The latest manufactured iPhone 3GS devices seem to contain new bootloaders, which can not be compromised using the 24k bug. Although Musclenerd of the iPhone Dev Team paints a dark future, Mathieu Hervais expects that there are still ways thru the chain of trust in order to jailbreak.
Update July 5th, 2009: GeoHot now also provides a Mac OS X version of the jailbreak tool. Windows and Mac versions ready for download at purplera1n.com…
That’s it with the 3.0 firmware and the iPhone jailbreaks. Apple has been beaten again. This time by GeoHot. Although the iPhone Dev Team seems to have their programs already prepared they preferred to wait with the release of an updated PwnageTool. GeoHot did not wanna wait and decided to release a Windows based jailbreak tool for the iPhone 3Gs called PurpleRa1n.
Status
All three iPhone generations can now be activated, jailbroken and unlocked with the current firmware 3.0. Currently for the iPhone 3Gs there is only a Windows version available that is under strong beta testing. Anyway you can give it a try. The security whole that gets exploited in the iPhone 3Gs is well known as the 24k bug that has been found in january in the iPod Touch 2nd generations.
The release of the 3G unlock software (currently going under the name yellosn0w) is due to december 31., 2008. The unlock will currently only available for baseband version 2.11.07 or lower.
Between Chrismas and new year’s eve members of the team (planetbeing, MuscleNerd and pytey) will be giving a lecture about the security systems in both the iPhone 2G and 3G on the Chaos Computer Conference 2008.
Welcome to Berlin, guys. Enjoy the most interesting and inconsistent town in Europe, today :-)
This is a short HowTo since all of you by now know how to use QuickPwn, don’t you? in short: QuickPwn is an Après-Tool. Means: you let iTunes 8 do the update process and use QuickPwn afterwards to “open” your device. Note:
2G iPhones can be jailbroken and unlocked
3G iPhones can be jailbroken, but not unlocked
iPod Touch 1st generation can be jailbroken
iPod Touch 2nd generation can not be jailbroken
Our article will not cover the iPod Touch, but the iPhone.
II. Requirements
iPhone 2G or 3G
PC/Laptop running Microsoft Windows XP or Vista
QuickPwn 2.1 (download here or here) (sha1= f8124d0e8f31f64ef3272de8fbc679e1dd1f93a7)
Jailbreaking and unlocking is illegal to be performed with iPhone devices that are part of a current agreement (mostly 12 or 24 months). You would violate your contract by jailbreaking and unlocking! Don’t do it.
If you’re updating: all your Cydia and Installer.app based applications will be lost and need to be installed again!
Make sure you make a backup of your data!
IV. Update iPhone firmware
connect your iPhone with your PC
start iTunes 8
choose your iPhone (under devices)
hold the shift-key (on your keyboard) and do a mouse-click on the Update Button – a file-open window will pop up like this:
locate the downloaded firmware 2.1 (named: iPhone1,1_2.1_5F136_Restore.ipsw) and open it
iTunes will begin to update your iPhone automatically
After having updated the iPhone will reboot. If you are using an already Pwned iPhone it will remain activated and unlocked, you only need to jailbreak.
IV. QuickPwning it :-)
Let your iPhone plugged to your computer
Close iTunes
Start QuickPwn 2.1-1
You will be greeted with the Device Detection screen, click the right-arrow to proceed:
on the next window, click the Browse button to locate your iPhone1,1_2.1_5F136_Restore.ipsw firmware:
QuickPwn will check if the firmware matches the version currently running on your iPhone and will allow you to proceed (click the right-arrow):
the next windows allows you to select, what you want to install. We recommend to install both Cydia and Installer.app. If your iPhone has not been unlocked until now, here you can also choose to simunlock it. As we are quite conservative: we never change the boot logos, but this seems to be a matter of taste. After having selected, click the right-arrow button to proceed.
For safety reasons, QuickPwn will remind you to leave your iPhone plugged to your computer, click the right-arrow button to proceed
Read and follow the instruction on this window very carefully! QuickPwn will help you counting!
After that, QuickPwn will take control and perform the following actions automatically:
When all the tasks have been completed, QuickPwn has finished.
Your iPhone will perform some more actions for the next few minutes. It will show it is changing the NOR and so on and will reboot then.
After having rebooted your iPhone will be perfectly jailbroken and unlocked
V. Final words
Guys, we hope we could clarify some more things here than others did. We appreciate your comments on this. Kudos to all of you and remember to consider our sponsors, they really got the coolest offers ;-) Kudos fly out to the iPhone Dev Team! Live long and prosper, guys.
Our fellow iPhone Dev Team yesterday finally released QuickPwn for MacOS X. Sadly the Dev Team in the first place only provided a .torrent link (get torrent here) for distribution. We will come up with further details soon. For now: there are no reports about bugs about this version for Mac ,yet. Use “Archive Utility” to unpack, otherwise permission may be screwed up. Thumbs up for the Dev Team.
The Microsoft Windows division of users can be glad again. WinPwn 2.0 has just been released by its creator and maintainer CMW. It features activating, jailbreaking and unlocking iPhone 2G and activating and jailbreaking of iPhone 3G.
Because of the overwhelming demand for a Windows version of Pwnage, the website http://www.winpwn.com is currently not easily available. Anyway you can try to download WinPwn 2 here.
Article is outdated. Find newest Jailbreak and Unlock HowTo for iPhone Firmware 3.0 here.
Note
We need to stress: respect the laws of the country you live in. For instance as german citizen with a T-Mobile Germany plan and iPhone you are not allowed to jailbreak or unlock your iPhone. T-Mobile is not kidding in this topic, as we’ve all seen with the sipgate sue (we reported here). This tutorial is in no way meant as an invitation to do things that are in violation of your contracts. We cannot be held responsible for bricking your devices. You do everything at your own risk and responsibility. Thanks.
I. Abstract
Pwnage Tool 2.0 is the newest tool to unlock and jailbreak “old” iPhones (iPhone 2G) and jailbreak “new” iPhones (iPhone 3G). It is developed, maintained and provided for free by the iPhone Dev Team. The Dev Team already provided Pwnage Tool 1.0 (see recent tutorial here).
This tutorial is for Mac users only who previously activated and unlocked their iPhones using Pwnage Tool 1.0. The release of Pwnage Tool 2.0 has been delayed in the last few days because of several bugfixes and issues that occurred during latest test. As we’ve used Pwnage Tool 2.0 in the last hours on some old iPhones, we can say: in contrast to Pwnage Tool 1.0, we encountered some problems with Pwnage Tool 2.0. Keeping that in mind it is your own risk to prolly brick your iPhone. We cannot be held responsible for your actions.
II. Preparations
A Microsoft Windows version of Pwnage 2.0 has not yet been released. Get yourself a Mac, it really is time to switch :-)
You need to download and install a couple of programs
download and install Pwnage Tool 2.0.1 (here or here) / Updated links to new Pwnage 2.0.1
download bootloaders.rar (for legal reasons, we can’t provide a direct download link as we are in Germany. Do a simple Google search for bootloaders.rar)
update to iTunes 7.7 (using Apple Software Update)
In case you didnot, we highly recommend you read our tutorial about activating and unlocking iPhones with firmware 1.1.4 (see here).
IV. Take off
…into the wide open world of unlocked and jailbroken iPhones.
Start Pwnage Tool 2.0, and click OK.
Choose Expert Mode
Select iPhone 2G, and click the blue arrow
After clicking the blue arrow you will see a window like this:
Note: we encountered errors when browsing for the IPSW firmware that we manually downloaded several times:
We circumvented this error by letting iTunes download the firmware. But be careful let iTunes only download the firmware. Don’t choose download and install!!!
When Pwnage feels like the Firmware is the right one, it will show this picture, where we can manually change some settings. We highly recommend to change nothing but the Cydia packages. We even leave the pictures the same.
Inside the Cydia packages menu we recommend to choose these files for download: OpenSSH, Cydia Installer, and Cydia's Source Set. These files will automatically become downloaded in the background.
Make sure you select the above downloaded Cydia packages. Under Select packages you can check them, in case the packages are not pre-chosen for including into your custom IPSW. Then click the blue arrow again.
After having clicked the blue arrow again, we may choose new logos. We recommend to leave these as they are and click the blue arrow again.
Pwnage Tool 2.0 feels we are ready and shows “Build” with a checkmark. We click the blue arrow again and can already smell the pwrn.
You may provide the bootloaders now, by clicking No to search the web for them (we only show the 4.6 bootloader question, in fact there will be same question for the 3.9 bootloader).
After having chosen the bootloader Pwnage needs to know where to save the custom IPSW file. It will show a picture similar to this:
After having chosen the target filename and folder, Pwnage will submissively begin its work.
At a specific point of work, Pwnage will require your admin password. This is due to a limitation of access to the filesystem.
After working some minutes you will be shown this menu. Since we are all obedient Pwnage users (aren’t we?) we already had used Pwnage 1.0 before. And therefore we choose Yes.
Pwrnage Tool will wish us the best for our recovery and wants to be quitted:
V. Approach for Landing
As our odysee thru iPhonitis is not over, we need to start iTunes (we have our iPhones connected!). And we choose the iPhone menu in iTunes (looks like this picture:)
We need to restore our 0wn firmware, therefore we need to hold the ALT key and press Restore Button. We will get a dialog, where we can choose our custom firmware:
iTunes will begin its work of extracting and restoring our custom firmware. This process will take some minutes. Don’t disconnect during this period. You would have an expensive brick then.
After restoring successfully the custom firmware to your iPhone your iPhone will reboot and eventually show a screen that indicates that the baseband is currently in process of getting unlocked:
After the baseband flashing has been finished, your iPhone will reboot again and will show up with firmware 2.0. We hope you enjoyed your flight with incomplete-news airways. We wish you a good stay on Eff-Doubleyou-Two-Dot-Oh. We recommend to pick up your baggage in the claim area.
VI. Baggage Claim Area
You may now decide to set up your system clean and configure everything anew or simply choose to restore your old settings (like eMail-accounts, calendar, photos, muzaq, and videos):
After having clicked Continue you will see this picture. It depends on how many things you had saved on your iPhone and how much space it’s got. Our 4GB testmodel only took about 5 minutes to get all settings restored:
After restoring the settings your iPhone will reboot…
To get back your EDGE settings, simply follow our tutorial here (see part II.)_T_H_E__Z_E_N__W_A_Y_ . In firmware 2.0 the EDGE menu is now called “Cellular Data Network”).
VII. Final words
Congratulations. You’re finished now. In case any of you got questions, don’t hesitate to ask below in our comments section. We hope you enjoyed this tutorial. Thanks for your attention. Big shouts fly out to the iPhone Dev Team. You guys simply rock our hearts…
Update 15.07.2008: iPhone 3G allegedly unlocked using SIM Adapter (read here)
Update 15.07.2008: XPwn command line utility released by iPhone Dev Team (read here) Update 14.07.2008: Geohot confirms that iPhone 3G got a new bootloader (read here)
It is rumored, the Pwnage Tool for firmware 2.0 (= firmware 1.2) will not be released this weekend. Enjoy youself and don’t play around until we tell you.
Anyway the iPhone Dev Team has released a video of Pwnage Tool 2.0. See here:
Ok it is time to do it. The elite is talking about it, so we’re gonna do it, pwn our iPhones and show you (hopefully) some hints you can’t read anywhere else.
Preparations for this tutorial
Get a Mac or HackMac at your hand, because the Windows version of Pwnage has not yet been released.
Backup your data on your iPhone, like connecting to iTunes and synchronize addresses, calendar, photos, voicerecordings and so on
Getting ready
Unpack and install Pwnage Tool to your Applications folder, yes ;-)
Copy iPhone restore firmware 1.1.4 to your desktop
Unpack downloaded bootloaders and copy them to your desktop
Let Pwnage rock
start Pwnage (accept the question, if you really wanna start that app that you just downloaded from the net. As long as you loaded it from the location I provided above everything should be all right)
click Browse .ipsw (click to enlarge picture)
Pwnage will give you a status report looking like this (click picture to enlarge)
bring your iPhone into restore mode: plug the iPhone into the docking station (which is of course connected to your Mac), hold power-buttom (at the top) and the round button with the printed square (bottom, below the touch screen), keep holding until screen turns black (off) and on again – showing the Apple logo then, then release the power-button, but keep on holding the round buttron for some more seconds (maybe 10 or more). The restore mode picture will appear (click picture to enlarge)
back in your Pwnage Tool click on iPwner, Pwnage Tool will report, that your iPhone is beeing pwned now. On the screen of your iPhone there will be loads of lines of commands running thru.
in the end your iPhone is gonna be rebooted
Congratulations: your iPhone has been Pwned
Now you only need to compose a custom iPhone Firmware (see the next steps)
Compose a custom .ipsw file
back in your Pwnage Tool click on IPSW Builder
choose: “Enable baseband update, Neuter bootloader, Unlock baseband, Activate phone and if you like: Use DevTeam custom pictures” (click picture to enlarge)
click ok
you then have to locate the bootloaders (click picture to enlarge)
locate the bootloaders (you should have copied them to your desktop!)
and click ok.
save the whole custom .ipsw to your desktop
during processing the .ipsw Pwnage may ask you for your administrator's password
when everything went correctly you will see this picture (click to enlarge)
Congratulations: you just composed your first customized iPhone firmware
Now you only need to let iTunes restore your customized iPhone firmware
Restore our custom .ipsw thru iTunes :-)
start iTunes
mark your iPhone in iTunes and
hold alt key and choose restore, the following file dialog will appear
choose your custom firmware
and it will start “extracting the firmware“, “Preparing iPhone for restore” and “Restoring iPhone Software” – this will take some minutes
when you face error 1602, please update iTunes to the most current version and try again (we used version 7.6.2)
when finished your iPhone restarts
after restart the Bootneuter application automatically starts and unlocks your baseband (click picture to enlarge)
et voila: you’re done
Final Steps
install BSD subsystem (we did not test Pwnage with Telesphoreo/Cydia yet!! Will add info about this soon!)
mail.app crashes and brings you back to springboard: don’t restore your backupped settings, after pwning set the iPhone as a new iPhone (Problem originally reported here)
We’d be glad to read your feedback about this “how to”: here in the comments (scroll down) or in this hackin0sh thread (link)…
Loading ...
Deutsch
Ok Leute, es ist Zeit, das Ding zu rocken. Die Elite spricht drüber, also schauen wir uns das mal genauer an. Im Folgenden findet Ihr ein HowTo, das hoffentlich Hinweise enthält, die Ihr woanders so nicht lesen könnt
Vorbereitungen
Ihr braucht einen Mac oder einen HackMac zur Hand, weil derzeit noch keine Windows Version von Pwnage veröffentlicht wurde.
Download Bootloaders (Google Suche nach iPhone bootloaders.rar). Andere Seiten verlinken die Bootloader direkt, wir werden dies aus nachvollziehbaren Gründen nicht tun…
Macht Backups Eurer Daten, also verbindet das iPhone mit iTunes und synchronisiert Adressen, den Kalender, die Photos, Eure Voicerecordings und so weiter.
In die Startlöcher
Pwnage Tool dekomprimieren und in Euer Programme Verzeichnis installieren
Kopiert die iPhone Restore Firmware 1.1.4 auf Euren Schreibtisch
Dekomprimiert die heruntergeladenen Bootloader und kopiert sie ebenfalls auf Euren Schreibtisch
Zeit für einen Tanz mit Pwnage
startet Pwnage (die Sicherheitsfrage, ob Ihr wirklich Pwnage starten wollt, müsst Ihr akzeptieren)
Klickt Browse .ipsw (zum Vergrößern auf das Bild klicken)
Pwnage meldet einen Statusbericht, der ähnlich aussehen wird, wie der Folgende (zum Vergrößern auf das Bild klicken):
danach bringt Euer iPhone in den Restore-Modus: steckt das iPhone in die Dockingstation (die selbstverständlich mit Eurem Mac verbunden ist!), haltet den Power-Knopf (ganz oben) und den runden Knopf mit dem aufgedruckten Quadrat (der unter dem Touch-Screen), haltet die beiden Knöpfe solange, bis der Bildschirm schwarz wird (sich also ausschaltet) und wieder angeht und dabei das Apple Logo zeigt. Dann lasst Ihr den Power-Knopf bitte los und haltet nur noch den runden Knopf für einige weitere Sekunden. Wenn das Restore-Modus Bild erscheint, ist alles richtig gelaufen (zum Vergrößern auf das Bild klicken)
zurück im Pwnage Tool klickt auf den iPwner-Knopf
das Pwnage Tool meldet dann, dass Euer iPhone nun ge-pwnt wird. Auf dem Bildschirm des iPhones werden einige Zeilen mit Befehlen durchlaufen.
wenn der Prozess sauber durchgelaufen ist, wird das iPhone neugebootet
Gratulation Euer iPhone ist nun PWNed
nun müsst Ihr noch eine eigene Firmware einspielen, die die Aktivierung und den Unlock vornimmt
Eine angepasste .ipsw Firmware erstellen
zurück im Pwnage Tool klick Ihr nun auf IPSW Builder
wählt: “Enable baseband update, Neuter bootloader, Unlock baseband, Activate phone” und wenn Ihr wollt: “Use DevTeam custom pictures“, uns hat die angebissene Ananas nicht so recht gefallen (zum Vergrößern auf das Bild klicken)
dann auf OK klicken
und nun die auf Euren Schreibtisch kopierten Bootloader auswählen (zum Vergrößern auf das Bild klicken)
wenn Ihr die Bootloader ausgewählt habt, wieder auf OK klicken
danach speichert Ihr das "custom .ipsw" (die angepasste iPhone Firmware) auf Euren Schreibtisch
während des Erstellens der .ipsw Firmware fragt Pwnage nach Eurem Administrator Passwort, gebt es an, sonst geht es nicht weiter
Ihr solltet nun etwa das folgende Bild sehen (zum Vergrößern auf das Bild klicken)
Gratulation Ihr habe Eure erste eigene iPhone Firmware erstellt
Nun müsst Ihr diese Firmware nur noch mittels iTunes ins iPhone “wiederherstellen” lassen :-)
Einspielen (Wiederherstellen) der angepassten .ipsw Firmware mittels iTunes :-)
startet iTunes
markiert Eurer iPhone in iTunes und
haltet die alt Taste gedrückt und wählt wiederherstellen aus
es erscheint der folgende Datei-Dialog
hier wählt Ihr nun die eigens erstellte (custom .ipsw) Firmware aus.
iTunes wird beginnen, die Firmware zu extrahieren, das iPhone für die Wiederherstellung vorzubereiten und die iPhone Software wiederherzustellen
dieser Prozess wird einige Minuten in Anspruch nehmen
Falls Ihr dem Fehler (error) 1602 begegnen solltet, aktualisiert iTunes auf die aktuellste Version (wir haben Version 7.6.2 verwendet)
Nach dem Neustart des iPhones wird automatisch der Bootneuter gestartet, der Euer Baseband unlockt (zum Vergrößern auf das Bild klicken)
tadada: Ihr habt es geschafft, ein vollständige gePWNtes iPhone
Abschließende Arbeiten
installiert das BSD subsystem (wir haben Pwnage noch nicht mit Telesphoreo/Cydia getestet!! Wir ergänzen das, wenn wir den Test durchgeführt haben!)
mail.app stürzt ab. Versucht, Eure gesicherten Daten nicht wiederherzustellen, sondern das iPhone als ein neues iPhone in iTunes einzustellen (Problem wurde hier berichtet)
Ein großen Dank solltet Ihr nun an das iPhone Dev Team richten. Die Arbeit von den Jungs ist einzigartig!!!
There has been a plenty of rumor about this new tool called “Pwnage”. But it seems like it’s right before becoming released within the next two weeks. The official iPhone Dev Team wiki pages indicate at least a delay of the release date. However a video has been released to Youtube showing how easy Pwnage works. The whole process of patching and completely unlocking via pre-modifying the bootloader seem to become more foolproof.
Features will include:
pwning the iPhone’s bootloader (patch code integrity/signing/hashing checks)
upgrade/downgrade bootloader (from 3.9 to 4.6 and the other way round)
Es gab ja schon einiges an Gerüchten über das neue Tool “Pwnage” und es scheint so, als würde es tatsächlich kurz vor der Veröffentlichung stehen. Die Foren der Welt berichten, dass es innerhalb der nächsten zwei Wochen soweit sein wird. Im offiziellen iPhone Dev Team Wiki finden sich jedoch keine genaueren Zeitangaben. Dennoch wurde vor einigen Tagen ein Video auf Youtube veröffentlicht, das zeigt, wie einfach Pwnage funktionieren wird. Der ganze Prozess des Patchens und Unlockens wird dank des vor-modifzierten Bootloaders erheblich einfacher werden.
Folgende Features wird Pwnage haben:
Pwning des iPhone Bootloaders (Integritäts-, Signatur- und Hash-Checks werden gepatcht)
Upgrade/Downgrade des Bootloaders (von 3.9 auf 4.6. und umgekehrt)