Welcome to The Modders Elite!!Here you will find loads of mods for games and consoles we will have a wide range of mods including tutorials like How to jtag, how to unban your jtag, how to flash your xbox, how to jailbrake iphones ipads ipods ect.
 
HomeCalendarFAQSearchMemberlistUsergroupsRegisterLog in

Share | 
 

 Jailbraking 101:Everything you need to know

View previous topic View next topic Go down 
AuthorMessage
Ronaldo 7 -TME-
Administrator
Administrator
avatar

Posts : 85
Reputation : 10001
Join date : 2011-09-15
Age : 25
Location : Ireland

PostSubject: Jailbraking 101:Everything you need to know   Fri Sep 16, 2011 2:22 am

In this tutorial I will cover everything you need to know to get fully make your iPhone unique.You will understand all basic terminology as well as some advanced terms. When writing this tutorial I assume the reader already knows their way around an stock iPhone (unjailbroken). Therefore I will not cover any features such as taking screenshots and other small tricks of the trades.

You do not need to understand every word of this tutorial in order to jailbreak however it is a very good read regardless. I will label all techincal information with

From here on out when I refer to the iPhone, iPod touch, and the iPad collectively I will simply say iDevice.

This tutorial is broken down into 8 parts.


Part 1: Introduction
-This section will outline the entire Tutorial.

Part 2: Terminology and FAQs
-Will define commonly used jargon

Part 3:Jailbreaking
-Will be constantly updated with the most recent jailbreaking tutorial

Part 4:Using cydia
-Will explain the basic features behind cydia.

Part 5: Useful apps
-Everyone seems to ask about what apps are worth getting.

Part 6:Downgrading (SHSH)
-How to downgrade your iDevice

Part 7:DFU Restoring
-When all else fails DFU restore. This is your worse case scenario and is the reason YOU CANNOT BRICK (break) YOUR IPHONE.

Part 8: Piracy
-Will Cover how to get cracked apps on your phone



PART 2:FAQ AND TERMS

No, You will never break your phone jailbreaking. No matter how bad your F#@K it up you will ALWAYS be able to DFU restore. Refer to part 7 on DFU restoring if you think you broke your phone.

What is a jailbreak?

There are area a few ways of describing what a jailbreak is. Every app that is on the appstore must go threw an approval process. Idealogially this process would only filter out "bad apps" such as explicit apps and apps that may cause harm to your phone. However apple is much more controlling then this. They tell their developers what they can and can't do. And in the end it stops them from fully harnessing the power of the iPhone. A jailbreak will let you put full themes on your phone (more then just the background) to adding a quick reply for text messaging.



A jailbreak is another way of saying that you have modified your device to gain root access and to run unsigned code. This mean that you can do heavy modifications outside of apples normal sandbox. Your only limit is the hardware.


Types of jailbreaks:
Apple is continually trying to make jailbreaking much harder. Ideally a jailbreak would be done at the lowest level possible (LLB). A low level jailbreak gives you the most control over the iPhone (Some times to the point were you have more control then apple)


Tethered:
-Apple recognizes how dangerous it is to allow jailbreaks at such a low level. There for while your iDevice is booting it is constantly checking itself for modifications. If any modifications are detected it fails to boot.
It is possible to bypass these checks however you must execute a command on your phone. This raises a question "How can I execute a command on a device that can't turn on?". As it turns out when your phone first begins its boot cycle its very first stop is DFU mode. If you put your phone into DFU mode you can then use an external device to execute this command.
This code can be sent from almost anything. (and it pretty much has) From T.I. calculators to a defcon badge. People have been making dongles since the 2nd gen ipod touch first introduced the tethered jailbreak.

However most traditionally you can simply use a computer. Most tethered jailbreak programs will offer a button that you can push that will send this code.

tldr;
If your iDevice dies while its running a tethered jailbreak you need to connect it to your computer and "rejailbreak" (no data will be lost)

Untethered:
An untethered jailbreak is the holy grail of all jailbreaks. If a device is untethered this means it is jailbroken for life. You will never need to use a computer to turn the device on. Your device will function 100% just as it did out of the box. And apple can never patch it.

Semi-tethered:
It is likely that the term semi-tethered is a think of the past because it has to many compatibility issue. Regardless i will cover it just incase. A semi-tetherd jailbreak is a type of "hybrid" If you connect your phone to a computer (like a tethered jailbreak) it will boot into the jailbroken file system (version) If your phone dies and you don't have a computer you can still turn your phone on however it will be an unjailbroken version.


Userland:
These jailbreaks are done at the highest level. They are "untethered" in the sence that your phone will function just like a stock phone however they are not perminate. Apple can patch them very easily and they do. Userland jailbreaks are the reason that it is so important to back up your SHSH blob because if you accidentally upgrade you may never beable to jailbreak again.





What is an SHSH blob and why is it important?
Everytime you restore your iPhone you send a hidden code to apple, this code (known as your ECID) is unique to your device. No two iDevices will have the same ECID. If apple approves you your iDevice restoring to that firmware they returns a hashed file known as your SHSH blob. iTunes reads this file and sees that you are then allowed to restore to that iPod software file.

SHSH blobs have been particularity importantly lately because of the recent popularity of userland jailbreaks.

This will be covered more in-dept in part 6.

PART 3:JAILBRAKING

Before you jailbreak you must know your firmware version. Do this simply by going to settings>general>about then scrolling down to were it says version.
Your page should look a little like this http://illiweb.com/fa/pbucket.gif

I have temporarily removed the older tutorials because of post length restrictions.

Jailbreakme.com(4.3.3 on all iDevices):

Check here to see if your iDevice is compatible:
http://screensnapr.com/e/V2TeGR.png

Very short tutorial but here it goes:
On your iDevice iOS 4.3.3 open Safari and go to http://jailbreakme.com.
Then go ahead and click on install and you will now have a jailbroken iDevice with Cydia installed.

GreenPois0n(4.2.1):
Download the program for your computer OS: (Mac) (Windows)

Open the Program in the Zip folder. (Windows Vista/7 Users right click and click run as administrator)
http://gyazo.com/62ee046d84c779a6012c5fca5edb2474.png

Step 1: Put your iDevice into DFU Mode:
While continuing to hold the Power Button also hold the Home Button for 10 seconds
Release the Power Button but continue to hold the Home Button for 15 seconds
http://gyazo.com/859d1b44bbba12604d315721b4713c1d.png


Step 2: Once your iDevice is in DFU Mode just go ahead and click the button that says Jailbreak.
Note: You will receive a white screen(it's normal) as well as scrolling text.

Step 3: You will need to be connected to Wifi for this part. Once you have ensured you are on a wifi connection go ahead and open up the Loader app and download Cydia.

PART 4:USING CYDIA


Cydia is for lack of a simpler term the "jailbroken app store". It is your gateway to all jailbreak goodness. For instance if you wanted an app that could make for more efficient multitasking Cydia would be the place too go.

Before beginning you must first understand how cydia works. Cydia uses Debian repositories. People who have used linux in the past may recognize this term and skip down farther however the majority of you will need an explanation.

Think of cydia like google. Google doesn't host any of the sites it simply just searches them. However their is one major difference. Cydia would take forever to search every site on the interenet when it really only needs a few. So instead searching every site you create a list of sites for it to search. Every site in this list is known as a source. Cydia comes with many sources predifined in it and in most cases you probably will not have to add any. However sometimes there is that unethical app that not even cydia wants to keep out in the open. You may have to manually tell cydia to search this by adding a source.

Adding a Source
In this example of how to add a source i will be adding a popular site that is notorious for their affiliation with cracked apps.


Step 1: open cydia and go to the manage tab then click sources
http://illiweb.com/fa/pbucket.gif

Step 2: Click edit in the upper right hand corner then add in the upper left hand
Type the URL of the source your adding in the box. In this case I am adding hackulo
cydia.hackulo.us
http://illiweb.com/fa/pbucket.gif


Step 3: Click Add source wait for it to verify the URL then click on the newly added source
http://illiweb.com/fa/pbucket.gif

Now that you know how to add sources you must learn to install packages (Apps). This is pretty strait forward and not much different for the appstore simply search and click install (twice). However your screen will look like this one installing applications, Do not be alarmed.
http://illiweb.com/fa/pbucket.gif

A common misconception is that you jailbreak your device simply for free stuff. This is not the case. You jailbreak your device to gain full control. There for there are some extensive tweaks in Cydia that cost money.
Buying apps cannot be easier:
1) In the cydia store find your application. In this tutorial I will be installing cyntact by saruik.
http://illiweb.com/fa/pbucket.gif

2)After you click your app you will see that it says purchase in lite blue instead of install
Please Note: Sometimes if an app has a trial it will say install and you will have to click purchase from inside of the trial version
http://illiweb.com/fa/pbucket.gif

3)Choose a login method. This is used in case you need to redownload the app later on.
http://illiweb.com/fa/pbucket.gif

4)I choose google so I will login with my Gmail account
http://illiweb.com/fa/pbucket.gif

5)It will ask you to link your account
http://illiweb.com/fa/pbucket.gif

6)After that choose your payment method
http://illiweb.com/fa/pbucket.gif

7)I chose paypal there for i will be logging into my paypal
http://illiweb.com/fa/pbucket.gif

8)If your purchase is successful you will receive this screen
http://illiweb.com/fa/pbucket.gif

9)The blue purchase button will now be a install button
http://illiweb.com/fa/pbucket.gif

PART 5:DOWNGRADING

Personally I view this section as the most important section in this entire tutorial. Since the recent jailbreaks have all been done from userland this means that apple can patch the jailbreak in future firmwares. Basically everytime apple releases a new firmware version. We have to wait for a new exploit to be found.


Now all 4.0 compatible devices have a type of security on them. This security is called an ECID SHSH. All newer device's bootroms require this hash inorder to work properly. Older devices use a 'soft shsh' meaning their bootrom does not require a hash however itunes still checks for it and can be easily tricked. Regardless of you device it is important to back up your SHSH.

Your ECID or exclusive chip ID is a 13 character string that is unique to your device. No other iDevice will have the same ECID.

When you want to upgrade/restore your phone. iTunes extracts yoru ECID and sends it to apple. Apple then views what firmware you are trying to upgrade/restore to. If it is the most recent version they will send back a signed SHSH blob. If not then they Itunes will not continue with the process. It will simply say your device "is not eligible for the requested build."




Exploiting the system.

The exploit that is used cannot be more simple. All we have to do introduce a 3rd party proxy. This proxy will grab the the ECID going out. then get the responce and save it. When ever you want to go back to that firmware version it will send out your ECID the 3rd party server will then realize there is no need to go to apple because it already has the SHSH it will then send back the saved SHSH giving itunes the illusion that apple sent it back..


Its simple before this tweak. The network lay out is direct such as...
http://illiweb.com/fa/pbucket.gif

After you alter your host file the data will flow like this....
http://illiweb.com/fa/pbucket.gif

Altering the host files is simple:
WINDOWS
1) Right click notepad and go to run as administrator.
http://illiweb.com/fa/pbucket.gif
2) Go to file open
http://illiweb.com/fa/pbucket.gif
3) navigate to C:\windows\drivers\ect
make sure you have your file view set to "all files'
Open the file named host
http://illiweb.com/fa/pbucket.gif
4)add the fallowing to the end
127.0.0.1 localhost
74.208.10.249 gs.apple.com
http://illiweb.com/fa/pbucket.gif

Now when every you restore to a firmware the proxy server will capture the signature save it and you will always be able to restore to that firmware for future use.

MAC

Download and install Smultron. Snow Leopard Leopard
1) make sure you are on the finder toolbar
http://illiweb.com/fa/pbucket.gif

2)click go then Go to Folder...
http://illiweb.com/fa/pbucket.gif

3) type /etc/
http://illiweb.com/fa/pbucket.gif

4) locate the host file
http://illiweb.com/fa/pbucket.gif

5) Right click (option click) and to to Open With> Other...
http://illiweb.com/fa/pbucket.gif

6) Locate smultron.app
http://illiweb.com/fa/pbucket.gif

7. At the very end of the document add the fallowing line..
74.208.10.249 gs.apple.com
http://illiweb.com/fa/pbucket.gif

8. Save the file. It will ask you to authenticate. Simply click authenticate and type in your password.

Now as an optional step you may choose to use an application such as Umbrella to back up your SHSH files locally.


When you open tiny umbrella you will be greeted with a nice GUI.
In order to know what SHSH file to give you you have to send your ECID first. You can either enter it manually by downloading e-mail ecid off cydia (to find out what it is) or you can simply connect your device.

After that you just select the version firmware you want. And were you want to get the file from. If it is an old file stored in cydia click cydia. If it is the most recent build select Apple.

Then click save my SHSH.


REACHED MAX PICTURES




Your SHSH files are now all saved locally (just incase).


http://illiweb.com/fa/pbucket.gif

Common issue:

My phone restores all the way until theirs a little bit left it says verifying restore. Then i get error 1015. WTF?
This is because of a base band mismatch.


To fix this Download iRecovery. Open CMD navigate to where the executable is located type.
iRecovery -s

setenv auto-boot true

saveenv

/exit

Reboot your phone.

PART 7: DFU RESTORE

The quickest way to download the firmware is strait from apple
http://www.felixbrun...Pod/firmware/In the second dropdown box select the latest firmware for your iDevice then click download.


1) Plug your ipod in And open up itunes

2)Hold the Sleep and home button (AKA. The power and menu button) For 10 Seconds
http://illiweb.com/fa/pbucket.gif

3) Release the Sleep or power button (the one on top) and remain holding the Home button.
http://illiweb.com/fa/pbucket.gif

4) Wait for your computer to pick it up when itunes registers it you should get the fallowing box. Simply click ok
http://illiweb.com/fa/pbucket.gif

5) Hold shift on your keyboard and press the Restore button in itunes
http://illiweb.com/fa/pbucket.gif


6) Locate your IPSW file.
http://illiweb.com/fa/pbucket.gif

PART 8: PIRACY


There are several ways of installing cracked apps on your phone. The first way would be with install0us.

*Note: I am not responsible and I will state here that this is illegal, use at your own risk, this guide contains content that shows how to get copyrighted apps that you will normally have to pay for, for free!

Requirements:
Jailbroken iDevice!
Wi-Fi if using iPod, iPad w/o 3G!
Cydia installed.
Time and a Brain.


Table of Contents!
Glossary
Getting the Source and Installing Installous
Using Installous.
Credits
Some apps and more Info.

------------------------------------------------------------------------------------------------------------------------------



I. Glossary:
Installous: A application downloaded from Cydia which allows you to get normally paid apps for free.
Cydia: Like the app store, you will only find this on Jailbroken iDevices!
Jailbreak: The term used to define when a person "Frees" their iDevice, allowing it to basically do anything.
Springboard: It's the place where after you click the home button and all the pages that follow. (The pages with all the Apps on it).


II. Getting the Source and Installing Installous:
Open up Cydia.
http://img837.imageshack.us/img837/2930/img0057p.png
Go to Manage > Sources.
http://img257.imageshack.us/img257/8584/img0058x.png
Click Edit > Add > Put http://cydia.hackulo.us
http://img94.imageshack.us/img94/7683/img0059x.png
After it Verified the URL click on Hackulo.us
http://img828.imageshack.us/img828/9074/img0060.png
Scroll down to Installous and Install it.
http://img249.imageshack.us/img249/1069/img0061b.png

III. Using Installous:
Go to your SpringBoard and Click on Installous.
http://img838.imageshack.us/img838/7134/img0062k.png

Go to search and look for the game. I will be using AngryBirds.
http://img213.imageshack.us/img213/5540/img0063i.png

Click Download.
http://img204.imageshack.us/img204/3238/img0064n.png

Tricky Part: Now you will see a crapload of links depending on the game you are trying to download.
Click any that's hosted by Filedude or FileApe. (Don't use Mediafire, it sucks with downloading things on your iDevice.)
http://img259.imageshack.us/img259/7774/img0065t.png

After it is done downloading, click search and then click back on Downloads
http://img301.imageshack.us/img301/34/img0066.png

Click on the App you just downloaded, click Install.
http://img811.imageshack.us/img811/975/img0067j.png

Wait until it is done, click on it again and click Send IPA.
http://img257.imageshack.us/img257/9194/img0068.png

Go to your Springboard and whoila! It's there!
http://img844.imageshack.us/img844/679/img0069n.png

*Sometimes it might not work, just delete it and try another file!
http://img801.imageshack.us/img801/4733/img0070dx.png

IV. Credits:
80% Me.
10% Cydia
10% Installous.
Back to top Go down
View user profile http://www.thegamingdash.com
 
Jailbraking 101:Everything you need to know
View previous topic View next topic Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
THE MODDERS ELITE :: INFORMATION :: Apple Tutorials-
Jump to: