jailbreak posts

Last week I downloaded (but did not install) the iPhone OS 3.1.3 firmware for my 3GS. I wanted to have a copy of the firmware on hand, but didn't want to upgrade right away. I checked "Do not ask me again" and clicked Download Only. I thought that was the end of the matter.

Unfortunately, this Sunday, I plugged in my iPhone and left the room to grab some tea. When I returned, the iPhone was 50% of the way through the 3.1.3 firmware upgrade procedure. It did something I had no idea that it would do: it upgraded me without asking.

How frustrating! What's more, I didn't have a copy of 3.1.2 on-hand to downgrade to because iTunes automatically deleted the old firmware files and I was using default Time Machine settings; Time Machine does not normally back up ~/Library, the folder that contains the iTunes ipsw files.

Fortunately, I had several resources. First, because I had jailbroken my phone and registered my device signature with Jay Freeman's caching service, I knew I could downgrade my phone. As Jay and I discussed in this LiveChat from a few months back, Apple no longer allows you to freely downgrade your iPhone software. All firmware installations must be verified with Apple's signature servers.

By jailbreaking your phone and registering your device signature with Jay's system, you'll be able to bypass Apple's verification system and return to the firmware you prefer -- or at least to the earliest firmware whose signature you have stored on the caching site. To make this happen, you must both register your device and update your /etc/hosts file. Jay's site has complete instructions on how to comply.

Second, I could grab a copy of old firmware from sites like Felix Bruns' http://www.felixbruns.de/iPod/firmware/ and iClarified's http://www.iclarified.com/entry/index.php?enid=750. These sites provide Apple download links for old firmware releases. I downloaded a fresh copy of the 3.1.2 ipsw (iPhone software archive) and installed it onto my system. Using a standard option-restore trick, I was able to put that firmware onto my iPhone. iTunes verified the upgrade with Jay's server and installed it onto the device.

Note: If you receive the "The iPhone could not be restored. An unknown error occurred (3004)." error, make sure to quit iTunes and flush caches at the command line: sudo dscacheutil -flushcache.

If your device updates properly, you will receive a 1015 error and your unit will now enter a semi-permanent recovery mode, the mode in which your device shows an iTunes logo and will not boot further. To proceed, you'll need to use iRecovery. Download a copy from this site. (It requires libusb, so read the entire post before running.) Run iRecovery from the command line and supply the -s flag. Wait for the "]" prompt, and do not type anything until you see that prompt appear.

Enter the following commands:

] setenv auto-boot true
] saveenv
] /exit

After, you will return to the command line. Reboot your phone by pressing the home and sleep buttons for 10 seconds, per the instructions on the site, and your iPhone should boot back to standard 3.1.2.

Note: Be aware that this method does not downgrade your baseband. It remains at the 3.1.3 setting.

Thanks Jay Freeman, Sjoerd (aka WiFone), and Paul "PhoenixDev" Griffin

Jailbreakers ahoy! Yesterday brought the release of the Dev Team's pwnage tool for jailbreaking and unlocking iPhones equipped with the new 3.1.3 firmware. As usual, though, there are a few catches: first, if you don't need to update to 3.1.3, the dev team says you shouldn't bother anyway -- it doesn't do much that the old versions of the firmware doesn't, so if you don't need to upgrade, just leave your jailbreak as is.

3G and 3GS users especially should be leery of this one, since if a mistake is made, there's a chance you could upgrade your firmware and then not be able to unlock it again. They also have all sorts of other warnings and exceptions on their blog post. As they say, don't download and run those files without seriously thinking about what you're doing with your iPhone.

If, after all of that thinking, you decide it is time to crack open your iPhone with the 3.1.3 firmware, the jailbreak will put together a custom 3.1.3 IPSW for you to restore back on to your iPhone -- here's a quick how-to to start with. Good luck, and be careful out there!

[via Engadget]

HumanApi, Sports ECG in real life from uxebu on Vimeo.

iPhone developer Nikolai Onken has been hard at work putting together what he calls the Human API. He wants to explore how real life can be the source of data that can be gathered and analyzed using web technologies. In the project demonstrated in this video, he has put together a prototype that gathers heart rate data from a Polar T31 transmitter, and collects it on his iPhone using Bluetooth transmission. An Arduino kit receives the Polar data using a custom receiver and transmits it via Bluetooth, where it is read on the iPhone using the open source BTstack, that we've covered before here on TUAW.

As the video shows, the iPhone provides live feedback of his heart rate as he engages in running and deep knee bends. His custom application tracks the data as it streams in via Bluetooth and displays that data on an on-screen graph. In the end, he has created a customizable iPhone solution that communicates with external hardware in real time. Pretty neat stuff, and a great example of how a jailbroken iPhone can provide a great prototyping platform.

24/7WallSt. reports that Apple and third-party developers have lost approximately $450 million in revenue from App Store piracy since the store opened in July of 2008. Out of this, $140 million of this counts as lost revenue for Apple – a huge chunk of the $500 - $700 million in revenue the App Store has generated for the company so far – with the remaining $310 million revenue loss falling on developers.

Their analysis is based on several assumptions, however, any one of which could easily be wide of the mark. They argue that with three billion downloads on the App Store (not an assumption), 17% of those are paid apps (assumption), with a piracy rate of 75% (assumption), and the number of pirate downloads at 1.53 billion. If the average price of a paid app is $3 (assumption), then there's $4.59 billion in losses. Assuming that only about 10% of the pirates who downloaded apps would have actually bought them, that makes the total $459 million. Still with us?

According to 24/7WallSt.'s analysis, around 10% of iPhone/iPod touch users have chosen to jailbreak their devices, and it's only about 40% of these jailbroken users who are responsible for this torrent (ahem) of piracy. This means that, according to 24/7WallSt.'s numbers, out of a rough total of 75 million worldwide iPhones and iPod touches, a mere 3 million devices are responsible for the 1.53 billion apps 24/7WallSt. is claiming have been downloaded illegally.

For those of you calculating along at home, that works out to an average of 510 pirated apps per device. That snap you just heard was suspension of disbelief.

[Via MacRumors]

So far, only the jailbreakers have been able to pair up a Bluetooth keyboard with their iPhone, but ION is working on a hardware solution -- they're showing off what's basically a dock at CES that has a full-size keyboard connected to it. Very interesting. Of course, it makes the iPhone a lot bigger (though their marketing says it's for travelers who want a little something less than a full laptop computer -- if only there was a device released to fill that need), but it's also battery-charged, so it'll recharge your handheld while allowing you to type out emails and messages on a full keyboard.

The price is supposed to be "slightly more than $100," and a release is set for the second quarter of 2010. If you've wanted to use a full-size keyboard with the iPhone but haven't gone for the jailbreak, we'll keep an eye on the release for you.

A few days ago, the BTStack keyboard package was released to Cydia. This package, which we posted about recently, allows owners of jailbroken iPhones to use a Bluetooth keyboard with their iPhone 3G or 3GS, or 2nd generation or later iPod touch. The package is available for US$5.00 from Cydia.

Since the iPhone was first introduced, there have been efforts to bring support for external accessories. The iPhone 3.0 external accessory framework allowing accessories that connect to the universal dock connector or use Bluetooth has been closed, and only a few companies have developed accessories using the framework. The BTStack project by Matthias Ringwald offers a more complete and open Bluetooth stack for jailbroken iPhones. The stack has even been used with an iPhone and a Wii Remote over Bluetooth. To use a Bluetooth keyboard for quick and easy data entry into your iPhone, you'll need to jailbreak your iPhone, which can be done with an application like blackra1n.

Read on to find how I set up my iPhone to use the Apple Wireless Keyboard, and how it works with the iPhone.

Due to hit the Cydia store momentarily, Matthias Ringwald's BTstack Keyboard app allows users to type text into any iPhone application using an external Bluetooth keyboard. Built on the open source BTstack project, BTstack Keyboard runs a daemon in the background of any jailbroken iPhone 3G, iPhone 3GS or iPod touch with Bluetooth support. As you type text on the keyboard, the daemon generates synthetic keyboard tap events; the effect is the same as if you'd typed that text using the on-screen keyboard.

You will need to install BTstack and the BTstack Keyboard packages on a jailbroken 3G or later iPhone or 2nd generation or later iPod touch. The software has been tested with an Apple Bluetooth keyboard, a Think Outside Stowaway Universal keyboard, and a Palm Wireless keyboard. There's no reason to think it won't work with any standard Bluetooth keyboard, i.e. one that uses standard BT protocols.

With this small utility, users will be better able to take notes on the go using a standard keyboard in any text-based iPhone application. Yes, you'll have to haul around the physical keyboard, but the availability of folding on-the-go Bluetooth solutions makes this an exciting development for anyone who wants to expand their text entry possibiilities.

Expect to pay $5 for BTstack Keyboard when the software goes live. For more details, see Ringwald's Keyboard information page at his website. Ringwald is the same developer whose BTstack work brought iPhone-Wiimote integration into play recently.

I know that many of our readers will be traveling during the holiday season, so I wanted to share a walk-through that will help keep your MacBook of choice connected on the go. This is an article intended for those using iPhones on carriers that do not officially support tethering. TUAW would like to remind you that this is unsupported and is enabled at the user's own risk. This does require jailbreaking your iPhone, so the unadventurous in the audience may want to pass this up. If you're not already jailbroken, you can download the necessary software, like blackra1n from George Hotz or Pwnage from the iPhone Dev Team.

Once you've jailbroken your iPhone, install or open Cydia and navigate to the "Featured Packages" section. Find and install the package named "Modem." That's it on the iPhone side of things, on your computer, navigate to iphonemodem.com and download the helper application or register the application for $9.99 to disable the registration reminder in the iPhone app (As far as we know, the free version is fully functional). Drag iPhoneModem to your Applications folder.

The setup is really that simple. Now all you have to do is open the application on your computer, click connect, then launch the companion app on your iPhone. The iPhone application will find the network your computer creates and share the Wi-Fi connection between the two devices so you can use your iPhone data plan on your laptop for better browsing. Here's how the developers say it works:

On the computer, the helper application creates a new computer-to-computer (or ad-hoc) Wi-Fi network and configures the system preferences to use the iPhone as an Internet gateway and proxy. On the iPhone, the application opens a routing engine, DHCP, DNS, HTTP, HTTPS and SOCKS proxies and connects to the helper on the computer.

I've had pretty good success with this application in my time with it. I've been using it on and off for over a year -- it's been a great app in clutch situations. I'd recommend it as a virtual stocking stuffer if you have a friend or family member who's jailbroken their iPhone. Let us know your thoughts or your experiences with the app in the comments.

Update

As several commenters have pointed out, there are several other free solutions that seem to be just as easy as iPhoneModem. Please read through the comments to see if any of those solutions suit you better.

We were all a bit surprised when Ustream's free Live Broadcasting iPhone app [iTunes Link] was approved by Apple and tossed into the App Store yesterday. After all, it wasn't that long ago that it seemed that no streaming video apps would ever be approved for the iPhone platform due to AT&T's reluctance to have their network overwhelmed by self-produced live vidcasts of emo guitar players "broadcasting" from their unheated rent-controlled flats.

No sooner had the Ustream app magically appeared than we began to receive emails from Qik stating that they were submitting their streaming video app for approval. Qik currently has Qik for 3GS [Free, iTunes Link] in the app store, which allows recording and eventual uploading of video to their site, but not live video streaming. According to a blog post on the Qik site, the app has been resubmitted and the wait is on.

Having a choice of legal video streaming apps that don't require jailbroken iPhones will certainly open up a new chapter in the iPhone story.

When it came time recently to jailbreak an iPod touch, I decided to take a look at George Hotz's BlackRa1n tethered solution. Unlike the Pwnage approach that creates a custom ipsw (iPhone software) bundle that you install via iTunes, the tethered approach communicates directly with your iPod or iPhone via the USB connector cable you use for normal syncing. That makes the tethered solution a very fast and easy-to-use approach, especially for units shipped with the 3.1.2 software installed.

Download the BlackRa1n tool for both Windows and Mac from the GeoHot site. Complete instructions are available at his Weblog. If you own more than one iPhone unit, make sure you unplug all but one from the system before you start the jailbreak. Launch BlackRa1n and click the "make it ra1n" button. Then be patient and wait as the software does its job, including replacing your recovery logo (normally a picture of the iTunes logo and the connector cable) with a vanity image of the software's author.

Be aware that the blackra1n jailbreak may present issues during reboot, forcing you into recovery mode and requiring BlackRa1n to launch properly. Hotz writes, "If your ipt2/3GS/ipt3 is rebooting into recovery after running blackra1n, this isn't a bug. It's a feature. You need to run blackra1n every time to boot it. This 'feature', called tethered jailbreak, is enabled by upgrades Apple made to the bootrom and the fact ipt3 uses nand flash." I did not experience this behavior on my iPod touch 2nd generation unit. It reboots without problem, and, no, it had not been jailbroken before.

Once the jailbreak has finished and your iPhone has rebooted, you can run the on-device version of the BlackRa1n software to install Cydia, the Rock store, and (for iPhones) the sn0w unlock that allows phones to be used with other carriers.

I found the whole process extremely easy to perform and would recommend it to anyone who had difficulties using Pwnage. The trade off, of course, is an easier install versus possible long-term reboot issues. It seems that my touch ducked the bullet on that one but that's only one experience among many.

Although BlackRa1n is free software, the author asks for donations to support this effort, so he can continue providing tools in the future. A donate link appears on his home page.

The internet has been ablaze with reports of jailbroken iPhones being infested with worms. The exploit takes advantage of unwitting jailbreakers who install OpenSSH on their iPhones via Cydia without taking into account all of the impacts on security. The most notable, and now famous, hole in this theory is that every iPhone ships with the same default password for both the all-powerful "root" user as well as the more-restricted "mobile" user.

Not surprisingly, Apple has officially commented on the situation noting that "the worm affects only a very specific set of iPhone users who have jail broken[sic] their iPhones and hacked it with unauthorized software." It is pretty clear from Apple's statement their feelings on the jailbreak community and its effects on the iPhone and iPod touch.

Luckily, if you need to have OpenSSH installed on your iPhone (who doesn't want a remotely-accessible, full UNIX terminal in their pocket?), there is a pretty simple solution to this problem that will prevent this breed of infestation from ever reaching your iPhone.

1. Remember, this only affects jailbroken iPhone owners who have installed OpenSSH...
2. Begin by installing MobileTerminal via Cydia (alternately, you can login via SSH from Terminal.app or a Cygwin-equipped Windows PC).
3. Type "login", you will be asked for a login name which should be "root" then a password which should be "alpine".
4. Type "passwd" then tap return, you will be asked to type the new password. Tap return and type the new password again.

Repeat this same process for the "mobile" user by replacing "root" with "mobile" in step 3. Also, when using passwd to change the password for "mobile" you may be asked the old password which would be "alpine". It is not necessary to use a different password for "root" and "mobile" but if you're highly security conscious, it wouldn't hurt. The second half of this post includes a screen image of my exact process working successfully on OS 3.1.2 with an iPhone 3GS.

In addition to changing the user passwords for your iPhone, another good security measure is to use one of the jailbreak apps like BossPrefs or SBSettings to have a toggle that will disable SSH when not in use. Obviously, having SSH disabled (or not installed) is the best defense against worms of this sort. Got any other iPhone security tips? Let us know in the comments!

Last month a Dutch iPhone user demonstrated how careless jailbreaking can cause trouble. Namely, after finding users who enabled SSH with the phone's default password intact, he sent those phones a message that read, "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files." A similar worm caused phones to rickroll their owners.

They could have done worse. This week, someone has. Again from the Netherlands and again finding jailbroken iPhones with SSH enabled, F-secure reports that this infraction puts up an ING Direct login page that lets the hacker gather login credentials and, we assume, move funds to wherever they please. This version also changes the 'alpine' password to block users from getting to the phone via SSH.

We'll have more on this as the story develops, but the moral is this: If you jailbreak your iPhone, you should know what you're doing -- and you should change your SSH password.

[via Engadget & ZDnet Asia]

With the latest jailbreaking code, blacksn0w, now available for Geohot's blackra1n utility, iPhone owners who want to free their favorite smartphone from the constraints of the App Store and the AT&T network may do so. But a recent report by PCWorld / Network World indicates that Apple is hiring a new "sheriff" to lock up the iPhone platform for good. Is this true? Maybe not.

According to the post by Network World blogger John Cox, an Apple corporate website is showing a job posting for an iPhone platform security manager. The manager would lead a team aimed at creating methods for secure booting and installation of the iPhone OS, strengthening the platform's cryptographic services, partitioning and hardening internal security domains, and providing risk analysis of security threats.

The post goes on to breathlessly state that this job posting (which is noted as filling an existing position, not creating a new one) is indicative of Apple's concern that enterprise users might jailbreak and unlock their iPhones. The jailbroken phones would let enterprise users load apps that could "threaten corporate data or back-end Exchange servers," and "unlocking the phone... makes it hard to track, monitor and optimize wireless costs and could open the enterprise to legal problems."

Why is it so important for Apple to crack down on jailbreaking and unlocking? Well, the post says that many enterprises are adopting the iPhone "despite the fact that Apple provides virtually no security or management infrastructure..." That last statement is a bit ridiculous, considering that Apple even provides a series of white papers on exactly how to implement secure, managed iPhone deployments in enterprises.

Perhaps the author has been out the enterprise world for a while, since alterations like jailbreaking and unlocking are forbidden by policy in almost all big businesses that provide their employees with phones. As Mike Rose put it succinctly, "What enterprise user is jailbreaking their phone to use T-Mobile when that means they won't get reimbursed for their cell costs? What enterprise user wants to risk getting cut off from Exchange access?" And what enterprise employee is going to risk his or her good graces with the corporate security team for the sake of being able to run SplatCam or Cycorder on the iPhone?

The post tries to tie the rather innocuous task of filling an open job posting to an attempt by Apple to try to shut off the jailbreak world -- which, if it is doing, isn't necessarily about covering corporate requirements. As long as there are people who want to jailbreak their phones or unlock and move them to a different GSM carrier, hackers will find a way to do it. To us, it appears that Apple is just trying to maintain and improve security for the iPhone platform, something that will benefit all iPhone owners.

For the last few days, some jailbroken iPhone users have found their home screen background a little different than they remembered. A hacker, going by the name "ikee," created a worm that changes the home screen background on jailbroken iPhones whose owners failed to change the default password after installing SSH. Simply jailbreaking your iPhone will not make you vulnerable to this sort of hack. The iPhone OS, in general, is also immune to this hack. Still confused? Let's back up a bit.

On jailbroken iPhones, SSH is installable with a package from Cydia that allows you to connect to your phone and make changes to the filesystem. It does this by logging into the root user with the password "alpine." After installing SSH, it is always recommended that you change "alpine" to the password of your choosing. This hack can only affect people who chose not to change that password -- no one else.

This hack originated in Australia, the home country of ikee, and has possibly spread to other iPhones in other countries, but we've been unable to verify that. A gentleman by the name of JD held an interview with the hacker over IRC and posted it to his blog. In ikee's own words, here's how the worm has spread:

...The code itself is set to firstly scan the 3G IP range the phone is on, then Optus/Vodafone/Telstra's IP Ranges (I think the reason Optus got hit so hard is because the other 2 are NAT'd) then a random 20 IP ranges. I'm guessing a few phones hit a range that another vulnerable phone was on.

Basically, once your phone is infected, the worm starts looking for other iPhones on the cellular network that use the root:alpine combination. Once it finds another vulnerable iPhone, it installs itself and begins the process again... and again... and again.

Luckily for the jailbreakers in the audience who may have been affected, there's really no harm done -- at least not with this version of the worm. According to the hacker, this was more of an experiment than anything else. The worm changes your background and then disables inbound SSH, which is a good thing. If SSH was left turned on, a similar worm could follow along but conceivably do much more damage. For instructions on how to delete this worm, read JD's interview with ikee. I would recommend reading the interview just for the information it presents; I found it pretty interesting. If you've got a jailbroken iPhone or iPod touch and you've never changed the default device password, now's the time. Here's how, if you are using terminal:

Type: ssh root@(iPhone IP address)
When prompted for the password type: alpine
Now you're connected the phone...
type: passwd
It should then prompt your for a new password -- type one that you'll remember. There's no easy way to reset it if you forget it.

That's it. Please remember to be responsibly secure with your devices. Hackers like ikee are troublesome, but this could have been much worse. While I don't personally condone his actions, he's prevented a lot of people from being vulnerable to more malicious attacks later down the road.

Thanks, James!

There's an exciting announcement at All Tech Related this week that has us saying, "We can't wait!"

ZodTDD, the developer behind GpSPhone (a Nintendo Gameboy Advance emulator for the iPhone and iPod Touch), announced the development of an N64 emulator for the iPhone and iPod touch. Zodttd believes that the current generation iPhone and iPod touch have the graphic CPU horsepower necessary to run those games. "...I can't promise it will run games top notch just yet, as things are too early to say. There's hope though, with a 3D accelerated graphics plugin, as well as an ARM dynarec."

As iPhone Savior points out, the toughest challenge could be fitting the controls onto the screen in an unobtrusive yet usable way. That was my main complaint about Resident Evil for iPhone [iTunes link] -- my hand is often in the way of what I'm trying to see.

Note that this will require an jailbroken iPhone or iPod touch.

[Via iPhone Savior]