QuickPwn Mac OS X Tutorial

by Sebastien on Aug 29, 2008

[digg-me]How to use QuickPwn Mac OS X to jailbreak the iPhone? This is a very good question that will find answer in the new few paragraphs. Before we start, I want to make it clear that QuickPwn for Mac OS X does not activate; it just pawns firmware 2.0.2 (at least to this date).

Another thing I would like to add is that you are pawning your iPhone at your own risk and it will void Apple’s warranty. It is also worth noting that pawning your iPhone is illegal. I know, it’s your phone, you should be able to do whatever you do with it but it still illegal. Ok, let’s go.

QuickPwn Mac OS X Guide:

Before starting: your iPhone must be on firmware 2.0.2.

  1. Download QuickPwn Mac OS X from here or from our iPhone Downloads section. Also download the 2.0.2 firmware for your iPhone and place it in your DOCUMENTS folder. It is very important you put it there as QuickPwn will automatically look for it at this location.
  2. Open QuickPwn and click OK to the warning.
  3. The next few steps are all automated, you pretty much have nothing to do but sit and relax. QuickPwn will ask you to connect your iPhone. Do so and click OK.
  4. QuickPwn will then automatically detect your device.
  5. Then QuickPwn will automatically build the custom firmware for you. It should say “Building IPSW”.
  6. It will then ask for your password. Enter it.
  7. OK, now is the part where you actually work a little bit… Follow the onscreen instructions to put your iPhone into DFU mode.
  8. Wait for QuickPwn to pawn your iPhone.
  9. Then you will get a message telling you that “QuickPwn is modifying your device”.
  10. Click OK and you will get a cute success message (you’ll see what I mean).
  11. This process may take a few minutes and your iPhone will reboot automatically.
  12. Done!

So, wasn’t that hard, was it? Please leave comments.

 

QuickPwn for Mac OS X is out

by Sebastien on Aug 29, 2008

A lot is going on today. First, the release of WinPwn 2.5 (see tutorial here) and now the DevTeam informs us on their blog that they have released the long-awaited QuickPwn for Mac.

From the DevTeam:

QuickPwn is not a replacement for PwnageTool, they are different tools and provide different features, QuickPwn is for quickly pwning a device, whereas PwnageTool is designed to custom build and tailor the ipsw production process, both tools will be actively developed in the future.

To use QuickPwn 1.0 Mac OS X your device should be running 2.0.2, if it isn’t then you can upgrade it to 2.0.2 using iTunes and then use the QuickPwn tool, we repeat, it’ll only work on version 2.0.2 of the iPhone or iPod touch firmware.

If you don’t want specific things to happen such as baseband updates then PwnageTool should be used to create a custom .ipsw with your specifics.

QuickPwn for Mac can be downloaded from here (Bittorent) or from our iPhone Downloads section.

SHA1(QuickPwn_1.0.0.tbz)= 22ee0d6814a6bac9b1b9a8c7715dd714bd6bb449

Thanks DevTeam

 

QuickPwn vs. Ziphone

by Sebastien on Aug 28, 2008

PlanetBeing, a member of the DevTeam, wrote a very interesting post about the similarities and differences between QuickPwn and Ziphone. If you’re not an iPhone geek, don’t even bother reading this…

Here is what PlanetBeing took into account (as you can see, there are more differences than similarities):

Similarities:

  • jailbreak
  • payload medium

Differences:

Technique

ZiPhone uses, as the root filesystem device, a pseudo-device that provides a window to an arbitrary section of memory. This memory is not allocated or otherwise reserved by the operating system and hence will be used by other random processes in other random ways and will become more and more corrupted with every CPU clock cycle. The only safe way to use this is to mlock all memory used by the jailbreak binary as soon as possible, and then use data previously uploaded to flash. Anything else will cause either the jailbreak binary to crash at random moments or cause random data to be written to flash. I am not sure why Zibri elected not to implement ZiPhone in a safer fashion.

QuickPwn uses the same mechanism that Apple uses to send its update ramdisk. This memory is both allocated and reserved. It will not crash at random moments, or give you repeating BSD root errors. This is the way the XNU kernel is designed to use ramdisks.

Longevity

ZiPhone hinges on a BUG in iBoot that was quickly fixed by Apple.

QuickPwn uses an iBoot FEATURE that Apple cannot remove without rewriting their own software and undergoing lengthy QA. Even if Apple did change the architecture, it would be straight-forward to simply mimic what they do and adapt to it. The reason QuickPwn can do this is because it relies on a hardware exploit to bootstrap into this phase. Apple cannot fix this problem without changing the manufactured hardware.

Elegance

ZiPhone modifies an existing Apple ramdisk and ships it as a complete set.

QuickPwn contains all-original code and features a very tiny bootstrapper that allows it to use libraries and code that’s already on the iPhone.

Not only does ZiPhone’s distribution of Apple’s binaries violate copyright laws, it also takes up a large portion of room on the ramdisk that could be used for the payload. Keeping its existing algorithm, ZiPhone would never have been able to install Cydia, for example. The maximum feasible ramdisk size is 32 MB; Cydia takes 13 and Apple’s library take up a significant amount. With some work, Zibri could possibly make it just under the 32 MB limit, but with the large number of files in Cydia, and the large size of the corruptible area of memory, corruption would be inevitable.

Click here to read the full post.

 

Bugs found in PwnageTool for Mac and Windows Beta of QuickPwn

by Sebastien on Aug 26, 2008

The DevTeam posted on its blog a few hours ago that bugs have been found in the recent releases of the PwnageTool for Mac and the Windows Beta of QuickPwn.

We’ve had some issues with iPod touch devices and the latest version of PwnageTool for the Mac, in certain conditions incorrect permissions will be used and the keychain doesn’t save passwords. So hold on and wait for the next release, we’ll push out the updated version via Sparkle as soon as it is tested (it is being tested right now). We have also encountered some issues with the Windows Beta of QuickPwn, and we have an update that should fix the issues seen with 64-bit Windows versions and should be able to be used with all versions of Windows, but as with all beta software other bugs may be present.

A new Windows QuickPwn Release Candidate (RC3) was made available and can be downloaded from here or from the download section of this blog.

 

150 beta update to the Windows QuickPwn application is out

by Sebastien on Aug 25, 2008

After announcing the release of the new PwnageTool 2.0.3 for Mac OS X, the DevTeam spoiled us today with a new beta update to the Windows QuickPwn application.

DevTeam says:

This contains a revised GUI from Poorlad that has tighter integration into the the main updated QuickPwn executable which has fixes for YouTube and  provides BootNeuter support for the unlock of 2G iPhones, remember this is still beta software, use at your own risk.

The tool can be downloaded from here or from the iPhone Downloads section of this blog.

A “Nota Bene” from the DevTeam:

NB: QuickPwn Windows doesn’t work well with virtualization as there are some problems with the way USB resets are handled, so we wouldn’t advise trying it, we have had reports of some success with VMWare Fusion 2.0 Beta 2, but this shouldn’t be relied on, use PwnageTool instead, or wait for QuickPwn Mac.

Additionally, the DevTeam says that QuickPwn for Mac is currently being tested and we might see a beta release sometimes within the next few days. I’ll keep you updated about that.

Also worth noting is that they are still working on a 3G baseband unlock solution but they are not there quite yet.

 

QuickPwn 2.0.2

by Sebastien on Aug 21, 2008

Woohoo, it only took a few days to the DevTeam and Poorlad to update their GUI version of QuickPwn and make it work with the latest iPhone firmware 2.0.2.

QuickPwn 2.0.2 contains their new bundles for 2.0.2 and they’ve also added support for version 2.0 devices which means you can QuickPwn and jailbreak the device if it is running 2.0, 2.0.1 or 2.0.2. Isn’t it fabulous? (I love saying “fabulous”, it sounds so gay though… haha)

Keep in mind that this is still beta software, so use the tool at at your own risk!

Download QuickPwn 2.0.2 here.

How to use QuickPwn 2.0.2? Well, simply follow the directions on my QuickPwn GUI tutorial. The method is exactly the same except that you will now be using the iPhone’s firmware 2.0.2, which is available in the iPhone Downloads section of my site.

Here is important information from the DevTeam. Please read carefully.

Using QuickPwn does not update the firmware itself, this tool is designed to ‘Pwn’ (the ability to install future custom non-Apple firmwares) , ‘Jailbreak’ and install Installer or Cydia on a given device. If your device is running 2.0.1 and you QuickPwn it, it’ll still be running 2.0.1, although it will now be Pwned and Jailbroken, similarly if your device is running 2.0.2 and you QuickPwn it, it will then be running 2.0.2 but the device will now be Pwned and Jailbroken. It will also activate (not unlock) devices that are being used outside of their intended territories and cannot be activated using iTunes.

If you want to update to 2.0.2 then use the normal iTunes update to get to 2.0.2 and then use QuickPwn to Pwn, Jailbreak and Activate, remember that the 2.0.2 update includes a baseband update for the 3G iPhone, so depending what your long term intentions are for the phone, update wisely, of course in the upcoming PwnageTool application you’ll be able to create a custom ipsw without the baseband update enabled.

There is no Mac version so far.

 
Page 3123