Jailbreak iPhone, iPod Touch, iPad

iPhone Dev-Team released RedSn0w 0.9.9b9 with full iOS 5.0.1 support (no need to point to iOS 5.0 any more). New version also features support for SHSH and APTickets:

• native support for 5.0.1 (no need to point redsn0w at 5.0 IPSW or use command-line args).  Support automatically extends to all of redsn0w’s various functions: “Jailbreak”, “Just boot”, “Fetch blobs”, “Stitch blobs”, “Recovery Fix”
• iBooks fixed in 5.0 and 5.0.1.  This is a targeted fix that doesn’t remove entire sandbox mechanism.  5.x users already using redsn0w “Just Boot” can just use the new version without redoing entire jailbreak again
• 3GS old-bootrom owners can now create custom IPSWs without blobs
• ultrasn0w compatability update (i.e. same baseband requirements) for 5.0.1 will be available on Cydia Monday
• support for newer 8GB iPhone4 (which until now had problems with “Fetch blobs”).  Thanks to @JKjeepnJeff for loaning us one of these newer i4 units for testing!
• allows Windows users (not just OS X users) to use the “Custom” button to create IPSWs without baseband updates.  (Update: please wait for 0.9.9b9b for this!)
• accommodates APTickets in 5.x (until next Apple countermove).  APTickets are crypto-verified before submitting to Cydia, just like the main blobs.  Cydia server support for sending back the APTickets is upcoming.  For now, use stitched IPSWs for 5.x.  Due to APTickets, stitched 5.x IPSWs now require user to start in “Pwned DFU” mode
• Support added for stitching 4.x blobs to iPad2-GSM IPSWs.  Similar to @notcom’s TinyCFW but doesn’t require lots of RAM or a TSS-assisted restore. Won’t work for iPad2 5.x blobs (or iPhone4S at all) until a bootrom-level exploit is out
• top line now shows whether (and where) a redsn0w update is available, or if the version being run is the latest.  Uses DNS TXT record to alleviate any concerns about snooping
• no 5.1 beta support at this time (major apps like Cydia are not yet compatible)
• @pod2g has been doing a great job porting his 5.x untether…check his blog for updates!
• Owners of newer 3GS iPhones must not flash the iPad baseband.  The iPad baseband will not work on 3GS iPhones built later than 2011 week 35.  You have a week 35 or later device if your serial # starts with xx135.

Update #17b: Version 0.9.9b9b enables the “Custom” button for Windows users, and make the 3GS week 35 warning a more explicit part of the process.

You can download RedSn0w 0.9.9b9b here.

UPDATE: redsn0w updated to redsn0w 0.9.9b9d.

The Chronic Dev-Team has released CDevReporter, their new tool that lets you help find jailbreak vulnerabilities, for Windows.

You can download the Mac and Windows versions of CDevReporter here:

• cdev_reporter-mac-1.0_beta.zip
• cdev_reporter-win-1.0_beta.zip

More information is available in our recent post “Want untethered iOS 5 jailbreak? Help hackers to find new exploits!“.

Semi-tethered jailbreak is already available for some devices for both iOS 5 and iOS 5.0.1. But we all want untethered jailbreak and we want jailbreak for iPad 2 and iPhone 4S. So why not help hackers to find new exploits and vulnerabilities?

The Chronic Dev-Team has a released a tool to collect crash reports from iOS devices in order to find vulnerabilities that could lead to an untethered jailbreak.

The idea is very simple. When your iPhone, iPad or iPod Touch crashes it sends data to Apple (you can turn it this off though). Apple uses these reports to update iOS in the future. By the way, it also uses them to fix exploits found by jailbreakers. P0sixninja says that Apple closed several exploits they have found in IOS 5 beta before the final version of the software was released.

In order to find more vulnerabilities as fast as possible, the team has developed a tool which will copy the crash reports from your device and analyze them to locate potential exploits. The tool will also remove the crash reports from your device and modify your iTunes installation to prevent uploading of that diagnostic information to Apple.

Read the rest of this entry »

The iPhone Dev-Team has updated RedSn0w with support for jailbreaking iOS 5.0.1 beta which was recently released for iOS developers.

RedSn0w 0.9.9b8 recognizes 5.0.1 beta and you don’t have to “point at 5.0 IPSW” any more. Since the IPSW isn’t public, you’ll still need to provide it once to redsn0w (Extra -> Select IPSW).

Mac users can also create custom firmware and preserve baseband for unlock. However ultrasn0w doesn’t get updated for betas yet.

This is still a tethered jailbreak for all except old-bootrom 3GS users.

You can download RedSn0w from here.

UPDATE: to jailbreak ioS 5.0.1 beta 2, just point to iOS 5 or iOS 5.0.1 IPSW

The iPhone Dev-Team has released an update to their UltraSn0w unlock bringing support for iOS 5. Remember that NO new basebands are supported in this release. It only adds support for iOS 5 with old basebands.

Here is the list of supported basebands:

• iPhone 4: 01.59.00
• iPhone 3G/3GS: 04.26.08, 05.11.07, 05.12.01, 05.13.04, 06.15.00.

If have one of the above baseband version and need unlock you can upgrade to iOS 5 without updating your baseband using RedSn0w 0.9.9b5.

Ultrasn0w 1.2.4 is available in Cydia.

We’ve updated ultrasn0w to be compatible with iOS5, which came out a few days ago. While ultrasn0w 1.2.4 (available now in Cydia) doesn’t add support for any new basebands, the update is required for any ultrasn0w unlockers trying out iOS5 (it remains backwards compatible though, so you should be able to use it no matter what firmware you have).

The supported basebands for the iPhone 3G and 3GS are 04.26.08, 05.11.07, 05.12.01, 05.13.04, and 06.15.00. The baseband supported for the iPhone4 is 01.59.00.

Remember, the only way to get to iOS5 while preserving your ultrasn0w-compatible baseband is by using a custom IPSW. redsn0w now has the ability to create such a custom IPSW for you (at least on Macs…the same capability for Windows will be coming soon).

The majority of people who use ultrasn0w at iOS5 right now will probably be those with old-bootrom iPhone3GS devices, since they already have an untethered jailbreak via redsn0w. For everyone else, the iOS5 jailbreak is currently tethered and you need to “Just boot” tethered with redsn0w every time your phone reboots. That’s not always easy to do if your phone reboots while away from home!

Note: there’s a special “trick” that iPhone3GS owners with baseband 06.15 need for iOS5. During the new setup screens you see when you start iOS5 for the first time, you’ll be asked about Location Services. Be sure to select “Disable Location Services” when asked! Later on in the setup, you’ll have the chance to turn on Location Services again when asked if you want to use “Find my iPhone”. It’s fine to turn it back on at that point, if that’s your desire (or you can always go in and enable it in Settings.app).

Also, some iPhone3GS users with the 06.15 baseband may have tried to install iOS5 using a stock IPSW (even though you should never ever try to use a stock IPSW if you’re an ultrasn0w unlocker). If you did try this, your baseband is probably in an inconsistent state, and you’ll need to reflash the 06.15 baseband again (using redsn0w). Be very careful if you use redsn0w to reflash the iPad baseband — don’t interrupt the process! And please avoid using stock IPSWs in the future Unlockers should never go near stock IPSWs.

The iPhone Dev-Team has released RedSn0w 0.9.9b5 – an official tethered jailbreak for iOS 5. Users don’t have to point to downloaded iOS 5 ipws any more. Just run and jailbreak.

Currently only the Mac version has been made available. Windows version is coming soon. However Windows users can still jailbreak iOS 5 with Redsn0w 0.9.9.b4, – just go to “Extras” -> “Select IPWS” and select your iOS 5 ipsw file (can download here).

Good news for users who need carrier unlock (ultrasn0w or Gevey Sim). With RedSn0w 0.9.9b5 you can update to iOS 5 and preserve the baseband (modem) version for unlock:

The new “Custom IPSW” button on the Extras screen will create a custom IPSW without the baseband update for 4.3.3 or 5.0gm (iPhone3GS and iPhone4 only, for now). Remember not to accidentally restore to the stock IPSW after you create the custom one! The custom one begins with NO_BB_ (for “no baseband”).

You must enter “Pwned DFU” mode before trying to use the NO_BB_ IPSW with iTunes (and your hosts file cannot be pointing to Cydia’s servers due to the new blob nonce mechanism they’re using in iOS5).

We will update our step-by-step tutorials soon.

You can download RedSn0w 0.9.9b5 (Mac) and RedSn0w 0.9.9b4 (Windows) here.

PS: RedSn0w 0.9.9 is a bit different from 0.9.8 version. You can learn more about other new redsn0w 0.9.9 features here.
UPDATE: redsn0w 0.9.9b6 released, download here

UPDATE:
Here are links to our RedSn0w 0.9.9 iOS 5 jailbreak tutorials:

• Windows: iPhone 4, iPhone 3GS, iPad 1, iPod Touch 3G, iPod Touch 4G
• Mac OS: iPhone 4, iPhone 3GS, iPad 1, iPod Touch 3G, iPod Touch 4G

UPDATE: Apple latest firmware is iOS 5.0.1. Apple has stopped signing all other firmwares, including iOS 4.3.3 and iOS 4.3.5. This means you can NOT restore to 4.3.3/4.3.5 any more (both original and custom), unless you have saved your SHSH keys for it.

If you have decided to perform an untethered jailbreak and unlock, you need to get the following information:

1. What type of device do you have (iPhone 3G/3GS/4, iPod Touch 3G/4G, iPad 1/2, Apple TV)?
2. Do you need unlock (if your iPhone locked to one carrier and you want to use it with another)?
   The answer is NO, if the device is not iPhone, if it was purchased as factory unlocked and can be used with any cellular carrier (f.e. in Canada, France, etc).
   If the answer is YES, you need to find out your modem version (Setting-General-About-Modem).
3. What firmware version do you have? Take a look at Setting-General-About-Version. For example it could be iOS 4.3.3.
4. What operating system do you use on your desktop (Windows, Mac OS)?

How to perform jailbreak, when you do NOT need an unlock

For iPhone 3G the latest is iOS 4.2.1. You can perform jailbreak with any utility. For iOS 4.2.1 you can also use them or GreenPois0n (Windows, Mac OS).

iPad 2 jailbreak is available only for iOS 4.3.3 via JailbreakMe and and iOS 5.0.1 via Absenthe.

iPhone 4S jailbreak is available for iOS 5.0 / iOS 5.0.1 via Absenthe.

iOS 4.3.3

Apple stopped signing iOS 4.3.3, so you cannot update to iOS 4.3.3 without SHSH keys saved (in advance some time ago). If you have iPhone 4, iPhone 3GS, iPad 1, iPod Touch 3G or iPod Touch 4G that run iOS 4.3.3 – use JailbreakMe or RedSn0w to untether jailbreak your device.

If you have saved SHSH keys for iOS 4.3.3 you can use PwnageTool (Mac OS) or Sn0wBreeze (Windows).

iOS 4.3.4/4.3.5

For iOS 4.3.4/4.3.5 only tethered jailbreak is possible with redsn0w. Tethered means that each time you restart your device you will have to connect it to a computer and run redsn0w. The untethered iOS 4.3.5 jailbreak is possible only for iPhone 3GS with old bootrom. You can detect your bootrom version using this tutorial.

iOS 5

To jailbreak and unlock iOS 5 use latest version of redsn0w 0.9.9 or sn0wbreeze 2.8. You can jailbreak tethered or semi-tethered.

The untethered iOS 5 jailbreak is possible only for iPhone 3GS with old bootrom. You can detect your bootrom version using this tutorial.

iOS 5.0.1

For iPhone 4/3GS, iPad 1, ipod Touch 3G/4G an untethered jailbreak is available for iOS 5.0.1. For untethered jailbreak use the latest redsn0w 0.9.10 or Corona – package from Cydia to untether currently installed tethered jailbreak.

Tutorial how to untether installed tethered jailbreak is available here.

For iPhone 4S and iPad 2 use Absenthe.

For tethered iOS 5.0.1 jailbreak you an use redsn0w 0.9.9 and sn0wbreeze 2.8.

You can download all firmwares here.

Tutorials

Here are our step-by-step tutorials that will guide you through the jailbreak process:

iPhone 4S

UnTethered jailbreak iOS 5.0 / iOS 5.0.1:

• Absinthe (Windows)
• Absinthe (Mac)

iPhone 4

UnTethered jailbreak iOS 5.0.1:

• RedSn0w (Windows)
• PwnageTool (Mac)

Semi-Tethered jailbreak iOS 5.0.1:

• RedSn0w (Windows)
• Sn0wBreeze (Windows)

Semi-Tethered jailbreak iOS 5:

• RedSn0w (Windows)
• RedSn0w (Mac OS)
• Sn0wBreeze (Windows)

Tethered jailbreak iOS 4.3.5:

• RedSn0w (Windows)
• RedSn0w (Mac OS)

UnTethered jailbreak iOS 4.3.3:

• RedSn0w (Windows)
• RedSn0w (Mac OS)
• PwnageTool (Mac OS)
• Sn0wBreeze (Windows)
• JailbreakMe (works without a computer)

Read the rest of this entry »

The iPhone Dev-Team has released RedSn0w 0.9.8b7b to bring two new main features:

• explicit tethered jailbreak support for iOS 5 Beta 7
• untethered jailbreak for iPhone 3GS with old bootrom (iOS 4.3.5 or iOS 5 Beta 7)

Musclenerd posted via twitter:

New redsn0w is.gd/6eek4Y explicitly supports iOS5b7 (no need to point at b6 IPSW). Also brings back old-bootrom 3GS goodies.

This is great news for both developers and owners of old bootrom iPhone 3GS’s who accidentally updated to iOS 4.3.5.

DevTeam posted:

About 12 hours after we released redsn0w 0.9.8b7 with some improvements for iOS5b6, Apple went and released iOS5b7 (what are the odds of that?!?). Even though that redsn0w could still jailbreak iOS5b7, you needed to point it at the iOS5b6 IPSW to do so. Today’s redsn0w 0.9.8b7b lets you point redsn0w directly at the iOS5b7 IPSW instead.

We’ve also added some overall improvements for old-bootrom 3GS owners (where the 24kpwn exploit applies): on those devices, you can tell redsn0w to untether 4.3.5 and lower, or iOS5b7. Old-bootrom 3GS owners can once again choose custom logos, and/or verbose booting (for the really nerdy iPhone3GS fans out there!). And it allows 4.3.4 or 4.3.5 users to use ultrasn0w again (if they have a compatible baseband).

Last but not least, we fixed some lingering Verizon iPhone4 4.2.10 JB issues.

We will update our tutorials shortly.

You can download RedSn0w 0.9.8b7b here.

Here are links to our RedSn0w 0.9.8b7b iOS 4.3.5 jailbreak tutorials:

• Mac OS: iPhone 4, iPhone 3GS, iPad 1, iPod Touch 3G, iPod Touch 4G
• Windows: iPhone 4, iPhone 3GS, iPad 1, iPod Touch 3G, iPod Touch 4G

MuscleNerd, the iPhone Dev-Team member, has announced via Twitter that developers can use RedSn0w 0.9.8b7 to jailbreak iOS 5 Beta 7.

MuscleNerd: Today’s iOS5b7 can be JB with last night’s redsn0w b7 http://is.gd/6eek4Y but point it at b6 IPSW…annoying off-by-1 now

You can download RedSn0w 0.9.8b7 here. iOS 5 Beta 7 is available here for developers and here for everybody else.

The iPhone Dev-Team recently released RedSn0w 0.9.8b7 which brings explicit support for a tethered 4.3.5 jailbreak as well as new iOS 5.0b6 iPad 1 jailbreak:

Apple updated the iPad1 iOS5b6 IPSW without changing its version number or filename, so we’re releasing redsn0w 0.9.8b7 to handle both the original and changed IPSW. We’ve also added explicit support for a tethered 4.3.5/4.2.10 jailbreak (instead of pointing at the 4.3.4/4.2.9 IPSWs) and fixed a 4.2.10 problem.

You can download RedSn0w 0.9.8b7 here.

You can find our instructions on how to jailbreak your device here:

iPhone 3GS

Tethered and UnTethered jailbreak iOS 4.3.5:

• RedSn0w (Windows)
• RedSn0w (Mac OS)

iPhone 4

Tethered jailbreak iOS 4.3.5:

• RedSn0w (Windows)
• RedSn0w (Mac OS)

iPad 1

Tethered jailbreak iOS 4.3.5:

• RedSn0w (Windows)
• RedSn0w (Mac OS)

iPod Touch 3G

Tethered jailbreak iOS 4.3.5:

• RedSn0w (Windows)
• RedSn0w (Mac OS)

iPod Touch 4G

Tethered jailbreak iOS 4.3.5:

• RedSn0w (Windows)
• RedSn0w (Mac OS)