Jailbreak iPhone, iPod Touch, iPad

There is a big a security hole in iPhone iOS. The device is insecure in a big and obvious way. You should be extremely careful of what sites you visit.

The FlateDecode vulnerability can be used when a PDF File is embedded within a Web page. Basically Safari tries to parse the PDF. And when it does it executes some code. Hackers can use this exploit to read and write iPhone data, get your contacts, sms, even delete something. So they can get all kinds to access your personal information stored on your iOS device.

Apple will fix it some day. Until then you need to take care of your iPhone security. There is a fix for that. It is available via Cydia for jailbroken devices. So you need to jailbreak in order to secure (funny isn’t it?).

Will Strafach has released the fix as a Cydia-based package called “PDF Loading Warner.” Simply download and install the package. Every time Mobile Safari attempts to download and parse a PDF you will get the following message:

Now you can control, where to accept PDF (as not all of them are made by hackers) and where to select cancel.

FaceTime feature gives users the possibility to make  voice calls. Apple restricted this feature to Wi-Fi only. Today it became possible to use it over 3G!

Setup Instructions:

1. Jailbreak your iPhone 4 via www.jailbreakme.com.
2. Download and upgrade to the latest Cydia package.
3. Open Cydia, Go to Manage then Sources.
4. Click Sources, Edit then add: http://apt.modmyi.com
5. Search for “My3G” — download, and install it. It costs $2.79. My3G makes Apps believe that they are on WiFi instead of 3G.
6. Go through the Rock setup process with a username and password. Open My3G and leave all settings on the default.
7. FaceTime should now work over 3G! — Make sure to “Forget” the WiFi network you are on (via iOS settings) if you want to test it.

We haven’t seen any difference between the 3G FaceTime call and a WiFi FaceTime call. The quality is very good.

Here’s a video demo:

Many users reported that the first version of JailbreakMe broke the FaceTime and MMS features. The DevTeam fixed the bug.

New JailbreakMe users should simply proceed normally. The new version will not remove FaceTime or MMS from the iPhone.

Users who already installed JailbreakMe can get an easy fix. They should simply run Cydia and upgrade to the latest software.

Jay Freeman, better known as Saurik, the creator of Cydia, was interviewed by the home radio Make It Work. He speaks about the history and the future of the iPhone jailbreak.

Saurik describes the origins of Jailbreak and Unlock for the very first model of the iPhone. Jay explains that initially there were two important things to do with the iPhone 2G -- to use other carrier than AT&T and to install any application.

He continues discussing the main applications from Cydia. Cycorder was the first to allow video recording, and Winterboard was the only one that allowed users to change the graphical interface of the iPhone. He also speaks about Comex, the hacker who is currently working with the Dev Team for releasing and Unlock for the iPhone 4. According to Saurik the tool is still not ready to be released to the public due to severe bugs in the code. Here the second part:

There is no official jailbreak utility for iOS 4.0.1. However you can still jailbreak and unlock iPhone 3G. Just do the following:

• Download the latest RedSn0w 0.9.5-b5 in our utilities page here.
• Download firmware images for iOS 4.0 here.
• Run RedSn0w and point it at the 4.0 IPSW. (Yes – point it at the 4.0 IPSW even though you’re at 4.0.1). This will also hacktivate your iPhone3G at 4.0.1 if you haven’t already been activated by iTunes.
• Install ultrasn0w in Cydia (add repository http://repo666.ultrasn0w.com) if you need a carrier unlock (and in the USA, remember to turn off 3G mode in Settings→General→Network).

DevTeam updated iOS 4 jailbreak utility redsn0w to version 0.9.5b5-5. That should fix any APN or MMS issues that users were seeing. It’s safe to re-run it on an already jailbroken iPhone without restoring. Just deselect “Install Cydia” if you do that.

Supported devices are still only iPhone3G and iPod Touch 2G (not MC)

You can download the latest version here.

Good news from DevTeam. They just announced via twitter that unlock for firmwares 3.1.3 and 4.0 is ready:

RT @MuscleNerd: ultrasn0w tips: 1) Works for all basebands since 3.0 FW 2) Remember to disable 3G on T-Mobile USA

ultrasn0w 0.93 released! Cydia repo is repo666.ultrasn0w.com. Works with basebands 04.26.08 thru 05.13.04

This means, that all users with basebands 04.26.08, 05.11.07, 05.12.01 and 05.13.04 can use ultrasn0w 0.93.

There is no jailbreak for just released iOS4, so you need to wait a bit. Firmware 3.1.3 who need unlock can update ultrasn0w and use their iPhones with any carrier.

Last week Apple has released its iPhone Os 4.0 beta 4 and redsn0w is finally updated to support this as well as beta 1. New version of jailbreak is 0.9.5.b4 and it can be applied on iPhone 3G only(!).

Redsn0w 0.9.5.b4 is targeted at developers who make jailbroken apps, and will not work if you are already using blacksn0w, ultrasn0w or yellowsn0w.

iPhone Dev-Team warns:

“You should stay clear of this beta software if you rely on a carrier unlock.”

To use the jailbreak, follow the guide below:

1. Download redsn0w 0.9.5.b4 here. (Only Mac OS X version since app are developed on this OS).
2. Make sure you have already activated your iPhone 3G with iTunes and your own developer ID.
3. Launch the jailbreak.
4. Select your stock iPhone1,2_4.0_8A274b_Restore.ipsw (beta4) or iPhone1,2_4.0_8A230m_Restore.ipsw (beta1) file that you used to update your firmware.
5. Choose “Install Cydia” and then click “Next”. Use DFU mode to install the redsn0w.
6. When your iPhone 3G comes back up, you will notice Cydia has a blank white icon. It also has no sources so you should go to the Sources panel and add this repo: http://apt.saurik.com/cydia-3.7 (make sure you are connected to the Internet before). When Cydia restarts, you should see its real logo now, and the standard sources should be ready to use.

The first release of Spirit had a bug that accidently could delete all of your photos from the device that was jailbroken. If you have a backup which you made before jailbreaking your iPhone/iPod Touch/iPad, here is a quick guide how to recover deleted photos.

1. Open Cydia and search for “OpenSSH” and then install it. Reboot your device.

2. Download and then install iPhone Backup Extractor.

• Windows 32-bit version
• Windows 64-bit version
• Mac OS X version

3. Run iPhone BackUp Extractor. Select your last backup (that was made before jailbreak)

4. Navigate to Media/Media and select DCIM folder. Click “Next” and program will save the files locally.

5. Download and then istall WinSCP for Windows or Cyberduck for Mac . Open it and enter the following data to login to your device.

WinSCP for Windows

• Hostname: The IP address of your device. (Settings –> WiFi –> <Your Network Name>)
• Protocol: SCP
• User name: root
• Password: alpine

Cyberduck for Mac OS X

• Server: The IP address of your device. (Settings –> WiFi –> <Your Network Name>)
• Protocol: SFTP
• Username: root
• Password: alpine

6. Go to /User/Media directory and then copy over the DCIM folder.

7. Reboot your device.

After that you’ll have all your backuped photos back.

iPad USB Camera Connection Kit is much more useful as it seems. Max Sha, an experienced user, was able to access external hard drive with this kit. All you need is a jailbroken iPad, an external drive, a split-USB cable to give the drive some power and a terminal of some sort (f.e. MacBook) to mount the external storage. While it is a little unwieldy, it shows that Terabytes of external storage for iPad is possible.

Here is a complete step-by-step guide from Max Sha:

For starters, you will need to do the following:

1. Have an external hard drive formatted to either HFS or FAT32. NOTE: All data will be erased!

2. Perform the Spirit Jailbreak.

3. In Cydia, install iFile ($4.00 for full version, but there is also a free trial) and OpenSSH (free)

4. As well, install the “Nano” terminal text edit from Cydia.

5. For this particular example Max used GoodReader app for iPad ($0.99).

Now you can begin the process of mounting your hard drive. You will need external power for the drive. If you have an external drive with power (one that has a USB port and an external power supply) you won’t need to worry about this. If you have external drive with just an USB cord you will need a split USB cord.

1. Open “Settings” on your iPad to find your IP address (make sure you’re on the same network as your iPad).

2. Open Terminal, on your Mac (/Applications/Utilities/Terminal.app). On Windows you can use Putty.

3. At the prompt, SSH into your iPad with the IP address you found in the “Settings” app (make sure OpenSSH is installed!), with the following:

ssh root@[iPad IP address]

For you first time users, the password for your root account will be “alpine”. NOTE: Please change your password ASAP. To do this, once you’ve logged in VIA Terminal, type the following into the command prompt:

passwd root

You will then be prompted for a new password. Please do the same for your “mobile” user as well, by doing the following:

passwd mobile

4. Now, type the following, in Terminal:

mkdir /Volumes
mkdir /Volumes/EXT
ln -s /Volumes/EXT /var/mobile/EXT
nano /var/stash/Applications.xxxxxx/iFile.app/Info.plist (“xxxxxx” is a series of numbers after “Applications”. If you type “/var/stash/Applications” and hit the “Tab” key, it will fill in the rest for you).

5. The nano text editor will now open. Please add the following lines below the first “<dict>”, in the document (this makes iFile look much better on the iPad):

<key>UIDeviceFamily</key>
<array>
<integer>1</integer>
<integer>2</integer>
</array>

6. Then hit “Ctrl+x”. Followed by “Y”, and then “Enter”. This will save the changes that you made.

7. Now, reboot your iPad. You will notice that your SSH connection will have closed, in Terminal. Re-open terminal, when the iPad reboots, and follow steps 1-3 (without reseting the passwords again).

8. Open iFile, and go into the settings. It is recommended to have the settings set as shown below. The most important is enabling “Application Names”. Hit “Done”. Close out of iFile by hitting the Home button. Restart iFile.

9. In iFile, navigate to “/Volumes/”. Then, select the “Edit” button, in the top right.

10. Check the circle next to the “EXT” folder you created in “Step 4″.

11. Click the “Box with an arrow”, in the bottom right. In the dialogue box that opens, select “Copy/Link”.

12. In iFile, Navigate to “var/mobile/Applications/”. You should now see the names of applications above the actual folder names. Navigate to the “GoodReader” folder, then the “Documents” folder.

13. Click the “Edit” button again. And then click the “Box with an arrow”, in the bottom right. Click the “Create Link” button. You should now see the “EXT” folder. Hit “Done” in the upper right.

14. Now, connect your iPad Camera Connection Kit.

15. Take your hard drive and plug the secondary port into a power supply (in this case, Macbook Pro). Then, plug the main USB port into the iPad. You may see a message similar to “Insufficient power to mount this drive” error message on the iPad. With an external power supply, it should be much more convenient. NOTE: You MUST plug in the external power supply first, or else the iPad will not mount the drive.

16. Now, lets go back to terminal. Type:

ls /dev

What you’re looking for here is the file “disk1s1″. If that does not show up, try steps 15-16 again. If you see “disk1s1″, proceed to step 17.

17. For a FAT32 formatted drive, type the following, into terminal:

mount -t msdos /dev/disk1s1 /Volumes/EXT

It will take a few seconds, and then return you to the command prompt. For an HFS drive, type the following:

mount -t HFS /dev/disk1s1 /Volumes/EXT

18. You are now good to go! You can now access the files in either iFile, or GoodReader. As an example of how to manipulate the files, watch the video below.

19. To unmount the drive, type the following, in Terminal:

umount /dev/disk1s1

20. That’s all!

Here is a video demonstration:

Many thanks to Max Sha!