and device_public_key.pem files to /var/root/Library/Lockdown/.
  3. Open the data_ark.plist and copy the certificate block starting with 'LS0tLS1CRUd...'.
  4. In the same directory, go into 'pair_records', edit the file (double click), paste the certificate into the DeviceCertificate section.
  5. Go into the 'activation_records' directory and to the same for all the files.
  6. Hold the SLEEP button for 5 seconds and reboot the iPhone.

Unlock

To be able to use any SIM-card the iPhone's baseband firmware has to be modified.

  1. Download AnySIM v1.1 and extract the AnySIM.app folder.
  2. Upload the AnySIM.app folder to the /Application/ directory on the iPhone
  3. Change the permissions on the 'anysim' binary to 0755 by selecting 'Properties' in WinSCP and checking all the checkboxes under 'X'.
  4. Shutdown the iPhone, insert the new SIM-card and power-on. AnySIM should appear in the Springboard.
  5. Open AnySIM, disable the Auto-lock as instructed and follow the two steps to begin the unlocking. Normally takes 5-10 minutes to complete the unlocking.
  6. If you get a 'SIM Locked'-message after the process is successful, press 'Unlock' and enter the PIN-code for the SIM. You can disable the prompt in Settings -> Phone -> SIM Pin.

References