Documente Academic
Documente Profesional
Documente Cultură
After the vocabulary section, there is some information on actually performing those
three common tasks above and installing 3rd Party Applications. This guide does not
go into great detail about the actual process of using the tools as they are very suscep-
tible to change, meaning if a specific tutorial was included it would become out of date
very quickly. The tools outlined in this guide are very, very easy to use, and were writ-
ten so an ordinary person can successfully hack their iPhone without having to read a
guide.
If you still feel the need for a more advanced guide on using PwnageTool, WinPwn and
QuickPwn, once you have read and learnt the Vocabulary and terms below, you will be
able to read online and video tutorials (and, with the knowledge gained from this
guide, be able to make more sense of them).
Table of Contents
Section 1: Vocabulary 4
Simple Vocabulary 4
Jailbreaking 4
Activating 4
Unlocking 5
Advanced Vocabulary 6
Accelerometer 6
Bootloader 6
Brick, Bricking, Bricked 6
BSD Subsystem 6
DFU Mode 6
EDGE/3G 6
GPS 7
GSM 7
iBoot 7
IMEI 7
iPhone DevTeam 7
Pwning, PwnageTool, QuickPwn, WinPwn 7
Ramdisk 7
Recovery Mode 8
Seczone 8
SIM 8
SSH 8
Useful Links 14
Conclusion 15
License 15
iSeminar Advanced 15
Section 1: Vocabulary
Many of these words you will have seen before – on the internet, in other iPhone
hacking manuals and in emails you have received. Don’t worry, however, as this
section should clear up all of that confusion. The most important thing is that you
make sure you can distinguish between the different items listed below – mixing
them up could mean a major misinterpretation of instructions, which could result
even more frustration and diving into further issues.
Simple Vocabulary
The 3 words outlined below – Jailbreak, Activate and Unlock, are the three most
important words for you to understand. These are the core words of iPhone
hacking, the main three things you will do to your iPhone. For some people,
Jailbreaking is all they require. However, for some, all three are needed.
Make sure you fully understand and can differentiate between the words below, mixing
them up could have severe consequences.
Jailbreak Think of it like this. There are two people that want food, but
you only have one large pizza. You can then split the one pizza
into two “sections,” or partition it. The two partitions are still of
the same piece of pizza, but are acting as two separate pizzas.
The iPhone works in a similar way. The flash memory is actually
only one unit, however it is divided into two sections, or
partitioned. This means that iPhone treats the one piece of
memory as if it were two.
Apple only allows access to one partition on iPhone, the Media
partition. The Media partition contains all the information
synced by iTunes – it is normally the size of the iPhone model
you purchased (8GB, 16GB etc) minus 500-600MB for the OS.
Having access to the media partition does not enable us to do
any hacking and modifications, however, so we must dive
further.
The partition that we are interested in is the one Apple has
locked us out of – the OS Partition. This contains the Operating
System of the iPhone – iPhone OS. If we can get read and write
access to this, we can add (non-sanctioned) third party
applications, get the ability to run scripts and commands, tweak
visual appearance of the OS… the possibilities are limitless. But,
most importantly, jailbreaking is required to perform the
following actions.
Activate When you bought your iPhone or updated/restored it’s software
you may have noticed it said “Activate iPhone” on the screen.
This is iPhone telling you to sign up with a contract with the
appropriate service provider (AT&T in US, Vodafone in New
Zealand.) But, if you wish to use iPhone on a network that is not
supported, or you simply want to use it like an iPod Touch
without using the Phone features, you can trick the device to
make it think it has been activated. Activation is taken care by a
server called albert.Apple.com. iTunes gathers device info, IMEI
etc and send this off to “Albert.” “Albert” then generates an
Advanced Vocabulary
The following words are not as crucial to know as the three above, however a good
understanding of these would give you a great advantage over someone who did
not. When asking for help on a forum, there is a high change that one of the
following words will be mentioned. A sound understanding of these would greatly
increase your interpretation of other people’s instructions.
able to surf the web and talk on the phone at the same time.
GPS GPS, or Global Positioning System, is a way of locating
someone or something using satellites. The iPhone 3G includes
a GPS receiver, meaning the user is able to find their current
location and get directions. Another useful feature is the ability
to Geotag photos taken through iPhone’s camera, that is, record
the coordinates where the photo was taken so the position can
be loaded onto a map, such as Google Earth.
GSM GSM or “Global System for Mobile communications,” is the
most popular standard for mobile phones in the world. It works
by storing all of the subscribers information, like phone number,
on a small chip called a SIM Card. When the SIM is loaded into
the phone, the device will the get the required information and
connect to the corresponding cellular network. iPhone and
iPhone 3G both use GSM.
iBoot iBoot is the Bootlaoder for iPhone OS. When the phone is
turned on, iBoot loads the operating system and checks to make
sure it is valid. During a restore with iTunes, iBoot will check to
see that the restore file being used is one made and signed by
Apple. If it is not, iBoot will not restore to the restore file, and
instead iTunes will give an error. The Pwnage technique means
patching out these checks during a restore, meaning custom
firmware can be used.
Also, iBoot checks to see that the firmware version you are
restoring to is not older than the current one. If you try to
“downgrade” iPhone while iBoot is loaded, iTunes will give an
error.
IMEI An International Mobile Equipment Identity number is a static
number which makes your specific device unique. All mobile
phones have one, and all of them are different. It is like a MAC
address on a computer, it stays the same and is different to any
other MAC address.
iPhone DevTeam The iPhone DevTeam is a group of hackers who find ways to
further extend the iPhone and it’s capabilities. They are
responsible for PwnageTool and all the “Pwning” exploits,
including BootNeuter.
Pwning, “Pwning” programs are tools used to patch the integrity checks
PwnageTool, out of iBoot to allow custom firmware and code to be used
QuickPwn, during a restore. The current versions of the tools uses an
WinPwn exploit at DFU level. You can find more on “Pwning” later in this
guide.
Ramdisk A Ramdisk is a disk image which can be read by the bootloader
if stored in the appropriate place in the memory. This concept
may be a bit confusing to a beginner, but there is a lot of talking
about Ramdisk exploits going on, including over the late
ZiPhone and now QuickPwn. Apple uses a Ramdisk to start the
updating and restoring process of a restore in a special mode,
Recovery Mode. As you can not update or restore an operating
system, such as iPhone OS while it is running, it must be done in
an environment when the OS is not loaded. The Ramdisk
creates such an environment.
In 1.0.2 - 1.1.4 version of iPhone OS, Apple left an exploit
meaning unsigned an Ramdisk could be used. This was
We will start off by introducing the tools we will be using. Like mentioned in the
vocabulary section above, we will be “pwning” the device using 1 of 4 different
Applications to do so.
Now it is a lot different, Apple have patched a lot of bugs, and significant exploits
have been discovered. One of those significant exploits was the discovery of the
Pwnage Exploit that allowed a patched iBoot to be flashed over, opening up
hundreds of doors to users and developers alike. Along with the Pwnage exploit
came BootNeuter, the ultimate unlocking tool for first gen iPhones. BootNeuter
was great news for everyone, now Bootloader versions do not matter.
So, in this section, we will shed light on the Pwnage process, touching the surface
on how it works, and a bit on how to jailbreak, activate and unlock your device.
Note: It may ask you for the bootloaders. They can be found at the following
link: http://www.iPhone-hacks.com/download.php?id=109
4. It will ask you if you are Pwned yet. If you are not sure, click no.
1. Open up iTunes
2. Hold down Shift when clicking the restore button on the iPhone page
(Windows) or Option on a Mac
3. Navigate to the custom restore file, open it and the restore will start
QuickPwn
Connect your device and open QuickPwn. It will determine what it is that you have
connected (iPod Touch, iPhone, iPhone 3G) and then show you options. Choose
the options corresponding to what you want done (Jailbreaking, Activating,
Unlocking and 3rd Party Applications). After that, it may ask you about locating
bootloaders. You gan download them from
http://www.iPhone-hacks.com/download.php?id=109
Once you have downloaded them, locate them in QuickPwn. Follow the onscreen
instructions. Within minutes your iPhone will be fully Pwned and will have been
modified according to what you chose in QuickPwn.
Both these tools (PwnageTool & WinPwn) and QuickPwn, as the iPhone DevTeam
have said, are “Grandma-Proof”
Note: When in DFU mode, nothing will be on the screen. The screen will appear to
be turned off.
This means the only way to tell if you are in DFU mode is to perform the procedure
below when connected to iTunes.
Step 1: Connect the device to iTunes with the USB cable provided
Step 2: Hold down the home button + power button for 10 or so seconds (until the
screen goes black)
Step 3: When the screen goes black, release the power button but keep holding the
home button
Step 4: After a few seconds (around 10 or so) iTunes will detect the device
Step 1: Disconnect the device from the computer and open iTunes
Step 2: Turn off the device
Step 3: Hold down the home button (while the device is off) and connect to iTunes
through the white USB cable
Step 4: If a “Connect to iTunes” graphic appears on the screen, you are successfully
in recovey mode
http://ax.phobos.apple.com.edgesuite.net/WebObjects/MZStore.woa/wa/com.apple.
jingle.appserver.client.MZITunesClientCheck/version?phoneUpdate=true
Step 2: Enter DFU mode using the method in number 1, “How To Enter DFU Mode”
Step 3: When the device is detected by iTunes in DFU mode, hold Shift + Click on
restore button (Windows) or Option + Click (Mac) and choose the firmware file
downloaded in Step 1
Step 3: Once the restore is complete, iTunes may give an error stating that the
device may not have restored properly. This is not an issue, all it means is the
Baseband Firmware was not downgraded (the Baseband Firmware can not be
downgraded without first neutering it/feeding it a correct secpack)
Step 4: The Baseband firmware must now be downgraded. The method for doing
so greatly depends on firmware version, which makes it hard to write about in this
guide. The best way to find out how to do this is to send me an email to
william@appledailytimes.com, including your current Baseband Firmware version (to
find this go Settings -> General -> About and look at “Modem Firmware”), the
version you wish to downgrade to, and your current version of iPhone OS (2.0,
1.1.4…)
Useful Links
- http://hackintosh.org/
Hackint0sh is by far the best iPhone hacking and modding forum. With a huge,
growing user base, it is the ideal location to go to for help. Members there are
happy and friendly to help people of all skill levels. Hackint0sh is the home of
the iPhone DevTeam.
- http://blog.iphone-dev.org/
This is the official blog of the iPhone DevTeam. This will showcase progress
reports as well as download links for applications. They will announce software
launches here as well as on http://iphone-dev.org/
- http://digg.com/apple/upcoming/
Digg is a social news site, a place where users submit interesting links. The
“Upcoming” part of the Apple section shows the latest news right in one place.
Users can “Digg” an article if they like it, and the most “dugg” ones get a special
place on the right hand side of the page. This is a great place to look for big
news, as it brings thousands of site’s breaking news into one place. And, only
the best articles make it to the most “dugg” part of the page.
- http://apple.com/iphone/
Believe it or not, the Apple website itself is a great place for iPhone information
and resources. It will show some of the top Applications, and has interesting
links and facts about the iPhone that you may not know about.
- http://modmyi.com/
- http://theiphonewiki.com/
Conclusion
Hopefully after reading iSeminar you now have a much better understanding of the
iPhone, how it works, what these words mean and why the ability to be able to
patch iBoot is so valuable to us.
I would like to thank the iPhone DevTeam for their hard, never ending work on the
iPhone. They devote their spare time to helping us, the community, get the best out
of their iPhone or iPod Touch.
And, whats more, they don’t accept donations to repay them for all their hard work.
This really shows character and devotion to a completely voluntary cause.
License
Feel free to distribute this guide, but please do not take credit for my work. If you
copy any text from here, please credit it back to me (secretmrx).
You may not sell this guide, and if you have purchased it, demand a refund. This is
free and will always be free.
You may not modify this guide without the authors permission. Should you wish to
do something to it, please email me to william@appledailytimes.com and I can do it
for you.
secretmrx
01/11/2008
iSeminar Advanced
If you enjoyed iSeminar: A Beginner’s Guide To The iPhone, and are interested in
furthering your knowledge, check out iSeminar Advanced.
http://appledailytimes.com/downloads/iseminaradvanced.pdf