DevTeam

Apple Releases iPhone 3.0 Beta 5 – Dev Team Says It’s Already Jailbroken

Sébastien Page ∙ May 7, 2009

You gotta love the Dev Team! It hasn't been 24 hours since Apple released the fifth beta of their OS 3.0 that our favorite team of iPhone hackers has already shown proofs that it has been jailbroken. And better than that, the Dev Team says that unless Apple changes the hardware of the iPhone, all future version of the OS will be jailbreakable as well.

As should be expected, the modern devteam jailbreak process is still valid. The picture below is 3.0beta5 jailbroken on an iPhone 3G. As we’ve said in previous posts, nothing other than a hardware respin can prevent our jailbreak from working on all exisiting iPhone and iPod Touches. They’ve chased our jailbreak so far down in the chain of trust, the only way they can fix it is in hardware.

One thing worries me a bit here though. Why is the Dev Team so open about it? I mean, they said several times now that Apple would have to spin the iPhone hardware to prevent all future jailbreak. If I was the Dev Team, that's something I would keep for myself. I assume by now Apple has figured out what little piece of electronics it needs to add to the future iPhone to prevent any jailbreak.

What I think about that is that the Dev Team likes challenges. It likes to be fair play too! It's as if the Dev Team said to Apple "hey, look what you need to do to prevent me from hacking your phone. I'm telling you all that because I'm smarter than you and whatever you do, I'll still me able to hack your phone".

In its blog post today, the Dev Team also warns us about the non-official version of QuickPwn:

Because there are so many beta releases, we couldn’t possible refine, test, and release both PwnageTool and QuickPwn for each of them. That’s why we’re waiting until the final release. You may have seen other “hijacked” versions of QuickPwn out there, but all of them are buggy, none of them work on OSX, and almost everyone who uses them reverts back to 2.2.1 (because none of the useful jailbroken apps (Qik, Cycorder, and others) work on 3.0 yet).

As usual, it is safe to remind everyone that if you care about the YellowSn0w unlock, you should NOT play with the 3.0 betas as they may prevent you from ever being able to unlock your iPhone.

Unofficial iPhone 3.0 Beta 3 Jailbreak Available

Sébastien Page ∙ Updated January 23, 2016

Earlier this week, we talked about the new iPhone 3.0 Beta 3. It didn't take long to iPhone hackers to update an unofficial version of QuickPwn to jailbreak the new beta firmware.

As usual, this QuickPwn is not the official release by the Dev Team and using it might prevent you from ever being able to unlock your iPhone using YellowSn0w.

So far, this jailbreak only works with iPhone 2G, 3G and 1st gen iPod Touch. It's also worth noting that this version of QuickPwn will not install Cydia on your iPhone. Instead, it will install Icy, a Cydia "competitor".

I do not recommend using this jailbreak. As a matter of fact, I don't even recommend installing the 3.0 Beta as it is still a little unstable and will most likely prevent you from unlocking in the near future. That's just my opinion anyways and you are obviously free to do whatever you want.

You can download QuickPwn for 3.0 Beta 3 and read the QuickPwn tutorial for instructions.

iPhone 3.0 Jailbreak Confirmed

Sébastien Page ∙ Updated June 20, 2009

UPDATE - iPhone 3.0 jailbreak and unlock tutorials now available:

Jailbreak iPhone 3.0 using PwnageTool for Mac Unlock iPhone 3.0 using PwnageTool for Mac Jailbreak iPhone 3.0 using RedSn0w for Windows Unlock iPhone 3.0 using RedSn0w for Windows

That was quick! Apparently the Dev Team already got a hold of the new iPhone 3.0 SDK and confirmed that you will be able to jailbreak iPhone firmware 3.0 when it's available.

With all of the great stuff lined up for us with the 3.0 OS that Apple described today, many 3G owners may find themselves with itchy update fingers. If you find yourself with access to the 3G IPSW for 3.0 via the iPhone Dev Center program, and you are using yellowsn0w, do not update or restore to that official IPSW. You will lose yellowsn0w and find yourself unable to revert the baseband to get it back.

And for those wondering, yes the 3.0 OS is jailbreakable on all devices. It’s just those using 3G yellowsn0w that have to show some restraint and wait for PwnageTool to create a custom IPSW that avoids the baseband update.

Translation: if you have any interest in preserving your ability to use YellowSn0w, wait for the GO from the Dev Team to update to 3.0!

iPod Touch 2G Full Jailbreak PC Tutorial

Guest Author ∙ Updated January 23, 2016

As you all know the greatest thing just occurred: the iPod Touch 2G has been fully jailbroken. But how do you jailbreak? Very simple.

This tutorial is for PC users only. There is no Mac version available yet. The Dev Team is updating PwnageTool and Quickpwn to work for this. You need to wait a bit. This method requires a FULL restore.

OK so you must first download QuickFreedom. You can download it here, here, or here.

Make sure you have the C++ Distributable Package and LIBUSB. You can install LIBUSB directly from the program. Just press the button in the beginning. So here we go:

When you open the program you are welcomed to the main menu. Click the "Jailbreak" button in the center. Make sure it says LIBUSB is installed and give it a second for it to find and copy the firmware file. When the option becomes available click next. Choose whether you want to install Installer and if you want custom boot logos. When done press the "Create Firmware" button. When that's done it will put the custom ISPW in the desktop. Click next. Now put your iPod in DFU mode. Hold the Power and Home button for 10 seconds and then the Home button for 8 seconds. When in DFU press the "Start Pre-Jailbreak" button. When it is done you can close the program. Open up iTunes. Go to your iPod. Press and hold shift and click restore. Select the ISPW in the Desktop and wait for it to restore. When it finishes you are done.

Post any problems in the comments and I'll try to help.

***********WARNING***********

I have seen a few reports that this is NOT working correctly with Windows 7 and that installing LIBUSB causes some problems. Please do not try this if you are on Windows 7. I will look into this and will get back to you.

UPDATE: Hey guys. QuickFreedom 1.1.1 has been released. It's the same as before so you can still follow the instructions above. But this update fixes most if not all bugs that you guys in the comments were experiencing. You can download it here, here, and here.

iPod Touch 2G Is Now Fully Jailbroken

Sébastien Page ∙ Updated January 23, 2017

I knew they were up to something. The Dev Team had just been too quiet for a while, and a few days ago, I called them up on it. I was right!

Let's welcome the iPod Touch 2G to the now growing family of jailbroken iDevices, or the "pwned for life" family, as MuscleNerd calls it. Apparently, the Dev Team has found a fatal flaw in the iPod Touch 2G's bootrom, making it pwnable, no matter what firmware update comes along.

You could already jailbreak your iPod Touch 2G via a tethered version, but that was not very convenient, and this method probably turned off many of you. This new method available is the 24kpwn LLB patch, aka fully untethered, and supposedly much easier.

The Dev Team says:

Those of you who hang out on IRC or were able to read between the lines in the various blogs, forums, wikis and twitters may realize that we — and importantly, that’s a that’s a collective, cross-team “we” :) — had been hoping to hold onto this full ipt2g jailbreak until the next version of the iPhone came out. That didn’t happen, but maybe it’s too late for Apple to fix the bootrom in the next iPhone.

In a forum post announcing the iPod Touch 2G jailbreak, MuscleNerd says:

Here it is. Just drop it into your existing pwnagetool or xpwn flow. You can even combine it with the nor-only variations to make this easy to install from iTunes without touching your main fs.

It's bitter sweet that this has to come out in this manner, because it *really* would have been nice to save for the next iPhone. On the other hand, nobody knows the struggle to jb like iPod Touch 2G owners So it's good for them.

Now it's a waiting game to see if Apple can react fast enough.

Edit: The patch needs to be applied directly to the LLB without decrypting it first, using "bspatch" or equivalent. The resulting img3 should have this sha1: SHA1(LLB.n72ap.RELEASE.img3)= 82734c7cdf945ba5421b83962aab3ab91e4fb23a

The raw patch to the firmware that transforms the “tethered” jailbreak into an untethered one was released but it’s not yet packaged up into the PwnageTool or QuickPwn flows. I will try to come up with a tutorial asap.

As usual, if you have any question, feel free to leave a comment.

UPDATE: dannyswrld created an iPod Touch 2G jailbreak tutorial for us!

RedSn0w Lite FAQ

Guest Author ∙ Updated January 23, 2017

I have seen some confusion about RedSn0w out there and I thought I would make a quick post clearing things up and with a few FAQ.

What is RedSn0w and why can I only find RedSn0w lite?

RedSn0w is the iPod Touch 2G jailbreak. You can only find RedSn0w lite because it's the lite (and tethered) version. The full version is not out yet so that's why you can't find it.

What is a "tethered" jailbreak?

A tethered jailbreak requires that every time your device reboots that you go to your computer and run a "booter". It's pretty fast, and tells your iPod to boot. The problem is that until you run this booter, you cannot use your iPod (but scroll down a bit).

Are there any dangers?

Well I think so. The Dev Team is not providing support and said "that is could void your warranty". So I would hold for the full version.

What's the semi-tethered jailbreak?

Ahhh. It's much better than the tethered jailbreak. The way it works is that if your device reboots, instead of you being completely unable to use your iPod, your device boots up. All your jailbroken stuff is still there, icons and all. But even if you try to launch the jailbroken stuff, it won't. But hey, much better than the regular tethered version.

How do you run RedSn0w lite or the semi-tethered jailbreak on Windows?

There are many ways to do so. But I'm trying to write a tutorial for the regular tethered jailbreak, but the process is sort of consing and writing a tutorial is not easy. As to the semi-tethered jailbreak, the easiest way is this YouTube video.

Now a very important note if you do the semi-tethered jailbreak. DO NOT install Winterboard directly. It won't work you need to install a patch.

Doing this is all at your own risk!! But that's your choice.

RedSn0w iPod Touch 2G Jailbreak

Sébastien Page ∙ February 1, 2009

The long awaited RedSn0w jailbreak for iPod Touch 2G is now available but let me tell you right now that it is not for the feint of heart! Indeed the Dev Team released RedSn0w yesterday in a very discrete way as they didn't even mention it on their blog.

The main reason why RedSn0w was so quietly release is probably due to the fact that this version is what could be considered as a pre-release and it is "a no frills tethered jailbreak for iPod Touch 2G " as the Dev Team puts it in the read me file.

RedSn0w is in fact a tethered jailbreak and if you're sure about what you're doing, you should even try. You will have to use RedSn0w at your own risk and the Dev Team was clear that it will not provide any support.

WE WILL BE PROVIDING ABSOLUTELY NO SUPPORT FOR THIS!!!!! If you post comments on our blog looking for support, we reserve the right to ban your user ID from the blog. You really shouldn't be doing this unless you understand it all enough to not need support!

This version is for Mac only and does not include a GUI but if you know your way around a computer, you should be able to have it run on Linux and Windows. I haven't tried it myself as I don't have an iPod Touch 2G but so here are the instructions straight from RedSn0w.com. For the full read me file, go to the website.

----------------------------------------------------------------------------- rslite ----------------------------------------------------------------------------- This is an interface to the DFU and Recovery modes of the device. It requires you to have libusb installed on your Mac. Due to buggy interaction between libusb and the Apple device, any output that is long gets all chewed up. But if you stick to just the "!" and the "#" commands, you won't notice. We don't normally use this tool but it's a lot easier to distribute and compile than the GUI we use. The "!" (exclamation point, no quotes when you use it) sends a file. The "#" (pound sign, no quotes when you use it) sends a script. In both cases, you name the file right after the symbol. ----------------------------------------------------------------------------- Basic instructions ----------------------------------------------------------------------------- Note: these are the bare bones instructions. Please don't come to us looking for more detailed instructions. Preparation 1) Copy the FirmwareBundles and CustomPackages directories into your PwnageTool.app/Contents/Resources directory 2) Create a custom 2.2.1 ipsw with PwnageTool in Advanced mode. Don't enable custom boot logos. 3) From your custom 2.2.1 ipsw, extract these (patched) files: iBSS.n72ap.RELEASE.dfu (name it iBSS221pwn.dfu) iBoot.n72ap.RELEASE.img3 (name it iBoot221pwn.img3) 4) From the official 2.1.1 ipsw, extract this (unpatched) file: iBSS.n72ap.RELEASE.dfu (name it iBSS211.dfu) Installing the jailbroken custom ipsw 5) Put your ipt2g into DFU mode using keypresses. Don't have iTunes running! 6) Start rslite. Send the official iBSS from 2.1.1: !iBSS211.dfu 7) Start rslite again. Send the redsn0w-lite patch: #pwn211ibss.txt 8) Send the patched iBSS from 2.2.1: !iBSS221pwn.dfu 9) Use iTunes to do a full restore using your custom 2.2.1 ipsw Tethered boot After the install, your ipt2g will not be bootable without assistance from a tethered computer. The method in this README.txt requires you to go into DFU mode, but you should be able to find (or work out on your own) other more convenient ways. 10) Repeat steps 5-8 11) Send the patched iBoot from 2.2.1: !iBoot221pwn.img3 Your homescreen should soon show up. You can then start iTunes.

If any of you guys try this, please let us know how it goes in the comments...

PwnageTool 2.2.1 Guide & Tutorial

Sébastien Page ∙ Updated January 23, 2016

This tutorial will show you how to use PwnageTool to jailbreak your iPhone firmware 2.2.1. Note that PwnageTool only works with Mac OS X. PwnageTool will create a custom 2.2.1 firmware that you will then load to your iPhone. This will allow you to update your iPhone without updating the baseband, which is a very important feature if you're considering using YellowSn0w to unlock your iPhone.

QuickPWN 2.2.1 Guide & Tutorial

Sébastien Page ∙ Updated January 27, 2016

If you like this post, please feel free to digg it, or subscribe to our RSS feed, or follow me on Twitter, or all of the above ;)

[digg-me]This guide will show you how to use QuickPWN to jailbreak your iPhone firmware 2.2.1. Please read carefully all the steps and warnings before attempting to use QuickPWN to jailbreak your iPhone. The following tutorial is for PC users.

UPDATE: I closed the comments on this post. If you have any question about QuickPwn, please ask your question in the forum.

Dev Team Updates QuickPWN and PwnageTool for 2.2.1

Sébastien Page ∙ Updated November 12, 2019

I thought the Dev Team would release updated version of QuickPWN and PwnageTool sometimes next week, but as usual, they were faster than I expected. In a blog post, the Dev Team gives us more info about these 2 jailbreaking tools and also tells us about the dos and donts.

I could try to paraphrase what they said but I think it's better I just copy/paste their post entirely. I do not like doing this but I believe it is very important information that shouldn't be disregarded.

I highly suggest you go visit the Dev Team blog and leave a nice comment over there. Click here to read this post on the Dev Team blog.

You can expect a QuickPWN guide and tutorial from me within the next couple hours, so stay tuned!

UPDATE:

Tutorial for QuickPWN: QuickPWN 2.2.1 Guide Tutorial for PwnageTool: PwnageTool 2.2.1 Guide

This is the low down on our tools for use with the 2.2.1 firmware from Apple, read the whole post in full before attempting anything.

GOLDEN RULE: If you have a 3G iPhone running 2.2 firmware and you want to keep your ability to use yellowns0w (or the option to use it in the future) do NOT use QuickPwn, and do not use the official ipsw or the iTunes update process without using PwnageTool. Yellowsn0w will NOT work with the baseband version (02.30.03) that is present in the recent 2.2.1 update - you will need to create a custom ipsw that will allow you to update safely without affecting the baseband. Please read all parts of this post before downloading and using these tools. Read items 1, 2 and 3 again and again. At the bottom of this post are the bittorrent files for the latest versions of PwnageTool and QuickPwn. These apps are suitable for the recent 2.2.1 release. The Yellowsn0w version has been updated to 0.9.7. Yellowsn0w is available from Cydia or Installer - this version allows compatibility with pwned 2.2.1 system (not baseband) - again - remember 0.9.7 yellowsn0w DOES NOT WORK WITH 2.2.1 (02.30.03) directly - you need to be running a ‘pwned’ version of 2.2.1 which doesn’t upgrade the baseband. Users of OS X 10.5.6 will be unable to use DFU mode correctly, please see the note towards the end of this post to easily fix this issue.

Baseband 101

The ‘baseband’ is the generic name given to the internal components of the iPhone that handle the phone calls and Internet access. This ‘baseband’ is a tiny and unique independent computer system that runs inside your iPhone, it is separate to the main system that handles the applications (such as email and google maps) and it talks to the main part of the phone over an internal communications network. Think of it like a cable modem or other peripheral that is attached to your home PC that needs occasional updates. When a software update is released and presented to you within iTunes the baseband is sometimes updated (to fix bugs or add new features). The 2.2.1 update for the iPhone 3G contains such an update, so running the vanilla updater straight away with iTunes will reprogram and update the baseband. This could be bad for certain people, depending on your ultimate aim.

SIM Free/SP Unlocked/Factory Unlocked iPhone 3G

This applies if you bought your iPhone 3G for $$$$$$$. This model of iPhone 3G doesn’t have an Service Provider lock (aka factory unlocked) and you are able to put any SIM card into the phone and get service. Your phone is already unlocked so you do not need to worry about baseband updates, simply upgrade to 2.2.1 using iTunes and then use QuickPwn to Pwn and Jailbreak. This will add Cydia and Installer too.

Locked iPhone 3G - Preserve Baseband

This applies if you have a locked iPhone 3G and you wish to update to 2.2.1 but preserve the iPhone’s current baseband software. Preserving the baseband will ensure that you can still use “yellowsn0w” the iPhone 3G unlock application. To upgrade your phone to 2.2.1 and preserve the state of the baseband you need to create a custom .ipsw with PwnageTool. This custom .ipsw will not contain the baseband update but of course will still give you any new stuff from 2.2.1

There are plenty of tutorials about this process on the web, but PwnageTool contains intuitive graphics and easy to follow prompts that should have you up and running in no time at all. Please note: PwnageTool is only available for Mac OS X.

Locked iPhone 3G

If you are using your iPhone with one carrier and have no interest in the possibility of an iPhone 3G unlock in the near future then just restore or upgrade to 2.2.1 using iTunes and use QuickPwn to Jailbreak and add Cydia and Installer.

iPhone 2G (1st Generation)

Update or Restore your iPhone 2G with iTunes then run QuickPwn to do the magic, ‘nuff said, you don’t need to worry about anything. iPod Touch 1G (Original iPod Touch)

Update to 2.2.1 with iTunes and run QuickPwn. iPod Touch 2G (New iPod Touch)

Sorry, no support at this time, but Redsn0w is being actively researched and developed.

Fixing DFU mode on 10.5.6

As noted previously OS X 10.5.6 introduced a bug that affected the use of DFU mode. with some Macs. There have been previously published hacks and techniques to fix this, but here is another method that can be used to easily restore functionality.

You will need an account with ADC (Apple Developer Connection) this is free and takes a few minutes to sign up, you should read the terms and conditions carefully and you should only sign up if you are thinking of developing applications in the future - http://developer.apple.com/mac/ Download the disk image “IOUSBFamily Log release for Mac OS X 10.5.5 Build 9F33” (yes, that is a “5” in 10.5.5 - this is a developer debug package of the USB kernel extension). Install IOUSBFamily-315.4.1.pkg from within the disk image Reboot your system!

Official Bittorrent Releases -

PwnageTool 2.2.5 for Mac OSX is here SHA1 Sum - 8fe2f20c00f48b37d8262d6872a12166c6e165ba QuickPwn 2.2.5 for Mac OSX is here SHA1 Sum - 2f1353242ef10dc408e95786643e497fcd04e4ea QuickPwn 2.2.5-2 for Windows is here SHA1 Sum - 82aae63218316af42e4fa20f8c69d9eb4fe9d4ee

Click here for the official blog post by the Dev Team.

Sorta QuickPWN 2.2.1 Is Out. I Say Stay Away

Sébastien Page ∙ January 29, 2009

I knew it wouldn't take long for some hacker to come up with an unofficial version of QuickPWN to jailbreak the new firmware 2.2.1. This time, it's Russian hacker Vortex that created the bundles and if I can give you a piece of advice, STAY AWAY from it.

People using this unofficial QuickPWN had varied results. So again, wait for the Dev Team to come up with an official version. They are most likely already working on it and I bet you we'll have updated versions of QuickPWN and PwnageTool within a week.

As usual, I will give you the heads up when I have more info!

If you really can't wait and want to take the risk of messing up your iPhone, then you can download this unofficial version of QuickPwn here.

UPDATE: Just got a tweet from MuscleNerd saying "iphone users in particular (even 2G) can do permanent damage running "untrusted" bundles (either broken or intentionally bad)"

If I wasn't clear enough before... DO NOT USE unofficial versions of QuickPWN or PwnageTool!

RedSn0w FAQs – Everything You Wanted To Know About RedSn0w

Sébastien Page ∙ Updated January 29, 2016

After hearing about RedSn0w and watching the video demo, you most likely have many questions. Most answers to these questions are in the Dev Team's blog, but given then amount of comments, it's not really easy to find what you want.

Fortunately for us, Caleb Mingle wrote a nice FAQ page with most question related to RedSn0w you can think of, such as:

What exactly is a 'tethered' jailbreak? Will you give us an ETA for release? What is this: 32957a35889c4dd2f8dfe483dd9023eafb6b4a22? Has anyone decoded it? I heard that this mod involves modifying hardware.. am I right? Is this jailbreak more difficult then the other jailbreaks? Do you think all Cydia apps will work properly on the 2G? etc...

Go over there to get answers to your RedSn0w questions!