Filed under: Jailbreak/pwnage

Jailbreakers ahoy! Yesterday brought the release of the Dev Team's pwnage tool for jailbreaking and unlocking iPhones equipped with the new 3.1.3 firmware. As usual, though, there are a few catches: first, if you don't need to update to 3.1.3, the dev team says you shouldn't bother anyway -- it doesn't do much that the old versions of the firmware doesn't, so if you don't need to upgrade, just leave your jailbreak as is.

3G and 3GS users especially should be leery of this one, since if a mistake is made, there's a chance you could upgrade your firmware and then not be able to unlock it again. They also have all sorts of other warnings and exceptions on their blog post. As they say, don't download and run those files without seriously thinking about what you're doing with your iPhone.

If, after all of that thinking, you decide it is time to crack open your iPhone with the 3.1.3 firmware, the jailbreak will put together a custom 3.1.3 IPSW for you to restore back on to your iPhone -- here's a quick how-to to start with. Good luck, and be careful out there!

[via Engadget]

The BTstack project that we've covered before on TUAW, offers a way for iPhone and iPod touch units to communicate with arbitrary external Bluetooth devices. To date, it's been used to connect keyboards, mice, and wiimotes with iPhone software.

This system has now been extended to the first generation iPod touch, bringing all six iPhoneOS models into the Bluetooth arena. Since the 1st gen touch does not provide its own built-in system, it requires an external module. This video uses the dongle described at this blog post to demonstrate the keyboard connection functionality.

Although the 1st generation touch is an increasingly deprecated system, it's nice to know that it hasn't been left out of the Bluetooth picture. Old touch units make excellent hobbyist systems. When jailbroken, access to a full suite of Unix tools offers a budget-priced platform with great prototyping potential. With this new Bluetooth stack support, the 1st gen touch has just become an even more exciting system for projects like remote monitoring.

24/7WallSt. reports that Apple and third-party developers have lost approximately $450 million in revenue from App Store piracy since the store opened in July of 2008. Out of this, $140 million of this counts as lost revenue for Apple – a huge chunk of the $500 - $700 million in revenue the App Store has generated for the company so far – with the remaining $310 million revenue loss falling on developers.

Their analysis is based on several assumptions, however, any one of which could easily be wide of the mark. They argue that with three billion downloads on the App Store (not an assumption), 17% of those are paid apps (assumption), with a piracy rate of 75% (assumption), and the number of pirate downloads at 1.53 billion. If the average price of a paid app is $3 (assumption), then there's $4.59 billion in losses. Assuming that only about 10% of the pirates who downloaded apps would have actually bought them, that makes the total $459 million. Still with us?

According to 24/7WallSt.'s analysis, around 10% of iPhone/iPod touch users have chosen to jailbreak their devices, and it's only about 40% of these jailbroken users who are responsible for this torrent (ahem) of piracy. This means that, according to 24/7WallSt.'s numbers, out of a rough total of 75 million worldwide iPhones and iPod touches, a mere 3 million devices are responsible for the 1.53 billion apps 24/7WallSt. is claiming have been downloaded illegally.

For those of you calculating along at home, that works out to an average of 510 pirated apps per device. That snap you just heard was suspension of disbelief.

[Via MacRumors]

Reader Kevin C. sent us a tip the other day -- he recently got a Bose SoundDock II, which is a nice little speaker dock, as a Christmas gift, and he wants to know: with his iPhone sitting all the way across the room, is there any way he can control the iPhone from his Mac? Obviously there are lots of ways to control your Mac with your iPhone, from Apple's official Remote app to multiple VNC programs on the App Store. But in this case, we want to go the other way: control your iPhone's iPod app with a Mac.

Turns out there isn't a way to do it -- unless you jailbreak your iPhone. Using Veency, a jailbreak app that Erica covered about a year or so ago, you can head into your iPhone from your Mac and do anything you want, from changing tracks in iTunes to even sending text messages. Here's an older how-to on getting it working.

Unfortunately, other than that (according to our research -- commenters feel free to jump in, of course), you're out of luck -- Apple is fine with sending commands from the iPhone to the Mac, but not the other way around. Maybe Bose needs to come up with a way for you to stream music over Bluetooth to their speakers so you can keep your iPhone with you.

Update: Our commenters come through as always: Rogue Amoeba's Airfoil will supposedly send audio from your Mac out to your iPhone, and while I haven't tried it myself, we're told that the Bose dock will then play that audio for you. So instead of playing sound on your iPhone, you can just send it music from the Mac and control things that way. And Jeff points out that Belkin makes a Bluetooth dongle, so you can stream music that way as well (and just carry your iPhone with you). So there's a few solutions to try.

What happens when you combine two amazing jailbreak utilities on the iPhone? You achieve remote mouse based support! iPhone developer Lance "ashikase" Fetters, author of the amazing Backgrounder jailbreak app, wrote a VNC style extension for the iPhone called MouseSupport. It provides a floating window with a virtual cursor that can be controlled with synthesized pointer events.

A second utility, developed by Matthias Ringwald, is called BTstack Mouse. It integrates with ashikase's MouseSupport and Ringwald's open source BTstack implementation to provide iPhone/mouse integration. The video shown here uses Apple's Magic Mouse to demonstrate the BTstack Mouse extension. BTstack Mouse will shortly be available on Cydia and will retail for free.

So why does this all matter? Who cares about using a mouse with an iPhone when most people have perfectly usable fingers? Where does a mouse fit into the iPhone world? This effort is part of a larger project to create a nomadic computing environment on the iPhone. To put yourself into the right mindset, try thinking of an iPhone as a portable pocket-sized Unix system instead of as a mobile cell phone.

Practical work-ready peripherals that can move as you move, without need for carrying along a laptop, act as an important part of that vision. You can be on the go with just the phone itself -- as you know, a naked iPhone offers a perfectly usable mobile solution for light computing needs -- or you can start accessorizing to upgrade your computing efficiency.

By providing hooks for these accessories, the iPhone opens itself up to better desktop-style computing in addition to its existing mobile tools. In the end, when the vision of this project is fulfilled, you'll be able to move the iPhone between desktop set-ups where it can connect itself into a "dockable" Bluetooth-enabled work system, to your pocket on the go, to a lightly-accessorized system for coffee house use.

A few days ago, the BTStack keyboard package was released to Cydia. This package, which we posted about recently, allows owners of jailbroken iPhones to use a Bluetooth keyboard with their iPhone 3G or 3GS, or 2nd generation or later iPod touch. The package is available for US$5.00 from Cydia.

Since the iPhone was first introduced, there have been efforts to bring support for external accessories. The iPhone 3.0 external accessory framework allowing accessories that connect to the universal dock connector or use Bluetooth has been closed, and only a few companies have developed accessories using the framework. The BTStack project by Matthias Ringwald offers a more complete and open Bluetooth stack for jailbroken iPhones. The stack has even been used with an iPhone and a Wii Remote over Bluetooth. To use a Bluetooth keyboard for quick and easy data entry into your iPhone, you'll need to jailbreak your iPhone, which can be done with an application like blackra1n.

Read on to find how I set up my iPhone to use the Apple Wireless Keyboard, and how it works with the iPhone.

Due to hit the Cydia store momentarily, Matthias Ringwald's BTstack Keyboard app allows users to type text into any iPhone application using an external Bluetooth keyboard. Built on the open source BTstack project, BTstack Keyboard runs a daemon in the background of any jailbroken iPhone 3G, iPhone 3GS or iPod touch with Bluetooth support. As you type text on the keyboard, the daemon generates synthetic keyboard tap events; the effect is the same as if you'd typed that text using the on-screen keyboard.

You will need to install BTstack and the BTstack Keyboard packages on a jailbroken 3G or later iPhone or 2nd generation or later iPod touch. The software has been tested with an Apple Bluetooth keyboard, a Think Outside Stowaway Universal keyboard, and a Palm Wireless keyboard. There's no reason to think it won't work with any standard Bluetooth keyboard, i.e. one that uses standard BT protocols.

With this small utility, users will be better able to take notes on the go using a standard keyboard in any text-based iPhone application. Yes, you'll have to haul around the physical keyboard, but the availability of folding on-the-go Bluetooth solutions makes this an exciting development for anyone who wants to expand their text entry possibiilities.

Expect to pay $5 for BTstack Keyboard when the software goes live. For more details, see Ringwald's Keyboard information page at his website. Ringwald is the same developer whose BTstack work brought iPhone-Wiimote integration into play recently.

TUAW loves our iPhones and we love our NES games. We've been convinced for some time now they are two great tastes that would no doubt taste great together. Tonight I settled in to write a post about how exciting it was that you could play old school public-domain and freeware Nintendo games on your iPhone now, thanks to Jonathan Zdziarski and Nescaline, the app he built to do just that. Ah, Kid Icarus and Ninja Gaiden and Zelda and Mario, all my old friends back again (if I had legal licenses to the ROM images, of course). I was excited to relive my pixelated past, but it was not to be. Jason updated his site this evening saying Nescaline had been pulled:

Nescaline was removed from the AppStore by Apple at 22:19 PST tonight. I haven't received anything from Apple as to why. I predict they've either proven to be a pushover to Nintendo, who has no valid claim against Nescaline, or decided they really didn't want the ability to play NES games in the AppStore. NESv3 continues to be available in Cydia. Apple's draconian and anti-competitive AppStore practices is [sic] sadly why jailbreaking will always remain a necessity.

I was all set to be indignant about this, but then I read the update again. Is it possible that Apple yanked it simply for being available on Cydia? Not being the person at my house who runs a jailbroken iPhone, I don't have any experience with anything being available through Cydia that is also available on the App Store. I know there are those who have been pulled from the App Store for one reason or another and made their way to Cydia, but I can't find any apps that seem to be available in both places.

I would like to think this is the issue Apple saw with Nescaline and that's why it vanished, since the "Nintendo's knickers are in a twist" reason seems more heavy-handed. Then again, there's also the "no un-vetted code running in emulation" rule that the C64 emulator ran afoul of previously, which might well be the issue.

Either way I'm disappointed: since my phone is not jailbroken I can't just get it from Cydia now that it's gone from the App Store. I do have a couple of long weekends coming though, and Google says it's pretty easy...

I know that many of our readers will be traveling during the holiday season, so I wanted to share a walk-through that will help keep your MacBook of choice connected on the go. This is an article intended for those using iPhones on carriers that do not officially support tethering. TUAW would like to remind you that this is unsupported and is enabled at the user's own risk. This does require jailbreaking your iPhone, so the unadventurous in the audience may want to pass this up. If you're not already jailbroken, you can download the necessary software, like blackra1n from George Hotz or Pwnage from the iPhone Dev Team.

Once you've jailbroken your iPhone, install or open Cydia and navigate to the "Featured Packages" section. Find and install the package named "Modem." That's it on the iPhone side of things, on your computer, navigate to iphonemodem.com and download the helper application or register the application for $9.99 to disable the registration reminder in the iPhone app (As far as we know, the free version is fully functional). Drag iPhoneModem to your Applications folder.

The setup is really that simple. Now all you have to do is open the application on your computer, click connect, then launch the companion app on your iPhone. The iPhone application will find the network your computer creates and share the Wi-Fi connection between the two devices so you can use your iPhone data plan on your laptop for better browsing. Here's how the developers say it works:

On the computer, the helper application creates a new computer-to-computer (or ad-hoc) Wi-Fi network and configures the system preferences to use the iPhone as an Internet gateway and proxy. On the iPhone, the application opens a routing engine, DHCP, DNS, HTTP, HTTPS and SOCKS proxies and connects to the helper on the computer.

I've had pretty good success with this application in my time with it. I've been using it on and off for over a year -- it's been a great app in clutch situations. I'd recommend it as a virtual stocking stuffer if you have a friend or family member who's jailbroken their iPhone. Let us know your thoughts or your experiences with the app in the comments.

Update

As several commenters have pointed out, there are several other free solutions that seem to be just as easy as iPhoneModem. Please read through the comments to see if any of those solutions suit you better.

As Apple seems to be lightening up and accepting more applications using private APIs (including Ustream and others that stream video from the iPhone 3G), word comes that the review team is now officially allowing the UIGetScreenImage() function to be used in applications distributed in the App Store.

An Apple forum moderator stated in the developer forums:

"After carefully considering the issue, Apple is now allowing applications to use the function UIGetScreenImage() to programmatically capture the current screen contents." The function prototype is as follows:

CGImageRef UIGetScreenImage();

Apple also states "that a future release of iPhone OS may provide a public API equivalent of this functionality." It's also noted that "At such time, all applications using UIGetScreenImage() will be required to adopt the public API."

This function, which is a part of the Core Graphics framework, allows an application access to what's being currently being displayed on the screen. It's useful for things like capturing a screen shot, as our own Erica Sadun's BETAkit does to allow developers to send screen shots to a developer. It also allows streaming video from the iPhone camera, as an application like this captures what's being displayed on the screen from the camera, and records it or sends it somewhere.

What other features devs are hoping to see opened up? There's things like general calendar access, Core Surface, and XMPP and app-settable timers that developers would like to take advantage of in their SDK apps.

I hope this is a sign of what's to come for the iPhone SDK, and that we'll see more things like this opened up soon for App Store distribution.

[via the Apple Developer Forums, dev membership required]

When it came time recently to jailbreak an iPod touch, I decided to take a look at George Hotz's BlackRa1n tethered solution. Unlike the Pwnage approach that creates a custom ipsw (iPhone software) bundle that you install via iTunes, the tethered approach communicates directly with your iPod or iPhone via the USB connector cable you use for normal syncing. That makes the tethered solution a very fast and easy-to-use approach, especially for units shipped with the 3.1.2 software installed.

Download the BlackRa1n tool for both Windows and Mac from the GeoHot site. Complete instructions are available at his Weblog. If you own more than one iPhone unit, make sure you unplug all but one from the system before you start the jailbreak. Launch BlackRa1n and click the "make it ra1n" button. Then be patient and wait as the software does its job, including replacing your recovery logo (normally a picture of the iTunes logo and the connector cable) with a vanity image of the software's author.

Be aware that the blackra1n jailbreak may present issues during reboot, forcing you into recovery mode and requiring BlackRa1n to launch properly. Hotz writes, "If your ipt2/3GS/ipt3 is rebooting into recovery after running blackra1n, this isn't a bug. It's a feature. You need to run blackra1n every time to boot it. This 'feature', called tethered jailbreak, is enabled by upgrades Apple made to the bootrom and the fact ipt3 uses nand flash." I did not experience this behavior on my iPod touch 2nd generation unit. It reboots without problem, and, no, it had not been jailbroken before.

Once the jailbreak has finished and your iPhone has rebooted, you can run the on-device version of the BlackRa1n software to install Cydia, the Rock store, and (for iPhones) the sn0w unlock that allows phones to be used with other carriers.

I found the whole process extremely easy to perform and would recommend it to anyone who had difficulties using Pwnage. The trade off, of course, is an easier install versus possible long-term reboot issues. It seems that my touch ducked the bullet on that one but that's only one experience among many.

Although BlackRa1n is free software, the author asks for donations to support this effort, so he can continue providing tools in the future. A donate link appears on his home page.

While you have to go to quite some lengths to be vulnerable to it, jailbroken iPhones have been under fire for susceptibility to a particular SSH-based type of worm that has seen a lot of press lately. One of the developers, Ashley Towns, who helped to get the "rick" rolling, as it were, has just announced his employment at an iPhone game firm.

Sophos is reporting that he'll be taking up shop at mogeneration, the developer responsible for such hits as Xumii [iTunes link], a cross-social networking communication app, and Moo Shake! [iTunes link], a farm-based activity game for kids. It is an interesting turn of events given that mogeneration even reported on the topic of Ashley's now-infamous rickrolling iPhone worm.

I personally think that there is a lot of potential for coders of malware to embark on legitimate careers as developers coding for good. However, I don't favor the thought that malware developers are essentially getting 'rewarded' for their dangerous work. There is nothing from mogeneration to imply that Towns was hired based on the notoriety of his SSH-based worm, but I can't help thinking that there are other, more talented iPhone developers who have stayed below the radar by not writing malware.

I want to know what you think. Should developers of intentionally malicious software be given a clean slate and a new life? Or perhaps should they be feeling the effects of the law's very long arms?

[via Techmeme]

The internet has been ablaze with reports of jailbroken iPhones being infested with worms. The exploit takes advantage of unwitting jailbreakers who install OpenSSH on their iPhones via Cydia without taking into account all of the impacts on security. The most notable, and now famous, hole in this theory is that every iPhone ships with the same default password for both the all-powerful "root" user as well as the more-restricted "mobile" user.

Not surprisingly, Apple has officially commented on the situation noting that "the worm affects only a very specific set of iPhone users who have jail broken[sic] their iPhones and hacked it with unauthorized software." It is pretty clear from Apple's statement their feelings on the jailbreak community and its effects on the iPhone and iPod touch.

Luckily, if you need to have OpenSSH installed on your iPhone (who doesn't want a remotely-accessible, full UNIX terminal in their pocket?), there is a pretty simple solution to this problem that will prevent this breed of infestation from ever reaching your iPhone.

1. Remember, this only affects jailbroken iPhone owners who have installed OpenSSH...
2. Begin by installing MobileTerminal via Cydia (alternately, you can login via SSH from Terminal.app or a Cygwin-equipped Windows PC).
3. Type "login", you will be asked for a login name which should be "root" then a password which should be "alpine".
4. Type "passwd" then tap return, you will be asked to type the new password. Tap return and type the new password again.

Repeat this same process for the "mobile" user by replacing "root" with "mobile" in step 3. Also, when using passwd to change the password for "mobile" you may be asked the old password which would be "alpine". It is not necessary to use a different password for "root" and "mobile" but if you're highly security conscious, it wouldn't hurt. The second half of this post includes a screen image of my exact process working successfully on OS 3.1.2 with an iPhone 3GS.

In addition to changing the user passwords for your iPhone, another good security measure is to use one of the jailbreak apps like BossPrefs or SBSettings to have a toggle that will disable SSH when not in use. Obviously, having SSH disabled (or not installed) is the best defense against worms of this sort. Got any other iPhone security tips? Let us know in the comments!

Last month a Dutch iPhone user demonstrated how careless jailbreaking can cause trouble. Namely, after finding users who enabled SSH with the phone's default password intact, he sent those phones a message that read, "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files." A similar worm caused phones to rickroll their owners.

They could have done worse. This week, someone has. Again from the Netherlands and again finding jailbroken iPhones with SSH enabled, F-secure reports that this infraction puts up an ING Direct login page that lets the hacker gather login credentials and, we assume, move funds to wherever they please. This version also changes the 'alpine' password to block users from getting to the phone via SSH.

We'll have more on this as the story develops, but the moral is this: If you jailbreak your iPhone, you should know what you're doing -- and you should change your SSH password.

[via Engadget & ZDnet Asia]

Matthias Ringwald, of iPhone Bluetooth fame, has just released BTstack 0.1 for iPhone. This video demonstrates his group's technology in action, as an iPhone syncs with a WiiMote and then uses the WiiMote for input. Although the system does not yet have OBEX, it is, as Ringwald writes, "better than Apple's nothing."

I haven't had a chance to give the software a spin yet (you can download the source from Google Code) but I'm looking forward to playing. BTstack creates device connections using the L2CAP protocol. The code is currently aimed at jailbroken devices only. It supplies a Bluetooth daemon (BTdaemon) that you access from your apps. Given that the release is still only at version 0.1, expect a certain degree of instability and a lot of further development potential.