This tutorial will show you how to use PwnageTool to jailbreak your iPhone firmware 2.2.1. Note that PwnageTool only works with Mac OS X. PwnageTool will create a custom 2.2.1 firmware that you will then load to your iPhone. This will allow you to update your iPhone without updating the baseband, which is a very important feature if you're considering using YellowSn0w to unlock your iPhone.
iPhone 3G
Dev Team Updates QuickPWN and PwnageTool for 2.2.1
I thought the Dev Team would release updated version of QuickPWN and PwnageTool sometimes next week, but as usual, they were faster than I expected. In a blog post, the Dev Team gives us more info about these 2 jailbreaking tools and also tells us about the dos and donts.
I could try to paraphrase what they said but I think it's better I just copy/paste their post entirely. I do not like doing this but I believe it is very important information that shouldn't be disregarded.
I highly suggest you go visit the Dev Team blog and leave a nice comment over there. Click here to read this post on the Dev Team blog.
You can expect a QuickPWN guide and tutorial from me within the next couple hours, so stay tuned!
UPDATE:
Tutorial for QuickPWN: QuickPWN 2.2.1 Guide Tutorial for PwnageTool: PwnageTool 2.2.1 GuideThis is the low down on our tools for use with the 2.2.1 firmware from Apple, read the whole post in full before attempting anything.
GOLDEN RULE: If you have a 3G iPhone running 2.2 firmware and you want to keep your ability to use yellowns0w (or the option to use it in the future) do NOT use QuickPwn, and do not use the official ipsw or the iTunes update process without using PwnageTool. Yellowsn0w will NOT work with the baseband version (02.30.03) that is present in the recent 2.2.1 update - you will need to create a custom ipsw that will allow you to update safely without affecting the baseband. Please read all parts of this post before downloading and using these tools. Read items 1, 2 and 3 again and again. At the bottom of this post are the bittorrent files for the latest versions of PwnageTool and QuickPwn. These apps are suitable for the recent 2.2.1 release. The Yellowsn0w version has been updated to 0.9.7. Yellowsn0w is available from Cydia or Installer - this version allows compatibility with pwned 2.2.1 system (not baseband) - again - remember 0.9.7 yellowsn0w DOES NOT WORK WITH 2.2.1 (02.30.03) directly - you need to be running a ‘pwned’ version of 2.2.1 which doesn’t upgrade the baseband. Users of OS X 10.5.6 will be unable to use DFU mode correctly, please see the note towards the end of this post to easily fix this issue.Baseband 101
The ‘baseband’ is the generic name given to the internal components of the iPhone that handle the phone calls and Internet access. This ‘baseband’ is a tiny and unique independent computer system that runs inside your iPhone, it is separate to the main system that handles the applications (such as email and google maps) and it talks to the main part of the phone over an internal communications network. Think of it like a cable modem or other peripheral that is attached to your home PC that needs occasional updates. When a software update is released and presented to you within iTunes the baseband is sometimes updated (to fix bugs or add new features). The 2.2.1 update for the iPhone 3G contains such an update, so running the vanilla updater straight away with iTunes will reprogram and update the baseband. This could be bad for certain people, depending on your ultimate aim.
SIM Free/SP Unlocked/Factory Unlocked iPhone 3G
This applies if you bought your iPhone 3G for $$$$$$$. This model of iPhone 3G doesn’t have an Service Provider lock (aka factory unlocked) and you are able to put any SIM card into the phone and get service. Your phone is already unlocked so you do not need to worry about baseband updates, simply upgrade to 2.2.1 using iTunes and then use QuickPwn to Pwn and Jailbreak. This will add Cydia and Installer too.
Locked iPhone 3G - Preserve Baseband
This applies if you have a locked iPhone 3G and you wish to update to 2.2.1 but preserve the iPhone’s current baseband software. Preserving the baseband will ensure that you can still use “yellowsn0w” the iPhone 3G unlock application. To upgrade your phone to 2.2.1 and preserve the state of the baseband you need to create a custom .ipsw with PwnageTool. This custom .ipsw will not contain the baseband update but of course will still give you any new stuff from 2.2.1
There are plenty of tutorials about this process on the web, but PwnageTool contains intuitive graphics and easy to follow prompts that should have you up and running in no time at all. Please note: PwnageTool is only available for Mac OS X.
Locked iPhone 3G
If you are using your iPhone with one carrier and have no interest in the possibility of an iPhone 3G unlock in the near future then just restore or upgrade to 2.2.1 using iTunes and use QuickPwn to Jailbreak and add Cydia and Installer.
iPhone 2G (1st Generation)
Update or Restore your iPhone 2G with iTunes then run QuickPwn to do the magic, ‘nuff said, you don’t need to worry about anything. iPod Touch 1G (Original iPod Touch)
Update to 2.2.1 with iTunes and run QuickPwn. iPod Touch 2G (New iPod Touch)
Sorry, no support at this time, but Redsn0w is being actively researched and developed.
Fixing DFU mode on 10.5.6
As noted previously OS X 10.5.6 introduced a bug that affected the use of DFU mode. with some Macs. There have been previously published hacks and techniques to fix this, but here is another method that can be used to easily restore functionality.
You will need an account with ADC (Apple Developer Connection) this is free and takes a few minutes to sign up, you should read the terms and conditions carefully and you should only sign up if you are thinking of developing applications in the future - http://developer.apple.com/mac/ Download the disk image “IOUSBFamily Log release for Mac OS X 10.5.5 Build 9F33” (yes, that is a “5” in 10.5.5 - this is a developer debug package of the USB kernel extension). Install IOUSBFamily-315.4.1.pkg from within the disk image Reboot your system!Official Bittorrent Releases -
PwnageTool 2.2.5 for Mac OSX is here SHA1 Sum - 8fe2f20c00f48b37d8262d6872a12166c6e165ba QuickPwn 2.2.5 for Mac OSX is here SHA1 Sum - 2f1353242ef10dc408e95786643e497fcd04e4ea QuickPwn 2.2.5-2 for Windows is here SHA1 Sum - 82aae63218316af42e4fa20f8c69d9eb4fe9d4eeClick here for the official blog post by the Dev Team.
Heads Up On Firmware 2.2.1 And Jailbreak/Unlock
Since firmware 2.2.1 was released yesterday, a lot of concerns were raised whether or not you should update. The quick answer is NO, do not update if you care about your jailbreak or your unlock. MuscleNerd released a video on Qik giving us more info about the situation. Below are notes from the video.
About the iPhone 3G:
If you use YellowSn0w, you do not want to update to 2.2.1 as it will remove the possibility to install it. The only way you could do it is my installing a custom firmware that doesn't update the baseband. PwnageTool and QuickPwn do just that but they haven't been updated for 2.2.1 yet so wait for them to come out.
About the iPod Touch 2G:
The 2.2.1 firmware doesn't affect your ability to jailbreak your iPod Touch 2G. It didn't remove the ability for the Dev Team to do a tethered jailbreak. The Dev Team is still looking for an exploit to allow an untethered jailbreak. In other words, hang in there, they are working on it.
About iPhone 2G and iPod Touch 1st Gen:
2.2.1 doesn't affect your ability to jailbreak or unlock but again, wait for an updated version of QuickPwn and PwnageTool to do that.
As usual, I will report to you as the news come about 2.2.1 and jailbreaking/unlocking so you may want to subscribe to the RSS feed to be notified in time.
RedSn0w Through Safari?
I read an article saying that there is a flaw on desktop Safari:
I have discovered that Apple's Safari browser is vulnerable to an attack that allows a malicious web site to read files on a user's hard drive without user intervention. This can be used to gain access to sensitive information stored on the user's computer, such as emails, passwords, or cookies that could be used to gain access to the user's accounts on some web sites. The vulnerability has been acknowledged by Apple.
Now this got me thinking.... RedSn0w.com = on the fly jailbreak?
Think about it. If their website accesses your iPod and does the things necessary either to jailbreak on the go or to prepare for a jailbreak (Chronic Dev said that the exploit is in some sort of file in 2.1.1); this could be interesting and true.
This is one of the only reasons I can think of for the RedSn0w domain.
I do not know if mobile Safari has the same weaknesses as desktop Safari; but it could . There are some Safari exploits that actually crash your iPod (try this to crash yours if you dare!) ; I had to connect mine to the power to get it to restart. But whatever the Dev Team has up their sleeves should be interesting.
JailBird, Supposedly A Replacement To WinPwn
A new application called JailBird is about to come out, and the developer, difrnt, already talks about it as the replacement for WinPwn.
According to difrnt:
Jailbird is meant to be a replacement for WinPwn, this means unlike Quickpwn, you will be able to generate a Custom IPSW and change your partition size! Jailbird will support all 2.0 firmwares from 2.0 - 2.2 and will be the first GUI based pwnage tool for Windows that supports FW 2.2.
It was quite unclear to me what JailBird does so I emailed difrnt and asked what device it jailbreaks or unlocks and why would I use JailBird over QuickPwn.
Here is his reply:
It will Jailbreak the iPhone 2G, iPhone 3G, and the iPod Touch there is not yet support to jailbreak the iPod 2G.
Jailbird works like Pwnage-Tool just on the windows platform.
Unlike QuickPwn, Jailbird will be able to generate a custom IPSW (firmware) that when restored with iTunes will return a Jailbroken iDevice unlike quickpwn where you are required to restore the default firmware then "quickpwn it" to get a jailbroken device.
I look forward to the release of this new tool so I can try it out and see what it's worth.
Fewer Bars In More Places: AT&T Downgrading 2G Service
According to Timothy Butler with OFB, AT&T has been shifting transmitters to the weaker 1900 MHz band in some areas. What if you're one of the unlucky customers? Well, simply get a new phone... that's pretty much what AT&T is saying...
This shift has resulted in customers past their 30-day return policy, but still with relatively new phones, finding themselves stuck with equipment no longer able to pick up signals properly in previously strong coverage areas, even though the equipment itself is without defect.
Reports suggested the problem started to appear as AT&T ramped up its 3G network in preparation for the iPhone 3G in early 2008. Each AT&T technician OFB talked to concerning this problem offered the same solution: that the customer should purchase new, 3G-enabled equipment at the customer’s own expense.
AT&T reps obviously denied this information but if you've been noticing slower data transfers lately while on Edge... don't look any further. Look at the bright side though; you now have another good reason to get yourself an iPhone 3G!
YellowSn0w Has Been Revised. Try It Again!
If there is one good thing about the Dev Team, it's that they work fast. Following a few issues with YellowSn0w, they have already updated it to version 0.9.4 and it supposedly fixes a bunch of issues. It is still in beta but it's much more stable than it was. So if you had issues unlocking your iPhone 3G using YellowSn0w, try again with the latest version.
It's still available in Cydia and you can still read this for the full iPhone 3G unclok tutorial.
Pink iPhone 3G is “Absolutely Fabulous”
A mysterious Pink iPhone 3G showed up on eBay today and while a Red iPhone had been rumored for a while, I honestly didn't think about a pink model, especially one for sale on eBay...
If you look at the back of the iPhone, it clearly looks legit, and not some type of ColorWare job. Like Engadget suggests, it could be some OEM in Asia whipping up custom colors. Or maybe Apple ready to announce it at MacWorld next week? I don't think so.
What's your take on it?
Unlock Your iPhone 3G With Yellow Sn0w Guide & Tutorial
[digg-me]Below are instructions on how to unlock your iPhone 3G using Yellow Sn0w. Unlocking your iPhone 3G will make it possible for you to use any cellphone carrier.
Before you go any further, make sure to READ EVERY SINGLE WORD OF THIS TUTORIAL. If you think you're too cool for school, then go directly to the instructions but please, do not complain if you mess up your iPhone during the process, which is very unlikely to happen anyways...
First things first. In order to be able for you to use Yellow Sn0w to unlock your iPhone 3G, you have to be on a jailbroken iPhone that runs the latest firmware 2.2 with the latest baseband 02.28.00. To find out what firmware you're on, go to Settings > General > About and look for "Modem Firmware". It should say 02.28.00.
If you have not jailbroken your iPhone yet, you have to now in order to unlock. To jailbreak your iPhone, follow the QuickPwn 2.2 guide that I wrote a few weeks ago.
If you have already jailbroken your iPhone using PwnageTool to preserve your baseband, sorry but you have to restore and rejailbreak again in order to have the latest 02.28.00 baseband.
If you have updated to the latest firmware 2.2 with its latest 02.28.00 baseband, then you're good to go.
So from now on, I assume that you are on a clean firmware 2.2 with firmware 02.28.00 and that your iPhone is jailbroken.
1. Go to Cydia and install this new source: http://apt9.yellowsn0w.com/ (note that snow is spelled with a zero, not an "o"). To install a new source in Cydia, go to Manage > Sources > Edit > Add, then type in the source http://apt9.yellowsn0w.com/ and tap "Add Source".
2. Once the source has been added, tap "Return To Cydia", then tap "Done".
3. Now tap "apt9.yellowsn0w.com from the list of sources "Entered By Users".
4. Select Yellow Sn0w, then tap install nad confirm.
5. Once the installation had been successfully completed, return to Cydia.
6. Hard reset your iPhone. To do this, hold the home and power buttons simultaneously for a few seconds until the phone shuts off by itself (ignore the "slide to power off" message)
7. Insert whatever SIM card you want! Wait a few seconds and you should be good.
8. Done!
See, that wasn't too hard at all. Users that are already familiar with Cydia and sources shouldn't have any problem at all. But first time jailbreakers might be a little lost, which is why I detailed this tutorial a lot.
Now there are a few known issues with Yellow Sn0w and I highly recommend you either read my previous post about it, or go directly to the Dev Team's blog.
Troubleshooting:
1) If you are on tmobile USA you should disable 3G in Settings or sbsettings. 2) YellowSn0w does not work with a SIM PIN. You must disable your SIM card pin lock.
At any rate, I would really appreciate it if you could digg this post, then write a comment, then go to the Dev Team's blog to thank them for their great work.
iPhone 3G Unlock Is Now Available
Yellow Sn0w, the soft unlock created by the Dev Team is now available from Cydia or Installer. Instead of rewording what the Dev Team has to say about it, I will simply copy/paste their entire post from their blog.
I don't like copy/pasting large amounts of texts from other sites, but in this case, I find it really necessary. I really recommend you go over to the Dev Team's blog, read the post from there, and write a nice thank you comment.
For those of you that don't care about the fine prints, here are the repos for Yellow Sn0w. Cydia source: http://apt9.yellowsn0w.com/ Installer repo: http://i.yellowsn0w.com/
I will be writing a guide wrote an iPhone 3G unlock tutorial on how to unlock the iPhone 3G using YellowSn0w.
Again, please make sure to visit the Dev Team's blog and thanks these guys for spending New Year's Eve behind a computer screen so everyone can have an unlocked iPhone.
From the Dev Team Blog:
BASICS
The unlock works exclusively with baseband 02.28.00. This baseband is provided by the latest firmware update (2.2) from Apple. You’ll need to upgrade to this release using iTunes and then use QuickPwn to activate etc. There are plenty of tutorials about this on iclarified, bigboss, and other established tutorial sites. Because it works on 02.28.00, it is available to everyone on the planet. This means we don’t need to unnecessarily expose holes in earlier basebands, which is an important concern. The application is a small daemon that is launched on boot. It injects the payload at boot and also whenever there is a baseband reset. You won’t notice anything about it other than that your third-party sim now works. It’s a small program and unobtrusive. There is no GUI (this is by design). You can add the application using the sources outlined below (coming soon). There are Cydia and Installer sources available, so use whichever you are comfortable using. yellowsn0w is completely removable through Cydia, the command line, and iTunes.DETAILS
There is a known issue with SIM cards that have STK (SIM Toolkit) application menus. These menus are usually items such as “top up” “get credit” “lotto numbers” etc. These menu items confuse the application sometimes. Removing and reinserting the SIM once after reboot (give it about 10 secs 60 seconds (with v0.9.1) after you see the slide to unlock widget) fixes this issue. We’re working on a better fix. For those of you using SIM cards without STK menus, the application has some optional arguments that will make the unlock much faster for you. So either experiment on your own (use “yellowsn0w -h” for usage) or wait for a customization writeup. After you install yellowsn0w via Cydia, you should return to the Cydia main menu then reboot your iPhone with the 3rd party SIM installed. Wait for the slide to unlock screen, then wait 10 or 15 secs more. If you don’t see your carrier name pop up, then remove your SIM, reinsert it, and wait 10 secs more. This is the step we’ll be working on eliminating next.RANDOM
The application is version 0.9 0.9.1. This is considered beta software, you use it at your own risk. You know the score. The application is released on a non-commerical basis. Please do not accept pirates and scummy ripoffs of this software. We license this software for single use and in a non-commerical environment (meaning you can’t charge for it). The techniques and methods used are not to be used by third party companies. We are watching you Jody…we won’t be so forgiving this time. Direct linking to the repository URLs is prohibited, please only link to this post. We will be checking referers. Happy 2009 and enjoy!The iPhone 3G is used all over the world with all sorts of SIM cards, and we almost certainly will see untested and unexpected situations. If the soft unlock doesn’t work for you on day 1 (literally day 1, of 2009!) then please don’t panic or be impatient. This is new territory for everyone, so enjoy the ride as much as you can :)
RELEASE INFO
Cydia source: http://apt9.yellowsn0w.com/ Installer repo: http://i.yellowsn0w.com/UPDATES
Soon you’ll see yellowsn0w 0.9.1 in the repos. It uses a much longer delay to let your SIM card initialize. If you have problems with 0.9.0, try this one and wait a full minute after you see homescreen, then reinsert sim card. We need both success and failure reports to tune this across the world, so please be patient (but please also report result!) If you are in the U.S. and are trying this with T-Mobile, you must turn off the 3G switch in Settings. Also if you are good with the command line, you can make it much easier by adding the line <string>-q</string> right after the /usr/bin/yellowsn0w line in /System/Library/LaunchDaemons/org.iphone-dev.yellowsn0w.plist (that’s and advanced tip, hopefully someone will make a boosprefs type of tool for it) No PIN support yet. Remember how we said this was beta? Well we’re still working out the flow for SIMs with PINs enabled. Please disable any PIN you may have on that SIM before trying yellowsn0w, for now. The unlock will silently quit on anything other than baseband 02.28.00. It detects the wrong version and just quits to avoid any damage. Please double check your Modem Firmware setting in Settings->General->About.Breaking News: iPhone 3G Unlock Will Work For All Basebands
Earlier today, the Dev Team published a post on the blog with some strange binary codes that won't mean anything to anyone that doesn't speak geek fluently (I don't!). I completely disregarded this post as I thought it was a pre-message for tonight's release of yellow sn0w, the new unlocking tool that will be available sometimes today through Cydia.
However, a tweet from twitter user Yellow Sn0w got me all excited when it said that it will be safe to use yellow sn0w on any firmware. Tweeting back and forth with him, I was directed to a blog post of his that actually explains the full meaning of the binary codes posted by the Dev Team.
Here is his explanation:
In binary that message translates to vtaber 61060174. vtaber translates to "ignore" and the 61060174 means post# 61060174 on the iPhone DevTeam blog. http://blog.iphone-dev.org/post/61060174/the-man-from-delmonte-he-say-yes
Hoping that this is true...
Hacking The iPhone 3G… The Dev Team Way
Dev Team members PlanetBeing, MuscleNerd, and Pytey were speaking last week at the 25c3 conference in Germany to present how they hacked the iPhone. It's a very "geeky" video but it's worth your time if that's your cup of tea.
Some interesting facts is that at least 180 people with Apple corporate IPs update their phones using the Dev Team’s software on a regular basis. No doubt these guys at Apple are working on countering the jailbreak and unlock tools.