Chapter 1. Breaking Into and Setting Up the iPhone
The iPhone is a closed device. We can’t say this enough. Up to and including version 1.1.x of the iPhone software, users have been locked out of the operating system. This doesn’t seem to stop a majority of iPhone users, but does make it more difficult to get started. Before hacking of any kind can take place, however, the iPhone must be broken free from its jail—literally.
The iPhone runs in a chrooted environment, where no user or desktop application—even iTunes—can see into the operating system; this is commonly known in the Unix world as a chroot jail. This jail (and the fact that you can’t simply yank out the hard drive) is the only thing standing in the way of the iPhone functioning as a complete, portable Mac OS X computer. Fortunately, many free tools have been written to make the jailbreaking process simple.
In this chapter, you’ll stage your iPhone for software development. This includes breaking free from the chroot jail (called jailbreaking) so you can access the filesystem. You’ll also install a BSD Unix world, which is a set of common Unix binaries such as ls and cp. This allows you to navigate and manage the iPhone’s operating system, which is believed to be a version of Mac OS X 10.5 (Leopard) for the arm processor. Finally, you’ll get a secure login command environment, SSH, up and running. This is useful for copying files to and from your iPhone, and we’ll use it to install applications and run examples.
Jailbreak Procedures
How you jailbreak your iPhone depends largely on what version of the software you are running. There is a lag time of a few weeks between new iPhone software releases and public hacks to jailbreak them. Small changes are generally introduced in new versions to make breaking into it a little bit harder each time. The good news is that once a new jailbreak has been written, all of the free tools available are updated to make it possible for just about anyone to go through the process.
Third-Party Jailbreak Software
There are many free tools available to jailbreak the iPhone, some more reliable than others. The best tools are full-service utilities that also allow you to set up a shell and install third party software with little effort. The best of breed tools include:
- iNdependence, http://code.google.com/p/independence/ (v1.0.0–1.1.3)
iNdependence is a utility for Mac OS X that performs jailbreak, activation, SSH installation, and even installation of ringtones, wallpaper, and third-party applications on the iPhone. iNdependence is under the GPL, and the author has made a library available called libPhoneInteraction, allowing developers to write other tools to communicate with the iPhone.
- AppSnapp, http://www.jailbreakme.com (v1.1.1 only)
Users running version 1.1.1 of the iPhone firmware can navigate to this web site using their iPhone and have the entire jailbreak process performed remotely. AppSnapp takes advantage of a vulnerability in one of the iPhone’s image libraries to break into the phone. What’s cool about this site is that it not only jailbreaks your phone, but it also fixes the vulnerability so that nobody else can maliciously take advantage of the phone. Version 1.1.1 and later of AppSnapp also patch the iPhone software to allow third-party applications, and installs AppTapp, the NullRiver installer, which can then be used to stage your iPhone for development.
- AppTapp, http://iphone.nullriver.com (v1.0.0–1.0.2)
Nullriver is a software manufacturer out of Ontario, Canada, and the designer of a package installer for the iPhone. Installer allows you to install any application on your iPhone that is included in their repository using a few easy taps. The installer software itself works with most versions of the iPhone software, but the installer’s installer (if that makes sense) is capable only of jailbreaking iPhone firmware v1.0.x. The previous tool in this list, AppSnapp, automatically installs AppTapp on v1.1.1 devices. AppTapp is also useful for the software downgrade procedure, explained next.
- ZiPhone, http://www.ziphone.org (v1.0.0-v1.1.3)
ZiPhone is a jailbreak technique developed by the iPhone Dev Team. It was kept under a heavy shroud of secrecy in anticipation of the Apple SDK, but it was eventually leaked by one of the dev team’s former members. ZiPhone has since been developed beyond a simple jailbreak technique and many other utilities have been added to it, including a full unlock for all iPhones up to OTB (Out-of-the-Box) v1.1.3.
Downgrading iPhone Software
The latest version of iPhone software as of the time of this writing is v1.1.3. If you have a newer version, check the web sites for the tools listed in the previous section to see whether they have been updated to support your version. If no jailbreak exists for your firmware version, you’ll need to downgrade to an older version to gain access to your iPhone.
iTunes sports a feature that allows users to downgrade their software, so if you wind up with an iPhone running software that hasn’t had a jailbreak written for it yet, you can usually downgrade to the latest breakable version. The instructions here have been tested with iTunes up to version 7.5. It’s possible that newer versions of iTunes may remove or change this feature, but so far, there have been no signs from Apple that this will happen. In the event that it does, running an older version of iTunes might work.
Preparing for downgrade
To downgrade the iPhone’s software, you’ll first need a copy of the older version. Ideally, you’ll want to get a copy of whatever the newest, breakable version of the software is, based on the versions supported by the applications in the previous section "Third-Party Jailbreak Software.” These can be downloaded directly from Apple’s distribution servers, but you’ll have to know the URL. The web site http://iphone.unlock.no maintains a list of up-to-date download links for all versions of the iPhone firmware.
You’ll also need a copy of the latest iPhone Utility Client (iPHUC) available in the “downloads” section of the iPhone-Elite site at http://code.google.com/p/iphone-elite/. The iPhone Utility Client is a tool for performing low-level functions on the iPhone, such as booting out of recovery mode and sending device firmware updates, used in the instructions to follow.
Warning
The downgrade process restores your iPhone to a factory state, so any saved messages, recent calls, or other data will be completely erased. Be sure you’ve synced and backed up your contacts and calendar. Be sure to use the Image Capture utility to import any photos you’ve taken.
Downgrading the software
Perform these steps to downgrade to the older version you’ve downloaded:
Connect your iPhone to the dock and start iTunes. If it syncs on connect, wait until it has finished syncing.
Extract the contents of the iPhone firmware file you downloaded earlier. The file will have an .ipsw extension, but it is actually a .zip archive. You can use
unzipfrom the command line, or your favorite graphical archival utility.Locate the file in the archive beginning with WTF, for example, WTF.s5l8900xall.RELEASE.dfu. This is the file needed to place the iPhone into a device firmware update mode. Copy it into the same directory as your iPHUC tool.
Launch iPHUC from a command line. Type
enterrecoveryand press Enter. This will put the iPhone into recovery mode.Quit iPHUC and then re-launch it. The available commands will have now changed. Use the
filecopytophonecommand to send the WTF file to the iPhone. For example,filecopytophone WTF.s5l8900xall.RELEASE.dfu. Press Enter. Now typecmd goand press Enter again. This will place the iPhone into “device firmware update” mode.Launch iTunes. You will be given the message that an iPhone was discovered in recovery mode. If you’re on a mac, hold the Option key and click Restore. If you’re on a PC, hold the Shift key and click Restore. You will be presented with a file selection window. Locate and select the .ipsw file you downloaded.
Your iPhone will restore back to the version of the firmware you’ve chosen.
After the iPhone has finished restoring, you may receive an error 1015. If this happens, the iPhone will boot into recovery mode. To fix this, use the iPHUC client once more and issue the following commands (be sure to escape the spaces as shown below):
cmd setenv auto-boot true cmd saveenv cmd fsboot cmd bootx
Installing SSH
Once you have jailbroken your iPhone, installing a Secure Shell will allow you to access your iPhone’s Unix environment and easily copy files to and from the phone over a WiFi connection.
Using SSH requires that your iPhone be connected to the same WiFi network as your desktop machine. If you don’t have access to a WiFi network, you’ll need to use a tool such as iNdependence to install applications on your iPhone instead, so you can skip this section. You might, however, consider installing MobileTerminal, a free terminal program for the iPhone. This will at least allow you to work in the iPhone’s Unix environment, which is necessary to run a small number of examples. MobileTerminal can be downloaded from http://code.google.com/p/mobileterminal/.
If you used iNdependence to perform a jailbreak, OpenSSH can be installed at the touch of a button—namely, the SSH button. Click it and follow the installation procedure. If you used AppSnap or AppTapp, install SSH as follows:
AppSnapp and AppTapp load a software installer as part of their routine. Once you’ve completed their jailbreak and setup process, you should have a new icon on your iPhone called Installer. Press the icon to run the installer application. The installer may initially prompt you to update itself. If this is the case, continue through the update procedure and restart the installer.
You will be presented with a category list. Choose the Sources category and select the Community Sources package. Press the Install button at the upper right of the screen and the package will be downloaded and installed.
Restart the installer. You should now see a System category. Choose this and install the OpenSSH package. After installing, restart your iPhone.
SSH should now be running on the iPhone, but before you can connect to it, you’ll need to know your iPhone’s IP address on the local WiFi network. To find this, do the following:
Tap the Settings application on your iPhone.
Select the General tab, then Network, then Wi-Fi.
Your WiFi network should appear in the list with a blue disclosure arrow to the right.
Press the blue arrow. You’ll be presented with a screen containing your IP address.
Set up your IP address in the hosts file on your desktop to simplify connectivity. If you’re using Mac OS X or Unix, you can edit your /etc/hosts file. If you’re using Windows XP, edit or create the file C:WINDOWSsystem32driversetchosts. Add the following line to your file:
x.x.x.x iphone
where x.x.x.x represents the IP address of the iPhone.
You’re now ready to connect to your iPhone using an SSH client. If you’re using Mac OS X or Linux with SSH preinstalled, you can do this from a terminal window.
$ ssh −l root iphone
If you’re using Windows XP, you’ll need to download an SSH client. One of the most popular free clients is PuTTY, available at http://www.chiark.greenend.org.uk/~sgtatham/putty/.
Depending on which version of the iPhone software you’re running, the default root password is either dottie or alpine. Once logged in, you should be dropped to a shell prompt.
Installing BSD Subsystem
Being able to access a shell on your iPhone is of little use without a Unix world to provide the basic commands. The installer application has a package called BSD Subsystem in the System category. This is a collection of Unix commands that will allow you the same basic Unix functionality as a desktop Unix system such as Mac OS X or Linux. Choose and install this package through the installer.
Congratulations, you’re now ready to enter the world of iPhone applications development!
Additional Resources
iPhone software is updated periodically by Apple, and so we can’t document how every version of the software will act—especially newer versions that will be released after this book’s publish date. To get the latest information about jailbreaking your iPhone or installing the tools listed in this chapter, the following development teams’ web sites are invaluable resources:
- iPhone Dev Team (http://www.iphone-dev.org)
The official site for the iPhone dev team, responsible for all known v1.1.x jailbreaks to date.
- iPhone Elite Team (http://code.google.com/p/iphone-elite/)
The iPhone Elite Team is another group of developers working primarily on unlocking and other hacks. They service the iPhone Utility Client and other tools.