Hack the iPhone



How to activate, jailbreak and unlock 1.1.4 firmware with iPlus
(3.9 / 4.6 bootloader)

PPC / intel Mac


iPhone



Aviegas has created a great program for those who want to activate, jailbreak, and unlock the iPhone. This is supposed to work in any scenario and for 3.9 and 4.6 bootloaders. You must restore to 1.1.4 first however. If you do have the 4.6 bootloader then it will be downgraded to the new 3.9 fake blank bootloader (which allows for restoration to 4.6). This program will also install a custom payload of critical programs like: Installer, Community Sources, BSD Subsystem, OpenSSH and Terminal, along with some critical fixes as well. It should only take you a few minutes to get through this process. You can read the thread Aviegas started here to discuss this program.

Update: This program is now at version 2.0b. A thread discussing it can be found here, and here.

Thanks go out to: GeoHot, cRACKn, MuscleNerd, BaalBeck, aCujo, George Zhu, Tim Schuerewegen, many others, and the iPhone Dev Team.

I have added a troubleshooting section at the bottom of this tutorial as there are a few problems out there. Fortunately they all have simple solutions.



Attention

You should read my Warning to all iPhone owners page before proceeding.


If you'd like to see a video of this process, then check out this movie I shot. The iPhone used here has a 3.9 bootloader.





Step 1.

Connect the iPhone to iTunes. Make any needed backups.

Put the iPhone into DFU mode. Do this by pressing and holding both the Sleep/Wake button and the Home button for 10 seconds. At this point the screen will turn black, and the iPhone will appear to be off.

iPhone



A pop up will appear. Click OK.

iPhone



iTunes will now display this.

iPhone








Download the firmware restore file for 1.1.4 here. Remember where you put this file and do not decompress it.

Press the Option key and click Restore. A file browser window will open. Navigate to where the firmware file was downloaded, select it, and click Open.

iPhone



Various messages will appear while the process continues.

iPhone



When it has finished you should see this screen next in iTunes.

iPhone



Eject the iPhone from iTunes when it is finished. Make sure iTunes is closed! Also open Activity Monitor and ensure that iTunes Helper is not running. To do this, go to your Mac's Applications folder, then into the Utilities folder, and you'll find a program called Activity Monitor here. Launch it. At the top there is a drop down box. Make sure My Processes is selected. Now look below for iTunes Helper. Select it and click on Quit Process at the top.

iPhone



At the pop up that appears, select Force Quit. You can close Activity Monitor now. iTunes Helper will not respawn until your computer is restarted.

iPhone








Step 2.

Download iPlus version 2.0b here.

Decompress the file and you will be left with a folder on your desktop. I found that Stuff It yielded a corrupted folder, so I used Archive Utility to decompress the zip. You should rename the extracted folder iPlus2.0   By default it will be named iPlus 2.0, but the Terminal does not like spaces in directory names.

iPhone



If you live outside the United States, you should also download the International support package here, which will include some additional, necessary files. Just rename the file you download to payload.zip, then place it into the iPlus 2.0 program folder, overwriting the existing file. If you live in Brazil, then download this support package instead, and also rename it and overwrite the existing file.

Note: the international packages contain a program that is superior to iWorld. You will now have full caller ID support. To check the supported countries URL BAD NEED A NEW ONE.


Note: you do have the ability to use custom payloads with iPlus. What you would do is swap out the payload.zip file that is in the iPlus folder with your own, and it will automatically load up the phone with the programs contained within it.

If you are feeling adventurous then grab this payload.zip file here and try it out. It will install the following: Cydia and Telesphoreo (instead of BSD Subsystem), Installer, Community Sources, Fake BSD Subsystem (to allow Installer packages that require BSD to install), OpenSSH, SummerBoard themes directory fix, and Term-vt100.



On your Mac, go to your Applications folder, then into the Utilities folder and you will see a program called Terminal there. Launch it. Enter the following:

cd desktop/iPlus2.0
./iplus -u (this is if you wish to activate, jailbreak and unlock, you can also enter -j for jailbreak only)

After you press return, a lot of text will display.

iPhone



The iPhone will display this graphic. Then code will scroll by rapidly.

iPhone       iPhone



Some more text will go by and the iPhone will reboot. You will then see a screen with a red bar for the remainder of this process. Note: this iPhone had a 4.6 bootloader on it which is being downgraded to the 3.9 fake blank bootloader, which is reversible.

iPhone       iPhone



When the red bar appears first appears, more text will display in the Terminal.

iPhone



Now that the bootloader downgrade is complete, the unlock can begin.

iPhone



Now the various programs in the payload are installed.

iPhone       iPhone



The final message will be displayed in the Terminal.

iPhone



You'll be at the slide to unlock screen. The edit home screen message will appear. You should now have signal bars.

iPhone       iPhone



Swap out your SIMs and test (if needed).

iPhone








Step 3.

If you go to your About screen, you'll see you are on 1.1.4 firmware and its matching baseband.

iPhone



I ran the program Baseband Info before and after this hack. The one on the left shows the 4.6 bootloader. The one on the right shows the 3.9 bootloader with the EEPROM version from the 4.6 bootloader. That's the tell tale sign.

iPhone       iPhone



If you launch the Maps application and press the lower left icon, it will locate your approximate position.

iPhone       iPhone



Launch the Installer. It will start at the Featured page. If you press the Uninstall button at the bottom, you'll see how many applications were installed by iPlus. These applications also have the common fixes installed (Terminal and BSD Subsystem).

iPhone       iPhone



If you should use the Terminal, enter alpine as the password.

iPhone




Troubleshooting


No system audio?   Press Settings, General, Reset, Reset All Settings.


No Installer installed?   Download this file. Decompress the zip, then drill down into the folders to this file: libreadline.5.2.dylib   Copy this file onto your Mac and put it in this folder path /opt/local/lib   You could then simply repeat the entire process again, or you could also manually install the Installer by reading this page and performing steps 5 through 7.


Mail crashing?   Launch the Terminal on the iPhone and enter: chown -R mobile /var/mobile/Library/Mail







Return to top of page.

Callcentric - internet phone service
for your home or office. 		iPhone
My other cell phone modding sites:   Hack the L7, Hack the V3 and Hack the V3i.   Copyright © 2008, MCJ