Hack the iPhone


I



H ere's an interesting excerpt, from Jonathan Zdziarski's site (a.k.a. "NerveGas"), about getting your personal data hacked when you sell your iPhone...

"As part of my work on a forensics toolkit for the iPhone, I decided to test whether user data could survive a full restore in iTunes. There have been rumors floating around that the entire NAND is flashed to 0xFF when the device is restored, but this is untrue - this only occurs in a different part of the iPhone (the NOR), but not the NAND. To confirm this theory, I first deleted any backups of my device and then forced the iPhone into recovery mode. From there, I performed a full firmware restore of my iPhone, ensuring that no backups or syncing were performed. I then performed a basic recovery of the raw disk using the forensic toolkit I put together, and analyzed it. What I discovered was that deleted mail, contacts, and pretty much all of my other personal information was still residing in unallocated space on the device. My personal information was safe and sound, and available to anyone with the right skills to recover it."

Might want to think twice before selling your iPhone on Craigslist or eBay. Read more at the author's site.


-- May 14, 09:02 MST



Y ou wanted a command line version of PwnageTool for Linux? You got it. Along with a Mac and Windows version as well. The program is by the iPhone Dev Team and is called XPwn. Read more about it here.

iPhone



-- May 9, 08:14 MST



I normally don't write news blurbs about third party applications, but this is a milestone of a program, and it really fits into more of a hacking application than most stand alone programs. It's called vWallpaper and it allows you to play a video as your background on your SpringBoard instead of just having a still image or the default black color that is normally there. The program just came out, so I'm sure there will be updates and improvements made as time goes on. It is available via the Installer. Add this source to it: i.danstaface.net The program can be found in the Multimedia folder. There are a lot of custom videos popping up for free out there and they can be found at these sites:

http://vwallpapers.com/
http://www.thememyphone.com/thumbnails-155.html
http://www.modmyifone.com/forums/showthread.php?t=136451
and via an Installer source: http://myrepospace.com/user?i=41

If you should upload them manually, place them in this directory: /Library/Skrew/Videos    I have used the following formats and they work fine: .mov, .mp4, and .m4v. Just a tip, QuickTime can export video directly into iPhone format. Make sure to choose the format NOT labeled cellular as that exports .3gp which appears undersized on the SpringBoard.





-- April 29, 11:11 MST



P wnage has been updated to version 1.1 You can download it here.

Among the changes and fixes are: EDGE settings fix for iPhone 1.1.4 firmware, iPhone/iPod firmware 2.0 5A240d support. Added custom package support, added custom logo support, and added auto delete of BootNeuter.app. Read more here.


-- April 14, 14:50 MST



I used iLiberty+ for Windows and unlocked an iPhone successfully recently. I'll be posting a tutorial on this in the next couple of days. There is one nagging thing I don't like about iLiberty+ on both Mac and Windows: it never lets you add custom payloads. And I can't find ANY documentation ANYWHERE on how to do this. Not even on the creator's own website. There is another thing I don't like about the Mac version: it NEVER adds the programs you want to install from the applications menu. iLiberty+ seems pretty solid with activation, jailbreaking and unlocking, however.

Update: The tutorial is here.


-- April 14, 10:11 MST



I had a chance to test another phone on iLiberty+ version 1.5 for Mac and it worked great! I'll be working on a tutorial for it today or tomorrow. It's an extremely simple process.

Update: The tutorial has been added here.


-- April 10, 10:33 MST



I have had a chance to use Pwnage and unlock an iPhone the other day. I'll mention this in the tutorial that I took a roundabout path for this to work. I first tried iLiberty+ version 1.5 and it didn't get the job done. I tried it twice with fresh restores in between and no dice. So I rolled the hard six and went with Pwnage and everything came up roses. Based on my experience, I won't be making an iLiberty+ 1.5 guide because I wasn't happy with how it performed. It also failed to install all the extra packages I told it to. It may work for you though. I know it has worked for many others, but I'm soured on it for the time being. The Pwnage tutorial is now posted for Mac users only here.


-- April 6, 14:00 MST



Notice The iPhone Project and The iPhone Dev Team, are happy to bring you IPSWTool, a new application with an iLiberty+ style GUI that further extends the possibilities of Pwnage. With IPSWTool, you can easily package a custom IPSW with the payloads and options availible in iLiberty+! Options range from Installer.app and BSD Subsystem and/or to Cydia, to OpenSSH, and even a few recommended app packs! Read more about it here.




iPhone



-- April 5, 10:16 MST



Notice iLiberty+ has been updated to version 1.5 for OS X and comes with many new features. Read more about it, and download it here.

iPhone



I haven't made any tutorials for iLiberty+ or Pwnage for the simple reason that I don't have any unlocked iPhones to test with. My site is not like some other sites that merely simulate how a program works or how a procedure should be performed. I actually do everything I write about. So until a fresh phone comes my way, I won't have any new tutorials for these programs.


-- April 4, 14:21 MST



P wnage has been released for OS X, with a Windows version coming soon. A no wi-fi tool has also been released by the iPhone Dev Team. Check out their site here for these two programs. To learn more about Pwnage, the iPhone Dev Team has a page you can read here. To learn more about the Boot Neuter program read this. I'll be working on tutorials at some point for both of these programs (or I may just wait for them to roll the no wi-fi fix into Pwnage).

iPhone



-- April 3, 10:09 MST



L ooks like Pwnage is getting ready to come out tomorrow according to this video:

Pwnage is being delayed a few days. Read more here.



Get it at www.iphone-dev.org.

-- March 30, 11:18 MST



Notice

I've received a couple broken iPhones recently that have the exact same, and currently unsolvable, problem: Invalid calibration data in device tree. In neither case was the owner of the iPhone aware of this situation. So I'd like to put out some information on this problem so that you can determine whether or not you have this issue. In short if your phone seems to work fine, then don't worry about this. These symptoms are quite obvious, and dire.
  • If you DFU restore the iPhone, iTunes will give you a 1011 error. This indicates a mismatch between the baseband and the firmware on the iPhone. This should NEVER happen during a restore so this is a definitve sign.
  • Repair needed message is displayed.
  • If you press the "i" button from an unactivated iPhone it will display the IMEI and ICCID as "unknown".
  • No carrier signal bars
  • In your Settings screen, the Wi-Fi will be greyed out and say "No Wi-Fi".
  • In your General screen, the Bluetooth will be greyed out and say "Unavailable".
  • In your About screen the Wi-Fi Address will say "N/A", and the Bluetooth address will say "00:00:00:00:00:00", and the IMEI, ICCID and Modem Firmware will be blank.
  • There is no sound.
  • If you go into Field Test mode, the Firware version will be blank.
  • The iPhone will take a long time to turn on and shut down.
  • Of all the reports I've read, there has been one common factor: the use of the ZiPhone program.

-- March 29, 12:25 MST



Notice

iPlus and iLiberty have been combined into one program. There is a Mac and a Windows program. You can download the Mac version here, or here.

The Windows program can be downloaded here, or here.

Not only will it allow you to jailbreak, activate and unlock both the 3.9 and 4.6 bootloader iPhones, it will also allow you to install custom payloads at the same time to include your favorite programs. Thanks go out to the iPhone Dev Team, George Zhu, Aviegas, Francis, GeoHot, pepijn, cmw, w__, Baalbeck, bgm, cRAKn, MuscleNerd, pumpkin, SoLoR, sunny, and tjcarter.

There is a site dedicated to the iPlus and iLiberty programs along with a forum at iPlusPwns.com.

iPhone

iPhone

iPhone

iPhone



-- March 26, 11:39 MST



D ual booting is now possible courtesy of the iPhone Dev Team. I have no plans to make a tutorial on this because I feel if you are smart enough to need the ability to dual boot, then you should be smart enough to figure out the already detailed instructions at the Dev Team's site. Read the instructions here.

-- March 12, 15:41 MST



M y time for working on the site will be severely curtailed for the next few weeks. I'm spending a lot of time job searching and taking tests and attending interviews.

I will still be "repairing" iPhones this whole time, though my turn around time may slow by a day or two. I will not offer overnight return service for a while, I have too much to do right now.

Also, from this point forward, the only Windows tutorials I will make will be for activation, jailbreaking and unlocking. Support from my Windows readers is extremely poor. I will, to the best of my ability, fully develop every Mac tutorial I possibly can for every new firmware. But when it comes to Windows tutorials, my energy clearly needs to be put to better use, sorry.

-- March 12, 10:35 MST



Y es the new iPlus 2.0 is out. It cleans up the repair needed issue, and provides a display of what is being installed so you can check its progress. It is supposed to provide PPC support. I have tested it on my intel Mac on Leopard and it worked like a charm on a fresh phone. It did the bootloader downgrade and put it on the correct baseband with no issues. I'll update the Mac tutorial later with some pictures, nothing much has really changed, it is still run from the Terminal like before.

I've updated the Mac tutorial for iPlus 2.0. I'm working on updating the Windows tutorial. This program is pure magic! I just fixed a phone that has been broken for months with iPlus 2.0. It had a bad IMEI, and I've fixed a lot of bad IMEI phones, and I tried several methods and could never fix this phone. I just ran it through iPlus 2.0 and it came out with full signal bars. Amazing!

-- March 10, 18:30 MST



T he iPhone Dev Team appear to be getting closer to releasing their latest creation "Pwnage". It will allow for creation of custom firmware files that you can flash to your iPhone, that once restored, will automatically be activated, jailbroken, unlocked and customized with applications, et cetera. Read more here.

-- March 7, 19:34 MST



T here are at least two programmers I know of coding away at Windows solutions for 1.1.4 iPhone owners. I'm looking forward to seeing their efforts released so that I can help out the rest of my site's readers who I haven't had anything new to offer in quite some time. I'm not trying to be cryptic here...

Update: A program called iPlus is out: http://www.hackint0sh.org/forum/showthread.php?t=32926 but it is command line based and currently Windows only. It allows for activation, jailbreaking, and unlocking for 1.1.4 firmware with either the 3.9 or 4.6 bootloader. It will allow for a SAFE method of downgrading the bootloader using the new iPhone Dev Team 3.9 fake blank bootloader. This will also allow you to upgrade your bootloader back to 4.6 should you need to. A Macintosh version is coming shortly. I'm waiting to see if there isn't some more refinement made to this program before writing about it. I'd ideally like to see (as I'm sure most others would) a GUI version. Otherwise I know of someone writing a brand new program from scratch that will do this too.

Update 2: I've tried out this program on a 3.9 bootloader iPhone and was done in minutes! Unlocked and on 1.1.4 with the correct baseband. Everything works just fine so far. I'm working on a tutorial now. This is pretty easy to do. It will also work on 4.6 but will downgrade the bootloader to the 3.9 fake blank bootloader (which can be upgraded back to 4.6). You'll have to restore twice to 1.1.4 if using a 4.6 bootloader, so don't freak out when you see the Repair Needed message.

Update 3: I've added the Windows tutorial, read it here.

Update 4: I've added the Mac tutorial, read it here.

Update 5: I'll be updating both the Mac and Windows guides to include a FAQ and some additional procedural pictures.

-- March 7, 13:01 MST



I wanted to put in a plug for one of the iPhone Dev Team members who has a book coming out via O'Reilly. It is about hacking/coding for the iPhone. You can read more about it and order the book from Amazon. Just click the book cover below. The book is called: iPhone Open Application Development: Write Native Objective-C Applications for the iPhone by Jonathan Zdziarski.

iPhone


-- March 2, 01:00 MST



Notice If you have installed Cydia (which I just wrote a tutorial on for Mac and Windows users as "Step 2"), you should be careful updating to the new version of Installer 3.01 that came out today. Cydia will no longer download anything since I have done this. I don't know if it is Installer related, I even reinstalled Cydia and still can't download anything. I'm restoring my iPhone at this point to further troubleshoot.

Update: I just restored an iPhone and only installed Installer 3.0 just to install Cydia. Cydia downloads work just fine again. Clearly there is a compatability issues between Installer 3.01 and Cydia.

Update 2: I just updated Installer again to 3.01 and Cydia is downloading fine again. Odd.

-- March 1, 18:00 MST







T wo things today... I'll have a guide for how I did this (Mac on 3.9 bootloader)

Update: here is that new guide.

iPhone



and here's another video from the iPhone Dev Team. "For ye of little faith who didn't like our previous video, here's a video of us restoring to a jailbroken and activated 1.1.4. Why use custom tools, when you can do it straight from Apple's pretty interface?"



-- February 29, 00:01 MST



I have posted my first 1.1.4 unlock tutorial. It's for OS X users and it is right here. I had a 3.9 and a 4.6 bootloader iPhone running 1.1.3/04.02.13_G and unlocked using iNdependence.

I have a GeoHot IPSF clone unlock iPhone and will work on it later in the day and put up a guide. I've had another confirmation on this unlock surviving the update. You just need to get Signal.app and that plist installed and you are set.

-- February 28, 02:10 MST







T he 2nd version of iNdependence to come out (just today I might add) now activates/jailbreaks and unlocks 1.1.4. It will leave you with 1.1.2 baseband however. http://code.google.com/p/independence/ This is for Mac users only as is this method here I just tried: http://george.zjlotto.com/index.php/2008/02/27/quickly-upgrade-to-114/ This is run from the Terminal and does what iNdependence does, plus it puts the Installer on for you. There is also a Windows version. Both methods are 30 second processes.

I'll whip up a couple SIMPLE tutorials on activating and jailbreaking for Mac users. Apparently there is an Apple special event on March 6th. This could be about the SDK and we may see a new firmware released again at that time. I see my 1.1.4 tutorial section being a lot like my 1.1.3 section with only a couple key tutorials in it.

Update: for those of you who did the GeoHot IPSF style unlock on your 3.9 only iPhone. According to George Z at this link http://george.zjlotto.com/index.php/2008/02/27/quickly-upgrade-to-114/ this style unlock will survive and update to 1.1.4. Anyone else care to try? I think I might soon. This is what you would do: connect to iTunes, update to 1.1.4, then use iNdependence or George Z's program (above link) to activate and jailbreak your iPhone. You'd then need to install SSH and get Signal.app on the phone. Run Signal.app and test. This SHOULD work.

Update 2: One reader has reported success with my brief notes up above on the Geo IPSF unlock updating to 1.1.4 safely.

Update 3: iNdependence updated within just minutes now activates/jailbreaks and unlocks 1.1.4. http://code.google.com/p/independence/

I just posted a baseband downgrader for those who mistakenly updated to 1.1.4. It is in my Installer repository and is called Downgrade baseband #5. It is for 3.9 bootloaders only. I intend on making a couple tutorials soon: using the latest verison of iNdependence for 1.1.4, and updating a 1.1.3 GeoHot IPSF unlock to 1.1.4.

-- February 27, 20:05 MST



Y es 1.1.4 is out as of right now.

I'll also be deprecating 1.1.3 and 1.1.2 now that we seem to be moving forward in firmwares somewhat slowly. Deprecating means a couple things. First, when you see that text in red at the top of a tutorial it means you are at a page that is no longer maintained, and will not be updated despite any changes in procedure. I simply don't have the time or inclination to wade through the hundreds of tutorials I have and tweak them all to current standards. This tag also lets you know that you are in an older section of my site and trying to use outdated firmware. That's all it means. Yes you can still use these tutorials on that specific firmware. But maybe you might want to consider using more current firmware?

From what I've heard so far, 1.1.4 isn't much of an update. It consists of under the hood bug fixes only. Since my 1.1.3 section was never fully fleshed out with tutorials because we knew 1.1.4 was just around the corner, 1.1.3 will be deprecated once methods are available to use 1.1.4 on unlocked iPhones. We may still be waiting for the next firmware release (1.1.5?) to bring the long awaited SDK. It's at that point, that I will go through my 1.1.2 section of tutorials and figure out which of them work on the newest firmware. For the most part, everything should work though. Don't be afraid to try a deprecated tutorial on current firmware, it probably works.

Also, while this site is about hacking the iPhone, my priority is helping those who do not use AT&T as their carrier. I only become interested in new firmware releases once we have a method for bypassing activation first. I do not use a contracted iPhone, therefore I have no means of testing anything unless it is for an unlocked iPhone. People with contracts obviously have the luxury of testing any jailbreak without having to worry about activation. I do not have this advantage.

I told one of the iPhone Dev Team members I'd repost one of their latest creations here. Most of you may not realize what this video is even showing. Let's just say it's a good thing... Hint: sign your own firmware.



-- February 26, 22:39 MST



C alling all translators! The tutorial I'm calling "Method A" in the 1.1.3 section should get the widest possible dissemination. It's a Mac only tutorial and it is two pages long. Please don't forget to translate the second page as it is critical.

I'm getting a lot of duplicate translations being sent in. Please check the language section you wish to translate for and make sure that the tutorial you want to translate, hasn't already been translated. There is no way I can possibly coordinate everyone's efforts on this. First submitted, first posted. Thank you all!

-- February 23, 22:12 MST



L ots of little things to mention and in no particular order. I'm not covering two apparently popular methods of activating/jailbreaking/unlocking the iPhone for many reasons, but most importantly because they have IMEI changers built into them and this BREAKS FEDERAL LAW! So yes, I know about them, and NO I'm not going to cover their use. I updated the how to rip DVDs for Mac users tutorial as HandBrake has had a recent version upgrade. It now includes an iPhone/iPod Touch preset.

-- February 21, 23:10 MST



Click here to go to page 2









Return to top of page

Free how to videos on WonderHowTo
Instructional videos, DIY, tutorials & hacks. 		Callcentric - internet phone service for your home or office. iPhone
My other cell phone modding sites:   Hack the L7, Hack the V3 and Hack the V3i.   Copyright © 2008, MCJ