iPhone and iPod touch v1.1.1 full jailbreak tested, confirmed!
By Ryan Block 
posted October 10th 2007 3:09AM
posted October 10th 2007 3:09AM
- Apple releases iPhone, which was obviously cracked six ways from Sunday.
- Through firmwares 1.0.1 and 1.0.2 Apple does not block these hacks in any way.
- Firmware v1.1.1 is released for iPhone and iPod touch, which completely locks out file system access (and thus 3rd party software).
- Awkward silence from Apple fans and the dev community as everyone ponders how to crack the new file system protections.
- Hackers dinopio, edgan discover the symlink hack, which takes v1.0.2 iPhones up to v1.1.1 with read / write file system access. In other words, the hack only works on v1.0.2 iPhones (not the iPod touch) when being upgraded to v1.1.1, and still doesn't grant the ability to execute loaded programs.
- The next version of dinopio & co.'s symlink hack (which hasn't yet been released to the public) grants the coveted execute privilege (so you can run those 3rd party apps), and enables another hack (by pumpkin) to make the new SpringBoard (the application launcher) recognize the freshly recompiled iPhone apps.
- Hacker Niacin (aka toc2rta) and Dre claim they've managed to combine the symlink hack with a TIFF vulnerability found in the v1.1.1 firmware's mobile Safari, which grants access to the file system. This is the hack we're testing here.
Note: Due to the nature of this hack, it's to be considered ephemeral. Apple needs only to patch the TIFF vulnerability and file system access on v1.1.1 is out, with the touch and iPhone back to their previously not-too-hackable state.
Caveats:
- The release has not at this time been released to the public. Niacin claims that will happen in the near future, possibly later this morning.
- Thus far the hack isn't entirely without issues. We're still trying to determine exactly what's what, but we've lost read and write access unexpectedly. This may or may not be a problem with our machine or device, though, and not necessarily the hack.
- We did not test this method on an iPhone, but technically there should be no difference in the effect. Side note: your v1.1.1 iPhone would, at this time, need to be activated to load the TIFF. (How else are you gonna load it?) This is supposedly being worked on.
==Terminal==
iphuc 0.6.1 with tab completion.
>> By The iPhoneDev Team: nightwatch geohot ixtli warren nall mjc operator
CFRunLoop: Waiting for iPhone.
notification: iPhone attached.
AMDeviceStartService 'com.apple.afc': 0
(iPHUC) /: ls
.
..
Applications
Library
System
bin
cores
dev
etc
mach
private
sbin
tmp
usr
var
(iPHUC) /: putfile ./fstab /etc/fstab [That's the money line! No errors.]
(iPHUC) /: exit
==/Terminal==
Can confirm by way of getfile that the uploaded version sticks.
No problem guys ;o)
Just send your PayPal donations to: imtryingtostealyourdonations@ishouldbeinjail.com
:o)
with the ability to access safari, as shown here: www.hackint0sh.org/forum/showthread.php?t=10378 I don't see why this wouldn't be possible on an OTB 1.1.1 unactivated phone.
Whatever happened to hacking behind the scenes? There seems to be just too much information and detail being exposed. "We did this, then exploited that, then we had a problem with this, then we found a way around it by doing this, etc..." I miss the mystery and it seems all these nice outlines of procedures and specifics, with a nice peppering of hacker names, makes a nice read for Apple. Why make their jobs so easy? Can this work really not be done behind the scenes and just release the results, not the details, and let them figure it out themselves? Wouldn't this be to our benefit?
By the way, congratulations and thanks to all who contribute to these advances!
Exactly. I wondered about this myself - I find it pretty dumb, so dumb that it's painful to look at. I mean, you're hacking and telling the author how you're doing it, making it dead easy for them to fix it. Hackers are in it for fame so it doesn't matter to them if their hack is closed up in another update - but the journalists (Engadget?) should definitely care about implications. You can reveal the exact details several months down the road when it's irrelevant for current users but still valuable info for people interested in the subject. Yes, security through security doesn't work well, but it works well enough to give an extra week or two to shelf life of the hack - so that poor users can actually spend more time using the gadget than searching and waiting for (yet) another hack.
Perhaps the blogger should be fired or at least disciplined if his next post is whining about 1.2 closing up the "tiff exploit"?
Ray- If you read the original post, there have been contributions by many different people/groups, probably all over the world. The only way this jailbreak can be put together is if different peoples' discoveries are made public, so people can build on each others' work.
Sorta like that whole open source thing...
Who fucking cares? I don't have a proprietary garbage device like this.
Question for you all:
I bought a unlocked iphone out here in Bombay India- they are selling everywhere!
I put to many dam apps on it and i want to start fresh again. I want to reset to factory settings. Now..becoz i did not do the unlocking..i don't want to have to take it back again to the store..Will restoring factory settings bring the phone back to a locked att&t only phone? or can i carry on as usualy!!????
• Reboot iPhone holding the top button (power) and the home buttons.
• Release the top button 10 seconds after that, right after the screen goes dark. But keep the home (bottom) pressed for a while.
• The iPhone screen will appear to be off. Now start iTunes manually.
• iTunes will tell you it has found an iPhone in "restore mode."
• Press option key and then click the restore button.
• Select the 1.0.2 firmware .ipsw file from here:
• Shutdown iTunes.
• Launch the latest iNDpendence (Mac-only for now.)
• Activate the phone
So there is a working iPhone exploit in the wild?
Somewhere, Sony (especially its PSP team) are just laughing uncontrollably.
iPhoneAlley is reporting and giving away how to upgrade and hack your iPhone! They said, do not do it if you have UNLOCKED YOUR iPHONE, do not have a LEGIT ATT account, and do not know WHAT you are doing. Also, you must have a Mac.
Sorry Windows kids.
windows kids are all happy with their fully functional WindowsMobile
Whoever said OS X was malfunctioning?? I am just referring to the fact that 1.1.1 is only hackable by OS X on a Mac at the moment. I was never complaining about WindowsMobile. You completely took my comment the wrong way.
Well everyone has been talking about this jail break for the past few days and it is good news but I guess only for those who have broken out of jail before (meaning have experience with 3rd party apps installation) until the easier guide comes the rest of us will have to wait and stick to our ipod / iphone music and movie downloads which I use http://www.ipodtunesdownloads.com they have great service
Look. Apple wins in the end. Stop the hacking (but keep begging apple for a valid SIM unlock).
May I suggest all of these talented people focus their skills on creating kick ass web applications? Instead of hacks that will get shut down in 0.0.1 updates??
Really talented developers make applications that have slick interfaces, and provide a simple solution to a task/problem. (examples: iPhone.Facebook or BeeJive).
Putting a hack on an iPhone to run 3rd party native apps is pointless...because I can say that none of the native apps developed thus far are impressive. The only thing you can do with it, is show someone "hey look I have 3rd party apps on my iphone" to which they respond "it'll be a paperweight in two weeks."
Cheers,
Happy unhacked, unmodded, iPhone 1.1.1 user.
Lighttpd lets me run a web server on my phone. OpenSSH provides me a way to upload PDF's to my iPhone, and I can then view those PDF's in Safari. This method is MUCH cleaner than the data URI hack.
MobileTextEdit lets me take edit my own text files as needed. I use this for notes, and I use the "Notes" application for a ToDo list.
Having terminal (along with OpenSSH) lets me SSH into my servers from anywhere. Thus, I can get to my server whenever needed, and I can backup my calendar, notes, text files, contacts, and other data via a BASH script which I run through the TAPP app (I could possibly use Cron, too).
Apollo lets me chat with people if needed (IRC apps are also available).
SpringBoard lets me rearrange icons in the Home menu.
weDict provides me with multiple dictionaries and thesauruses.
vrecord lets me do voice recordings whenever needed (voice notes, lectures, ...).
I find these things useful.
I use T-Mobile, and I do not have a data plan. I'd say these third-party apps are necessary as much of the time I have no access to the Internet.
Just because you may not find uses in third-party apps does not mean other people do not.
Need to revise what I said...I obviously can't get to my servers or chat with people when not at a hotspot, but when I am at one, it's nice and useful to have those apps.
Also, when I AM at a hotspot, most of the time they are insecure. With SSH, I can tunnel into my proxy server and browse securely.
Lastly, when updating the firmware, notes from the Notes app are NOT synced -- you lose them all. With a basic BASH script I can back these up easily, every day.
its out!!
http://www.toc2rta.com/?q=node/22
What about unlocking 1.1.1??- Will that be possible in the near future too or is everyone just concerned about 3rd party apps??
"it's all fun and games until someone gets hurt" - your mom
no really, executing root code through a corrupt image is a pretty severe security flaw and is gonna be patched up pretty damn quickly.
I used the hack, now i cannot plug-in my ipod to itunes as it says it's in restore mode and i cannot change that! WTF!
Here's an idea (may or may not work)
carpe diem (sieze the day) and, while you can, write a 3rd party app for the iPod Touch that opens the file system (basically just put a permanent copy of the code you executed in the buffer overflow on the Touch's apps list) then if the next upgrades don't remove these apps (that's why it might not work) then you still can run the same code even though they'll fix the TIFF image buffer overflow problem that originally let you run it.
Tell me if you think of any obvious objections to this
pleas tell people that once you do the first step in the hack process (to visit the exploit URL) you must go till the end, or reflash your iPod to factory firmware.
i have found a new way to actually edit every single file within the ipod touch. if you go to Installer-->Productivity-->MobileFinder after you install MobileFinder you are able to access all the files. It will allow you to change virtually everything about your Ipod or IPhone. Ipod and Iphone must be jailbreaked of course.
Where can i get the 1.1.1 firmware for ipod touch??
this corrupt tiff image bullshit is old its not new it was released for the psp years ago, and by installing this shit your just makin your wifi system more vunrareble(sp) laugh it somthin was coded in so hackers and not SCRIPT KIDDIES can access yoru calls and private date, not to mention make calls from your sim details that they access'd beacuse you gave your iphone mroe exploits, one word, dumbass's
Get your iphone unlocked or upgrade it to the latest version
UNLOCK WITHOUT OPENING THE PHONE, SO DONT WORRY
Upgrades of iPhones and any iPhone Repairs done too
If anyones interested, please email me cuteprick@hotmail.com or call me...
Come with your iPhone & i'll unlock it within 15mins.
CALL ME ON 9820541041
AM LOCATED IN MUMBAI