Posts Tagged ‘jailbreaking’

Unknown firmware/Updating firmware on unactivated iPhone

July 29, 2009 3 comments

Today I was in an interesting circumstance. I needed to jailbreak/unlock an iPhone, but had no idea what firmware was on the phone. Since the phone was unactivated I couldn’t pull up the settings icon nor could I use iTunes to figure it out. After searching and searching and finding nothing, I did the following and it worked like a charm.

  1. Turn the phone off
  2. Hold down the Home button and plug the phone into the computer via USB
  3. Continue holding Home until the screen shows the “connect to iTunes” screen
  4. Open iTunes on your computer, click “OK”
  5. Hold down Shift and click on Restore
  6. Choose the firmware file you want (one downloaded from the iPhoneWiki’s System page works) to install on the phone and proceed as directed

I ended up doing things this way because nothing else I could find on the net worked (mostly this meant field test mode didn’t work). While this doesn’t tell you what firmware version you are using, it gets you to a point where you will at least know. After this, I just ran redsn0w and it was a done deal!

Categories: iPhone Tags: ,

The first steps (part 2)

March 30, 2009 2 comments

I had initially planned on talking about reverse engineering iPhone native apps in this post but have decided to write about something else instead. There is another way to gain access to the iPhone filesystem besides jailbreaking your phone. It turns out that there are dmg files on your system that iTunes downloads when installing new firmware that will allow you to access the file system. You can either find them on your computer or download one from theiphonewiki’s System page.  Next, you’ll have to decrypt the dmg file. Theiphonewiki has the keys to do it here and there is a tool called vfdecrypt which can decrypt dmg files. One note about vfdecrypt, I had to modify the source file line 357 to get it working in linux. In the call to getopt() replace any double colons (::) with a single colon. Then recompile (gcc -o vfdecrypt -lcrypto vfdecrypt.c).

The firmware images on your hard drive and the downloadable ones are ipsw files. Change the file extension to “zip” and unzip the archive. You will find several dmg files in there. The largest one (~200mb) is the one you want. Decrypt that dmg file with vfdecrypt. The output file should be a new dmg file. You will now need to extract that new dmg file. To do this I used HFSExplorer. Extract that somewhere and you now have access to the iPhone filesystem.

Categories: iPhone Tags: ,

The first steps (part 1)

March 28, 2009 Leave a comment

In order to begin iPhone hacking, it is necessary to unlock/jailbreak the phone. Thanks to the QuickPWN group, this is quite simple. Download their QuickPWN tool for your platform, run it and follow the on-screen instructions. Never unplug the iPhone during this process, however, or you risk turning your iPhone into an expensive paperweight/doorstop.

After you have jailbroken the phone, you need to install OpenSSH to gain access to the phone from your computer. This package is installed from the new “Cydia” icon and takes no brain power to do (just finger power). Once installed you can secure shell (SSH) into your phone. From your computer, SSH to the phone’s ip address (yes, it must be on your wifi network) with the username “root” and password “alpine.”

Now you are at the shell of your phone; pretty cool! Make sure you change the “root” and “mobile” user passwords (use passwd) so that others can shell into the phone too (other wise you will get pwned). Now you can start looking around the filesystem of the phone. Native applications and libraries are installed in /private/var/stash/ and your AppStore applications are in /User/Applications.

In part 2 we will look at some of the other interesting files and talk about reverse engineering native apps. Since AppStore apps are encrypted, we will save those for a later post.

Categories: iPhone Tags: ,