How to Hack your iPhone

[Kaido]

Warning: Use this guide at your own risk. If you screw up your iPhone forever, it's your fault. If you're not willing to take that risk, don't follow this guide.

Post #1 - Jailbreaking Procedure
Post #2 - Preppring for IPA Installation
Post #3 - Detailed Checklist of Jailbreaking & Prepping for IPA Installation

This guide teaches you how to hack your iPhone. This is usually done for 2 purposes:

1. Unlock to use on another network (currently 1st Gen only)
2. Run hacked apps

Unlocking your iPhone allows you to use your iPhone on another network such as T-Mobile. Currently the 2nd Gen "3G" iPhone has not been hacked for unlocking to use on other networks, but the 1st Gen "EDGE" iPhone can be. This guide focuses on how to hack your iPhone to use third-party apps. You can run 3 kinds of apps with a jailbroken iPhone:

1. Installer.app apps
2. Cydia apps
2. Hacked AppStore apps

Installer.app was the original iPhone program for installing third-party applications. Cydia came out later and was released to improve upon Installer.app, as well as to be open-source. Currently both are supported and have many, many apps. You can also add more respositories (lists of apps with links to download) to both programs. In addition, you can installed hacked apps from the AppStore (IPA files). Regarding the legality of hacking an iPhone:

1. From what I understand, technically under the DMCA you are allowed to unlock your cell phone for use on any chosen network. Here's a quick-and-dirty explanation from Engadget.
2. AFAIK, it violates Apple's EULA to hack the iPhone. However, you paid for it, and you own it, therefore you can do whatever you want with it. Apple has never publicly taken anyone to court over hacking an iPhone.
2. Installing a hacked AppStore app is illegal, obviously. I can see the point of downloading it as a "try before you buy" type of thing, but it's still illegal.

So: (1) you're own on your own if you break your iPhone and (2) you're on your own as far as the legal issues go. This is purely for informational purposes.

What do I need?

You need 4 things:

1. Mac computer running Leopard and iTunes 8
2. Pwnagetool for Mac (link)
3. Appropriate BIN files (bl39.bin and bl46.bin - link)
4. Appropriate Firmware for your iPhone (1st Gen "EDGE" or 2nd Gen "3G")

How to Jailbreak your iPhone:

1. Download all of the software into a folder on your desktop called "iPhone" or something
2. Update your iPhone to the 2.1 Firmware if you haven't already
3. Open Pwnagetool and follow the steps; it should find both BIN files on your desktop, but if it doesn't just manually find them in the folder you created on your desktop. Follow the rest of the instructions for creating a custom firmware.
4. Restore the custom firmware using iTunes 8 by Alt-Clicking on the Restore Firmware button.

It's pretty easy...basically Pwnagetool takes your existing iPhone 2.1 firmware that is installed on your phone and extracts it, modifies it, and creates a custom-modded firmware, which you then restore to your iPhone using iTunes. Once installed, Installer.app and Cydia are installed, meaning you can download tons of great apps. Be sure to install Community Sources in both Installer.app and Cydia (use the Search feature in each app) to get tons of app listings. Regarding installing AppStore apps, read this if you want to learn how to do it. Or use my guide in the next post for a more up-to-date (and easier) method.

Want to restore your iPhone to it's original, un-jailbroken state? Simply restore the 2.1 firmware from Apple - it will wipe out the jailbroken firmware and apps like magic! Open iTunes, Alt-Click the Restore Firmware button, and select the 2.1 firmware. You can also just download it straight in iTunes. Make sure you sync all of your contacts and everything beforehand!

 

[Kaido]

How to prep your iPhone to run IPA files: (hacked AppStore apps)

Follow this guide after running Pwnagetool (instructions above).

Setup the cracked MobileInstallation file:

1. Install OpenSSH from Cydia on your iPhone (use the Search feature to find it) then restart your iPhone (make sure you have all the latest Cydia updates too!)
2. Find your IP address (iPhone > Settings > Wifi > Name of your Network > IP Address)
3. Set your iPhone to "Never Lock" (iPhone > Settings > General > Auto-Lock > Never) * This is so that your iPhone stays on while SSHing into it
4. Using Cyberduck, go to File > Open Connection and type in the following:

Protocol: SFTP (SSH File Transfer Protocol)
Server: 192.168.1.106 (or whatever your IP)
Username: root
Password: alpine

Click "Always" (or "Allow") for the Unknown host key. You may have to reconnect multiple times to get it to take (took me 3 times).

5. This takes to you /private/var/root. Click on the directory button and go to the root directory, /, then navigate to /System/Library/PrivateFrameworks/MobileInstallation.framework * The .framework is not a file but a folder - double-click to go into it!
6. Rename "MobileInstallation" to "MobileInstallation.bak"
7. Copy the "MobileInstallation" file you downloaded earlier to the same folder (the MobileInstallation.framework folder)
8. Right-click on the "MobileInstallation" file you just copied over and click "Info", then set permissions to 775 (NOT 755 and NOT 777!) then click Apply (again that's 775)
9. Reset the Auto-Lock to 1-minute or whatever your default was
10. Reset your iPhone

Setup the IPA system:

1. Download any App from the AppStore (just get a freebie, you can delete it later)
2. Sync your iPhone to your Mac
3. Reboot your iPhone again

Install IPA files:

1. Double-click any .IPA file and it will automatically be added to your iTunes Application Library
2. Sync the app to your iPhone

 

[Kaido]

Detailed Installation Checklist:

[ ] Download iTunes 8 on your Mac
[ ] Download Pwnagetool for Mac
[ ] Download bl39.bin file
[ ] Download bl46.bin
[ ] Download iPhone 2.1 Firmware (EDGE or 3G)
[ ] Download Cyberduck
[ ] Run Pwnagetool
[ ] Select your iPhone model
[ ] Select your iPhone Firmware
[ ] Select BIN files from folder (should find automatically though)
[ ] Wait for Pwnagetool to create custom Firmware (placed on desktop when done)
[ ] Restore customized iPhone firmware (Alt-Click Restore button and select Custom Restore firmware on desktop)
[ ] Download all updates for Installer.app and Cydia
[ ] Download Community Sources for Installer.app and Cydia (use the Search feature)
[ ] Install OpenSSH from Cydia (use the Search feature)
[ ] Reboot your iPhone
[ ] Find your iPhone IP Address (Settings > Wifi > "Network Name" > IP Address)
[ ] Set your iPhone to "Never Lock" (Settings > General > Auto-Lock > Never)
[ ] In Cyberduck, do File > Open and type in the following: "Protocol: SFTP (SSH File Transfer Protocol", "Server: 192.168.1.106 (or whatever your IP is)", "Username: root", "Password: alpine"
[ ] Click "Always" (or "Allow) for the Unknown Host Key (this may take multiple tries)
[ ] It takes you to the "/private/var/root" directory; change it to the root directory "/"
[ ] Navigate to "/System/Library/PrivateFrameworks/MobileInstallation.framework" (note that MobileInstallation.framework is a folder)
[ ] Rename the "MobileInstallation" file to "MobileInstallation.bak"
[ ] Copy the "MobileInstallation" file you downloaded earlier to the same folder (the "MobileInstallation.framework" folder)
[ ] Right-click the "MobileInstallation" file you just uploaded, click "Info", and set the permissions to 775 (not 755 or 777) and click Apple
[ ] On your iPhone, reset the Auto-Lock to 1-Minute (or whatever your default setting is)
[ ] Reboot your iPhone
[ ] Download any App from the AppStore (free is fine, you can delete it later)
[ ] Sync your iPhone to your Mac
[ ] Reboot your iPhone
[ ] Double-click any .IPA file (it will be automatically added to your iTunes Application Library)
[ ] Sync the app to your iPhone

 

[GhettoFob]

Awesome, thanks! This deserves a sticky.

 

[Tyranicus]

Wow. I just did this the other week, and I didn't realize I did so many steps until you wrote them out like that.

 

[Kaido]

Originally posted by: Tyranicus
Wow. I just did this the other week, and I didn't realize I did so many steps until you wrote them out like that.

Yeah I re-did it for the 2.1 firmware update and missed a couple steps, had to go back and look things up, so I figured I'd write it down for the future...then figured I might as well post it

 

[Kaido]

More concise guide here:

http://www.scribd.com/doc/6355...one-Jailbreaking-Guide

 

[JC86]

What if you have a PC?

 

[Kaido]

Originally posted by: JC86
What if you have a PC?

They have QuickPwn out for Windows:

http://blog.iphone-dev.org/pos...ond-we-have-a-pwnapple

Also, you cannot currently unlock a 3G iPhone and you can't jailbreak a 2G iPod Touch on either Mac or Windows.

 

[JC86]

Thanx Kaido, unlocking my 2g iPhone right now . . .

 

[Blurry]

Excellent guide - kudos to Kaido.

-Kaido - is it possible to hack the iPhone (1G) so that it won't be charged for the "mandatory" data plan on ATT?

 

[EvilYoda]

I might be jailbreaking my 3G this weekend - how is file transfer handled with jailbroken phones? I can't stand iTunes would much prefer a more straightforward way of handling my music.

 

[Kaido]

Originally posted by: Blurry
Excellent guide - kudos to Kaido.

-Kaido - is it possible to hack the iPhone (1G) so that it won't be charged for the "mandatory" data plan on ATT?

Well, you can unlock the 1G iPhone and then use whatever plan you want, I think that includes Pay-as-you-go. But I think there are a lot of features that work over the data plan, so you might end up running up a pretty good bill. Google has a lot of hits for this, here's one for some reading:

http://www.tidbits.com/Talk/1545

 

[Kaido]

Originally posted by: EvilYoda
I might be jailbreaking my 3G this weekend - how is file transfer handled with jailbroken phones? I can't stand iTunes would much prefer a more straightforward way of handling my music.

Well you can SSH into it (just use SFTP in Cyberduck), so maybe you can just drag and drop.

 

[EvilYoda]

Hmph...would the iPhone be able to find and recognize the files? I don't think I'll have time anymore, since I'm doing a lot of cleaning before I have to fly in the morning, but soon I'll jailbreak it.

 

[goldstonesoft]

If you want to use the tool,you should pay for it. [link deleted] is very useful tools for converting some kinds of formats.

---

Later. Buh bye.

Harvey
Senior AnandTech Moderator

 

[Kaido]

Originally posted by: goldstonesoft
If you want to use the tool,you should pay for it. [link deleted] is very useful tools for converting some kinds of formats.

I COMMAND YOU BE GONE SPAMMER!! :| TAKE THY FOUL SPAMMING WAYS BACK TO THE PIT OF DESPAIR WHERE YE WERE BORN! AND A POCKMARK ON YOUR CHILDREN!

 

[ViviTheMage]

You make it so complicate Kaido!


Just use quickpwn for window !

 

[Kaido]

Originally posted by: ViviTheMage
You make it so complicate Kaido!


Just use quickpwn for window !

You still have to do the IPA stuff if you want IPA's, plus Pwnagetool lets you unlock as well as jailbreak. And I've heard mixed reviews of Quickpwn...doesn't seem to work for everybody. But yeah for short and sweet it's great :thumbsup:

 

[ric1287]

so if i jailbreak my 3g iphone from ebay, I can just pop my ATT sim card in and it will work correct?

 

[Kaido]

Originally posted by: ric1287
so if i jailbreak my 3g iphone from ebay, I can just pop my ATT sim card in and it will work correct?

Those two things have nothing to do with each other. Also, I believe (but don't quote me on this) you need a special iPhone SIM card for the iPhone. The iPhone SIM card works in other phones, but other SIM cards don't work in the iPhone (at least for the EDGE model iirc). Just run on down to your local AT&T Store and get a new iPhone SIM card (or call and ask if you need to with the 3G model).

 

[ric1287]

Originally posted by: Kaido

Originally posted by: ric1287
so if i jailbreak my 3g iphone from ebay, I can just pop my ATT sim card in and it will work correct?

Those two things have nothing to do with each other. Also, I believe (but don't quote me on this) you need a special iPhone SIM card for the iPhone. The iPhone SIM card works in other phones, but other SIM cards don't work in the iPhone (at least for the EDGE model iirc). Just run on down to your local AT&T Store and get a new iPhone SIM card (or call and ask if you need to with the 3G model).

well doing that would mean signing a contract with them again, which I don't want to do. Jailbreaking the old iphone meant not having to activate it through itunes and sign contracts.

Is winpwn the best app for JB the 3g?

 

[Kaido]

Originally posted by: ric1287

Originally posted by: Kaido

Originally posted by: ric1287
so if i jailbreak my 3g iphone from ebay, I can just pop my ATT sim card in and it will work correct?

Those two things have nothing to do with each other. Also, I believe (but don't quote me on this) you need a special iPhone SIM card for the iPhone. The iPhone SIM card works in other phones, but other SIM cards don't work in the iPhone (at least for the EDGE model iirc). Just run on down to your local AT&T Store and get a new iPhone SIM card (or call and ask if you need to with the 3G model).

well doing that would mean signing a contract with them again, which I don't want to do. Jailbreaking the old iphone meant not having to activate it through itunes and sign contracts.

Is winpwn the best app for JB the 3g?

Hmm, I'm not sure if the current Pwnagetool/Quickpwn tool will do that. The 3G iPhone has not been unlocked for other carriers yet. But I remember reading something about setting it up for pay-as-you-go or something.

How exactly do you want to use it? You have a current contract for a different phone and you want to use that SIM/plan for your iPhone?

 

[ric1287]

Originally posted by: Kaido

Originally posted by: ric1287

Originally posted by: Kaido

Originally posted by: ric1287
so if i jailbreak my 3g iphone from ebay, I can just pop my ATT sim card in and it will work correct?

Those two things have nothing to do with each other. Also, I believe (but don't quote me on this) you need a special iPhone SIM card for the iPhone. The iPhone SIM card works in other phones, but other SIM cards don't work in the iPhone (at least for the EDGE model iirc). Just run on down to your local AT&T Store and get a new iPhone SIM card (or call and ask if you need to with the 3G model).

well doing that would mean signing a contract with them again, which I don't want to do. Jailbreaking the old iphone meant not having to activate it through itunes and sign contracts.

Is winpwn the best app for JB the 3g?

Hmm, I'm not sure if the current Pwnagetool/Quickpwn tool will do that. The 3G iPhone has not been unlocked for other carriers yet. But I remember reading something about setting it up for pay-as-you-go or something.

How exactly do you want to use it? You have a current contract for a different phone and you want to use that SIM/plan for your iPhone?

Yeah I currently have ATT, but am not eligble for an upgrade until July. On the 1st gen I was able to circumvent the activation process (before unlocking was out) and it worked fine by dropping my ATT sim in. I just wanted to verify which app is the best for JB the 3g.

 

[ric1287]

Well it worked I guess it came jailbroke, so I just popped my SIM in and restored and all systems go.

Now I just need a case....