This is an informative thread. It is by no means a comprehensive list of all jailbreak information. And it is there to help other people understand a little of the terminoligy and jailbreaks out there. It deals mostly with 3.1+ frimwares (and doesnt touch anything older than 3.0 - if your still using an iPod Touch 2G with 2.2.1 and Quickfreedom jailbreak, seriously consider updating, most apps now require at least firmware 3.0 to operate properly). A lot of this may be geared more towards iPhones as well, it is what i have, so not as much expierence with iPod Touches.
If there is a tutorial on it, that i thought was helpful, or it is a program, click on its name (not under table of contents, in its descpription) to go to that website or download the program.
How to search/browse this infomation:
I will use a table of contents of sorts, so you can search (ctrl+F) for a specific header instead of trying to find it by looking. Just search for the key, next to the headline in (parentheses), which will be unique to each header. When you hit find next it will generally appear at the bottom of the page.
This will be updated, as i get new info, or have time to update the post, and it could get quite lengthy.
This is NOT intended to be thread to ask for help or advice. Please start your own thread in the proper section for that. I would ask any mods seeing questions here, to please move them to the proper sections or delete. I would like to keep this clean so people can find the information they need.
If you see an error (i started to put this together kinda hastily), feel free to comment and i will fix it. If there is something i need to add that i looked over, same thing.
DICTIONARY
Jailbreak D1J
Your iPhone has been designed with restrictions that prevent you from running applications obtained from sources other than Apple's own iTunes App Store. To be able to install these applications, your iPhone needs to be jailbroken. Jailbreaking allows to read and write to the iPhone's operating system's partition, thereby liberating your iPhone from Apple's software "jail".
Confused ? Don't worry, we'll explain it all:
Partitioning is achieved when an operating system splits the memory into smaller separate units. Let's make it real easy: Let's take a pizza as the perfect example. The box the pizza was delivered in and the whole pizza represent your hard-drive on which you can store your files. So if you open the box, cut the pizza in half, that's like splitting up your hard-drive into two pieces. That's what partitioning is all about. The computer opens the box, sees the two halves of pizza and considers them to be two halves, although it's one whole pizza.
Your iPhone operates in the same way. It uses two partitions, one media partition and one partition for the operating system. The media partition is where all your iTunes data is stored: music, movies, contacts, App Store apps , etc. This partition is usually the total size of your iPhone’s memory capacity, but deduct about 500-600 MB for the operating system partition. Apple has set up the iPhone's partition in such a way that the hacking has to be done in the operating system's partition which isn't as easily accessible as the media partition.
The partition on which the operating system (iPhone OS) is installed is the space Apple has locked. This is where the jailbreak lies. Once we gain access to this partition, you can do a number of things, such as:
• Install unofficial (non-App Store) applications which weren't accepted to the App Store (for one reason or another) or haven't yet been submitted to the App Store
• Execute scripts and commands (for advanced users)
• Tweak the visual aspects of the iPhone's OS
Jailbreaking brings these functionalities and a lot more to your device.
Tethered Jailbreak D8J
This type of jailbreak requires that you plug your iPhone/iPod into your computer and run the jailbreak each time you need to reboot the iDevice. This could be from a reboot after installing certain apps in Cydia/Rock, or from letting the battery die. It will often come boot back on with the iTunes logo showing on screen. You must connect your iDevice to your computer, close iTunes if it opens (and if on a windows system, it is a good idea to open the Task Manager - ctrl+alt+Del and go to the processes tab, look for and end task on iTunesHelper.exe - there will be some other apple functions running, but ONLY End Task on that one). Then run your jailbreak again (it will not "rejailbreak" it per say, you will not lose any information or cydia apps)
Baseband D1B
The baseband is a subsystem on the iPhone which manages all functions which require an antenna, like phone line communications etc. Modifying this subsystem is how unlocks are achieved. The baseband is separated from the OS and has it’s own processor and it’s own firmware. It’s firmware is called the baseband firmware. Baseband versions look like this: 4.01.13_G (1.1.1) 4.03.13_G (1.1.3). An iTunes restore will not modify the baseband of your iPhone unless your baseband is erased or downgraded prior to the restore.
Bootloader D2B
The bootloader is the first thing that is executed when the iPhone is powered on. There are two shipping bootloaders, 3.9 and 4.6. The bootloader can be downgraded using hacking methods. It is risky downgrading your bootloader because if something goes wrong, you cannot repair it. Bootloaders perform an integrity check on data and prevent unsigned, non-apple code from being loaded. They essentially police the iPhone's OS, making sure everything is the way Apple want it to be. PwnageTool, WinPwn and QuickPwn patch out integrity checks from the bootloaders, allowing unsigned code to be executed.
iBoot D3B
iBoot is the bootloader for the application processor on the iPhone. iBoot is responsible for putting the iPhone into recovery mode. During a restore of the iPhone, iBoot makes sure that you are flashing a firmware version greater than or equal to the current one on your iPhone. If this isn't the case, iBoot will not allow the restore process to proceed. This is why firmware downgrades have to be done in DFU mode. iBoot has an interactive interface which allows communication via USB or serial.
DFU Mode D2J
DFU Mode is a special mode in which the iPhone can still interact with iTunes, yet it does not load the iPhone OS or iBoot. The iPhone's screen appear lifeless when in DFU mode, making it impossible to tell by looking at it whether the iPhone is in DFU or powered off. PwnageTool exploits a vulnerability when the iPhone is in DFU to flash custom firmware to the iPhone. As iBoot and the OS are not yet loaded, downgrading the firmware version if possible. To enter DFU mode:
- Plug iDevice into computer (first) and then turn it off. If you need iTunes open to detect it (for a restore) open it now. If you do not need it open (for jailbreaking) Make sure it is closed before putting into DFU mode
- Hold down the power button for 3 seconds - it will begin to power on
- Without releasing Power, press and hold the Home button. Keep both held in for 10 seconds
- Release ONLY the Power button. Keep Home held in for up to 30 seconds. Usually @ 20 seconds it will enter DFU mode.
- If properly in DFU Mode, the screen will be blank (as noted above) and if iTunes is open, it will give a message saying it detected an iPod/iPhone in "Recovery" mode. (it says Recovery in recovery mode or DFU mode).
Recovery Mode D3J
Recovery Mode is a state of iBoot that is used during standard upgrades and restores. As iBoot is active, it does not allow you to downgrade your device’s software. Unless it is ‘pwned,’ it will not allow custom firmware to be flashed.
Hacktivation D4J
Hacktivation is nothing else than activation.
There is only one slight difference. Activating your iPhone is done through iTunes in order to use it with an official carrier.
Hacktivation is its equivalent for iPhones that don't work with an official carrier and therefore need to be activated with a jailbreak tool.
Shift Restore D5J
This is a generic term used for iTunes. It means that instead of just clicking the Restore button to update (and wipe the OS) on your iPhone/iPod Touch you hold down the Shift key on a PC, or the Option key on a Mac and click on Restore. It will open a box that allows you to browse for and pick the firmware you wish to load onto the device. Alternately you can use this to load alternate carrier configuration files for iPhones (.ipcc). This was used mostly to add tethering and MMS to iPhones.
IMEI D1S
The IMEI number of your iPhone is unique. IMEI stands for International Mobile Equipment Identity. It is static (it never changes) and identifies your iPhone. All mobile phones have an IMEI number.
SIM D2S
A Subscriber Identity Module (SIM) is a small chip provided by your telephone carrier which contains your specific and unique data, like your phone number, your IMEI code and more. The SIM card is what identifies your phone on the cellular network, and is used by GSM and UMTS phones.
ECID D3S
Electronic Chip ID – A unique identifier that is device specific. Currently in the iPod Touch 3G and iPhone 3GS. It allows Apple to control which device is eligible to have which firmware loaded onto it. iPod 1G/2G and iPhone 2G/3G do not have ECID’s but Apple has began "soft signing" these devices so they will also need backup SHSH files.
Springboard D4S
The iPhone's main screen is called the SpringBoard. It may consist of several pages, depending on how many apps you have installed on your iPhone. The SpringBoard is where you choose which app you want to open.
SSH D6J
Secure Shell (SSH) is a method of file transfer for securely exchanging data between an iPhone and a computer (providing that the iPhone is jailbroken and OpenSSH is installed).
UMTS D5S
UMTS is the successor to GSM. It is a 3G, W-CDMA based network. It can also be expanded to 4G. This is the technology that iPhone 3G and 3GS uses.
Unlock D7J
Unlocking your device means opening up the iPhone’s modem to accept SIM cards from unofficial carriers. In some countries the iPhone is unlocked by default and not blocked for use with only one carrier. Such an iPhone can be used with any SIM card. In the USA for example, an iPhone will not connect to any carrier other than AT&T, unless it is unlocked.
Just as the iPhone OS checks the applications that you interact with whenever you use your iPhone, the baseband processor controls your iPhone's modem. The baseband processor has its own, separate firmware from the main operating system, called the baseband firmware. During most iPhone software updates, Apple updates the baseband firmware on the iPhone. The unlock lies in the baseband firmware. By patching out certain bytes, you can bypass the SIM check. For some devices, updating the baseband can mean that you won't be able to unlock your iPhone anymore. Thankfully, the IPhone Dev Team has developed programms like PwnageTool which can disable the baseband to update when the iPhone's software is updated, allowing the iPhone to remain unlocked and thus enjoy the latest version of the iPhone's software. Jailbreaking and activating are prerequisites for unlocking.
Source
along with some of my own. Will add more as i can think of them.
Jailbreaking 3.1.3/4.0/4.0.1 and iPad 3.2/3.2.1
J1JailbreakMe J6T
This userland jailbreak by comex is for All iDevices on 3.1.3/4.0/4.0.1 and 3.2 (iPad). This jailbreak is unique in that it allows you to free your device without a computer. Not seen since the 1.1.x days, you simply open Safari on your iDevice and go to JailbreakMe and use the slider to "slide to jailbreak". The exploit used to insert the jailbreak has been patched in firmware 4.0.2, and 3.2.2. So if you rely on this jailbreak DO NOT UPDATE yet.
Downgrading Your Firmware J2
This is to help those that want to downgrade the firmware on thier device, or need to restore and stay on their current firmware after Apple has released an updated iOS. This is normally done to preserve the ability to jailbreak until one has been released for the new firmware. This is genrally accomplished by downloading the firmware you need (or finding it on your system if it still exist) and Shift Restoring (See Above - D5J) in iTunes.
To get the firmware you need visit FelixBruns site and choose the firmware you need. Use the bottom drop down menu, the top is for normal iPods. Also it is recommended you use FireFox if possible. Safari and IE Explorer have a habit of changing the file extension of the firmware (normally .ipsw) to a .zip file. If this happesn you can simply rename the firmware and change the extension ONLY back to .ipsw. iTunes will then recognize it.
To downgrade or maintain your current iOS version (firmware) after Apple has released a new version you must have your SHSH files stored on Cydia's server or your own computer. Until recently this only pertained to the iPhone 3Gs (and iPhone 4) and the iPod Touch 3G (Devices with an ECID). But as of firmware 4.0 Apple began "soft signing" all older devices. You will need to have your SHSH blobs backed up for those as well.
If you have your ECID SHSH on file with Cydia, you will see a message like this at the top of the screen:
If your device does not have your SHSHs backed up, you will recieve a message like this when trying to restore in iTunes:
If your SHSHs are backed up on Cydia, and you need to downgrade you will need to edit a file on your system, to tell it to look at Cydia's server. This is the hosts file.
For Windows systems (all versions):
-go to 'c:\Windows\System32\drivers\etc\' (drive letter might b different on your system)
-open 'hosts' file using notepad (in vista and 7 you'll have to right-click on notepad and open it as administrator and then change file type from 'text files (*.TXT)' to 'all files (*.*)' since 'hosts' doesn't match *.TXT)
-add '74.208.10.249 gs.apple.com' to that file.
it should look like this:
 | Click this bar to view the full image. |
For Mac OS:'hosts' file is located in /etc
everything else is the same.
Once this is complete you should reboot your computer then you can Shift Restore.
(thanks to Patryk_W for the use of his screenshots)
To back up your ECID SHSH files (or non-ECID SHSH files for older devices) on your own system this guide covers that:
Backup your ECID SHSH
IF you have saved yoru SHSH files to your computer and want to back up from it:
If you used something such as Firmware Umbrella to back up your SHSH files (see THIS guide) and want to restore using that instead of Cydia\'s server you will fallow a similar method. Instead of chaning your host file to look at Cydia, you will change it so it is looking at your own system. Add this line: 127.0.0.1 gs.apple.com to the bottom of the host file, instead of the line for Cydia\'s server. It will then look to your server (which we will start in a moment).
You will need to reboot after making the changes to your Host file.
Before you restore you will need to start the Tiny TSS server from the firmware umbrella.
You will then be able to restore to your firmware, and bypass Apple's signing.
Old Bootrom vs New Bootrom devices
Certain Jailbreaks can work on the iPhone 3GS if it was shipped with the old bootrom. To see if you have the old bootrom, it must have been made in 2009 (not 2010) and you need to check the serial number. Count VERY carefully to the 4th and 5th digits. If they are (in order) 40 or less (the forth digit being the "tens" digit, the 5th being the "ones) then you have the old bootrom. There are a few out there that still have the old bootrom at 44 or less, but it difficult to determine which you have, it completely depends on which factory they were produced in. These numbers are the week of the year they were produced. Some factories started producing on the units with new bootroms in week 41, others in week 45. So, for sake of simplicity, and caution, i would assume if yours is 41+ it is the new bootrom.
It is NOT completely dependant on the Model Number being MC on the iPhone 3GS ONLY. If your iPod Touch model number starts with MC then you do have the new bootrom, and have a iPod Touch 3G. (there is a chance that some older iPod Touch 8Gig modles that have MC have the old bootrom, and are considered by many a "2.5G", not a true 3G - I personally haven't been able to confirm this, and have only ran into one case where the person's iPod Touch 8gig MC model acted like a 2G).
Jailbreaking Tools
Spirit j5t
A jailbreak released from Comex. It jailbreaks all devices on 3.1.2/3.1.3 and the iPad on 3.2. It is a fast, one button jailbreak. It is similar to Blackra1n on the interface. A single button.
Some issues can pop up (on windows systems it seems). Like any jailbreak, make sure iTunes is closed and if on a Windows system open the Task Manager and go to the Processes Tab and End Task on iTunesHelper.exe. Also if you recieve any errors right click on the Spirit.exe and go to Compatibility and run under Windows 98 compatibility (and as admin).
Blackra1n J1T
very fast and easy to use jailbreak made for firmwares 3.1 – 3.1.2 (does not work on 3.1.3). I have never tired it on, and do not know if it works on 3.0 firmwares. It is a simple one button jailbreak that is almost foolproof. It does not require your device to enter DFU mode, it will put your iDevice into recovery mode for you and run the jailbreak. It will then install a new app on your iDevice called Blackra1n. You will open blackra1n and install Cydia or Rock from there, and if you need to unlock your iPhone, you can install Sn0w from there as well. It is the unlock for the 5.11 baseband (modem firmware). I DO NOT recommend installing Rock and Cydia at the same time from Blackra1n. This has been known to cause issues in the past. Install one first, and then use it to install the other. For example, install Cydia with Blackra1n, then open Cydia and use it to install Rock.
NOTE: If your on an iPod Touch or an iPhone that does not have a legitimate Apple SIM for a locked carrier (AT&T in the US) you will need to be on wifi to install Cydia/Rock/Sn0w from Blackra1n.
There are some realatively minor possible nuisance issues with blackra1n. Mostly that it does not add the afc2add file, which can stop some services from working properly, such as the ability to SSH. There is a package in Cydia to correct this if you need it. Not all devices will need to add this. Also you may need to add PushFix from cydia if your Push Notifications and Youtube do not work properly after using Blackra1n.
There also have been people that have had wifi issues after using this (and some other) jailbreaks. Normally this can be fixed by resetting your wifi, going to Settings>General>Reset and clicking on Reset Network Settings
Also, on iPhone 3GS with the new bootrom and iPod Touch 3G this will be a tethered jailbreak. Meaning you will have to run Blackra1n EVERY time you need to reboot your iDevice, let the battery die, etc. It will come up with the connect to iTunes logo after it boots (or sometimes even a black screen). When this happens, do not restore! just connect to the computer and run Blackra1n a second time. This includes the reboot it does immeadiately after the jailbreak. Meaning you will have to run it twice while jailbreaking one of these devices
Redsn0w (currently up to version 0.94). J2T
A more involved jailbreak method, but more stable than Blackra1n. This involves putting your iDevice into DFU mode to work. It will also allow you to add a custom recovery screen, custom boot logo, or use Verbose boot (which shows the code scrolling on up the screen as it boots up – which cannot be used with a custom boot logo). It is my personal favorite method of jailbreaking. The link for it points to a great tutorial on Redmond Pie's site, along with he downloads. It is for version 0.94. There is also Version 0.92 which is intended for firmware 3.1.2 and works a little better on some of the devices. I have seen two instances so far where version 0.94 would not jailbreak the device and 0.92 did with no issues.
Pwnage tool. J3T
This Mac only jailbreak tool creates its own custom firmware to put on your iPhone/iPod Touch. It will be jailbroken as soon as it is loaded. You direct it to the stock firmware and it modifies it, allowing several customizations and control over what the firmware comes with when it is loaded onto the device. You can control partition size, custom boot logos, preloaded with Cydia and any other apps you wish to include. Once your custom firmware is ready you simply restore your device in iTunes and load the custom firmware (CFW). It is already jailbroken, generally with Cydia loaded as soon as the restore is finished. Version 3.1.5 is now able to jailbreak a 3GS on 3.1.3 (im assuming this is only the old bootrom)
Sn0wBreeze J4T
Similar to Pwnage tool, this creates a custom firmware that you can load onto your iDevice, but it is usable on PC as well as Mac. It has the distinction of being the first to be able to jailbreak the iPhone 3GS on 3.1.3 firmware, as long as it has the old bootrom.
You must have Microsoft .NET Frameworks 3.5 installed to run Sn0wbreeze
Jailbreaking Utilities
iReb JU1
this utility for the iPod Touch 1G and iPhone 2G/3G is to help avoid errors when restoring a firmware. The title links to a tutorial on it, if you do not need that here is the DIRECT LINK
Blackbreeze JU2
This handy program fixes a sync issue with iTunes that prevented some tethered jailbreaks from being able to boot up/sync with iTunes. Here is the Blackbreeze direct Download. Thanks to Mroberts531 for pointing this out
f0rcast JU3
a utility to help determine if your iPhone/iPod Touch is jailbreakable/unlockable and if it would be a tethered jailbreak.
Unlocking Tools for iPhone 3G and 3GS
I will explain more on these if anyone needs. For now im just listing them. They can be downloaded from Cydia. Blacksn0w can also be added by running the Blackra1n jailbreak and using the Sn0w option when it is installed on your device.
Yellowsn0w UL1- Modem firmware (baseband) 2.28.00 (on the 2.x firmwares)
Repo: http://apt9.yellowsn0w.com/
Ultrasn0wUL2- Modem firmwares (basband) 4.26.08, 5.11.07, 5.12.01, 5.13.04 and 1.29.00 (iPhone 4).
Repo: http://repo666.ultrasn0w.com
Blacksn0w UL3- Modem Firmware (baseband) 5.11.07
Repo: http://blackra1n.com/
Unlocking tool for iPhone 2G
Bootneuter UL4- download in Cydia. It unlocks the iPhone 2G on any baseband. Use the following settings:
iTunes update affecting Blackra1n users
Updated iTunes causing ASD.dll Error with Blackra1n: JU4
as some of you might know there is a new version of iTunes out (9.1) and I upgraded
with no error, then i went to boot up my iPod using blackra1n and it gave me an error
that the ASD.dll could not be found and i think this is an issue with the fact that i upgraded iTunes, but anyway i found the solution. If you have this problem go to C:\Program Files\Common Files\Apple\Apple Application Support and there you will find the ASD.dll then just right click on it, click on open with and then browse for blackra1n! blackra1n should open immediately with no problems.
Thanks to Shady146 Although with much better alternatives, you should by now not be using blackra1n. (spirit/jailbreakme)
SSH: The Basics
S1SSH is a way to get inside your iPhones files system from your computer (generally via wifi). Personally i prefer to use iPhone Folders (for windows only, or iPhone Explorer for both), no login, no OpenSSH needed. Its very easy, if you have a windows system. Just plug in your phone, and double click the iPhone Folders program and it opesn your iPhone like a normal drive.
But to SSH in over wifi you will need to install OpenSSH on your iPHone from Cydia/Rock. Then you will need a client on your computer to do log onto your iPhone. WinSCP is the the one i used pre-iPhone Folders. There are several, iFunBox, Diskaid, and Cyberduck on Mac.
Once you have the progam downloaded you want to use, you open it up. if your using one of the wifi clients (winscp/ifunbox/diskaid/cyberduck) you will need to log onto your phone. I can explain winSCP, that is the only one i used to use. Host name will be your iPhones IP address, port number is generally already set, and usually correct (its 22 for me).
The User Name will be root and the Password (unless you have changed it, more than likely via Rock) will be alpine. Dont worry about any Private Key.
On the Protocol make sure the drop down box is set to SCP not SFTP.
Then you can log in (make sure you download OpenSSH on the iPhone, and make sure you have KeepAwake for SBSettings, or change your phones AutoLock to Never under settings. Once it goes to sleep, the Wifi disconnects.
Or just plug into your sync cable and open iPhone Folders (or iPhone Explorer/iPhone Browser) and your ready to go.
The /var/stash/Themes they are talking about is just the file path to the Themes directory on your phone.
It is broken down like this:
/var/stash/Themes.xxxx
The "/" at the begining is your Root directory. The starting point for all the files on your iPhone.
The next is var, the next folder in the path to your Themes folder. (im not going into detail here about how and why they are named what they are).
Then stash is the next folder, then finally your Themes folder.
Normally (i think) when you log on with most of the wifi based programs you start at /var/mobile, you will just need to back up one level, to /var and look for the stash folder, and open it. It contains your Themes, Ringtone, WallPapers, stock and Cydia applications
The iPhone Folders style programs start you out on / (the root directory) so you will just need to open "var" then "stash" then "Themes.xxxx" (xxxx=random letters specific to your phone)
I hope that sorta made sense and didnt confuse you to much. Its pretty late for me, worked all night, and getting pretty tired
Here, the file path in circled in Red is where your themes are stored.
0 comments:
Post a Comment