Difference between revisions of "IPhone Hacking"

The iPhone was released in the USA 29th June 2007, and after 2 months it was finally possible to hack the iPhone to allow it run true native third-party applications, aka homebrew applications.

Downgrade

If the phone came with v1.1.1, it's (as of writing) necessary to downgrade to v1.0.2.

1. Download the iPhone v1.0.2 firmware from Apple.
2. Download and install iTunes v7.3.2. Select a new folder if iTunes is already installed.
3. On the iPhone, press and hold both the SLEEP and HOME buttons for 8-10 seconds.
4. The screen should go completely black, release the SLEEP button and continue to hold the HOME button.
5. When the iPhone says 'Connect to iTunes' release the button and connect the USB-cable.
6. Open iTunes and click 'Ok' when it prompts that a restore is needed. Hold SHIFT (on Windows) and select the v1.0.2 firmware file.
7. The restore should complete with a 1013 error. A yellow triangle on the iPhone indicates that v1.0.2 has been installed.

Jailbreak

Jailbreaking means to escape the 'Media'-partition of the iPhone where only some settings and all the media files is stored. Technically the jailbreak is essentially 'chroot /var/root/Media'.

1. There are two ways to jailbreak on Windows, Apptapp installer or iBrickr. Download the recommended Apptapp installer.
2. With the iPhone still in the yellow-triangle-restore-mode, run Apptapp and let it process through all the steps. It will jailbreak and install Installer.app.
3. Once jailbreaked, the iPhone will return to the 'Slide for emergency' and still needs activation to load the normal Springboard.

Activate

A normal iPhone can only work and be activated on the AT&T operator. Faking the activation tricks the iPhone into 'Activated'-state and all the functions except phone is available.

1. Download the iAsign package for Mac and then the Windows (Win32) update. Put iAsign.exe in the 'bin'-folder.
2. Upload the iPhoneActivation.pem file to the iPhone and put it in /Library/System/Lockdown/ using the upload function iBrickr.
3. Open a command-prompt (Start -> Run -> cmd) and change directory (cd) to the iAsign folder.
4. Run 'iAsign --automatic iPhoneActivation_private.pem' to generate a new activated certificate on the iPhone.
5. The 'Slide to emergency'-message should have changed to 'Slide to unlock'.
6. You now see the Springboard and the 'Installer' application.
7. To make it easy to upload files and execute remote commands on the iPhone, open Installer, install 'BSD Subsystem' and 'OpenSSH'. Use WinSCP to connect with username 'root' and password 'dottie' (first connect takes time).

Youtube

Youtube requires some certificates to work properly.

1. Download the 3 required Youtube files.
2. Upload the data_ark.plist, device_private_key.pem and device_public_key.pem files to /var/root/Library/Lockdown/.
3. Open the data_ark.plist and copy the certificate block starting with 'LS0tLS1CRUd...'.
4. In the same directory, go into 'pair_records', edit the file (double click), paste the certificate into the DeviceCertificate section.
5. Go into the 'activation_records' directory and to the same for all the files.
6. Hold the SLEEP button for 5 seconds and reboot the iPhone.

Unlock

To be able to use any SIM-card the iPhone's baseband firmware has to be modified.

1. Download AnySIM v1.1 and extract the AnySIM.app folder.
2. Upload the AnySIM.app folder to the /Application/ directory on the iPhone
3. Change the permissions on the 'anysim' binary to 0755 by selecting 'Properties' in WinSCP and checking all the checkboxes for 'X'.
4. Shutdown the iPhone, insert the new SIM-card and power-on. AnySIM should appear in the Springboard.
5. Open AnySIM, disable the Auto-lock as instructed and follow the two steps to begin the unlocking. Normally takes 5-10 minutes to complete the unlocking.
6. If you get a 'SIM Locked'-message after the process is successful, press 'Unlock' and enter the PIN-code for the SIM. You can disable the prompt in Settings -> Phone -> SIM Pin.

Localization

The iPhone does not come with any other dictionary or keyboard layouts then the default American package. To add Norwegian locale support, a few files has to be patched. The character '[', ']' and '{' will be replaced with 'æ', 'ø' and 'å' respectively.

1. Download the Norwegian dictionary from the iPhoneShop download page.
2. Download the patched keyboard .artwork file with Norwegian character keyboard images.
3. Download the patched UIKit binary to output the actual Norwegian character code when the key is touched.
4. Extract all the files and put them into the /System/Library/Frameworks/UIKit.framework/ directory on the iPhone. Backup the originals. Change the permissions for 'UIKit' to 0755.
5. Reboot the iPhone and test the new keyboard and dictionary.

Phone Number Format

The default phone number format is the classic American standard with the parentheses and spaces. The format string is dictated by a simple settings file.

1. On the iPhone, go to /System/Library/Frameworks/AddressBookUI.framework/ and download the ABPPhoneFormats.plist file.
2. Browse to this binary-to-xml website to convert the plist to a XML-file.
3. Open the new file in a plain text editor and find the 'US'-key.
4. Change the format string in the 'US'-key to the new format. For Norway the string will be '########' and '+47 ########'.
5. Save the file and upload the file to the same directory. No need to convert the plist back to binary.
6. Reboot the iPhone and check the Phone application to see the new string.

References

• iPhone v1.1.1 Jailbreak & AppTapp Installation Guide / Jailbreak archive with readme
• iPod Touch Jailbreak
• iPhone v1.1.1 Baseband downgrading
• Unlocking The iPhone / secpack extraction
• Unlock the iPhone Simple Tutorial
• iPhone Dev Wiki Jailbreak v1.1.1
• Downgrade from v1.1.1 to v1.0.2
• Activate v1.1.1
• Re-drafted downgrading guide
• Re-drafted Jailbreaking v1.1.1
• Youtube hack
• Phone number format hack