IPhone Hacking Notes

From Stack Overflow
Jump to: navigation, search

You are trapped in a maze of twisty firmware instructions and dependencies, all alike.

Contents

Hacking the iPhone

You can ignore all of the notes below this section. They've been superseded by this link:

http://iphone.macworld.com/2007/08/the_iphone_hacking_kit_step_by.php

That link will step you through installing a ssh server on the phone. This can be leveraged to install any app (instructions provided there), but the most useful one you'll want is Installer.app from http://iphone.nullriver.com/beta/

Changing the root password (SSH server)

For future reference, when installing OpenSSH...

The root password is: dottie

Code to generate a new hash is: perl -e 'print crypt("MYPASSWORD", "XX");'

Mounting the "jailed" filesystem on the Mac

1. Install developer tools (if you don't already have them)

2. Install Subversion client (if you don't already have it)

  Using Fink: sudo apt-get install svn-client

3. Install MacFUSE core library - http://code.google.com/p/macfuse/

  a. download and open dmg
  b. double-click on installer

4. Install iphonedisk

  a. Obtain source code with this command: svn checkout http://iphonedisk.googlecode.com/svn/trunk/ iphonedisk
  b. cd iphonedisk && make
  c. Test:
     1. Plug in iPhone, let it sync
     2. When done, quit iTunes, but leave phone connected
     3. Run ./mount.sh
     4. See iPhone folder appear on desktop
     5. Eject iPhone folder

Installing SSH

SSH can be used for not only accessing the shell, but for scp'ing new applications into the /Applications folder. (New apps don't appear until you kill the Springboard process or you restart the phone.)

ssh kit: http://www.abigato.com/iphone-ssh-kit-vr1.tar.bz2

binaries: http://rapidshare.com/files/44273367/bins.tar.bz2.html

http://iphone.fiveforty.net/wiki/index.php/How_to_Escape_Jail

1. Install Jailbreak

  a. Download jailbreak11.zip from http://iphone.natetrue.com/
  The following is from http://www.hacktheiphone.com/iphone_first_ten_steps_to_modding_mac.html:
  b. With iPhone still plugged in, exit "iTunes" (if running) and kill "iTunes Helper"
  c. Get the 1.0.1 firmware from Apple at http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-3538.20070629.B7vXa/iPhone1,1_1.0_1A543a_Restore.ipsw
  d. Place the contents in ~/phonedmg
  e. Extract jailbreak and iphoneinterface to ~/phonedmg
  f. Run ./jailbreak, wait.  The "rebooting iPhone" step takes a long time

I didn't take good notes after this, but the "How to escape jail" article pretty much covers everything. I ended up using iPHUC instead of JailBreak. Sometimes iPHUC wouldn't actually break out of jail, so I would exit out of it and retry a few times until it actually worked. It always did eventually work.

!eplace dropbear with newer one from bin package (so you get scp)! The one from the ssh kit was very minimal.

  • install apps
  • install lib from binkit, required for mv command
  • mv sh sh.old
  • ln csh sh
Personal tools