Yep, iPwnage was released today by the iPhone Dev Team, allowing the installation and loading of arbitrary firmware onto the iPhone and iPod touch. Great, but what does that buy you? Let's take a few minutes to chat with iPwnage developers Pytey, NerveGas and more to get a sense of the possibilities and promise of iPwnage.
If you'd like to replay the chat below, click the 'replay' button. Note that (ironically) the CoverItLive widget does not work on MobileSafari.
If you fondly remember last year's CanSecWest hacking challenge -- won by researcher Dino Dai Zovi with a Java/QuickTime exploit that allowed him to take over the target MacBook Pro, thereby claiming it as his own -- you'll want to keep your ears open for results of the current challenge, now underway for the 2nd day in Vancouver. This year's PWN2OWN competition extends the target space to three road warrior laptops: a MacBook Air, a Sony VAIO running Ubuntu and a Fujitsu machine running Vista.
No winners were declared on the first day; that's no surprise to contest organizers, as the initial set of rules were the most restrictive. Today the ruleset allows for browser and other built-in application exploits by visiting a malicious URL, so it could get more exciting in a hurry.
Update: The MacBook Air has been claimed, per Macworld.
Looks like the iPhone hacking teams are at it again. This time they have created a custom image where the normal "Connect to iTunes" image should be on a normal iPhone. This image, used when you restore your iPhone or iPod touch, was a yellow triangle and has been updated to the iPod connector and iTunes icon in recent iPhone/touch firmware versions.
While this is a topic that could easily (and does often) degenerate into complete misinformation and FUD, NPR basically acknowledges that Macs are showing up in more and more places (and that includes the iPhone, where even Apple is concerned about security), and that means that they're becoming a juicier target for malware developers. Fortunately, however, a familiar voice shows up later in the report (dig those dulcet tones!) to remind everyone that throughout five iterations of OS X, the malware problems have been hard to find. Malware developers may be trying, but it ain't working.
Of course, we can't let this go without noting that this story was inspired in the first place by a PR report released by... you guessed it: an antivirus company. The people who profit off of programs that supposedly prevent malware are claiming that malware is a bigger threat than ever before? Go figure.
iPhone Atlas posts that AppSnapp, the 1.1.1 jailbreak site, has been used more than 1 million times. Now, of course, that does not mean that there are more than 1 million jailbroken iPhones and iPod touches out there, it just means that the procedure has been run that many times. I know that my two units account for at least a dozen uses of the site but I'm guessing that I'm at the high end of per-unit applications of the exploit.
For some additional numbers on jailbreak penetration, turn to Shaun Erickson's blog. Shaun runs STE Packaging, one of the two main iPhone software repositories. His top 25 downloads list is headed by OpenSSH, with almost a half million downloads, and Apollo IM with 350,000. Multiple downloads (an important consideration after firmware upgrades and system restores) may be offset by the fact that not every user downloads every package. It looks like it's fairly safe to say that several hundred thousand units have been jailbroken and are running third party applications. The AppSnapp site suggests even higher numbers. Since the exploit is limited to the 1.1.1 firmware, it eliminates having to account for re-downloads due to firmware upgrades.
Earlier, I posted about how you can revert those new lights in Leopard's Dock back to Tiger's old triangles (and I can't say I was too surprised to find out that most of you didn't want to revert anything-- do what feels right, man), and I said that the next thing to go would be Leopard's shiny Dock-top.
And now, here we go-- Something Awful's echobucket has apparently found the files that need to be changed to edit the look of the dock. As with the triangles, the Dock elements have a few sizes to them, so replace the "scruve-x.png" files (where x is "l," "m," "sm," or "xl") in the Dock package's /Contents/Resources folder (make sure to back up the original files just in case, too), and then type "killall Dock" in the Terminal to restart it, and bingo, a slightly less bright dock.
In fact, just by changing the color of those pictures, you can change the color of the Dock itself (here's an orange dock on a black background for Halloween, via Digg commenter HacKing). It can't be too long before some enterprising programmer figures out how to put all of this inside an easy-to-use app, but here's the real question: if it's all this easy, why didn't Apple offer us this kind of customization ourselves? Sure, when you hand the paintbrushes to the people, things can get ugly, but they can also get much more beautiful, too.
A crew of hackers (including hdm/metasploit, rezn, dinopio, drudge, kroo, pumpkin, davidc, dunham, and NerveGas) have introduced a one-touch instant jailbreak for both iPhone and iPod touch. The jailbreak opens your iPhone for full disk access and installs Installer.app so you can add pretty much any third party application you like.
To use it, open Safari and point your browser to jailbreakme.com (which we aren't linking to so folks won't install this by accident, but you are prompted to confirm). Once there, read the directions, scroll to the bottom, and tap Install AppSnapp. If Safari disappears and you return to the main Home screen, you're good. Just wait a minute more for your unit to restart--don't touch anything until you see the slide to unlock screen. If Safari hangs, just quit out (press and hold Home for 4-8 seconds) and try again.
Once you get to slide-to-unlock, go ahead and unlock your iPhone or iPod touch. You'll return to your home screen which will contain a new Installer.app icon. If you'll want to ssh into your unit, install the BSD subsystem, Community Sources, and then install Open SSH--you may need to upgrade Installer.app (thanks Ste). With Open SSH and sshfs (part of Mac Fuse), you can open Finder windows that offer direct drag and drop access to your phone or touch.
The jailbreak really is as easy as it sounds. I restored my iPod touch and jailbroke it just a few minutes ago and it worked great.
UPDATE: Please try to do this using WiFi rather than EDGE. Success rates are much higher!
We here at TUAW are always on the lookout to help you, our dear readers, understand what is going on in the crazy world of Apple related technology. The biggest news, as of late, has been the continued efforts to hack the iPhone. A rich language has developed around the iPhone hacking community, and we thought it might be time for a primer of sorts. Never again will you confuse your jailbreaking with your bricking.
Jail. The public areas of the iPhone or iPod to which, by default, Apple allows read/write access via USB. In Unix terms, this refers to the /private/var/root/Media folder.
Jailbreak. The iPhone and iPod touch hacks that allow users to gain access to the entire Unix filesystem. In Unix terms, this refers to changing the root of the directory tree to /.
Activation. The process that allows you to move beyond any of the various screens that instruct you to connect your device to iTunes before it can be used. On the iPhone, you can only make emergency calls until your iPhone is activated.
Bricking. To render an iPhone or iPod touch inoperable. The 1.1.1 firmware update turned many iPhones into iBricks. Users could not reactivate their iPhone to get past their "Please connect to iTunes" screens. Although the phones could still be used for emergency calls, users were locked out from all normal iPhone operations.
File system. The way your iPhone or iPod touch uses its memory to store data and applications. The iPhone and iPod touch use two "disks": a smaller private file system that contains the operating system and a larger public one that contains your media (songs, videos, etc), preferences, and data.
Yesterday, Erica posted in her state of the iPod touch jailbreak that a hacker named "Martyn" had obtained a broken iPod touch, and was planning to dive in and download every bit of code on it in the increasingly complicated effort to put 3rd party applications on the iPod touch. He didn't plan to release the code to the public, but he did plan to upload the code to a secured area of his site in order to let the other touch hackers have a crack at it.
But even before his upload finished, we're told, his ISP showed up, with a takedown notice in hand. Apple had somehow found his site, had contacted his ISP, and let them know that it would be against copyright law for him to upload that code to the Internet. Martyn isn't interested in breaking the law (and it would be illegal to share that code), so he pulled the page off. But what's amazing here is how fast Apple moved on this-- either they've got someone listening in on the development wiki, or they're taking cues from us on how things are going over there (hi, Apple!).
Despite what we've heard before, clearly they are very, very interested in making sure the iPod touch doesn't get hacked. Martyn tells me, as has Erica, that Apple has clearly gone out of their way to keep hackers out of their latest iPod. We're also told that progress continues despite all that, but Apple is apparently bending over backwards to do everything they can to keep the iPod touch closed.
Apparently there are two solutions-- the one above is part of a script based on ieraser, and the other is called iUnlock (Engadget says that one "appears to be in a more complete state"). We aren't yet sure what these do-- whether they're an actual unlock, or simply a reverse engineer of the iPhoneSIMfree unlock released the other day.
Either way, it doesn't much matter (hope iPhoneSIMfree made their money while they could). Even if these solutions (both of which seem to be straight code at this point-- there's still no simple "userfriendly, automated tool" available) aren't exactly what people need to use any SIM in their iPhone, a free, open source solution is likely just around the corner. Until Apple changes the firmware, that is.
Yesterday, we saw what Medallia was doing with touchscreens a few months ago, and today, we've got hot off the press news about what they're up to with the iPhone's accelerometer. Erling has found a way to pull the raw data off of the iPhone's LIS302DL, a 3-axis accelerometer that's currently used for noting when you're looking at Safari vertically or horizontally. A few hackers, like the folks behind Tilt, have been able to catch the iPhone noting the change itself, but this is the first time, I believe, that we're seeing live data come right off of the unit at a high sampling rate, enabling Erling to pull off the magic seen above.
And the best part: source code is up on the site. iPhone programmers, start your engines-- we've got a whole new interface to work with.
stepwhite is behind this one, too, and he worked it up because he'd promised a friend he would (not to mention that he was prominent requests for it on Waxy.org, and some other little Apple site you might know). Unfortunately, he hasn't implemented a controller system yet (all you can do right now is watch the demo scenes), but that's the beauty of open source-- no doubt some intrepid programmer out there has an idea on how to do it. Also, you gotta turn that thing sideways, man! This isn't the iPod; let's use the whole screen space.
Geez, after Doom, what's left? Quake III Arena? I stand in awe of what you programmers have been able to do with the iPhone.
When you want to add ringtones, change wallpaper, or run third-party applications on your iPhone, you need to perform a task called "jailbreaking". What this does is to open up your iPhone's file system so it can be accessed from your computer. There are a number of tools available to jailbreak.
If you're on an Intel Mac, you just won the lottery. The easiest software to use, by far, is iFuntastic. It walks you through the entire process with helpful prompts and pictures and is very simple to use. The iFuntastic crew promise PPC support in upcoming releases. If you are a PPC user and don't have the desire to download, compile and install complicated hacker tools you might be best served by just waiting for the next iFuntastic release.
Also keep in mind that you don't have to jailbreak on your own computer. You can borrow a friend's computer for 15 minutes to use iFuntastic. That's handy if you're a Windows users or on a G4 or G5.
A much more complicated alternative to iFuntastic is the iPhone Utility Client, with its amusing acronym iPHUC. You will have to google for the link as the website in question has requested no direct links. If you have access to developer tools, iPHUC will allow you to jailbreak on your G4 or G5. I warn you that the process is ugly and involves extreme hackery. If you want a slightly easier way to use iPHUC, the latest version of the iActivator tool performs iPHUC-compatible jailbreaks. Best of all, it's a Universal Binary.
For Windows users, there's the original fully-leaded jailbreak utility. The complicated bit is that it requires that you have a copy of the original 1.0.0 firmware present. To get that, you will have needed to have restored your iPhone at least once during it's 1.0.0 release.
The bottom line is that if you don't own an Intel Macintosh, the path to jailbreaking is difficult and complicated. You'll need to google a lot and, I recommend, rely on social networking. The best place to get started with jailbreak is over at irc.osx86.hu, in the #iphone channel. Be polite. And remember, anyone helping you out is doing so of their own goodwill.
The iPhone Alley crew are on fire with iFuntastic, their iPhone hacking and modification tool. Just over a week ago they released v2 that brought custom ringtones and reordering apps, and now v2.5 ushers in another major milestone of iPhone hackery: a full file browser and manager. If you've been waiting to dig into your iPhone, edit images and logos or get to even more serious tinkering, this is likely the tool you've been waiting for.
Other new features in this version include replacing any system sounds and coloring iChat SMS balloons. Unfortunately, iFuntastic 2.5 doesn't support PowerPC Macs just yet, but iPhone Alley has promised that the next version - which is set to arrive "any day now" - will.
More details on the changes in this new version and a download link are over at iPhone Alley.
The busy beavers of the #iphone IRC channel, whose collective efforts have built the first unauthorized iPhone GUI application (it displays "Hello World" and does nothing else), have released the source for the demo app, buildable with the community-built toolchain and UIKit. There's also a compiled binary version of the app being hosted here.
Our collective hat is off to the dedicated hackers who are building a development environment for the iPhone from bits of string and folded-up tinfoil. It's an impressive achievement. Thanks #iphone and Erica
If you fondly remember 
NPR 
Earlier, I posted about how you can revert those new lights in Leopard's Dock back to 
We here at TUAW are always on the lookout to help you, our dear readers, understand what is going on in the crazy world of Apple related technology. The biggest news, as of late, has been the continued efforts to hack the 
Yesterday, Erica posted in her state of the iPod touch jailbreak that a hacker named "Martyn" had obtained a broken iPod touch, and was planning to dive in and 
After 
