Jailbreak iPhone, iPod Touch, iPad

iPhone Dev-Team released RedSn0w 0.9.9b9 with full iOS 5.0.1 support (no need to point to iOS 5.0 any more). New version also features support for SHSH and APTickets:

• native support for 5.0.1 (no need to point redsn0w at 5.0 IPSW or use command-line args).  Support automatically extends to all of redsn0w’s various functions: “Jailbreak”, “Just boot”, “Fetch blobs”, “Stitch blobs”, “Recovery Fix”
• iBooks fixed in 5.0 and 5.0.1.  This is a targeted fix that doesn’t remove entire sandbox mechanism.  5.x users already using redsn0w “Just Boot” can just use the new version without redoing entire jailbreak again
• 3GS old-bootrom owners can now create custom IPSWs without blobs
• ultrasn0w compatability update (i.e. same baseband requirements) for 5.0.1 will be available on Cydia Monday
• support for newer 8GB iPhone4 (which until now had problems with “Fetch blobs”).  Thanks to @JKjeepnJeff for loaning us one of these newer i4 units for testing!
• allows Windows users (not just OS X users) to use the “Custom” button to create IPSWs without baseband updates.  (Update: please wait for 0.9.9b9b for this!)
• accommodates APTickets in 5.x (until next Apple countermove).  APTickets are crypto-verified before submitting to Cydia, just like the main blobs.  Cydia server support for sending back the APTickets is upcoming.  For now, use stitched IPSWs for 5.x.  Due to APTickets, stitched 5.x IPSWs now require user to start in “Pwned DFU” mode
• Support added for stitching 4.x blobs to iPad2-GSM IPSWs.  Similar to @notcom’s TinyCFW but doesn’t require lots of RAM or a TSS-assisted restore. Won’t work for iPad2 5.x blobs (or iPhone4S at all) until a bootrom-level exploit is out
• top line now shows whether (and where) a redsn0w update is available, or if the version being run is the latest.  Uses DNS TXT record to alleviate any concerns about snooping
• no 5.1 beta support at this time (major apps like Cydia are not yet compatible)
• @pod2g has been doing a great job porting his 5.x untether…check his blog for updates!
• Owners of newer 3GS iPhones must not flash the iPad baseband.  The iPad baseband will not work on 3GS iPhones built later than 2011 week 35.  You have a week 35 or later device if your serial # starts with xx135.

Update #17b: Version 0.9.9b9b enables the “Custom” button for Windows users, and make the 3GS week 35 warning a more explicit part of the process.

You can download RedSn0w 0.9.9b9b here.

UPDATE: redsn0w updated to redsn0w 0.9.9b9d.

The iPhone Dev-Team has updated RedSn0w with support for jailbreaking iOS 5.0.1 beta which was recently released for iOS developers.

RedSn0w 0.9.9b8 recognizes 5.0.1 beta and you don’t have to “point at 5.0 IPSW” any more. Since the IPSW isn’t public, you’ll still need to provide it once to redsn0w (Extra -> Select IPSW).

Mac users can also create custom firmware and preserve baseband for unlock. However ultrasn0w doesn’t get updated for betas yet.

This is still a tethered jailbreak for all except old-bootrom 3GS users.

You can download RedSn0w from here.

UPDATE: to jailbreak ioS 5.0.1 beta 2, just point to iOS 5 or iOS 5.0.1 IPSW

The iPhone Dev-Team released jailbreak utility RedSn0w 0.9.9b6 for both Windows and Mac users. The new version offers full iOS 5 jailbreak support for Windows and fixes Location Services issue for iPhone 3GS devices running the 06.15 baseband. This is still a tethered jailbreak for iPhone 4, iPhone 3GS, iPad 1, iPod Touch 3G and iPod Touch 4G:

We’ve released version 0.9.9b6 of redsn0w, with both a functional fix and cosmetic fix for iOS5 jailbreakers. For iPhone3GS owners with the 06.15 baseband, this redsn0w eliminates the network crash you saw when using Location Services in iOS5 (in fact, you don’t even need to disable Location Services anymore during the initial setup). The cosmetic fix is to the visual countdown you see when going into DFU mode.

It’s okay to re-run this redsn0w over an existing device jailbroken at iOS5. Just choose “Jailbreak” again and de-select Cydia (in other words, all the checkboxes will be unchecked). If you are lucky enough to have an old-bootrom iPhone3GS, please pre-select the IPSW first (redsn0w can’t yet auto-detect the FW version of your old-bootrom 3GS if it’s already been jailbroken).

Just as redsnow 0.9.9b5 the new version supports creating custom firmwares with preserving baseband (modem) version for unlock. Unfortunately right now custom firmware functionality works only with Mac version.

You can download the latest RedSn0w version here.

UPDATE:
Here are links to our RedSn0w 0.9.9 iOS 5 jailbreak tutorials:

• Windows: iPhone 4, iPhone 3GS, iPad 1, iPod Touch 3G, iPod Touch 4G
• Mac OS: iPhone 4, iPhone 3GS, iPad 1, iPod Touch 3G, iPod Touch 4G

The iPhone Dev-Team has released an update to their UltraSn0w unlock bringing support for iOS 5. Remember that NO new basebands are supported in this release. It only adds support for iOS 5 with old basebands.

Here is the list of supported basebands:

• iPhone 4: 01.59.00
• iPhone 3G/3GS: 04.26.08, 05.11.07, 05.12.01, 05.13.04, 06.15.00.

If have one of the above baseband version and need unlock you can upgrade to iOS 5 without updating your baseband using RedSn0w 0.9.9b5.

Ultrasn0w 1.2.4 is available in Cydia.

We’ve updated ultrasn0w to be compatible with iOS5, which came out a few days ago. While ultrasn0w 1.2.4 (available now in Cydia) doesn’t add support for any new basebands, the update is required for any ultrasn0w unlockers trying out iOS5 (it remains backwards compatible though, so you should be able to use it no matter what firmware you have).

The supported basebands for the iPhone 3G and 3GS are 04.26.08, 05.11.07, 05.12.01, 05.13.04, and 06.15.00. The baseband supported for the iPhone4 is 01.59.00.

Remember, the only way to get to iOS5 while preserving your ultrasn0w-compatible baseband is by using a custom IPSW. redsn0w now has the ability to create such a custom IPSW for you (at least on Macs…the same capability for Windows will be coming soon).

The majority of people who use ultrasn0w at iOS5 right now will probably be those with old-bootrom iPhone3GS devices, since they already have an untethered jailbreak via redsn0w. For everyone else, the iOS5 jailbreak is currently tethered and you need to “Just boot” tethered with redsn0w every time your phone reboots. That’s not always easy to do if your phone reboots while away from home!

Note: there’s a special “trick” that iPhone3GS owners with baseband 06.15 need for iOS5. During the new setup screens you see when you start iOS5 for the first time, you’ll be asked about Location Services. Be sure to select “Disable Location Services” when asked! Later on in the setup, you’ll have the chance to turn on Location Services again when asked if you want to use “Find my iPhone”. It’s fine to turn it back on at that point, if that’s your desire (or you can always go in and enable it in Settings.app).

Also, some iPhone3GS users with the 06.15 baseband may have tried to install iOS5 using a stock IPSW (even though you should never ever try to use a stock IPSW if you’re an ultrasn0w unlocker). If you did try this, your baseband is probably in an inconsistent state, and you’ll need to reflash the 06.15 baseband again (using redsn0w). Be very careful if you use redsn0w to reflash the iPad baseband — don’t interrupt the process! And please avoid using stock IPSWs in the future Unlockers should never go near stock IPSWs.

The iPhone Dev-Team has released RedSn0w 0.9.9b5 – an official tethered jailbreak for iOS 5. Users don’t have to point to downloaded iOS 5 ipws any more. Just run and jailbreak.

Currently only the Mac version has been made available. Windows version is coming soon. However Windows users can still jailbreak iOS 5 with Redsn0w 0.9.9.b4, – just go to “Extras” -> “Select IPWS” and select your iOS 5 ipsw file (can download here).

Good news for users who need carrier unlock (ultrasn0w or Gevey Sim). With RedSn0w 0.9.9b5 you can update to iOS 5 and preserve the baseband (modem) version for unlock:

The new “Custom IPSW” button on the Extras screen will create a custom IPSW without the baseband update for 4.3.3 or 5.0gm (iPhone3GS and iPhone4 only, for now). Remember not to accidentally restore to the stock IPSW after you create the custom one! The custom one begins with NO_BB_ (for “no baseband”).

You must enter “Pwned DFU” mode before trying to use the NO_BB_ IPSW with iTunes (and your hosts file cannot be pointing to Cydia’s servers due to the new blob nonce mechanism they’re using in iOS5).

We will update our step-by-step tutorials soon.

You can download RedSn0w 0.9.9b5 (Mac) and RedSn0w 0.9.9b4 (Windows) here.

PS: RedSn0w 0.9.9 is a bit different from 0.9.8 version. You can learn more about other new redsn0w 0.9.9 features here.
UPDATE: redsn0w 0.9.9b6 released, download here

UPDATE:
Here are links to our RedSn0w 0.9.9 iOS 5 jailbreak tutorials:

• Windows: iPhone 4, iPhone 3GS, iPad 1, iPod Touch 3G, iPod Touch 4G
• Mac OS: iPhone 4, iPhone 3GS, iPad 1, iPod Touch 3G, iPod Touch 4G

MuscleNerd has announced via Twitter that jailbreak utility RedSn0w 0.9.9b1 is released with major update and numerous new features:

Major improvements and features added to redsn0w 0.9.9b1! See update #9 at http://is.gd/6eek4Y Feedback: @redsn0w_testers

Indeed the list of new features is quite high. There are two main ones:

• There is no need to download firmware any more. There is no need to push Browse IPWS button any more (but you still can).
• Developers added lots of functionality to work with SHSH keys (extract, submit, download, verify, stitch etc)

However this new version does not bring features like untethered jailbreak for iOS 4.3.5 or iOS 5.

Due to some possible bugs we still recommend to use the old RedSn0w 0.9.8b7b, but the new 0.9.9b1 is worth seeing and playing with.

Here are links to our RedSn0w 0.9.8b7b iOS 4.3.5 jailbreak tutorials:

• Mac OS: iPhone 4, iPhone 3GS, iPad 1, iPod Touch 3G, iPod Touch 4G
• Windows: iPhone 4, iPhone 3GS, iPad 1, iPod Touch 3G, iPod Touch 4G

You can download RedSn0w 0.9.9b1 here:

Here is the full list of features from DevTeam:

Update #9: A bunch of new features!

• uses DFU mode to try to automatically determine which device and FW you have
• fetches pieces of public IPSWs from Apple (once).  Non-public IPSWs must be provided manually (once).  It then caches those pieces for future use.
• “Just boot” is a tethered boot.  Uses whatever “Preferences” you’ve set for boot logo and kernel boot-args
• “Pwned DFU” puts your device in a pwned DFU state for some of the iTunes stuff detailed below
• “Recovery fix” gets past 1015 types of errors (when baseband portion of restore fails).  Should work on iOS5 beta too
• “Select IPSW” is for picking non-public IPSWs, or overriding auto-detection
• “SHSH blobs” has a bunch of options…
  • “Fetch” – fetch current PARTIAL blobs on device.  Should complete in under 10 or 15 seconds.  Puts the set of PARTIAL of blobs on your computer as a plist.  Checks if Cydia already has a full set for this device and build.  If not, it submits this PARTIAL set and returns Cydia’s acknowledgement or rejection
  • “Verify”  – cryptographically verifies existing blob files from either redsn0w, TinyUmbrella, or Cydia server.  You can select a whole bunch of blobs to verify at once if you want (like the TinyUmbrella directory)
  • “Submit”  – both verifies and submits one or more blob files to Cydia.  This lets you copy your entire TinyUmbrella cache of blobs up to the Cydia server
  • “Query” - queries the Cydia server for all available FULL or PARTIAL blobs for a given set of ECIDs
  • “Stitch” – stitches either FULL or PARTIAL blobs to a STOCK or CUSTOM IPSW

1. Stitching is NOT yet supported on iPhones! Need to work out the baseband part of the restore process.
2. FULL blobs stitched to a STOCK IPSW gives you a completely self-contained signed IPSW that iTunes will accept without any tricks (no need to go into pwned DFU mode, no need to start TinyUmbrella TSS server, no need to redirect to Cydia server for blobs)
3. PARTIAL blobs stitched to any IPSW requires you to go into pwned DFU mode before running iTunes.  No need to start TU or use Cydia though.
4. Stitching either FULL or PARTIAL blobs to a CUSTOM IPSW also requires a pwned DFU start before iTunes restores.  No need to start TU or use Cydia though./li>
5. Will eventually support fetching the blobs directly from Cydia instead of a file on your computer

MuscleNerd, hacker from DevTeam, has announced via Twitter that a major update to RedSn0w is coming soon.

There will be no need to select an IPSW. Rather than requiring ipsw selection, RedSn0w will now automatically fetch the important pieces directly from Apple (and caches them so that it never needs to re-fetch them again). New version also brings the ability to save and submit SHSH Blobs to Cydia.

Will be pushing out a major redsn0w feature upgrade before my trip to Korea: http://is.gd/PMAdT1 (and look, no IPSW selection button!)

The new version of RedSn0w is expected to be released on Monday.

Check out the screenshots below:

The iPhone Dev-Team has released RedSn0w 0.9.8b7b to bring two new main features:

• explicit tethered jailbreak support for iOS 5 Beta 7
• untethered jailbreak for iPhone 3GS with old bootrom (iOS 4.3.5 or iOS 5 Beta 7)

Musclenerd posted via twitter:

New redsn0w is.gd/6eek4Y explicitly supports iOS5b7 (no need to point at b6 IPSW). Also brings back old-bootrom 3GS goodies.

This is great news for both developers and owners of old bootrom iPhone 3GS’s who accidentally updated to iOS 4.3.5.

DevTeam posted:

About 12 hours after we released redsn0w 0.9.8b7 with some improvements for iOS5b6, Apple went and released iOS5b7 (what are the odds of that?!?). Even though that redsn0w could still jailbreak iOS5b7, you needed to point it at the iOS5b6 IPSW to do so. Today’s redsn0w 0.9.8b7b lets you point redsn0w directly at the iOS5b7 IPSW instead.

We’ve also added some overall improvements for old-bootrom 3GS owners (where the 24kpwn exploit applies): on those devices, you can tell redsn0w to untether 4.3.5 and lower, or iOS5b7. Old-bootrom 3GS owners can once again choose custom logos, and/or verbose booting (for the really nerdy iPhone3GS fans out there!). And it allows 4.3.4 or 4.3.5 users to use ultrasn0w again (if they have a compatible baseband).

Last but not least, we fixed some lingering Verizon iPhone4 4.2.10 JB issues.

We will update our tutorials shortly.

You can download RedSn0w 0.9.8b7b here.

Here are links to our RedSn0w 0.9.8b7b iOS 4.3.5 jailbreak tutorials:

• Mac OS: iPhone 4, iPhone 3GS, iPad 1, iPod Touch 3G, iPod Touch 4G
• Windows: iPhone 4, iPhone 3GS, iPad 1, iPod Touch 3G, iPod Touch 4G

MuscleNerd, the iPhone Dev-Team member, has announced via Twitter that developers can use RedSn0w 0.9.8b7 to jailbreak iOS 5 Beta 7.

MuscleNerd: Today’s iOS5b7 can be JB with last night’s redsn0w b7 http://is.gd/6eek4Y but point it at b6 IPSW…annoying off-by-1 now

You can download RedSn0w 0.9.8b7 here. iOS 5 Beta 7 is available here for developers and here for everybody else.

The iPhone Dev-Team recently released RedSn0w 0.9.8b7 which brings explicit support for a tethered 4.3.5 jailbreak as well as new iOS 5.0b6 iPad 1 jailbreak:

Apple updated the iPad1 iOS5b6 IPSW without changing its version number or filename, so we’re releasing redsn0w 0.9.8b7 to handle both the original and changed IPSW. We’ve also added explicit support for a tethered 4.3.5/4.2.10 jailbreak (instead of pointing at the 4.3.4/4.2.9 IPSWs) and fixed a 4.2.10 problem.

You can download RedSn0w 0.9.8b7 here.

You can find our instructions on how to jailbreak your device here:

iPhone 3GS

Tethered and UnTethered jailbreak iOS 4.3.5:

• RedSn0w (Windows)
• RedSn0w (Mac OS)

iPhone 4

Tethered jailbreak iOS 4.3.5:

• RedSn0w (Windows)
• RedSn0w (Mac OS)

iPad 1

Tethered jailbreak iOS 4.3.5:

• RedSn0w (Windows)
• RedSn0w (Mac OS)

iPod Touch 3G

Tethered jailbreak iOS 4.3.5:

• RedSn0w (Windows)
• RedSn0w (Mac OS)

iPod Touch 4G

Tethered jailbreak iOS 4.3.5:

• RedSn0w (Windows)
• RedSn0w (Mac OS)