Hacking the iPod Touch and iPhone

Hacking the iPod Touch:
My notes, hopefully your help files.


Notes and Frequently Asked Gotchyas: -Rebooting:
-- To close an app, hold Home (circle) for 6 seconds
-- To reboot, Hold both buttons for 10 seconds
-- To put in restore mode, plug into USB, hold both buttons for 25 seconds (iBrickr can take you out of restore mode easily)

- Transferring files:
-- If you need to transfer files, you can use iBrickr, SSH (passwords are root/alpine, mobile/dottie), or TotalCommander with the T-Pot plugin (through USB)
-- iBrick takes iPhone out of restore mode, adds other stuff
-- Use Putty to SSH (get commandline access) into device's SSHServer (keep trying if it doesn't connect, takes 30 seconds the first time)

- Use Poof to hide icons on the device (for if it gets too cluttered)
- If things aren't loading, the device's main drive is probably full and installer.app is crashing without telling you. Move fonts with the Boss tool
- When converting videos to watch on iPod, change to .MP4 29.97 fps, AAC. SUPER seems to be an OK tool, though crashes alot.
- If you can't copy songs over, Sometimes deleting all songs/content off ipod seems to help (uncheck all in iTunes)
- Subscribe to WPA2 instead of WEP for some advanced Wireless activation keys (needed at my office)
- The official Apple restore files that you'll need are kept locally in: C:Documents and SettingsusernameApplication DataApple ComputeriTunesMobile Updates
-- You can download them from: http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-4037.20071107.5Bghn/iPhone1,1_1.1.2_3B48b_Restore.ipsw


To Jailbreak and upgrade: I've jailbreaked 3 separate ways. Each seems to let a different set of apps run on it and prevents others from working.

There are many methods, and each depend on:
1) What Device you have (iPhone, ipod Touch, iPod Touch 16gb)
2) Whether it's OOB (out of the the box), hacked before, or 'virgin'
3) What version of the OS it has (go to settings, General, About to check)

Here are the install methods I've verified.
If you have a 16GB iPod Touch

1) Method one (preferred method, 1-20 minutes): A 1.1.4 iTouch, loaded through iTunes Download ZiPhone
- If you have anything other than the 16gb iTouch, just run Jailbreak
- If you have a 16gb iTouch, just clicking Jailbreak doesn't work.
--NOTE: This way is frustrating and might take a few tries! Took me five times, then worked
- ZiPhone 2.5c has a bug (the author is working to fix it) so that on the 16gb touches, you get a BSD Load error after Jailbreaking
-- A temporary fix is after opening ZiPhone, click Jailbreak 3 or four times with a 1-second delay
-- Example shown in: http://revver.com/video/724359/mempfs-16gb-114-jailbreak-with-ziphone/
-- Usually, this didn't work, in which case, just hold down both buttons for 25 sec, then restore in iTunes
-- If you can't get out of restore mode, reboot your desktop, and/or use iBrickr to unlock the phone
-- It does work!
2) Method two (longer, sure to work, 2.5 hours): If you have a brand new 1.1.3 iTouch Downgrade the device's Operating System to 1.1.1
- Using iTunes, Hold down shift and click 'restore'. Point it at the 1.1.1 OS file (dir loc is listed above)
- On the device, Open Safari and go to jailbreakme.com, click the link on the bottom
- Add Community Sources in Installer
- Install Tweaks->Oktoprep
- Change to Settings -> No Screen Blank

To 1.1.2
Using iTunes, Shift-Update to iPhone1,1_1.1.2_3B48b_Restore.ipsw
Download 1.1.2-jailbreak.zip, unzip + run windows.bat (or use iDemocracy w/1.1.2 Jailbreak button)

To 1.1.3
Installer, SoftUpgrade from 1.1.2 to 1.1.3 (use Official 1.1.3 Upgrader)
Run Upgrade icon from ipod springboard desktop
<Takes 1 hour>


3) Method three (3 hours): If you have previously jailbroken then restored If you previously recovered from a jailbreak/restore, then you have to reload the Boot Loader:
-Download iPhuc, follow the steps on iPodTouchMaster.com to downgrade from 1.1.3 to 1.1.1
- Go up to step 2.


As soon as you're jailbroken, recommended first steps: - Let out the breath you've been holding in
- Celebrate with your beverage of choice
Within App.installer (your soon-to-be-favorite program in the world)
- Install BSD Subsystem
- Install OpenSSH
- Install Summerboard
- Install BossTool
Within BossTool, Relocate Fonts to 2nd drive (take 5 minutes). This frees up so your application drive can hold about 100mb of apps

Install working useful programs first:
+Term-vt100
+iPhysics
+Community Sources (links to thousands of other applications)
+EvolutionRGB
+Categories
+Poof
+Dock
+Sudoku
+TuneWiki
+VNSea (As a note - have your target machines only use one monitor, or screen sees gibberish)

To add directories to your Path, SSH in or use Terminal.app, and type:
PATH=$PATH:/opt/iphone/bin/ (or /var/root/bin)
export PATH

Once phone is stable, SSH in (or WinSCP), and copy the entire iPhone directory structure over to a directory on disk

Now, synch to load iTunes music

Finished!



Other App Programs I'm Testing for the ipod touch:
X-Stack (didn't work - Error, Unable to write Springboard Configuration)
X-iPhCalc
-Bigboss Themes Pack
-CIA WorldFactbook
X-Customize (Breaking, maybe due to Summerboard?)
-Dali Clock
-DNS Tools
-DropCopy
-Erica's Ported Utils
-LCARS Image Set
-MobileCast
-1.1.3 Safari Patch
-Squid
-Stack
-Stumbler
-Sysinfo
-weDict
-Vista
-English Etymology
-Thesause-ee
-Elements
-Erica's Utilities
-APLogger
-VNSea
-Mobile2DoList2
-Locations
-World
-Bigboss's Gamesweb
-BigBoss's recommended sources
-iSlots
- English (weDicts)
- CMUWords
- Jiggy
- iRadio
- PhotoBoard
- Pirate


Things I'd like to check:
- Command line WiFi tool (to update WPA keys automatically from work)
- Install the iPhone Lojack: http://www.tuaw.com/2008/02/21/tuaw-responds-iphone-lojack/3


Frequent Techie Questions: (copied from somewhere, sorry I didn't record where)
What is Activation?
Getting past the "Activate iPhone" screen of your iPhone. Until you Activate your iPhone you are unable to access any of its features other than for making Emergency phone calls.

What is Jailbreak?
The process by which you gain read/write access to your iPhone so that you can customise it and add applications.

What is Baseband?
The Baseband or Modem Firmware is the GSM modem which includes an integral processor and memory to control all GSM communications functions of the iPhone.
Baseband firmware versions are "03.14.08_G" with 1.0.2 & "04.01.13_G" with 1.1.1 & "04.02.13_G" for 1.1.2.
You can find the version on your iPhone but selecting Settings -> General -> About -> Modem Firmware.

What is OTB, OOB?
Refers to "Out of the Box" and is typically applied to 1.1.2. UK supplied iPhones which have version 4.6 of the Boot Loader - and cannot currently be Unlocked.

What is Boot Loader?
A very small program that provides the initial capability of the iPhone to load its operating system. Boot loader versions are "3.9_M3S2" with 1.0.2. or 1.1.1. or 1.1.2 upgrade and version "4.6.M3S2" with 1.1.2. OTB.
To determine your Boot Loader version, SSH into your iPhone then issue these 2 commands
* launchctl remove com.apple.CommCenter
* bbupdater -v

What is DFU Mode?
DFU stands for Device Firmware Upgrade or Recovery Mode. You should ONLY enter this mode if you wish to upgrade or downgrade the firmware in your iPhone.
Place your iPhone in DFU Mode (recovery mode) by holding both the "Sleep" and "Home" buttons for 10 seconds. Once the iPhone screen goes black release "Sleep" but continue holding the "Home".

What is Field Test Mode?
Your iPhone can be placed in Field Test Mode by entering *3001#12345#* on your keypad. Lots of technical data about your iPhone is then viewable. Useful amongst this data is your modem firmware version eg "04.02.13_G".

What is ICCID?
Integrated Circuit Card ID. - this is the unique 19 or 20 digit serial number of your SIM card.
You can find this number on your iPhone but selecting Settings -> General -> About -> ICCID.

What is a "Springboard"?
The Springboard is the start screen of your iPhone where all of the Application buttons are.