Posts tagged jailbreak

3.0.1 Firmware Does Not Update Baseband Security

Jul 31st

After the tests undertaken by Andrew, we have just received confirmation via the IRC channel of Saurik that the new Firmware 3.0.1 does not update the Baseband for which Apple did not implement any new method of defense against the Jailbreak and dell’unlock . It follows that RedSn0w that PurpleRa1n should be able to unlock the new version of the operating system.

However we recommend not to do so, and wait for an update by the DevTeam and GeoHot that they need to add new tools to their Bundles. It holds your security and there is no particular reason to hurry because the changes in the new Firmware is practically zero.

app, apple, firmware, iPhone, iPod, jailbreak, security, touch

Webmaster News: IPTM Forums Open Tomorrow!!

Jul 24th

Posted by shadow in Uncategorized

No comments

We would like to bring our visitors together to discuss the latest news and jailbreak and help each Master their devices whether its an iPod Touch or iPhone. Lets build a new community, join us at the iPodTouchMaster Forums when they Officially open tomorrow! Seeya There!

P.S. Stay tuned for an even more exciting addon… the IPTM App Download Page!

app, iPhone, iPod, jailbreak, touch

iPhone Dev-Team Offers Tips to Fix Unlock Issues

Jul 20th

Posted by shadow in Uncategorized

No comments

The iPhone Dev-Team has posted some tips to help those experiencing problems with the UltraSn0w unlock

—–
It looks like version 0.9 of ultrasn0w fixed up the vast majority of any problems people were seeing with the 3G/3GS carrier unlock. But here’s a brief list of fixes for anyone still seeing problems:

* Unusual battery depletion is almost always caused by people choosing to “Restore from backup” instead of “Setup as new iPhone” when iTunes asks you. This isn’t caused by either the jailbreak or the unlock, but it’s a common 3.0 snafu. The fix is to just re-run the official 3.0 restore and choose “Setup as new” this time. Your music and apps and all that will still be synced, but you’ll get rid of any conflicting wifi, bluetooth, or carrier settings. Then just re-run redsn0w and install ultrasn0w.
* Remember, ultrasn0w works with hacktivated phones too, but don’t outsmart redsn0w into thinking you don’t need hacktivation! If you don’t plan on using an official sim, don’t activate via iTunes with such a sim. Just keep your unofficial sim at all times and let redsn0w and ultrasn0w handle hacktivation
* T-Mobile in the USA doesn’t use the 3G frequencies that the iPhones support, so turn off 3G in Settings->General->Network. (Some T-Mobile territories gracefully hand down to Edge mode, but most do not).
* Certain unofficial plans have limitations on whether you can make calls and use data at the same time. That’s not unlock-related.
* Some people have installed previous versions of ultrasn0w using non-standard techniques. While the ultrasn0w 0.9 update should have removed all previous versions of ultrasn0w, these users may have outsmarted our removal. So make sure you don’t still see /usr/bin/ultrasn0w present if you’re at ultrasn0w 0.9 (which doesn’t have such a binary anymore).
* If you don’t need or plan to update to ultrasn0w 0.9 from a previous version, you can avoid having that red badge over Cydia by removing repo666 as a Cydia source. Don’t worry, you can always add it back later If you follow us on twitter you’ll be advised of any new updates anyway.
—–

3g, app, cydia, Dev-Team, iPhone, iPod, iTunes, jailbreak, mod, touch, twitter, wifi

Apple Releases iTunes 8.2.1, Breaks Palm Pre Sync

Jul 16th

Posted by shadow in Uncategorized

No comments

Apple has released iTunes 8.2.1 via Software Update and it reportedly breaks syncing with the Palm Pre.

iTunes 8.2 now supports iPhone or iPod touch with the iPhone 3.0 Software Update. iTunes 8.2 also includes many accessibility improvements and bug fixes.

iTunes 8.2.1 provides a number of important bug fixes and addresses an issue with verification of Apple devices.

The wording here clearly hints at the blocking of non Apple devices. A post at PreCentral [via MacRumors] seems to confirm this…

At least on this Mac, iTunes sync isn’t working after the 8.2.1 update. We were wondering if this day would come after the back and forth between Apple and Palm on the issue. It’s as-yet unclear exactly what method Apple is using to block Pre sync, but we suspect is wasn’t easy. …Which means we also suspect it might not be easy for Palm to turn it back on.

As usual we recommend iPhone users wait a bit before updating to confirm that there are no adverse affects for jailbreaking and unlocking.

app, apple, iPhone, iPhone 3.0, iPod, iTunes, jailbreak, touch, Unlock

How to Unlock the iPhone 3GS Using PurpleSn0w

Jul 14th

Posted by shadow in Uncategorized

No comments

These are instructions on how to unlock the iPhone 3GS for use with any GSM cellphone carrier using PurpleSn0w. Geohot has posted stating that the purplesn0w unlock should improve issues with wifi, battery, and the unlock itself. If you would prefer to use the iPhone Dev-Teams UltraSn0w unlock you can find those instructions here

Before you can follow these instructions you must have a jailbroken iPhone and you must be on the 04.26.08 baseband(modem firmware). This means that you must be running the 3.0 firmware and have used PwnageTool, RedSn0w, or PurpleRa1n to jailbreak. YOU MUST ALSO (FOR THE TIME BEING) HAVE ACTIVATED YOUR IPHONE WITH AN OFFICIAL APPLE CARRIER. NO HACTIVATION SUPPORT YET.

To find your firmware and modem firmware(baseband) versions you can follow this tutorial. If you are not on baseband version 04.26.08 then you need to follow one of these tutorials before unlocking: Mac, Windows

If you are on T-Mobile or any carrier without 3G remember to turn it off before starting…

Step One
Press to launch Cydia Installer from your SpringBoard.

Step Two
Press to select the Manage tab at the bottom of the screen.

Step Three
Press to select the large Sources button

Step Four
Press the Edit button at the top right of the screen.

Step Five
Press the Add button at the top left of the screen.

Step Six
Enter http://apt.geohot.com/ as the source url and press the Add Source button.

Step Seven
Once the source has been added press the large Return to Cydia button.

Step Eight
Press the Done button at the top right of the screen.

Step Nine
Press to select apt.geohot.com from the list of user entered sources.

Step Ten
Press to select com.geohot.purplesn0w from the list of packages

Step Eleven
Press the Install button at the top right of the screen.

Step Twelve
Press the Confirm button at the top right of the screen.

Step Thirteen
After installation completes successfully press the large Return to Cydia button.

Step Fourteen
Now press the Home button then power off and power on the iPhone. You do this by holding down the power button for 3 seconds then moving the power slider that appears to the right. Press the power button again to turn on the phone.

You should now be able to insert the SIM of your choice!

3g, app, apple, cydia, Dev-Team, firmware, installer, iPhone, iPod, jailbreak, mod, springboard, touch, wifi

GeoHot Explains How the PurpleRa1n Jailbreak Works

Jul 14th

Posted by shadow in Uncategorized

No comments

GeoHot has added an entry to TheiPhoneWiki explaining how his purplera1n iPhone 3GS jailbreak works.

Below you can read the step by step description of what the exploit does…

—–
* purplera1n sends the enter recovery commands using iTunesMobileDevice
* once in recovery(iBoot), it sends the IBoot Environment Variable Overflow exploit
* the exploit adds a “geohot” command to the phone which runs the payload
* the “geohot” command is run, control is now transferred from iboot to the payload
* the purplera1n client is done

Inside payload
* the payload restores the default environment variable ring buffer and saves the environment to nvram(sets auto-boot to true)
* it patches iBoot to load unsigned img3s and not care about the tags
* it loads the purplera1n picture(sent with payload)
* the nor patcher starts
* llb is decrypted, patched, and increased in size to 0×24200. this is the resident 0×24000 Segment Overflow exploit
* a little loader code is put @ 0×20000 in the LLB to load it and fix the stack
* iboot is decrypted, patched
* everything else is read as is
* nor is written back, nor patcher is done
* kernel is loaded, decrypted, and patched
* ramdisk is loaded(sent with payload) and moved to ramdisk region at 0×44000000, patched kernel is tacked on to the end
* patched kernel is booted
* control is now transferred from payload to ramdisk

Inside ramdisk
* launchd is run, all stuff happens here
* /dev/disk0s1 is mounted
* fstab and services are overwritten here to allow disk0s1 writes and afc2 respectively
* Freeze.app is transferred and Freeze.app loader has SUID bit set
* patched kernel is read from end of ramdisk block device and written to filesystem
* ramdisk is done, rebooting…

Reboots as jailbroken phone
—–

3g, app, iPhone, iPod, iTunes, jailbreak, touch

GeoHot vs DevTeam: A new version of PurpleRa1n to deal with Redsn0w with the iPhone 3G?

Jul 12th

Posted by shadow in Uncategorized

No comments

Now everyone will know that the DevTeam GeoHot and are no longer in good terms and in fact shortly after the release of Redsn0w 0.8, the tool to run the jailbreak of Firmawre 3.0, Twitter is consumed on a small discussion between GeoHotHo and copumpkin, one of the members Team.

In particular, the boy purplera1n complained that redsn0w use the same “hole” and the same exploit to run the Jailbreak dell’iPhone 3GS, copumpkin but it ran just saying that the flaw was the same but the exploit completely different and created entirely by them, making it cleaner of his own.

Not trusting, GeoHot asked repeatedly Hash codes (ie the identity) for the files needed to run the exploit and said that was not a good idea to release two programs that use the same “hole”.

The exchange of codes is no longer the case, at least not publicly, but the reason why we decided to tell these past is that GeoHot wrote a new message on Twitter, which highlights a problem with redsn0w perform the Jailbreak dell’iPhone 3G. The same problem has also been reported by our users and here GeoHot plans to release a new version of Purplera1n, can also unlock the iPhone 3G.

The invitation to all users, using Redsn0w, lock the screen, download the files you need to Jailbreak, is to wait for the release of the server, an updated by the DevTeam or the release of the new PurpleRa1n, but could be only a pretext to push the team to fixare the problem as quickly as possible.

3g, iPhone, iPod, jailbreak, touch, twitter

WSJ Profiles the Chronic Dev Team

Jul 9th

Posted by shadow in Uncategorized

No comments

The WSJ has published an article on AriX, Chronic, Geohot and the Chronic Dev Team.

The article focuses on Ari, the 15 year old hacker who originally wrote iJailbreak. It tells the story of how he became interested in hacking the iPhone and how he joined up with Chronic and others to form the Chronic Dev Team.

Earlier this year, Ari and his team tried to hack more efficiently by working with another group — iPhone Dev Team, an invitation-only bunch in their 20s and 30s who have typically been the first to roll out iPhone hacks.

Members of the iPhone Dev Team worried about working in a large group. In part, they were concerned that if information leaked out about the security holes they were probing, others could exploit them first. Or, Apple could plug the holes. In March, the two groups stopped communicating.

The article also notes that GeoHot has been helping the Chronic Dev Team and that they have released the purplera1n jailbreak in spite of the iPhone Dev-Team’s desire to wait for firmware 3.1.

Mr. Hotz, who took a paid internship with Google Inc. in April, joined the hackers in early June. In emails, he says he has done the project on his own time and was happy to help “a bunch of cool guys with a good attitude.”

More than a week ago, both Chronic Dev and iPhone Dev said they figured out how to jailbreak Apple’s new phone. The iPhone Dev Team wanted to wait to release its software so Apple can’t plug the security hole in the device immediately.

But Chronic Dev and Mr. Hotz released theirs as soon as it was ready. “A lot of people bought their phones expecting to jailbreak their phones, and now that we have the capability to do it, we should let them,” Ari says. “A lot of people have thanked us.”

Much more in the article linked below…

Dev Team statement,

Jul 9th

Posted by shadow in Uncategorized

No comments

Last night we released updated versions of our redsn0w jailbreak and ultrasn0w carrier unlock. These versions are now compatible with the iPhone 3GS running at 3.0. Welcome aboard, 3GS owners! (The tools of course remain compatible with all of the other platforms too.) Also last night, saurik released 3GS-compatible versions of MobileSubstrate and WinterBoard, components that enable many different add-ons and themes.
We realize we upset some folks (e.g. existing 3GS owners) with our earlier announcement that we wanted to hold onto the 3GS iBoot-family hole until 3.1 was out. Our aim there was to get as many people as possible onboard (within reason of course) before revealing the hole, since Apple will fix it immediately. But all of that became moot when the purplera1n release was made, since it uses the same hole.
For those of you who already own 3GS phones, the outlook is bright. As long as you have your personalized (signed) dfu/img3 files, you’ll always be able to jailbreak (even if you slip up and install stock Apple firmware in the future). For those of you without 3GS phones, it’s a race against the clock to use this particular hole. There’s nothing we can do about that, but we will always be looking for new holes.
ultrasn0w unlockers — You all must remain particularly vigilant against upgrading your basebands, since doing so will kill the unlock (for most phones, there’s no going backwards in baseband version). Apple has gotten very serious with the latest baseband — they’ve removed 180 (!) commands in an effort to cut down their exposure to holes. So please always stay away from stock Apple IPSWs and instead use our tools as we release them. These tools let you update your firmware without updating your baseband.
Those installing ultrasn0w will probably also need to do a single run of Settings->General->Reset->Reset Network Settings. We’re testing various fixes for that particular glitch.
Once again, thanks to @Oranav for finding the new injection vector that allowed us to transform yellowsn0w for baseband 02.28 into ultrasn0w for baseband 04.26, and for not revealing it to Apple before it could be used where it would be most effective — firmware 3.0.
redsn0w platforms — This is the first redsn0w release that also supports linux! It’s the newest version of the bunch, so any feedback would be appreciated. But right now, redsn0w should work on OS X, Windows, and linux.
How to get the goods:

The redsn0w torrent seeds are all here. Any direct mirroring help would also be appreciated.
The updates to ultrasn0w, MobileSubstrate, and WinterBoard are all handled directly through Cydia (after you’ve jailbroken!)
The Cydia repo for ultrasn0w is http://repo666.ultrasn0w.com (that last o in ultrasn0w is the number 0!)