https://www.theiphonewiki.com/w/api.php?action=feedcontributions&user=Windows+Helpdesk&feedformat=atomThe iPhone Wiki - User contributions [en]2024-03-29T13:27:48ZUser contributionsMediaWiki 1.31.14https://www.theiphonewiki.com/w/index.php?title=User:Windows_Helpdesk&diff=23686User:Windows Helpdesk2012-01-13T07:09:17Z<p>Windows Helpdesk: /* My Devices */</p>
<hr />
<div>== Who I am and what I do ==<br />
I own the website http://www.windowshelpdesk.co.uk and I also created the blackthund3r Dev Team. See http://www.blackthund3r.co.uk. I create tools for assisting the jailbreaking community as well as having fun with arbitrary code execution on my [[iPod touch 2G]] (MC Model) and learning how to create / boot custom ramdisks etc. I also want to one day understand how exploits such as the 0xA1 on (CBA to get full name :D) work and how I can send / implement them manually etc. I know loads but I'm fully aware there's loads more to come! I hope to at some point (when I can be asked!) learn ARM assembly and use IDA for something useful [http://www.lol.com LOL]. My real name is Christopher and I live in the UK<br />
<br />
I created the semi-tethered jailbreak called Snowst0rm Cloud (Windows port) but it is unfortunately broken due to kernel issues. I hope to release at some point open source to demonstrate how unsigned code execution can be gained on the ipt2G MC w/o [[0x24000 Segment Overflow]] Exploit / [[usb_control_msg(0xA1, 1) Exploit]] / [[limera1n]] exploit (also used in [[Greenpois0n (jailbreak)|greenpois0n]])<br />
<br />
I also wrote a few GUI tools in the hope they will help the lives of jailbreak devs everywhere. By far the most popular is [[Recovery Mode Controller]]. All can be downloaded from http://www.blackthund3r.co.uk<br />
[[Recovery Mode Controller]] - Easy putting into / getting out of recovery mode for all iDevices. It uses iPHUCWIN32 for entering and iTunnel for exiting unless you tell it to use libUSB. It was inspired by [[User:iH8sn0w|iH8sn0w's]] controller he depicts in his videos<br />
[[thund3rCrypt]] - GUI-based decryption of both [[IMG3 File Format|IMG3s]] (including Ramdisks) with [[xpwntool]] and Root Filesystems with [[VFDecrypt]]<br />
[[iRecovery Controller]] - GUI for [[iRecovery]]<br />
[[iDisco]] - An application for making the screen of an iDevice flash random colours. Worked on 3.1.2 and below before the bgcolor command was removed in [[iOS]] 4.0. It basically just needs to upload an [[iBSS]] from an in-putted [[IPSW]] then it should work again. It is open source at http://www.github.com/blackthund3r/iDisco<br />
[[Multi-Hashing Hasher]] was a bit of VB fun. It can take any file - or a block of text - and create the MD5 and SHA1 hash of it with ease!<br />
<br />
== My Devices ==<br />
A jailbroken [[iPod touch 2G]] 8GB MC model (I used [[Greenpois0n (jailbreak)|greenpois0n]] FTW and it's currently on [[iOS]] 4.2.1)<br />
A jailbroken [[iPhone 3GS]] 16GB black running iOS 5.0.1 ([[Corona]] / [[redsn0w]]'d)<br />
A jailbroken [[iPod touch 4G]] 8GB running iOS 5.0.1 ([[Corona]] / [[redsn0w]]'d)<br />
<br />
== Contact ==<br />
You can find me at:<br />
blackthund3rjailbreak [AT] gmail.com<br />
blackthund3rtesting [AT] gmail.com for product testing / feedback / beta feedback only<br />
christopher [AT] blackthund3r.co.uk<br />
http://www.blackthund3r.co.uk<br />
Twitter: [http://www.twitter.com/blackthund3r @blackthund3r]<br />
Hope that's enough!</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=User:Windows_Helpdesk&diff=23685User:Windows Helpdesk2012-01-13T07:09:04Z<p>Windows Helpdesk: /* My Devices */</p>
<hr />
<div>== Who I am and what I do ==<br />
I own the website http://www.windowshelpdesk.co.uk and I also created the blackthund3r Dev Team. See http://www.blackthund3r.co.uk. I create tools for assisting the jailbreaking community as well as having fun with arbitrary code execution on my [[iPod touch 2G]] (MC Model) and learning how to create / boot custom ramdisks etc. I also want to one day understand how exploits such as the 0xA1 on (CBA to get full name :D) work and how I can send / implement them manually etc. I know loads but I'm fully aware there's loads more to come! I hope to at some point (when I can be asked!) learn ARM assembly and use IDA for something useful [http://www.lol.com LOL]. My real name is Christopher and I live in the UK<br />
<br />
I created the semi-tethered jailbreak called Snowst0rm Cloud (Windows port) but it is unfortunately broken due to kernel issues. I hope to release at some point open source to demonstrate how unsigned code execution can be gained on the ipt2G MC w/o [[0x24000 Segment Overflow]] Exploit / [[usb_control_msg(0xA1, 1) Exploit]] / [[limera1n]] exploit (also used in [[Greenpois0n (jailbreak)|greenpois0n]])<br />
<br />
I also wrote a few GUI tools in the hope they will help the lives of jailbreak devs everywhere. By far the most popular is [[Recovery Mode Controller]]. All can be downloaded from http://www.blackthund3r.co.uk<br />
[[Recovery Mode Controller]] - Easy putting into / getting out of recovery mode for all iDevices. It uses iPHUCWIN32 for entering and iTunnel for exiting unless you tell it to use libUSB. It was inspired by [[User:iH8sn0w|iH8sn0w's]] controller he depicts in his videos<br />
[[thund3rCrypt]] - GUI-based decryption of both [[IMG3 File Format|IMG3s]] (including Ramdisks) with [[xpwntool]] and Root Filesystems with [[VFDecrypt]]<br />
[[iRecovery Controller]] - GUI for [[iRecovery]]<br />
[[iDisco]] - An application for making the screen of an iDevice flash random colours. Worked on 3.1.2 and below before the bgcolor command was removed in [[iOS]] 4.0. It basically just needs to upload an [[iBSS]] from an in-putted [[IPSW]] then it should work again. It is open source at http://www.github.com/blackthund3r/iDisco<br />
[[Multi-Hashing Hasher]] was a bit of VB fun. It can take any file - or a block of text - and create the MD5 and SHA1 hash of it with ease!<br />
<br />
== My Devices ==<br />
A jailbroken [[iPod touch 2G]] 8GB MC model (I used [[Greenpois0n (jailbreak)|greenpois0n]] FTW and it's currently on [[iOS]] 4.2.1)<br />
A jailbroken [[iPhone 3GS]] 16GB black running iOS 5.0.1 ([[Corona]] / [[redsn0w]]'d)<br />
A jailbroken [[iPod touch 4G]] 8GB running iOS 5.0.1 )[[Corona]] / [[redsn0w]]'d)<br />
<br />
== Contact ==<br />
You can find me at:<br />
blackthund3rjailbreak [AT] gmail.com<br />
blackthund3rtesting [AT] gmail.com for product testing / feedback / beta feedback only<br />
christopher [AT] blackthund3r.co.uk<br />
http://www.blackthund3r.co.uk<br />
Twitter: [http://www.twitter.com/blackthund3r @blackthund3r]<br />
Hope that's enough!</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=Redsn0w&diff=21360Redsn0w2011-10-05T17:06:34Z<p>Windows Helpdesk: Added versions in the 0.9.9 series (betas 2 ~ 3a)</p>
<hr />
<div>{{DISPLAYTITLE:redsn0w}}<br />
[[Image:Redsn0w.png|thumb|redsn0w on Mac OS X]]<br />
redsn0w was originally called [[QuickPwn]] but due to the theft and exploitation of the name, QuickPWN by quickpwn.com, as of iOS 3.0, QuickPwn was discontinued and redsn0w (at the time, version 0.7) was converted into a [[jailbreak]]ing tool for all current devices as well as providing [[unlock]] support the [[M68ap|iPhone 2G]]. As of version 0.8, the [[N88ap|iPhone 3GS]] can also be jailbroken through redsn0w.<br />
<br />
Version 0.9 beta 3 was released for Windows and Mac OS X, and it allows iOS 3.0 through 3.1.2 to be jailbroken. It includes support for all devices except the [[N18ap|iPod touch 3G]], and supports a [[tethered jailbreak]] on [[N88ap|iPhone 3GS]] units and [[N72ap|iPod touch 2G]] units with new bootroms. In addition, this version supports custom boot and recovery mode logos, as well as verbose mode on bootup.<br />
<br />
Version [http://wikee.iphwn.org/howto:rs9 0.9.2] supports jailbreaking of all iDevices (at the time) with iOS 3.0 through 3.1.2 on Windows and Mac OS X, as well as 3.1.3 on [[S5L8900]] devices. Version 0.9.3 adds support of internet tethering IPCC hack on those devices and 0.9.4 allows jailbreaking of early [[N72ap|iPod touch 2G]] with iOS 3.1.3.<br />
<br />
Version [http://wikee.iphwn.org/howto:rsbeta 0.9.5b5-5] supports jailbreaking the [[N82ap|iPhone 3G]] and [[N72ap|iPod touch 2G]] ([[iBoot-240.4|old bootrom]]) with iOS 4.0 on Windows and Mac OS X.<br />
<br />
redsn0w [http://blog.iphone-dev.org/post/1718400992 0.9.6b6] can jailbreak iOS 3.2.2, 4.1, and 4.2.1 for every device that supports those versions (except Apple TV 2G), on Windows and Mac OS X.<br />
<br />
== Credit ==<br />
[[iPhone Dev Team]]<br />
<br />
== Versions ==<br />
===Initial Release and updates until 0.8===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.3<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Jailbreak for the [[n72ap|iPod touch 2G]].<br />
|-<br />
|-<br />
! 0.7<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{yes}}<br />
| style="white-space: nowrap;" | Untethered jailbreak for all devices but [[n88ap|iPhone 3GS]]<br />
|-<br />
! 0.7.1-0.7.2<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{yes}}<br />
| style="white-space: nowrap;" | Bug fixes for versions 0.7<br />
|-<br />
! 0.8<br />
| style="white-space: nowrap;" | July 2009<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Performs an [[untethered jailbreak]] on iOS 3.0/3.0.1 (when pointed at 3.0) for all devices supported by those firmware.<br />
|-<br />
|}<br />
<br />
===First 0.9.x releases===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.9.2<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Supports 3.0-3.1.2 on all iPhones and iPod touches ([[tethered jailbreak|tethered]] for newer devices with [[0x24000 Segment Overflow]] closed)<br />
|-<br />
! 0.9.3<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Contains the IPCC hack to enable tethering on the iPhone 3G and 3GS.<br />
|-<br />
! 0.9.4<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Supports jailbreaking iOS 3.1.3 on [[M68ap|iPhone 2G]], [[N82ap|iPhone 3G]], [[N45ap|iPod touch 1G]], [[N72ap|iPod touch 2G]] ([[iBoot-240.4|old bootrom]])<br />
|-<br />
|}<br />
===0.9.5 series===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.9.5 beta 3<br />
| style="white-space: nowrap;" | June 21, 2010<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Supports jailbreaking iOS 4.0 on [[N82ap|iPhone 3G]] and [[N72ap|iPod touch 2G]] ([[iBoot-240.4|old bootrom]])<br />
|-<br />
! 0.9.5 beta 4<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Resolved a problem with iBooks.<br />
|-<br />
! 0.9.5 beta 5<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Supposed to fix any APN or MMS issues that users were seeing.<br />
|-<br />
|}<br />
<br />
===0.9.6 series===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.9.6 beta 1<br />
| style="white-space: nowrap;" | September 21, 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Supports jailbreaking iOS 4.0-4.1 on [[N82ap|iPhone 3G]] and [[N72ap|iPod touch 2G]] ([[tethered jailbreak|tethered]] on [[iBoot-240.5.1|new bootrom]])<br />
|-<br />
! 0.9.6 beta 2<br />
| style="white-space: nowrap;" | October 31, 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Supports jailbreaking iOS 3.2.2 and 4.0-4.1 on every device that supports those firmwares (except [[N72ap|iPod touch 2G]] with [[iBoot-240.5.1|new bootrom]]) .<br />
** The [[N82ap|iPhone 3G]], [[N72ap|iPod touch 2G]] ([[iBoot-240.4|old bootrom]]), and [[N88ap|iPhone 3GS]] ([[iBoot-359.3|old bootrom]]) can also have custom boot logos.<br />
* The Windows version also includes a function that permits users to restore to a custom [[IPSW File Format|IPSW]], akin to [[PwnageTool]]'s DFU button.<br />
|-<br />
! 0.9.6 beta 3<br />
| style="white-space: nowrap;" | November 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Supports the installation of custom bundles<br />
|-<br />
! 0.9.6 beta 4<br />
| style="white-space: nowrap;" | November 23, 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Jailbreaks iOS 4.1-4.2.1 on all compatible devices.<br />
** [[Tethered jailbreak]] on devices that are not vulnerable to [[Pwnage 2.0]] or [[0x24000 Segment Overflow]].<br />
|-<br />
! 0.9.6 beta 5<br />
| style="white-space: nowrap;" | November 28, 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Can update the baseband on the [[X-Gold 608]] to [[6.15.00]], allowing the reuse of the [[AT+XAPP Vulnerability]]<br />
|-<br />
! 0.9.6 beta 6<br />
| style="white-space: nowrap;" | December 1, 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Allows you to "deactivate" a hacktivated phone, so sbinger's [http://www.bingner.com/SAM.html Subscriber Artificial Module] (SAM) can trick your iPhone and [[iTunes]] into creating legitimate activation tickets.<br />
|-<br />
! 0.9.6 release candidate 7<br />
| style="white-space: nowrap;" | January 2, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Introduced command-line arguments to bypass some screens.<br />
** -b <filename> to specify your own boot logo PNG<br />
** -i <filename> to specify your reference IPSW<br />
** -j to ask redsn0w to “Just boot now tethered for now”<br />
** -o for [[N88ap|iPhone 3GS]] and [[N72ap|iPod touch 2G]] units vulnerable to [[0x24000 Segment Overflow]].<br />
|-<br />
! 0.9.6 release candidate 8<br />
| style="white-space: nowrap;" | January 5, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Informs users if a boot logo PNG is invalid, and why.<br />
* Introduced the "-a" command-line argument to eliminate clicking.<br />
|-<br />
! 0.9.6 release candidate 9<br />
| style="white-space: nowrap;" | April 3, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Adds support for jailbreaking iOS 4.3.1 on all compatible devices except the [[iPad 2]] and [[k66ap|Apple TV 2]].<br />
* New command line parameters k and d [http://twitpic.com/4gg8n1]:<br />
** -k --kernelcache=<str> use specified kernelcache (advanced)<br />
** -d --devicetree=<str> use specified devicetree (advanced)<br />
|-<br />
! 0.9.6 release candidate 10<br />
| style="white-space: nowrap;" | April 7, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Added boot animations<br />
* Removed misleading Settings<br />
|-<br />
! 0.9.6 release candidate 11<br />
| style="white-space: nowrap;" | April 7, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Makes the boot animation a bit more robust<br />
|-<br />
! 0.9.6 release candidate 12<br />
| style="white-space: nowrap;" | April 8, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Fix any lingering issues with the boot animation<br />
|-<br />
! 0.9.6 release candidate 13<br />
| style="white-space: nowrap;" | April 19, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Adds support for jailbreaking iOS 4.3.2 on all compatible devices except the [[iPad 2]].<br />
** A bug existed that prevented the [[N90ap|iPhone 4 (GSM model)]] from being jailbroken on iOS 4.3.2.<br />
|-<br />
! 0.9.6 release candidate 14<br />
| style="white-space: nowrap;" | April 19, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Fixes an issue that prevented the [[N90ap|iPhone 4 (GSM model)]] from being jailbroken.<br />
|-<br />
! 0.9.6 release candidate 15<br />
| style="white-space: nowrap;" | May 06, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Adds support for jailbreaking iOS 4.3.3 on all compatible devices except the [[iPad 2]].<br />
|-<br />
! 0.9.6 release candidate 16<br />
| style="white-space: nowrap;" | May 16, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Fixes the [[N88ap|iPhone 3GS]]/[[N90ap|iPhone 4 (GSM model)]] side switch vibration issue found in jailbroken installations of iOS 4.3.3.<br />
|-<br />
! 0.9.6 release candidate 17<br />
| style="white-space: nowrap;" | May 20, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Adds advanced command line options for kernel hackers.<br />
|-<br />
! 0.9.6 release candidate 18<br />
| style="white-space: nowrap;" | June 14, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Adds support for jailbreaking iOS 4.2.8 on the [[N92ap|iPhone 4 (CDMA model)]].<br />
|-<br />
! 0.9.6 release candidate 19<br />
| style="white-space: nowrap;" | July 12, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* When a custom bundle is applied, most of the normal jailbreak steps (like stashing and untethering) are skipped.<br />
|}<br />
<br />
===0.9.7 series===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.9.7 beta 1<br />
| style="white-space: nowrap;" | December 26, 2010<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Jailbreaks iOS 4.1-4.2.1 on all compatible devices.<br />
** Able to achieve an [[untethered jailbreak]] on 4.2.1, provided the user has 4.2b3 [[SHSH]]s and the 4.2b3 [[IPSW File Format|IPSW]].<br />
*** This version of "Jailbreak Monte" has quite a number of bugs, particularly app switcher crashes and disabled [[Bluetooth]].<br />
|-<br />
! 0.9.7 beta 2<br />
| style="white-space: nowrap;" | December 26, 2010<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Fixes crashing bugs on GUI apps.<br />
|-<br />
! 0.9.7 beta 3<br />
| style="white-space: nowrap;" | December 27, 2010<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Fixes crashing bugs completely.<br />
|-<br />
! 0.9.7 beta 4<br />
| style="white-space: nowrap;" | December 31, 2010<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* ubsmuxd integrated.<br />
|-<br />
! 0.9.7 beta 5<br />
| style="white-space: nowrap;" | January 8, 2011<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Issues related to [[Bluetooth]] and the sandbox are resolved.<br />
|-<br />
! 0.9.7 beta 6<br />
| style="white-space: nowrap;" | January 10, 2011<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* fixes Skype<br />
|}<br />
<br />
===0.9.8 series===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.9.8 beta 1<br />
| style="white-space: nowrap;" | June 10, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Performs a [[tethered jailbreak]] of iOS 5.0 betas 1 and 2 (when pointed at the beta 1 IPSW) on all compatible devices except the [[iPad 2]].<br />
|-<br />
! 0.9.8 beta 2<br />
| style="white-space: nowrap;" | July 11, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Performs a [[tethered jailbreak]] of iOS 5.0 betas 1, 2, and 3 on all compatible device except the [[iPad 2]].<br />
* Fixes the iOS 5 beta 3 sandbox issues present in the previous version.<br />
|-<br />
! 0.9.8 beta 3<br />
| style="white-space: nowrap;" | July 16, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
| <br />
* Performs a [[tethered jailbreak]] of iOS 4.3.4 and iOS 5.0 betas 1, 2, and 3.<br />
|-<br />
! 0.9.8 beta 4<br />
| style="white-space: nowrap;" | July 23, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
| <br />
* Performs a [[tethered jailbreak]] of iOS 5.0 betas 1, 2, 3, and 4.<br />
|-<br />
! 0.9.8 beta 5<br />
| style="white-space: nowrap;" | August 9, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
| <br />
* Performs a [[tethered jailbreak]] of iOS 5.0 betas 1, 2, 3, 4 and 5.<br />
|-<br />
! 0.9.8 beta 6<br />
| style="white-space: nowrap;" | August 23, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
| <br />
* Performs a [[tethered jailbreak]] of iOS 5.0 betas 1, 2, 3, 4, 5, and 6.<br />
|-<br />
! 0.9.8 beta 7<br />
| style="white-space: nowrap;" | August 31, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Performs a [[tethered jailbreak]] of iOS 5.0 betas 1, 2, 3, 4, 5 and 6.<br />
* Performs a [[tethered jailbreak]] of iOS 4.3.5 and 4.2.10 without pointing at an older IPSW.<br />
* Performs a [[tethered jailbreak]] of iOS 5.0 beta 6 on a new, silently changed (by Apple) [[K48ap|iPad 1]] IPSW.<br />
* Fixes a bug in the 4.2.10 jailbreak on the [[N92AP|iPhone 4 CDMA]] [[tethered jailbreak]].<br />
|-<br />
! 0.9.8 beta 7b<br />
| style="white-space: nowrap;" | September 2, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Performs a [[tethered jailbreak]] for [[iOS]] 4.3.4, 4.3.5, 4.2.9, 4.2.10 on all supported devices except the [[n88ap|iPhone 3GS]] (old bootrom) and the [[iPad 2]]<br />
* Performs an [[untethered jailbreak]] on [[iOS]] 4.1-4.3.3 on all supported devices except the [[iPad 2]]<br />
* Performs a [[tethered jailbreak]] on [[iOS]] 5.0 beta 1-7 on all supported devices except the [[n88ap|iPhone 3GS]] (old bootrom) and [[iPad 2]]<br />
* Performs an [[untethered jailbreak]] on [[n88ap|Phone 3GS]] (old bootrom) on [[iOS]] 4.1-4.3.5 and 5.0 beta 7<br />
* Fixed lingering issues with the [[N92ap|iPhone 4]] (CDMA Model) 4.2.10 [[tethered jailbreak]]<br />
|-<br />
! 0.9.8 beta 7c<br />
| style="white-space: nowrap;" | September 6, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
| <br />
* Same as 0.9.8 beta 7b on all devices but [[n88ap|iPhone 3GS]] with [[06.15.00]] baseband<br />
* Fixes [[iTunes Errors#Error 1015|error 1015]] when restoring to stock 4.3.5 on [[n88ap|iPhone 3GS]] with [[06.15.00]] baseband.<br />
|}<br />
<br />
===0.9.9 series===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
!0.9.9 beta 1<br />
|style="white-space: nowrap;" | September 19, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
| <br />
*Complete rewrite.<br />
*No longer requires IPSWs when jailbreaking public builds. When jailbreaking beta/Golden master firmwares, need to specify IPSW once, then auto-recognizes it.<br />
*Redsn0w now fetches SHSH from device, querys Cydia about saved blobs, stitches IPSWs with SHSH blobs (not for iPhones) and able to submit SHSH to cydia<br />
*Includes Terminal shell commands into the GUI.<br />
|-<br />
!0.9.9 beta 2<br />
|style="white-space: nowrap;" | September 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
*Fixes Verizon iPhone 4 firmware detection<br />
*Fixes 'Fix Recovery'<br />
*Fixes for Stitching<br />
*Fixes for blob processing<br />
|-<br />
!0.9.9 beta 3<br />
|style="white-space: nowrap;" | September 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
*Auto-detects the iOS5 GM Firmware now and accepts the GM IPSWs<br />
*Allows a jailbreak (albeit still tethered apart from [[iPhone 3GS]] old bootrom) on iOS5 GM<br />
|-<br />
!0.9.9 beta 3a<br />
|style="white-space: nowrap;" | September 2011<br />
| {{no}}<br />
| {{yes}}<br />
|<br />
*Fixes a Windows-only caching bug<br />
*Allows Windows users to rename the redsn0w exe to anything containing 'boot' to jump straight to the tethered boot stage on load (thus adding one-click tethered boot to Windows redsn0w)<br />
*0.9.9 beta 3 still works fine for Mac users except they don't have the new 'boot' rename feature that this version has<br />
|}<br />
<br />
== Exploits used ==<br />
For [[M68ap|iPhone]], [[N45ap|iPod touch]], and [[N82ap|iPhone 3G]]:<br />
*[[Pwnage]]<br />
*[[Pwnage 2.0]]<br />
<br />
For [[N72ap|iPod touch 2G]]:<br />
*[[0x24000 Segment Overflow]]<br />
*[[ARM7 Go]] - used to upload the oversized [[LLB]] required to utilize the 0x24000 Segment Overflow.<br />
*[[usb_control_msg(0xA1, 1) Exploit]] - used (in redsn0w 0.9.6 beta 1) to upload the oversized [[LLB]] to utilize the 0x24000 Segment Overflow, as well as a [[tethered jailbreak]] on units with the [[iBoot-240.5.1|new bootrom]].<br />
<br />
For [[N88ap|iPhone 3GS]]:<br />
*[[0x24000 Segment Overflow]]<br />
*[[iBoot Environment Variable Overflow]] - Exploit has a different implementation from [[User:geohot|geohot]]'s implementation in [[purplera1n]].<br />
*[[usb_control_msg(0x21, 2) Exploit]]<br />
*[[limera1n]] exploit<br />
<br />
For [[N18ap|iPod touch 3G]]:<br />
*[[usb_control_msg(0x21, 2) Exploit]]<br />
*[[limera1n]] exploit<br />
<br />
For [[N90ap|iPhone 4]], [[N81ap|iPod touch 4G]], [[K48ap|iPad]] and [[K66ap|Apple TV 2G]]:<br />
*[[limera1n]] exploit<br />
<br />
For [[iPad 2]]:<br />
<br />
[[Category:Hacking Software]]</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=Redsn0w&diff=20769Redsn0w2011-08-31T11:08:48Z<p>Windows Helpdesk: /* 0.9.8 series */</p>
<hr />
<div>{{DISPLAYTITLE:redsn0w}}<br />
[[Image:Redsn0w.png|thumb|redsn0w on Mac OS X]]<br />
redsn0w was originally called [[QuickPwn]] but due to the theft and exploitation of the name, QuickPWN by quickpwn.com, as of iOS 3.0, QuickPwn was discontinued and redsn0w (at the time, version 0.7) was converted into a [[jailbreak]]ing tool for all current devices as well as providing [[unlock]] support the [[M68ap|iPhone 2G]]. As of version 0.8, the [[N88ap|iPhone 3GS]] can also be jailbroken through redsn0w.<br />
<br />
Version 0.9 beta 3 was released for Windows and Mac OS X, and it allows iOS 3.0 through 3.1.2 to be jailbroken. It includes support for all devices except the [[N18ap|iPod touch 3G]], and supports a [[tethered jailbreak]] on [[N88ap|iPhone 3GS]] units and [[N72ap|iPod touch 2G]] units with new bootroms. In addition, this version supports custom boot and recovery mode logos, as well as verbose mode on bootup.<br />
<br />
Version [http://wikee.iphwn.org/howto:rs9 0.9.2] supports jailbreaking of all iDevices (at the time) with iOS 3.0 through 3.1.2 on Windows and Mac OS X, as well as 3.1.3 on [[S5L8900]] devices. Version 0.9.3 adds support of internet tethering IPCC hack on those devices and 0.9.4 allows jailbreaking of early [[N72ap|iPod touch 2G]] with iOS 3.1.3.<br />
<br />
Version [http://wikee.iphwn.org/howto:rsbeta 0.9.5b5-5] supports jailbreaking the [[N82ap|iPhone 3G]] and [[N72ap|iPod touch 2G]] ([[iBoot-240.4|old bootrom]]) with iOS 4.0 on Windows and Mac OS X.<br />
<br />
redsn0w [http://blog.iphone-dev.org/post/1718400992 0.9.6b6] can jailbreak iOS 3.2.2, 4.1, and 4.2.1 for every device that supports those versions (except Apple TV 2G), on Windows and Mac OS X.<br />
<br />
== Credit ==<br />
[[iPhone Dev Team]]<br />
<br />
== Versions ==<br />
===Initial Release and updates until 0.8===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.1<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Jailbreak for the [[n72ap|iPod touch 2G]].<br />
|-<br />
|-<br />
! 0.7<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{yes}}<br />
|-<br />
! 0.8<br />
| style="white-space: nowrap;" | July 2009<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Jailbreaks iPhone OS 3.0 on the [[n88ap|iPhone 3GS]] only.<br />
|-<br />
|}<br />
===First 0.9.x releases===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.9.2<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Supports 3.0-3.1.2 on all iPhones and iPod touches ([[tethered jailbreak|tethered]] for newer devices with [[0x24000 Segment Overflow]] closed)<br />
|-<br />
! 0.9.3<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Contains the IPCC hack to enable tethering on the iPhone 3G and 3GS.<br />
|-<br />
! 0.9.4<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Supports jailbreaking iOS 3.1.3 on [[M68ap|iPhone 2G]], [[N82ap|iPhone 3G]], [[N45ap|iPod touch 1G]], [[N72ap|iPod touch 2G]] ([[iBoot-240.4|old bootrom]])<br />
|-<br />
|}<br />
===0.9.5 series===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.9.5 beta 3<br />
| style="white-space: nowrap;" | June 21, 2010<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Supports jailbreaking iOS 4.0 on [[N82ap|iPhone 3G]] and [[N72ap|iPod touch 2G]] ([[iBoot-240.4|old bootrom]])<br />
|-<br />
! 0.9.5 beta 4<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Resolved a problem with iBooks.<br />
|-<br />
! 0.9.5 beta 5<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Supposed to fix any APN or MMS issues that users were seeing.<br />
|-<br />
|}<br />
<br />
===0.9.6 series===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.9.6 beta 1<br />
| style="white-space: nowrap;" | September 21, 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Supports jailbreaking iOS 4.0-4.1 on [[N82ap|iPhone 3G]] and [[N72ap|iPod touch 2G]] ([[tethered jailbreak|tethered]] on [[iBoot-240.5.1|new bootrom]])<br />
|-<br />
! 0.9.6 beta 2<br />
| style="white-space: nowrap;" | October 31, 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Supports jailbreaking iOS 3.2.2 and 4.0-4.1 on every device that supports those firmwares (except [[N72ap|iPod touch 2G]] with [[iBoot-240.5.1|new bootrom]]) .<br />
** The [[N82ap|iPhone 3G]], [[N72ap|iPod touch 2G]] ([[iBoot-240.4|old bootrom]]), and [[N88ap|iPhone 3GS]] ([[iBoot-359.3|old bootrom]]) can also have custom boot logos.<br />
* The Windows version also includes a function that permits users to restore to a custom [[IPSW File Format|IPSW]], akin to [[PwnageTool]]'s DFU button.<br />
|-<br />
! 0.9.6 beta 3<br />
| style="white-space: nowrap;" | November 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Supports the installation of custom bundles<br />
|-<br />
! 0.9.6 beta 4<br />
| style="white-space: nowrap;" | November 23, 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Jailbreaks iOS 4.1-4.2.1 on all compatible devices.<br />
** [[Tethered jailbreak]] on devices that are not vulnerable to [[Pwnage 2.0]] or [[0x24000 Segment Overflow]].<br />
|-<br />
! 0.9.6 beta 5<br />
| style="white-space: nowrap;" | November 28, 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Can update the baseband on the [[X-Gold 608]] to [[6.15.00]], allowing the reuse of the [[AT+XAPP Vulnerability]]<br />
|-<br />
! 0.9.6 beta 6<br />
| style="white-space: nowrap;" | December 1, 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Allows you to "deactivate" a hacktivated phone, so sbinger's [http://www.bingner.com/SAM.html Subscriber Artificial Module] (SAM) can trick your iPhone and [[iTunes]] into creating legitimate activation tickets.<br />
|-<br />
! 0.9.6 release candidate 7<br />
| style="white-space: nowrap;" | January 2, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Introduced command-line arguments to bypass some screens.<br />
** -b <filename> to specify your own boot logo PNG<br />
** -i <filename> to specify your reference IPSW<br />
** -j to ask redsn0w to “Just boot now tethered for now”<br />
** -o for [[N88ap|iPhone 3GS]] and [[N72ap|iPod touch 2G]] units vulnerable to [[0x24000 Segment Overflow]].<br />
|-<br />
! 0.9.6 release candidate 8<br />
| style="white-space: nowrap;" | January 5, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Informs users if a boot logo PNG is invalid, and why.<br />
* Introduced the "-a" command-line argument to eliminate clicking.<br />
|-<br />
! 0.9.6 release candidate 9<br />
| style="white-space: nowrap;" | April 3, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Adds support for jailbreaking iOS 4.3.1 on all compatible devices except the [[iPad 2]] and [[k66ap|Apple TV 2]].<br />
* New command line parameters k and d [http://twitpic.com/4gg8n1]:<br />
** -k --kernelcache=<str> use specified kernelcache (advanced)<br />
** -d --devicetree=<str> use specified devicetree (advanced)<br />
|-<br />
! 0.9.6 release candidate 10<br />
| style="white-space: nowrap;" | April 7, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Added boot animations<br />
* Removed misleading Settings<br />
|-<br />
! 0.9.6 release candidate 11<br />
| style="white-space: nowrap;" | April 7, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Makes the boot animation a bit more robust<br />
|-<br />
! 0.9.6 release candidate 12<br />
| style="white-space: nowrap;" | April 8, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Fix any lingering issues with the boot animation<br />
|-<br />
! 0.9.6 release candidate 13<br />
| style="white-space: nowrap;" | April 19, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Adds support for jailbreaking iOS 4.3.2 on all compatible devices except the [[iPad 2]].<br />
** A bug existed that prevented the [[N90ap|iPhone 4 (GSM model)]] from being jailbroken on iOS 4.3.2.<br />
|-<br />
! 0.9.6 release candidate 14<br />
| style="white-space: nowrap;" | April 19, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Fixes an issue that prevented the [[N90ap|iPhone 4 (GSM model)]] from being jailbroken.<br />
|-<br />
! 0.9.6 release candidate 15<br />
| style="white-space: nowrap;" | May 06, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Adds support for jailbreaking iOS 4.3.3 on all compatible devices except the [[iPad 2]].<br />
|-<br />
! 0.9.6 release candidate 16<br />
| style="white-space: nowrap;" | May 16, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Fixes the [[N88ap|iPhone 3GS]]/[[N90ap|iPhone 4 (GSM model)]] side switch vibration issue found in jailbroken installations of iOS 4.3.3.<br />
|-<br />
! 0.9.6 release candidate 17<br />
| style="white-space: nowrap;" | May 20, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Adds advanced command line options for kernel hackers.<br />
|-<br />
! 0.9.6 release candidate 18<br />
| style="white-space: nowrap;" | June 14, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Adds support for jailbreaking iOS 4.2.8 on the [[N92ap|iPhone 4 (CDMA model)]].<br />
|-<br />
! 0.9.6 release candidate 19<br />
| style="white-space: nowrap;" | July 12, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* When a custom bundle is applied, most of the normal jailbreak steps (like stashing and untethering) are skipped.<br />
|}<br />
<br />
===0.9.7 series===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.9.7 beta 1<br />
| style="white-space: nowrap;" | December 26, 2010<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Jailbreaks iOS 4.1-4.2.1 on all compatible devices.<br />
** Able to achieve an [[untethered jailbreak]] on 4.2.1, provided the user has 4.2b3 [[SHSH]]s and the 4.2b3 [[IPSW File Format|IPSW]].<br />
*** This version of "Jailbreak Monte" has quite a number of bugs, particularly app switcher crashes and disabled [[Bluetooth]].<br />
|-<br />
! 0.9.7 beta 2<br />
| style="white-space: nowrap;" | December 26, 2010<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Fixes crashing bugs on GUI apps.<br />
|-<br />
! 0.9.7 beta 3<br />
| style="white-space: nowrap;" | December 27, 2010<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Fixes crashing bugs completely.<br />
|-<br />
! 0.9.7 beta 4<br />
| style="white-space: nowrap;" | December 31, 2010<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* ubsmuxd integrated.<br />
|-<br />
! 0.9.7 beta 5<br />
| style="white-space: nowrap;" | January 8, 2011<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Issues related to [[Bluetooth]] and the sandbox are resolved.<br />
|-<br />
! 0.9.7 beta 6<br />
| style="white-space: nowrap;" | January 10, 2011<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* fixes Skype<br />
|}<br />
<br />
===0.9.8 series===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.9.8 beta 1<br />
| style="white-space: nowrap;" | June 10, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Performs a [[tethered jailbreak]] of iOS 5.0 betas 1 and 2 (when pointed at the beta 1 IPSW) on all compatible devices except the [[iPad 2]].<br />
|-<br />
! 0.9.8 beta 2<br />
| style="white-space: nowrap;" | July 11, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Performs a [[tethered jailbreak]] of iOS 5.0 betas 1, 2, and 3 on all compatible device except the [[iPad 2]].<br />
* Fixes the iOS 5 beta 3 sandbox issues present in the previous version.<br />
|-<br />
! 0.9.8 beta 3<br />
| style="white-space: nowrap;" | July 16, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
| <br />
* Performs a [[tethered jailbreak]] of iOS 4.3.4 and iOS 5.0 betas 1, 2, and 3.<br />
|-<br />
! 0.9.8 beta 4<br />
| style="white-space: nowrap;" | July 23, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
| <br />
* Performs a [[tethered jailbreak]] of iOS 5.0 betas 1, 2, 3, and 4.<br />
|-<br />
! 0.9.8 beta 5<br />
| style="white-space: nowrap;" | August 9, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
| <br />
* Performs a [[tethered jailbreak]] of iOS 5.0 betas 1, 2, 3, 4 and 5.<br />
|-<br />
! 0.9.8 beta 6<br />
| style="white-space: nowrap;" | August 23, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
| <br />
* Performs a [[tethered jailbreak]] of iOS 5.0 betas 1, 2, 3, 4, 5, and 6.<br />
|-<br />
! 0.9.8 beta 7<br />
| style="white-space: nowrap;" | August 31, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Performs a [[tethered jailbreak]] of iOS 5.0 betas 1, 2, 3, 4, 5 and 6.<br />
* Performs a [[tethered jailbreak]] of iOS 4.3.5 and 4.2.10 without pointing at an older IPSW.<br />
* Performs a [[tethered jailbreak]] of iOS 5.0 beta 6 on a new, silently changed (by Apple) [[K48ap|iPad 1]] IPSW.<br />
* Fixes a bug in the 4.2.10 jailbreak on the [[N92AP|iPhone 4 CDMA]] [[tethered jailbreak]].<br />
|}<br />
<br />
== Exploits used ==<br />
For [[M68ap|iPhone]], [[N45ap|iPod touch]], and [[N82ap|iPhone 3G]], see:<br />
*[[Pwnage]]<br />
*[[Pwnage 2.0]]<br />
<br />
For [[N72ap|iPod touch 2G]], see:<br />
*[[0x24000 Segment Overflow]]<br />
*[[ARM7 Go]] - used to upload the oversized [[LLB]] required to utilize the 0x24000 Segment Overflow.<br />
*[[usb_control_msg(0xA1, 1) Exploit]] - used (in redsn0w 0.9.6 beta 1) to upload the oversized [[LLB]] to utilize the 0x24000 Segment Overflow, as well as a [[tethered jailbreak]] on units with the [[iBoot-240.5.1|new bootrom]].<br />
<br />
For [[N88ap|iPhone 3GS]], see:<br />
*[[0x24000 Segment Overflow]]<br />
*[[iBoot Environment Variable Overflow]] - Exploit has a different implementation from [[User:geohot|geohot]]'s implementation in [[purplera1n]].<br />
*[[usb_control_msg(0x21, 2) Exploit]]<br />
*limera1n exploit<br />
<br />
For [[N18ap|iPod touch 3G]]<br />
*[[usb_control_msg(0x21, 2) Exploit]]<br />
*limera1n exploit<br />
<br />
for [[N90ap|iPhone 4]], [[N81ap|iPod touch 4G]], [[K48ap|iPad]] and [[K66ap|Apple TV 2G]]<br />
*limera1n exploit<br />
<br />
[[Category:Hacking Software]]</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=Redsn0w&diff=20768Redsn0w2011-08-31T11:08:11Z<p>Windows Helpdesk: /* 0.9.8 series */</p>
<hr />
<div>{{DISPLAYTITLE:redsn0w}}<br />
[[Image:Redsn0w.png|thumb|redsn0w on Mac OS X]]<br />
redsn0w was originally called [[QuickPwn]] but due to the theft and exploitation of the name, QuickPWN by quickpwn.com, as of iOS 3.0, QuickPwn was discontinued and redsn0w (at the time, version 0.7) was converted into a [[jailbreak]]ing tool for all current devices as well as providing [[unlock]] support the [[M68ap|iPhone 2G]]. As of version 0.8, the [[N88ap|iPhone 3GS]] can also be jailbroken through redsn0w.<br />
<br />
Version 0.9 beta 3 was released for Windows and Mac OS X, and it allows iOS 3.0 through 3.1.2 to be jailbroken. It includes support for all devices except the [[N18ap|iPod touch 3G]], and supports a [[tethered jailbreak]] on [[N88ap|iPhone 3GS]] units and [[N72ap|iPod touch 2G]] units with new bootroms. In addition, this version supports custom boot and recovery mode logos, as well as verbose mode on bootup.<br />
<br />
Version [http://wikee.iphwn.org/howto:rs9 0.9.2] supports jailbreaking of all iDevices (at the time) with iOS 3.0 through 3.1.2 on Windows and Mac OS X, as well as 3.1.3 on [[S5L8900]] devices. Version 0.9.3 adds support of internet tethering IPCC hack on those devices and 0.9.4 allows jailbreaking of early [[N72ap|iPod touch 2G]] with iOS 3.1.3.<br />
<br />
Version [http://wikee.iphwn.org/howto:rsbeta 0.9.5b5-5] supports jailbreaking the [[N82ap|iPhone 3G]] and [[N72ap|iPod touch 2G]] ([[iBoot-240.4|old bootrom]]) with iOS 4.0 on Windows and Mac OS X.<br />
<br />
redsn0w [http://blog.iphone-dev.org/post/1718400992 0.9.6b6] can jailbreak iOS 3.2.2, 4.1, and 4.2.1 for every device that supports those versions (except Apple TV 2G), on Windows and Mac OS X.<br />
<br />
== Credit ==<br />
[[iPhone Dev Team]]<br />
<br />
== Versions ==<br />
===Initial Release and updates until 0.8===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.1<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Jailbreak for the [[n72ap|iPod touch 2G]].<br />
|-<br />
|-<br />
! 0.7<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{yes}}<br />
|-<br />
! 0.8<br />
| style="white-space: nowrap;" | July 2009<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Jailbreaks iPhone OS 3.0 on the [[n88ap|iPhone 3GS]] only.<br />
|-<br />
|}<br />
===First 0.9.x releases===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.9.2<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Supports 3.0-3.1.2 on all iPhones and iPod touches ([[tethered jailbreak|tethered]] for newer devices with [[0x24000 Segment Overflow]] closed)<br />
|-<br />
! 0.9.3<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Contains the IPCC hack to enable tethering on the iPhone 3G and 3GS.<br />
|-<br />
! 0.9.4<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Supports jailbreaking iOS 3.1.3 on [[M68ap|iPhone 2G]], [[N82ap|iPhone 3G]], [[N45ap|iPod touch 1G]], [[N72ap|iPod touch 2G]] ([[iBoot-240.4|old bootrom]])<br />
|-<br />
|}<br />
===0.9.5 series===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.9.5 beta 3<br />
| style="white-space: nowrap;" | June 21, 2010<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Supports jailbreaking iOS 4.0 on [[N82ap|iPhone 3G]] and [[N72ap|iPod touch 2G]] ([[iBoot-240.4|old bootrom]])<br />
|-<br />
! 0.9.5 beta 4<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Resolved a problem with iBooks.<br />
|-<br />
! 0.9.5 beta 5<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Supposed to fix any APN or MMS issues that users were seeing.<br />
|-<br />
|}<br />
<br />
===0.9.6 series===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.9.6 beta 1<br />
| style="white-space: nowrap;" | September 21, 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Supports jailbreaking iOS 4.0-4.1 on [[N82ap|iPhone 3G]] and [[N72ap|iPod touch 2G]] ([[tethered jailbreak|tethered]] on [[iBoot-240.5.1|new bootrom]])<br />
|-<br />
! 0.9.6 beta 2<br />
| style="white-space: nowrap;" | October 31, 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Supports jailbreaking iOS 3.2.2 and 4.0-4.1 on every device that supports those firmwares (except [[N72ap|iPod touch 2G]] with [[iBoot-240.5.1|new bootrom]]) .<br />
** The [[N82ap|iPhone 3G]], [[N72ap|iPod touch 2G]] ([[iBoot-240.4|old bootrom]]), and [[N88ap|iPhone 3GS]] ([[iBoot-359.3|old bootrom]]) can also have custom boot logos.<br />
* The Windows version also includes a function that permits users to restore to a custom [[IPSW File Format|IPSW]], akin to [[PwnageTool]]'s DFU button.<br />
|-<br />
! 0.9.6 beta 3<br />
| style="white-space: nowrap;" | November 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Supports the installation of custom bundles<br />
|-<br />
! 0.9.6 beta 4<br />
| style="white-space: nowrap;" | November 23, 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Jailbreaks iOS 4.1-4.2.1 on all compatible devices.<br />
** [[Tethered jailbreak]] on devices that are not vulnerable to [[Pwnage 2.0]] or [[0x24000 Segment Overflow]].<br />
|-<br />
! 0.9.6 beta 5<br />
| style="white-space: nowrap;" | November 28, 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Can update the baseband on the [[X-Gold 608]] to [[6.15.00]], allowing the reuse of the [[AT+XAPP Vulnerability]]<br />
|-<br />
! 0.9.6 beta 6<br />
| style="white-space: nowrap;" | December 1, 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Allows you to "deactivate" a hacktivated phone, so sbinger's [http://www.bingner.com/SAM.html Subscriber Artificial Module] (SAM) can trick your iPhone and [[iTunes]] into creating legitimate activation tickets.<br />
|-<br />
! 0.9.6 release candidate 7<br />
| style="white-space: nowrap;" | January 2, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Introduced command-line arguments to bypass some screens.<br />
** -b <filename> to specify your own boot logo PNG<br />
** -i <filename> to specify your reference IPSW<br />
** -j to ask redsn0w to “Just boot now tethered for now”<br />
** -o for [[N88ap|iPhone 3GS]] and [[N72ap|iPod touch 2G]] units vulnerable to [[0x24000 Segment Overflow]].<br />
|-<br />
! 0.9.6 release candidate 8<br />
| style="white-space: nowrap;" | January 5, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Informs users if a boot logo PNG is invalid, and why.<br />
* Introduced the "-a" command-line argument to eliminate clicking.<br />
|-<br />
! 0.9.6 release candidate 9<br />
| style="white-space: nowrap;" | April 3, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Adds support for jailbreaking iOS 4.3.1 on all compatible devices except the [[iPad 2]] and [[k66ap|Apple TV 2]].<br />
* New command line parameters k and d [http://twitpic.com/4gg8n1]:<br />
** -k --kernelcache=<str> use specified kernelcache (advanced)<br />
** -d --devicetree=<str> use specified devicetree (advanced)<br />
|-<br />
! 0.9.6 release candidate 10<br />
| style="white-space: nowrap;" | April 7, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Added boot animations<br />
* Removed misleading Settings<br />
|-<br />
! 0.9.6 release candidate 11<br />
| style="white-space: nowrap;" | April 7, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Makes the boot animation a bit more robust<br />
|-<br />
! 0.9.6 release candidate 12<br />
| style="white-space: nowrap;" | April 8, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Fix any lingering issues with the boot animation<br />
|-<br />
! 0.9.6 release candidate 13<br />
| style="white-space: nowrap;" | April 19, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Adds support for jailbreaking iOS 4.3.2 on all compatible devices except the [[iPad 2]].<br />
** A bug existed that prevented the [[N90ap|iPhone 4 (GSM model)]] from being jailbroken on iOS 4.3.2.<br />
|-<br />
! 0.9.6 release candidate 14<br />
| style="white-space: nowrap;" | April 19, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Fixes an issue that prevented the [[N90ap|iPhone 4 (GSM model)]] from being jailbroken.<br />
|-<br />
! 0.9.6 release candidate 15<br />
| style="white-space: nowrap;" | May 06, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Adds support for jailbreaking iOS 4.3.3 on all compatible devices except the [[iPad 2]].<br />
|-<br />
! 0.9.6 release candidate 16<br />
| style="white-space: nowrap;" | May 16, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Fixes the [[N88ap|iPhone 3GS]]/[[N90ap|iPhone 4 (GSM model)]] side switch vibration issue found in jailbroken installations of iOS 4.3.3.<br />
|-<br />
! 0.9.6 release candidate 17<br />
| style="white-space: nowrap;" | May 20, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Adds advanced command line options for kernel hackers.<br />
|-<br />
! 0.9.6 release candidate 18<br />
| style="white-space: nowrap;" | June 14, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Adds support for jailbreaking iOS 4.2.8 on the [[N92ap|iPhone 4 (CDMA model)]].<br />
|-<br />
! 0.9.6 release candidate 19<br />
| style="white-space: nowrap;" | July 12, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* When a custom bundle is applied, most of the normal jailbreak steps (like stashing and untethering) are skipped.<br />
|}<br />
<br />
===0.9.7 series===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.9.7 beta 1<br />
| style="white-space: nowrap;" | December 26, 2010<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Jailbreaks iOS 4.1-4.2.1 on all compatible devices.<br />
** Able to achieve an [[untethered jailbreak]] on 4.2.1, provided the user has 4.2b3 [[SHSH]]s and the 4.2b3 [[IPSW File Format|IPSW]].<br />
*** This version of "Jailbreak Monte" has quite a number of bugs, particularly app switcher crashes and disabled [[Bluetooth]].<br />
|-<br />
! 0.9.7 beta 2<br />
| style="white-space: nowrap;" | December 26, 2010<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Fixes crashing bugs on GUI apps.<br />
|-<br />
! 0.9.7 beta 3<br />
| style="white-space: nowrap;" | December 27, 2010<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Fixes crashing bugs completely.<br />
|-<br />
! 0.9.7 beta 4<br />
| style="white-space: nowrap;" | December 31, 2010<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* ubsmuxd integrated.<br />
|-<br />
! 0.9.7 beta 5<br />
| style="white-space: nowrap;" | January 8, 2011<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Issues related to [[Bluetooth]] and the sandbox are resolved.<br />
|-<br />
! 0.9.7 beta 6<br />
| style="white-space: nowrap;" | January 10, 2011<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* fixes Skype<br />
|}<br />
<br />
===0.9.8 series===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.9.8 beta 1<br />
| style="white-space: nowrap;" | June 10, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Performs a [[tethered jailbreak]] of iOS 5.0 betas 1 and 2 (when pointed at the beta 1 IPSW) on all compatible devices except the [[iPad 2]].<br />
|-<br />
! 0.9.8 beta 2<br />
| style="white-space: nowrap;" | July 11, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Performs a [[tethered jailbreak]] of iOS 5.0 betas 1, 2, and 3 on all compatible device except the [[iPad 2]].<br />
* Fixes the iOS 5 beta 3 sandbox issues present in the previous version.<br />
|-<br />
! 0.9.8 beta 3<br />
| style="white-space: nowrap;" | July 16, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
| <br />
* Performs a [[tethered jailbreak]] of iOS 4.3.4 and iOS 5.0 betas 1, 2, and 3.<br />
|-<br />
! 0.9.8 beta 4<br />
| style="white-space: nowrap;" | July 23, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
| <br />
* Performs a [[tethered jailbreak]] of iOS 5.0 betas 1, 2, 3, and 4.<br />
|-<br />
! 0.9.8 beta 5<br />
| style="white-space: nowrap;" | August 9, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
| <br />
* Performs a [[tethered jailbreak]] of iOS 5.0 betas 1, 2, 3, 4 and 5.<br />
|-<br />
! 0.9.8 beta 6<br />
| style="white-space: nowrap;" | August 23, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
| <br />
* Performs a [[tethered jailbreak]] of iOS 5.0 betas 1, 2, 3, 4, 5, and 6.<br />
|-<br />
! 0.9.8 beta 7<br />
| style="white-space: nowrap;" | August 31, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Performs a [[tethered jailbreak]] of iOS 5.0 betas 1, 2, 3, 4, 5 and 6.<br />
* Performs a [[tethered jailbreak]] of iOS 4.3.5 and 4.2.10 without pointing at an older IPSW.<br />
* Performs a [[tethered jailbreak]] of iOS 5.0 beta 6 on a new, silently changed (by Apple) [[K48AP|iPad 1]] IPSW.<br />
* Fixes a bug in the 4.2.10 jailbreak on the [[N92AP|iPhone 4 CDMA]] [[tethered jailbreak]].<br />
|}<br />
<br />
== Exploits used ==<br />
For [[M68ap|iPhone]], [[N45ap|iPod touch]], and [[N82ap|iPhone 3G]], see:<br />
*[[Pwnage]]<br />
*[[Pwnage 2.0]]<br />
<br />
For [[N72ap|iPod touch 2G]], see:<br />
*[[0x24000 Segment Overflow]]<br />
*[[ARM7 Go]] - used to upload the oversized [[LLB]] required to utilize the 0x24000 Segment Overflow.<br />
*[[usb_control_msg(0xA1, 1) Exploit]] - used (in redsn0w 0.9.6 beta 1) to upload the oversized [[LLB]] to utilize the 0x24000 Segment Overflow, as well as a [[tethered jailbreak]] on units with the [[iBoot-240.5.1|new bootrom]].<br />
<br />
For [[N88ap|iPhone 3GS]], see:<br />
*[[0x24000 Segment Overflow]]<br />
*[[iBoot Environment Variable Overflow]] - Exploit has a different implementation from [[User:geohot|geohot]]'s implementation in [[purplera1n]].<br />
*[[usb_control_msg(0x21, 2) Exploit]]<br />
*limera1n exploit<br />
<br />
For [[N18ap|iPod touch 3G]]<br />
*[[usb_control_msg(0x21, 2) Exploit]]<br />
*limera1n exploit<br />
<br />
for [[N90ap|iPhone 4]], [[N81ap|iPod touch 4G]], [[K48ap|iPad]] and [[K66ap|Apple TV 2G]]<br />
*limera1n exploit<br />
<br />
[[Category:Hacking Software]]</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=Redsn0w&diff=20767Redsn0w2011-08-31T11:06:51Z<p>Windows Helpdesk: /* 0.9.8 series */</p>
<hr />
<div>{{DISPLAYTITLE:redsn0w}}<br />
[[Image:Redsn0w.png|thumb|redsn0w on Mac OS X]]<br />
redsn0w was originally called [[QuickPwn]] but due to the theft and exploitation of the name, QuickPWN by quickpwn.com, as of iOS 3.0, QuickPwn was discontinued and redsn0w (at the time, version 0.7) was converted into a [[jailbreak]]ing tool for all current devices as well as providing [[unlock]] support the [[M68ap|iPhone 2G]]. As of version 0.8, the [[N88ap|iPhone 3GS]] can also be jailbroken through redsn0w.<br />
<br />
Version 0.9 beta 3 was released for Windows and Mac OS X, and it allows iOS 3.0 through 3.1.2 to be jailbroken. It includes support for all devices except the [[N18ap|iPod touch 3G]], and supports a [[tethered jailbreak]] on [[N88ap|iPhone 3GS]] units and [[N72ap|iPod touch 2G]] units with new bootroms. In addition, this version supports custom boot and recovery mode logos, as well as verbose mode on bootup.<br />
<br />
Version [http://wikee.iphwn.org/howto:rs9 0.9.2] supports jailbreaking of all iDevices (at the time) with iOS 3.0 through 3.1.2 on Windows and Mac OS X, as well as 3.1.3 on [[S5L8900]] devices. Version 0.9.3 adds support of internet tethering IPCC hack on those devices and 0.9.4 allows jailbreaking of early [[N72ap|iPod touch 2G]] with iOS 3.1.3.<br />
<br />
Version [http://wikee.iphwn.org/howto:rsbeta 0.9.5b5-5] supports jailbreaking the [[N82ap|iPhone 3G]] and [[N72ap|iPod touch 2G]] ([[iBoot-240.4|old bootrom]]) with iOS 4.0 on Windows and Mac OS X.<br />
<br />
redsn0w [http://blog.iphone-dev.org/post/1718400992 0.9.6b6] can jailbreak iOS 3.2.2, 4.1, and 4.2.1 for every device that supports those versions (except Apple TV 2G), on Windows and Mac OS X.<br />
<br />
== Credit ==<br />
[[iPhone Dev Team]]<br />
<br />
== Versions ==<br />
===Initial Release and updates until 0.8===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.1<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Jailbreak for the [[n72ap|iPod touch 2G]].<br />
|-<br />
|-<br />
! 0.7<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{yes}}<br />
|-<br />
! 0.8<br />
| style="white-space: nowrap;" | July 2009<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Jailbreaks iPhone OS 3.0 on the [[n88ap|iPhone 3GS]] only.<br />
|-<br />
|}<br />
===First 0.9.x releases===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.9.2<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Supports 3.0-3.1.2 on all iPhones and iPod touches ([[tethered jailbreak|tethered]] for newer devices with [[0x24000 Segment Overflow]] closed)<br />
|-<br />
! 0.9.3<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Contains the IPCC hack to enable tethering on the iPhone 3G and 3GS.<br />
|-<br />
! 0.9.4<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Supports jailbreaking iOS 3.1.3 on [[M68ap|iPhone 2G]], [[N82ap|iPhone 3G]], [[N45ap|iPod touch 1G]], [[N72ap|iPod touch 2G]] ([[iBoot-240.4|old bootrom]])<br />
|-<br />
|}<br />
===0.9.5 series===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.9.5 beta 3<br />
| style="white-space: nowrap;" | June 21, 2010<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Supports jailbreaking iOS 4.0 on [[N82ap|iPhone 3G]] and [[N72ap|iPod touch 2G]] ([[iBoot-240.4|old bootrom]])<br />
|-<br />
! 0.9.5 beta 4<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Resolved a problem with iBooks.<br />
|-<br />
! 0.9.5 beta 5<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Supposed to fix any APN or MMS issues that users were seeing.<br />
|-<br />
|}<br />
<br />
===0.9.6 series===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.9.6 beta 1<br />
| style="white-space: nowrap;" | September 21, 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Supports jailbreaking iOS 4.0-4.1 on [[N82ap|iPhone 3G]] and [[N72ap|iPod touch 2G]] ([[tethered jailbreak|tethered]] on [[iBoot-240.5.1|new bootrom]])<br />
|-<br />
! 0.9.6 beta 2<br />
| style="white-space: nowrap;" | October 31, 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Supports jailbreaking iOS 3.2.2 and 4.0-4.1 on every device that supports those firmwares (except [[N72ap|iPod touch 2G]] with [[iBoot-240.5.1|new bootrom]]) .<br />
** The [[N82ap|iPhone 3G]], [[N72ap|iPod touch 2G]] ([[iBoot-240.4|old bootrom]]), and [[N88ap|iPhone 3GS]] ([[iBoot-359.3|old bootrom]]) can also have custom boot logos.<br />
* The Windows version also includes a function that permits users to restore to a custom [[IPSW File Format|IPSW]], akin to [[PwnageTool]]'s DFU button.<br />
|-<br />
! 0.9.6 beta 3<br />
| style="white-space: nowrap;" | November 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Supports the installation of custom bundles<br />
|-<br />
! 0.9.6 beta 4<br />
| style="white-space: nowrap;" | November 23, 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Jailbreaks iOS 4.1-4.2.1 on all compatible devices.<br />
** [[Tethered jailbreak]] on devices that are not vulnerable to [[Pwnage 2.0]] or [[0x24000 Segment Overflow]].<br />
|-<br />
! 0.9.6 beta 5<br />
| style="white-space: nowrap;" | November 28, 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Can update the baseband on the [[X-Gold 608]] to [[6.15.00]], allowing the reuse of the [[AT+XAPP Vulnerability]]<br />
|-<br />
! 0.9.6 beta 6<br />
| style="white-space: nowrap;" | December 1, 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Allows you to "deactivate" a hacktivated phone, so sbinger's [http://www.bingner.com/SAM.html Subscriber Artificial Module] (SAM) can trick your iPhone and [[iTunes]] into creating legitimate activation tickets.<br />
|-<br />
! 0.9.6 release candidate 7<br />
| style="white-space: nowrap;" | January 2, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Introduced command-line arguments to bypass some screens.<br />
** -b <filename> to specify your own boot logo PNG<br />
** -i <filename> to specify your reference IPSW<br />
** -j to ask redsn0w to “Just boot now tethered for now”<br />
** -o for [[N88ap|iPhone 3GS]] and [[N72ap|iPod touch 2G]] units vulnerable to [[0x24000 Segment Overflow]].<br />
|-<br />
! 0.9.6 release candidate 8<br />
| style="white-space: nowrap;" | January 5, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Informs users if a boot logo PNG is invalid, and why.<br />
* Introduced the "-a" command-line argument to eliminate clicking.<br />
|-<br />
! 0.9.6 release candidate 9<br />
| style="white-space: nowrap;" | April 3, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Adds support for jailbreaking iOS 4.3.1 on all compatible devices except the [[iPad 2]] and [[k66ap|Apple TV 2]].<br />
* New command line parameters k and d [http://twitpic.com/4gg8n1]:<br />
** -k --kernelcache=<str> use specified kernelcache (advanced)<br />
** -d --devicetree=<str> use specified devicetree (advanced)<br />
|-<br />
! 0.9.6 release candidate 10<br />
| style="white-space: nowrap;" | April 7, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Added boot animations<br />
* Removed misleading Settings<br />
|-<br />
! 0.9.6 release candidate 11<br />
| style="white-space: nowrap;" | April 7, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Makes the boot animation a bit more robust<br />
|-<br />
! 0.9.6 release candidate 12<br />
| style="white-space: nowrap;" | April 8, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Fix any lingering issues with the boot animation<br />
|-<br />
! 0.9.6 release candidate 13<br />
| style="white-space: nowrap;" | April 19, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Adds support for jailbreaking iOS 4.3.2 on all compatible devices except the [[iPad 2]].<br />
** A bug existed that prevented the [[N90ap|iPhone 4 (GSM model)]] from being jailbroken on iOS 4.3.2.<br />
|-<br />
! 0.9.6 release candidate 14<br />
| style="white-space: nowrap;" | April 19, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Fixes an issue that prevented the [[N90ap|iPhone 4 (GSM model)]] from being jailbroken.<br />
|-<br />
! 0.9.6 release candidate 15<br />
| style="white-space: nowrap;" | May 06, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Adds support for jailbreaking iOS 4.3.3 on all compatible devices except the [[iPad 2]].<br />
|-<br />
! 0.9.6 release candidate 16<br />
| style="white-space: nowrap;" | May 16, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Fixes the [[N88ap|iPhone 3GS]]/[[N90ap|iPhone 4 (GSM model)]] side switch vibration issue found in jailbroken installations of iOS 4.3.3.<br />
|-<br />
! 0.9.6 release candidate 17<br />
| style="white-space: nowrap;" | May 20, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Adds advanced command line options for kernel hackers.<br />
|-<br />
! 0.9.6 release candidate 18<br />
| style="white-space: nowrap;" | June 14, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Adds support for jailbreaking iOS 4.2.8 on the [[N92ap|iPhone 4 (CDMA model)]].<br />
|-<br />
! 0.9.6 release candidate 19<br />
| style="white-space: nowrap;" | July 12, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* When a custom bundle is applied, most of the normal jailbreak steps (like stashing and untethering) are skipped.<br />
|}<br />
<br />
===0.9.7 series===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.9.7 beta 1<br />
| style="white-space: nowrap;" | December 26, 2010<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Jailbreaks iOS 4.1-4.2.1 on all compatible devices.<br />
** Able to achieve an [[untethered jailbreak]] on 4.2.1, provided the user has 4.2b3 [[SHSH]]s and the 4.2b3 [[IPSW File Format|IPSW]].<br />
*** This version of "Jailbreak Monte" has quite a number of bugs, particularly app switcher crashes and disabled [[Bluetooth]].<br />
|-<br />
! 0.9.7 beta 2<br />
| style="white-space: nowrap;" | December 26, 2010<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Fixes crashing bugs on GUI apps.<br />
|-<br />
! 0.9.7 beta 3<br />
| style="white-space: nowrap;" | December 27, 2010<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Fixes crashing bugs completely.<br />
|-<br />
! 0.9.7 beta 4<br />
| style="white-space: nowrap;" | December 31, 2010<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* ubsmuxd integrated.<br />
|-<br />
! 0.9.7 beta 5<br />
| style="white-space: nowrap;" | January 8, 2011<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Issues related to [[Bluetooth]] and the sandbox are resolved.<br />
|-<br />
! 0.9.7 beta 6<br />
| style="white-space: nowrap;" | January 10, 2011<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* fixes Skype<br />
|}<br />
<br />
===0.9.8 series===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.9.8 beta 1<br />
| style="white-space: nowrap;" | June 10, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Performs a [[tethered jailbreak]] of iOS 5.0 betas 1 and 2 (when pointed at the beta 1 IPSW) on all compatible devices except the [[iPad 2]].<br />
|-<br />
! 0.9.8 beta 2<br />
| style="white-space: nowrap;" | July 11, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Performs a [[tethered jailbreak]] of iOS 5.0 betas 1, 2, and 3 on all compatible device except the [[iPad 2]].<br />
* Fixes the iOS 5 beta 3 sandbox issues present in the previous version.<br />
|-<br />
! 0.9.8 beta 3<br />
| style="white-space: nowrap;" | July 16, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
| <br />
* Performs a [[tethered jailbreak]] of iOS 4.3.4 and iOS 5.0 betas 1, 2, and 3.<br />
|-<br />
! 0.9.8 beta 4<br />
| style="white-space: nowrap;" | July 23, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
| <br />
* Performs a [[tethered jailbreak]] of iOS 5.0 betas 1, 2, 3, and 4.<br />
|-<br />
! 0.9.8 beta 5<br />
| style="white-space: nowrap;" | August 9, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
| <br />
* Performs a [[tethered jailbreak]] of iOS 5.0 betas 1, 2, 3, 4 and 5.<br />
|-<br />
! 0.9.8 beta 6<br />
| style="white-space: nowrap;" | August 23, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
| <br />
* Performs a [[tethered jailbreak]] of iOS 5.0 betas 1, 2, 3, 4, 5, and 6.<br />
|-<br />
! 0.9.8 beta 7<br />
| style="white-space: nowrap;" | August 31, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Performs a [[tethered jailbreak]] of iOS 5.0 betas 1, 2, 3, 4, 5 and 6.<br />
* Performs a [[tethered jailbreak]] of iOS 4.3.5 and 4.2.10 without pointing at an older IPSW.<br />
* Performs a [[tethered jailbreak]] of iOS 5.0 beta 6 on a new, silently changed (by Apple) [[iPad|iPad 1]] IPSW.<br />
* Fixes a bug in the 4.2.10 jailbreak on the [[iPhone 4 CDMA]] [[tethered jailbreak]].<br />
|}<br />
<br />
== Exploits used ==<br />
For [[M68ap|iPhone]], [[N45ap|iPod touch]], and [[N82ap|iPhone 3G]], see:<br />
*[[Pwnage]]<br />
*[[Pwnage 2.0]]<br />
<br />
For [[N72ap|iPod touch 2G]], see:<br />
*[[0x24000 Segment Overflow]]<br />
*[[ARM7 Go]] - used to upload the oversized [[LLB]] required to utilize the 0x24000 Segment Overflow.<br />
*[[usb_control_msg(0xA1, 1) Exploit]] - used (in redsn0w 0.9.6 beta 1) to upload the oversized [[LLB]] to utilize the 0x24000 Segment Overflow, as well as a [[tethered jailbreak]] on units with the [[iBoot-240.5.1|new bootrom]].<br />
<br />
For [[N88ap|iPhone 3GS]], see:<br />
*[[0x24000 Segment Overflow]]<br />
*[[iBoot Environment Variable Overflow]] - Exploit has a different implementation from [[User:geohot|geohot]]'s implementation in [[purplera1n]].<br />
*[[usb_control_msg(0x21, 2) Exploit]]<br />
*limera1n exploit<br />
<br />
For [[N18ap|iPod touch 3G]]<br />
*[[usb_control_msg(0x21, 2) Exploit]]<br />
*limera1n exploit<br />
<br />
for [[N90ap|iPhone 4]], [[N81ap|iPod touch 4G]], [[K48ap|iPad]] and [[K66ap|Apple TV 2G]]<br />
*limera1n exploit<br />
<br />
[[Category:Hacking Software]]</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=Talk:Jailbreak&diff=20766Talk:Jailbreak2011-08-31T10:58:21Z<p>Windows Helpdesk: </p>
<hr />
<div>Actually, I believe redsn0w (normal version) still loads a 2.1.1 iBoot & uses the arm7_go exploit to bootstrap the ramdisk that flashes the NOR, including an LLB with the 24kpwn exploit. Can someone confirm this? --[[User:Cool name|Cool name]] 01:33, 27 July 2009 (UTC)<br />
<br />
==Limera1n/Greenpois0n==<br />
<br />
We should really try to get a name for the exploit or find a way to add it to exploits used post 2.0 --[[User:JacobVengeance|JakeAnthraX]] 05:13, 30 October 2010 (UTC)<br />
:Apparenttly, limera1n uses SHAtter as it is unmatchable. Also google it --[[User:Balloonhead66|Balloonhead66]] 05:15, 30 October 2010 (UTC)<br />
:: SHAtter was not used and was saved. This is the iPhone wiki, usually people come here before googling and after all it should be here. --[[User:JacobVengeance|JakeAnthraX]] 05:20, 30 October 2010 (UTC)<br />
:::the exploit is used differently on both jailbreaks on [[limera1n]] it creates a command called geohot then reboots to recovery mode and boots a [[ramdisk]] however on [[Greenpois0n (jailbreak)|greenpois0n]] it injects [[IBSS]] and then uses the exploit to inject a pwnd [[IBEC]] in the description of shatter it did say it rebooted --[[User:Liamchat|liamchat]] 11:31, 30 October 2010 (UTC)<br />
::[SHAtter] was saved, [greenpois0n] uses the same exploit as [limera1n]. Also can someone stem the flow of crap coming from liamchat? It's getting annoying now. --[[User:GreySyntax|GreySyntax]] 11:45, 30 October 2010 (UTC)<br />
<br />
== "Exploits which are used in order to jailbreak 2.x?" ==<br />
<br />
The exploits used for jailbreaking iOS 1.x are broken down by firmware version. I'd like to accomplish the same thing for the 2.0 and onward section, since it's formatted much differently. But then I thought to myself, "This is going to be a huge revision that may receive sharp criticism. Let me make a talk page entry for this." So that's what I did…<br />
<br />
So, in other words, would it be fine if the "Exploits which are used in order to jailbreak 2.0+" section was changed to something similar to the "Exploits which are used in order to jailbreak 1.x" section? --[[User:Dialexio|<span style="color:#C20; font-weight:normal;">Dialexio</span>]] 02:16, 11 July 2011 (UTC)<br />
:Sounds like a good idea to me. Wouldn't it be easier to also separate them by major revisions? Like have a 2.X section, a 3.X section, a 4.X section, and soon to be 5.X? --[[User:JacobVengeance|JakeAnthraX]] 02:27, 11 July 2011 (UTC)<br />
::Of course! I was planning to do that, too. :P --[[User:Dialexio|<span style="color:#C20; font-weight:normal;">Dialexio</span>]] 02:31, 11 July 2011 (UTC)<br />
<br />
== 4.3.5 / 4.2.10 ==<br />
I've changed references to 0.9.8b3 to 0.9.8b7 for 4.3.5 tethered jailbreaks (see latest iPhone Dev rs iOS5beta posting). Should the Main Page be changed to reflect that an official jailbreak is available? Or will this only be changed on release of an untethered exploit being made available? Also fixed an error in which a reference to 0.9.6rc18 was existent with a question mark. Now changed to the accurate version of rs beta that needs to be used for 4.3.4 on that device. I've left 0.9.8b3 for 4.3.4 simply because that was the first release supporting it. Hope this is okay. [[User:Windows Helpdesk|blackthund3r]] 04:57, 31 August 2011 (MDT)</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=Talk:Jailbreak&diff=20765Talk:Jailbreak2011-08-31T10:57:52Z<p>Windows Helpdesk: Opened discussion re. 4.3.4 / 4.3.5 and main page</p>
<hr />
<div>Actually, I believe redsn0w (normal version) still loads a 2.1.1 iBoot & uses the arm7_go exploit to bootstrap the ramdisk that flashes the NOR, including an LLB with the 24kpwn exploit. Can someone confirm this? --[[User:Cool name|Cool name]] 01:33, 27 July 2009 (UTC)<br />
<br />
==Limera1n/Greenpois0n==<br />
<br />
We should really try to get a name for the exploit or find a way to add it to exploits used post 2.0 --[[User:JacobVengeance|JakeAnthraX]] 05:13, 30 October 2010 (UTC)<br />
:Apparenttly, limera1n uses SHAtter as it is unmatchable. Also google it --[[User:Balloonhead66|Balloonhead66]] 05:15, 30 October 2010 (UTC)<br />
:: SHAtter was not used and was saved. This is the iPhone wiki, usually people come here before googling and after all it should be here. --[[User:JacobVengeance|JakeAnthraX]] 05:20, 30 October 2010 (UTC)<br />
:::the exploit is used differently on both jailbreaks on [[limera1n]] it creates a command called geohot then reboots to recovery mode and boots a [[ramdisk]] however on [[Greenpois0n (jailbreak)|greenpois0n]] it injects [[IBSS]] and then uses the exploit to inject a pwnd [[IBEC]] in the description of shatter it did say it rebooted --[[User:Liamchat|liamchat]] 11:31, 30 October 2010 (UTC)<br />
::[SHAtter] was saved, [greenpois0n] uses the same exploit as [limera1n]. Also can someone stem the flow of crap coming from liamchat? It's getting annoying now. --[[User:GreySyntax|GreySyntax]] 11:45, 30 October 2010 (UTC)<br />
<br />
== "Exploits which are used in order to jailbreak 2.x?" ==<br />
<br />
The exploits used for jailbreaking iOS 1.x are broken down by firmware version. I'd like to accomplish the same thing for the 2.0 and onward section, since it's formatted much differently. But then I thought to myself, "This is going to be a huge revision that may receive sharp criticism. Let me make a talk page entry for this." So that's what I did…<br />
<br />
So, in other words, would it be fine if the "Exploits which are used in order to jailbreak 2.0+" section was changed to something similar to the "Exploits which are used in order to jailbreak 1.x" section? --[[User:Dialexio|<span style="color:#C20; font-weight:normal;">Dialexio</span>]] 02:16, 11 July 2011 (UTC)<br />
:Sounds like a good idea to me. Wouldn't it be easier to also separate them by major revisions? Like have a 2.X section, a 3.X section, a 4.X section, and soon to be 5.X? --[[User:JacobVengeance|JakeAnthraX]] 02:27, 11 July 2011 (UTC)<br />
::Of course! I was planning to do that, too. :P --[[User:Dialexio|<span style="color:#C20; font-weight:normal;">Dialexio</span>]] 02:31, 11 July 2011 (UTC)<br />
<br />
== 4.2.5 ==<br />
I've changed references to 0.9.8b3 to 0.9.8b7 for 4.3.5 tethered jailbreaks (see latest iPhone Dev rs iOS5beta posting). Should the Main Page be changed to reflect that an official jailbreak is available? Or will this only be changed on release of an untethered exploit being made available? Also fixed an error in which a reference to 0.9.6rc18 was existent with a question mark. Now changed to the accurate version of rs beta that needs to be used for 4.3.4 on that device. I've left 0.9.8b3 for 4.3.4 simply because that was the first release supporting it. Hope this is okay. [[User:Windows Helpdesk|blackthund3r]] 04:57, 31 August 2011 (MDT)</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=Redsn0w&diff=19251Redsn0w2011-07-14T07:58:30Z<p>Windows Helpdesk: </p>
<hr />
<div>{{DISPLAYTITLE:redsn0w}}<br />
[[Image:Redsn0w.png|thumb|redsn0w on Mac OS X]]<br />
redsn0w was originally called [[QuickPwn]] but due to the theft and exploitation of the name, QuickPWN by quickpwn.com, as of iOS 3.0, QuickPwn was discontinued and redsn0w (at the time, version 0.7) was converted into a [[jailbreak]]ing tool for all current devices as well as providing [[unlock]] support the [[M68ap|iPhone 2G]]. As of version 0.8, the [[N88ap|iPhone 3GS]] can also be jailbroken through redsn0w.<br />
<br />
Version 0.9 beta 3 was released for Windows and Mac OS X, and it allows iOS 3.0 through 3.1.2 to be jailbroken. It includes support for all devices except the [[N18ap|iPod touch 3G]], and supports a [[tethered jailbreak]] on [[N88ap|iPhone 3GS]] units and [[N72ap|iPod touch 2G]] units with new bootroms. In addition, this version supports custom boot and recovery mode logos, as well as verbose mode on bootup.<br />
<br />
Version [http://wikee.iphwn.org/howto:rs9 0.9.2] supports jailbreaking of all iDevices (at the time) with iOS 3.0 through 3.1.2 on Windows and Mac OS X, as well as 3.1.3 on [[S5L8900]] devices. Version 0.9.3 adds support of internet tethering IPCC hack on those devices and 0.9.4 allows jailbreaking of early [[N72ap|iPod touch 2G]] with iOS 3.1.3.<br />
<br />
Version [http://wikee.iphwn.org/howto:rsbeta 0.9.5b5-5] supports jailbreaking the [[N82ap|iPhone 3G]] and [[N72ap|iPod touch 2G]] ([[iBoot-240.4|old bootrom]]) with iOS 4.0 on Windows and Mac OS X.<br />
<br />
redsn0w [http://blog.iphone-dev.org/post/1718400992 0.9.6b6] can jailbreak iOS 3.2.2, 4.1, and 4.2.1 for every device that supports those versions (except Apple TV 2G), on Windows and Mac OS X.<br />
<br />
== Credit ==<br />
[[iPhone Dev Team]]<br />
<br />
== Versions ==<br />
===Initial Release and updates until 0.8===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.1<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Jailbreak for the [[n72ap|iPod touch 2G]].<br />
|-<br />
|-<br />
! 0.7<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{yes}}<br />
|-<br />
! 0.8<br />
| style="white-space: nowrap;" | July 2009<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Jailbreaks iPhone OS 3.0 on the [[n88ap|iPhone 3GS]] only.<br />
|-<br />
|}<br />
===First 0.9.x releases===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.9.2<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Supports 3.0-3.1.2 on all iPhones and iPod touches ([[tethered jailbreak|tethered]] for newer devices with [[0x24000 Segment Overflow]] closed)<br />
|-<br />
! 0.9.3<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Contains the IPCC hack to enable tethering on the iPhone 3G and 3GS.<br />
|-<br />
! 0.9.4<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Supports jailbreaking iOS 3.1.3 on [[M68ap|iPhone 2G]], [[N82ap|iPhone 3G]], [[N45ap|iPod touch 1G]], [[N72ap|iPod touch 2G]] ([[iBoot-240.4|old bootrom]])<br />
|-<br />
|}<br />
===0.9.5 series===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.9.5 beta 3<br />
| style="white-space: nowrap;" | June 21, 2010<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Supports jailbreaking iOS 4.0 on [[N82ap|iPhone 3G]] and [[N72ap|iPod touch 2G]] ([[iBoot-240.4|old bootrom]])<br />
|-<br />
! 0.9.5 beta 4<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Resolved a problem with iBooks.<br />
|-<br />
! 0.9.5 beta 5<br />
| style="white-space: nowrap;" | Unknown<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Supposed to fix any APN or MMS issues that users were seeing.<br />
|-<br />
|}<br />
<br />
===0.9.6 series===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.9.6 beta 1<br />
| style="white-space: nowrap;" | September 21, 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Supports jailbreaking iOS 4.0-4.1 on [[N82ap|iPhone 3G]] and [[N72ap|iPod touch 2G]] ([[tethered jailbreak|tethered]] on [[iBoot-240.5.1|new bootrom]])<br />
|-<br />
! 0.9.6 beta 2<br />
| style="white-space: nowrap;" | October 31, 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Supports jailbreaking iOS 3.2.2 and 4.0-4.1 on every device that supports those firmwares (except [[N72ap|iPod touch 2G]] with [[iBoot-240.5.1|new bootrom]]) .<br />
** The [[N82ap|iPhone 3G]], [[N72ap|iPod touch 2G]] ([[iBoot-240.4|old bootrom]]), and [[N88ap|iPhone 3GS]] ([[iBoot-359.3|old bootrom]]) can also have custom boot logos.<br />
* The Windows version also includes a function that permits users to restore to a custom [[IPSW File Format|IPSW]], akin to [[PwnageTool]]'s DFU button.<br />
|-<br />
! 0.9.6 beta 3<br />
| style="white-space: nowrap;" | November 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Supports the installation of custom bundles<br />
|-<br />
! 0.9.6 beta 4<br />
| style="white-space: nowrap;" | November 23, 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Jailbreaks iOS 4.1-4.2.1 on all compatible devices.<br />
** [[Tethered jailbreak]] on devices that are not vulnerable to [[Pwnage 2.0]] or [[0x24000 Segment Overflow]].<br />
|-<br />
! 0.9.6 beta 5<br />
| style="white-space: nowrap;" | November 28, 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Can update the baseband on the [[X-Gold 608]] to [[6.15.00]], allowing the reuse of the [[AT+XAPP Vulnerability]]<br />
|-<br />
! 0.9.6 beta 6<br />
| style="white-space: nowrap;" | December 1, 2010<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Allows you to "deactivate" a hacktivated phone, so sbinger's [http://www.bingner.com/SAM.html Subscriber Artificial Module] (SAM) can trick your iPhone and [[iTunes]] into creating legitimate activation tickets.<br />
|-<br />
! 0.9.6 release candidate 7<br />
| style="white-space: nowrap;" | January 2, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Introduced command-line arguments to bypass some screens.<br />
** -b <filename> to specify your own boot logo PNG<br />
** -i <filename> to specify your reference IPSW<br />
** -j to ask redsn0w to “Just boot now tethered for now”<br />
** -o for [[N88ap|iPhone 3GS]] and [[N72ap|iPod touch 2G]] units vulnerable to [[0x24000 Segment Overflow]].<br />
|-<br />
! 0.9.6 release candidate 8<br />
| style="white-space: nowrap;" | January 5, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Informs users if a boot logo PNG is invalid, and why.<br />
* Introduced the "-a" command-line argument to eliminate clicking.<br />
|-<br />
! 0.9.6 release candidate 9<br />
| style="white-space: nowrap;" | April 3, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Adds support for jailbreaking iOS 4.3.1 on all compatible devices except the [[iPad 2]] and [[k66ap|Apple TV 2]].<br />
* New command line parameters k and d [http://twitpic.com/4gg8n1]:<br />
** -k --kernelcache=<str> use specified kernelcache (advanced)<br />
** -d --devicetree=<str> use specified devicetree (advanced)<br />
|-<br />
! 0.9.6 release candidate 10<br />
| style="white-space: nowrap;" | April 7, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Added boot animations<br />
* Removed misleading Settings<br />
|-<br />
! 0.9.6 release candidate 11<br />
| style="white-space: nowrap;" | April 7, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Makes the boot animation a bit more robust<br />
|-<br />
! 0.9.6 release candidate 12<br />
| style="white-space: nowrap;" | April 8, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Fix any lingering issues with the boot animation<br />
|-<br />
! 0.9.6 release candidate 13<br />
| style="white-space: nowrap;" | April 19, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Adds support for jailbreaking iOS 4.3.2 on all compatible devices except the [[iPad 2]].<br />
** A bug existed that prevented the [[N90ap|iPhone 4 (GSM model)]] from being jailbroken on iOS 4.3.2.<br />
|-<br />
! 0.9.6 release candidate 14<br />
| style="white-space: nowrap;" | April 19, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Fixes an issue that prevented the [[N90ap|iPhone 4 (GSM model)]] from being jailbroken.<br />
|-<br />
! 0.9.6 release candidate 15<br />
| style="white-space: nowrap;" | May 06, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Adds support for jailbreaking iOS 4.3.3 on all compatible devices except the [[iPad 2]].<br />
|-<br />
! 0.9.6 release candidate 16<br />
| style="white-space: nowrap;" | May 16, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Fixes the [[N88ap|iPhone 3GS]]/[[N90ap|iPhone 4 (GSM model)]] side switch vibration issue found in jailbroken installations of iOS 4.3.3.<br />
|-<br />
! 0.9.6 release candidate 17<br />
| style="white-space: nowrap;" | May 20, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Adds advanced command line options for kernel hackers.<br />
|-<br />
! 0.9.6 release candidate 18<br />
| style="white-space: nowrap;" | June 14, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Adds support for jailbreaking iOS 4.2.8 on the [[N92ap|iPhone 4 (CDMA model)]].<br />
|-<br />
! 0.9.6 release candidate 19<br />
| style="white-space: nowrap;" | July 12, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* When a custom bundle is applied, most of the normal jailbreak steps (like stashing and untethering) are skipped.<br />
|}<br />
<br />
===0.9.7 series===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.9.7 beta 1<br />
| style="white-space: nowrap;" | December 26, 2010<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Jailbreaks iOS 4.1-4.2.1 on all compatible devices.<br />
** Able to achieve an [[untethered jailbreak]] on 4.2.1, provided the user has 4.2b3 [[SHSH]]s and the 4.2b3 [[IPSW File Format|IPSW]].<br />
*** This version of "Jailbreak Monte" has quite a number of bugs, particularly app switcher crashes and disabled [[Bluetooth]].<br />
|-<br />
! 0.9.7 beta 2<br />
| style="white-space: nowrap;" | December 26, 2010<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Fixes crashing bugs on GUI apps.<br />
|-<br />
! 0.9.7 beta 3<br />
| style="white-space: nowrap;" | December 27, 2010<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Fixes crashing bugs completely.<br />
|-<br />
! 0.9.7 beta 4<br />
| style="white-space: nowrap;" | December 31, 2010<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* ubsmuxd integrated.<br />
|-<br />
! 0.9.7 beta 5<br />
| style="white-space: nowrap;" | January 8, 2011<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* Issues related to [[Bluetooth]] and the sandbox are resolved.<br />
|-<br />
! 0.9.7 beta 6<br />
| style="white-space: nowrap;" | January 10, 2011<br />
| {{yes}}<br />
| {{no}}<br />
|<br />
* fixes Skype<br />
|}<br />
<br />
===0.9.8 series===<br />
{| class="wikitable" width="100%" style="font-size:smaller;border-collapse:collapse;" border="1"<br />
! style="background-color:#E9E9E9;text-align:center;width:150px;" | Version<br />
! style="background-color:#E9E9E9;text-align:center;width:175px;" | Release date<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Mac OS X-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;width:75px;" | Windows-compatible?<br />
! style="background-color:#E9E9E9;text-align:center;" | Changes<br />
|-<br />
! 0.9.8 beta 1<br />
| style="white-space: nowrap;" | June 10, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Performs a [[tethered jailbreak]] of iOS 5.0b1 and, when pointed at the b1 IPSW, 5.0b2 on all compatible devices except the [[iPad 2]].<br />
|-<br />
! 0.9.8 beta 2<br />
| style="white-space: nowrap;" | July 11, 2011<br />
| {{yes}}<br />
| {{yes}}<br />
|<br />
* Performs a [[tethered jailbreak]] of iOS5b1, iOS5b2 and iOS5b3 (fixes the iOS5b3 sandbox issues present in 0.9.8b1) on all compatible device except the [[iPad 2]]<br />
|}<br />
<br />
== Exploits used ==<br />
For [[M68ap|iPhone]], [[N45ap|iPod touch]], and [[N82ap|iPhone 3G]], see:<br />
*[[Pwnage]]<br />
*[[Pwnage 2.0]]<br />
<br />
For [[N72ap|iPod touch 2G]], see:<br />
*[[0x24000 Segment Overflow]]<br />
*[[ARM7 Go]] - used to upload the oversized [[LLB]] required to utilize the 0x24000 Segment Overflow.<br />
*[[usb_control_msg(0xA1, 1) Exploit]] - used (in redsn0w 0.9.6 beta 1) to upload the oversized [[LLB]] to utilize the 0x24000 Segment Overflow, as well as a [[tethered jailbreak]] on units with the [[iBoot-240.5.1|new bootrom]].<br />
<br />
For [[N88ap|iPhone 3GS]], see:<br />
*[[0x24000 Segment Overflow]]<br />
*[[iBoot Environment Variable Overflow]] - Exploit has a different implementation from [[User:geohot|geohot]]'s implementation in [[purplera1n]].<br />
*[[usb_control_msg(0x21, 2) Exploit]]<br />
*limera1n exploit<br />
<br />
For [[N18ap|iPod touch 3G]]<br />
*[[usb_control_msg(0x21, 2) Exploit]]<br />
*limera1n exploit<br />
<br />
for [[N90ap|iPhone 4]], [[N81ap|iPod touch 4G]], [[K48ap|iPad]] and [[K66ap|Apple TV 2G]]<br />
*limera1n exploit<br />
<br />
[[Category:Hacking Software]]</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=The_iPhone_Wiki:Spam&diff=17489The iPhone Wiki:Spam2011-04-16T13:25:31Z<p>Windows Helpdesk: </p>
<hr />
<div>===Invite System===<br />
How do we combat this recent spamming of this wiki? I suggest a possible invite system or similar? --[[User:Srts|Srts]] 02:24, 9 November 2009 (UTC)<br />
:I have already blocked account signup, they must have had this account for a while. --[[User:Geohot|geohot]] 02:29, 9 November 2009 (UTC)<br />
::Well if they don't stop, we can't have account creation disabled forever, defeats the purpose of the wiki. People like him are sad. Great work to all the sysops et all. keeping disruption to a minimal :D --[[User:Srts|Srts]] 02:34, 9 November 2009 (UTC)<br />
:::Yea thanks a lot guys for putting up with this. We'll give a bit of time, and if they continue, we'll figure something out. This kid keep trying to reset my password for hosting and the wiki. Too bad he doesn't have a life. --[[User:Geohot|geohot]] 03:10, 9 November 2009 (UTC)<br />
:::An invite system might not be a bad idea actually [[User:ChronicDev|Will Strafach]] 03:16, 9 November 2009 (UTC)<br />
::::feel free to post their IP addresses, lol --[[User:Posixninja|posixninja]] 04:08, 9 November 2009 (UTC)<br />
::::Well, if you need an extra admin to block them (and delete spam pages), I volunteer. --[[User:Dranfi|Dranfi]]<br />
:::::Congrats, you're an admin --[[User:Geohot|geohot]] 13:22, 9 November 2009 (UTC)<br />
<br />
===IP ranges, approval system===<br />
How many different IPs are we dealing with? Is it within a specific range? For the time being, it may be possible to blacklist an entire subnet if they are all coming from the same place. But if a botnet is doing this, may be more difficult. Is it possible for MediaWiki to require admin approval of an edit prior to it being commited? Not well versed with MediaWiki administration, just thossing out some ideas. --[[User:Tsuehpsyde|tsuehpsyde]] 17:29, 9 November 2009 (UTC)<br />
:It is not within a specific range. On my wiki, people post almost the exact same stuff as IP's and I get from 64.*.*.* al the way to 96.*.*.* I think it is a botnet --[[User:Balloonhead66|Balloonhead66]] 23:13, 16 March 2011 (UTC)<br />
:We could figure out where they come from and do the same to them. Secondly, we could create a filter that unless your part of a specific group you cannot do more than this many edits in this amount of time. We could try making a period where the admins have to approve the users. Lastly, we could make it so that in the first 12 hours of a user account that user could not edit pages so it would give time for the sysops to ban the users. [[User:Revolution|Revolution]] 00:02, 10 November 2009 (UTC)<br />
::That might not be a good idea as we could get you butts sued. --[[User:Balloonhead66|Balloonhead66]]<br />
:::Why don't we just do this Apple-style and have a group of moderators approve of every comment, page edit or revision? I would love to be a part of such group.<br />
::::The extension for mediawiki [[mediawikiwiki:Extension:FlaggedRevs|FlaggedRevs]] is 1.14 and above. This wiki is running 1.12 :( --[[User:Balloonhead66|Balloonhead66]] 23:13, 16 March 2011 (UTC)<br />
<br />
Does this wiki currently take advantage of IP banning capability or would that just be subverted anyways? --[[User:Iemit737|Iemit737]] 03:48, 6 April 2011 (UTC)<br />
:The wiki does indeed employ IP banning. The spambots are getting around it, though. --[[User:Dialexio|<span style="color:#C20; font-weight:normal;">Dialexio</span>]] 04:13, 6 April 2011 (UTC)<br />
::IP bans are largely useless anyways as -Most Internet users have dynamic IP's and they could simply use a proxy anyways (It's relatively easy to create a VPN once you know where the option is in your OS). They'll also probably block innocent users. --[[User:Ryccardo|Ryccardo]] 14:54, 6 April 2011 (UTC)<br />
<br />
===limitations, whitelistings===<br />
<br />
If the ones you refer to as 'they' are the [http://code.google.com/p/pois0nhack pois0nhack] group then 'they' don't really seem to pose much of a threat in my opinion. I agree that for the time being we could impose some kind of 12/24 hr posting limitation (maybe no more than +-300 char changes?), but no more than that since this is, after all, a public wiki. Sorry if I'm intruding on some kind of admin/mod meeting, just figured I should have my say. --[[User:Rekoil|adriaaan]] 00:27, 10 November 2009 (UTC)<br />
:I am in favor of a 12hr limit for new users, but since it's a public wiki, during this time, contributions would have to be approved by sysops. --Untagged<br />
::Personally I think it would be good to have it so that all edits by new users a thrown into a moderation pool, then once a good amount of worthwhile contributions, that user can be "whitelisted".<br />
::Maybe we could extend the Twitter-Service to display more information (i.e. "Main Page (-2,439) http://u.nu/5x2t3 " instead of "Main Page - http://u.nu/5x2t3"). That could allow fast detection (and reversal) of vandalism attempts because large edits by "unknown" would be easy to spot. May also add the username and/or the commit message, but then we'd have to check for anything Twitter might interpret or block. --[[User:CleanAir|CleanAir]] 13:58, 12 November 2009 (UTC)<br />
<br />
===Captcha===<br />
<br />
Can we add a Captcha to the logon process? I don't think all these recent spam pages are done manually. --[[User:Http|http]] 06:29, 15 March 2011 (UTC)<br />
:Good idea [[User:Http|http]], add a Captcha to the logon process and the sign up process for some time --[[User:Whiteshinyapple|Whiteshinyapple]] 09:53, 16 March 2011 (UTC).<br />
:Uhm better idea [[User:Http|http]], add a Captcha when making new pages. Having to fill in a captcha at every login seems to be a pain in the ass :/ the only thing the spam is doing is making new pages, (at least as far as i see.) --[[User:IMaximusX|IMaximusX]]<br />
::What I meant was for the registration process (new user), not for every login. Only [[User:Geohot|geohot]] could implement that. --[[User:Http|http]] 17:37, 16 March 2011 (UTC)<br />
::[http://recaptcha.net Recaptcha] might work. I requires 1.8+, but only works on the sign in, edits with a new external link (anon only), and passwork cracking. --[[User:Balloonhead66|Balloonhead66]] 23:13, 16 March 2011 (UTC)<br />
::[[User:http|http]] im pretty sure they already have accounts, :p --[[User:IMaximusX|IMaximusX]]<br />
<br />
We have all these options but have any of them actually been implemented? Somebodys got to do something, The spam is getting out of control. --[[User:Grisolp|Grisolp]] 03:38, 9 April 2011 (UTC)<br />
:As http said, it's up to geohot to add a CAPTCHA for account creation. IP banning is in use, but it appears futile. --[[User:Dialexio|<span style="color:#C20; font-weight:normal;">Dialexio</span>]] 03:52, 9 April 2011 (UTC)<br />
<br />
The spam bots are taking overhand. We will continue to clean it manually, but I suggest to add a Captcha to the new user signup process. That should be sufficient. But you might need to update mediawiki. See [http://code.google.com/apis/recaptcha/docs/mediawiki.html]. -- [[User:Http|http]] 11:35, 1 April 2011 (UTC)<br />
:I can help to clean up the mess as well since I'm from a different timezone (UTC+8). -- [[User:nannoid|nannoid]] 11:51, 1 April 2011 (UTC)<br />
::What does time zone have to do with it? --[[User:Balloonhead66|Balloonhead66]] 00:00, 6 April 2011 (UTC)<br />
:This is out of control. The captcha needs to be in place soon or eventually the recent changes will be flooded and me and the other monitors of it won't be able to keep track of it. --[[User:Balloonhead66|Balloonhead66]] 00:00, 6 April 2011 (UTC)<br />
<br />
Recaptcha added, SONY sucks ass. --[[User:Geohot|geohot]] 03:55, 14 April 2011 (UTC)<br />
:Sweet! Thanks for the reCAPTCHA addition; the (job) spam was getting tiresome. And... yeah, Sony really needs to lose its dictator mindset and treat consumers better. :\ --[[User:Dialexio|<span style="color:#C20; font-weight:normal;">Dialexio</span>]] 04:31, 14 April 2011 (UTC)<br />
<br />
:Thanks. And great you got back from this trial stuff without bigger damage. Signup reCAPTCHA seems to be a good way to handle the spam. The spam that came afterwards was probably from accounts created earlier. We still have 1106 existing accounts (including the already blocked ones) with the typical syntax of the spam bot accounts. Hopefully not many of those are sleeping for this purpose. I assume the automatic spam will get much lower after a few days. We'll see. -- [[User:Http|http]] 22:58, 14 April 2011 (UTC)<br />
<br />
:Shit. User Gilbberg that was used from this spam bot was created new. It was not in the wiki user list I created an hour earlier. So the spam bot either knows how to read the reCAPTCHA or there sits someone entering these captchas for every spam that gets created in a semi-automated way. This means we need something better or something non-standard. Ideas? -- [[User:Http|http]] 23:15, 14 April 2011 (UTC)<br />
<br />
:I cannot see when user accounts were created, as I don't have access to the database. But shortly after [[User:Geohot|geohot]] added the reCAPTCHA to the new user signup process, I created a list of all users and saved this list. I can confirm that all spam accounts since then (Gilbberg, Giacnen, Frengra, Sarmaiz, Lyneelay, Hiruail, Zimemoor, Albuend, Audpep, Furmayt) were created after that. This means that they must use a semi-automated way to spam (or found a way around the reCAPTCHA). New ideas wanted. -- [[User:Http|http]] 08:26, 16 April 2011 (UTC)<br />
<br />
::Why don't we add a captcha to the new page / editing submission? Once per session or whatever. Also captcha on signin. It's OTT but there aren't many alternatives =/ --[[User:Windows Helpdesk|blackthund3r]] 13:25, 16 April 2011 (UTC)</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=Loader.app&diff=16479Loader.app2011-02-25T08:48:52Z<p>Windows Helpdesk: </p>
<hr />
<div>[[Image:Loader icon@2x.png|right|thumb|icon@2x.png from Loader.app]]<br />
Loader is an application installed by [[Greenpois0n (jailbreak)|greenpois0n]]. It is added via the [[jailbreak]] [[ramdisk]], and can download and install [[Cydia Application|Cydia]].<br />
<br />
Once Cydia is installed an option is given to remove Loader.app as Cydia will now run fine without it.<br />
<br />
'''Process'''<br />
<br />
* A file called sources.plist is downloaded from [http://cache.saurik.com/greenpois0n/sources.plist]<br />
* The sources plist is read and a list of installable software is retrieved<br />
* *user taps Cydia*<br />
* The Cydia archive (a tgz file that will later be extracted) is downloaded from the defined URL (in the current sources plist it is [http://cache.saurik.com/greenpois0n/cydia.tgz] to [[/tmp]]/loader_package.tar.gz<br />
* The TGZ file is extracted to [[/tmp]]/loader_package.tar<br />
* loader_package.tar is extracted to /<br />
* If the device is an [[iPad]] the K48AP.plist file is patched to allow non-default apps<br />
* The opportunity to remove Loader is offered<br />
<br />
[[Category:Hacking Software]]</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=Loader.app&diff=16478Loader.app2011-02-25T08:48:14Z<p>Windows Helpdesk: </p>
<hr />
<div>[[Image:Loader icon@2x.png|right|thumb|icon@2x.png from Loader.app]]<br />
Loader is an application installed by [[Greenpois0n (jailbreak)|greenpois0n]]. It is added via the [[jailbreak]] [[ramdisk]], and can download and install [[Cydia Application|Cydia]].<br />
<br />
Once Cydia is installed an option is given to remove Loader.app as Cydia will now run fine without it.<br />
<br />
'''Process'''<br />
<br />
1. A file called sources.plist is downloaded from [http://cache.saurik.com/greenpois0n/sources.plist]<br />
2. The sources plist is read and a list of installable software is retrieved<br />
3. *user taps Cydia*<br />
4. The Cydia archive (a tgz file that will later be extracted) is downloaded from the defined URL (in the current sources plist it is [http://cache.saurik.com/greenpois0n/cydia.tgz] to [[/tmp]]/loader_package.tar.gz<br />
5. The TGZ file is extracted to [[/tmp]]/loader_package.tar<br />
6. loader_package.tar is extracted to /<br />
7. If the device is an [[iPad]] the K48AP.plist file is patched to allow non-default apps<br />
8. The opportunity to remove Loader is offered<br />
<br />
[[Category:Hacking Software]]</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=Loader.app&diff=16477Loader.app2011-02-25T08:47:55Z<p>Windows Helpdesk: </p>
<hr />
<div>[[Image:Loader icon@2x.png|right|thumb|icon@2x.png from Loader.app]]<br />
Loader is an application installed by [[Greenpois0n (jailbreak)|greenpois0n]]. It is added via the [[jailbreak]] [[ramdisk]], and can download and install [[Cydia Application|Cydia]].<br />
<br />
Once Cydia is installed an option is given to remove Loader.app as Cydia will now run fine without it.<br />
<br />
''Process''<br />
1. A file called sources.plist is downloaded from [http://cache.saurik.com/greenpois0n/sources.plist]<br />
2. The sources plist is read and a list of installable software is retrieved<br />
3. *user taps Cydia*<br />
4. The Cydia archive (a tgz file that will later be extracted) is downloaded from the defined URL (in the current sources plist it is [http://cache.saurik.com/greenpois0n/cydia.tgz] to [[/tmp]]/loader_package.tar.gz<br />
5. The TGZ file is extracted to [[/tmp]]/loader_package.tar<br />
6. loader_package.tar is extracted to /<br />
7. If the device is an [[iPad]] the K48AP.plist file is patched to allow non-default apps<br />
8. The opportunity to remove Loader is offered<br />
<br />
[[Category:Hacking Software]]</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=Activation&diff=16476Activation2011-02-25T08:34:14Z<p>Windows Helpdesk: </p>
<hr />
<div>[[Image:foto.jpg|thumb|right|iPhone with 1 signal bar and damaged [[hacktivation]] or it doesn't have an internet connection|100px]]<br />
<br />
Activation is the process by which a new (or newly restored) iPhone or iPod touch can get by the "Emergency Call Screen" ([[iPhone]]) or "Connect to iTunes" screen (not to be confused with [[Recovery Mode]]; the activation screen has a battery icon in the top right corner to indicate this) to access the SpringBoard.<br />
The code in charge of this resides in [[lockdownd]], which is always running on [[iOS]] and monitors the activation status of the device. Lockdownd patches (which requires a [[jailbreak]] whereby a patched kernel can be booted by [[iBoot]] without dynamic libraries dynamically patching in RAM) activate your phone and obviate the need to activate legitimately through [[iTunes]] with an official carrier however the iPhone cannot be used to communicate unless a [[unlock]] is found for the [[baseband]]. Lockdownd patches are only used on the [[iPhone]] as the [[iPod touch]] has never been denied activation regardless of firmware, country etc.<br />
<br />
Activation is handled by https://albert.apple.com/WebObjects/ALActivation.woa/wa/deviceActivation<br />
<br />
[[iTunes]] uses AMDeviceCopyValue on ActivationInfo to generate an [[Activation Token]] and sends it to Apple's activation server. Once the phone number provided in the [[Activation Token]] can be matched with the data in the [[Activation Token]], the server will generate a [[WildcardTicket]] and signs it with Apple's private key. [[iTunes]] then calls AMDeviceActivate with the [[WildcardTicket]]; The device gets the [[WildcardTicket]] and checks if the signature matches. If it does, it get pasts the emergency call screen and allowing the use of the iPhone. All devices actually go through this process.<br />
<br />
Although the [[iPod touch]] can be 'activated' without an internet connection, some services such as YouTube and Push Notifications will fail to work due to not having a valid authentication token ([http://support.apple.com/kb/TS3305 iPad and iPod touch: Unable to use YouTube or Push notifications]) so connecting to iTunes will activate the [[iPod Touch]] fully.<br />
<br />
The [[iPhone]] needs a cellular data connection for the first time, after the activation in [[iTunes]]. You can make calls if an alert says "iPhone is activated". If you don't have a cellular data connection (3G, EDGE, GPRS) you won't be able to make calls and you have only 1 bar of reception. If you only have 1 bar and no carrier at the status bar, it isn't activated correctly.<br />
<br />
==Resources==<br />
* [[User:posixninja|posixninja]]'s [http://github.com/posixninja/ideviceactivate iDeviceActivate]<br />
<br />
{{stub|iPhone}}<br />
<br />
[[Category:Baseband]]</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=MobileInstallation&diff=16475MobileInstallation2011-02-25T08:25:35Z<p>Windows Helpdesk: </p>
<hr />
<div>This is the framework that takes care of installing AppStore applications.<br />
<br />
== Signature Check ==<br />
There is a check in place to make sure that only applications signed by Apple '''can even be put on the device''', let alone run (the kernel decides whether the application can run or not). There has been a patch put out by an anonymous hacker that makes it so unsigned applications (and consequently, pirated applications) can be put on the device. We do not endorse any kind of piracy at The iPhone Wiki, but then again, the codesigning patches to the [[kernel]] via a [[jailbreak]] are in the same nature as this, only this allows loading a custom [[IPA]] from iTunes. The aforementioned kernel patch will allow the application to actually execute.<br />
<br />
== 3GS 3.0 patch to build and go ==<br />
0x4562 -- 02 46 -> 00 20<br />
0x856E -- 05 46 -> 00 20<br />
<br />
=== Disassembly of patch ===<br />
__text:33244E70 loc_33244E70 ; CODE XREF: _MobileInstallationInstall+C84�j<br />
__text:33244E70 00 10 A0 E3 MOV R1, #0 ; Rd = Op2<br />
__text:33244E74 D1 26 01 EB BL _MISValidateSignature ; Branch with Link<br />
__text:33244E78 00 20 50 E2 SUBS R2, R0, #0 ; Rd = Op1 - Op2<br />
__text:33244E7C 02 40 A0 01 MOVEQ R4, R2 ; Rd = Op2<br />
__text:33244E80 05 00 00 0A BEQ loc_33244E9C ; Signature is valid :D<br />
__text:33244E80 ; Let us go on our merry way!<br />
__text:33244E84 F0 04 9F E5 LDR R0, =(___FUNCTION__.14568 - 0x33244E94) ; Load from Memory<br />
__text:33244E88 F0 14 9F E5 LDR R1, =(aCouldNotValida - 0x33244E98) ; Load from Memory<br />
__text:33244E8C 00 00 8F E0 ADD R0, PC, R0 ; "verify_executable"<br />
__text:33244E90 01 10 8F E0 ADD R1, PC, R1 ; "Could not validate signature: %x"<br />
__text:33244E94 34 E6 FF EB BL _installlog ; Branch with Link<br />
__text:33244E98 00 40 E0 E3 MVN R4, #0 ; Uh oh. This will put -1 in R4.<br />
__text:33244E98 ; This will surely impact us later on.<br />
__text:33244E98 ;<br />
__text:33244E98 ; As a side note, you can easily make R4 = 0.<br />
__text:33244E98 ; Simply change this MVN to MOV!<br />
__text:33244E98 ;<br />
__text:33244E98 ; Patch in hex:<br />
__text:33244E98 ; 00 40 E0 E3 (Before)<br />
__text:33244E98 ; - changed to -<br />
__text:33244E98 ; 00 40 EA E3 (After)<br />
__text:33244E98 ;<br />
__text:33244E98 ; So basically, this is what we now have:<br />
__text:33244E98 ; Valid signature - R4=0<br />
__text:33244E98 ; Invalid signature - R4=-1<br />
__text:33244E98 ; Invalid signature w/ MOV patch - R4=0<br />
__text:33244E9C<br />
__text:33244E9C loc_33244E9C ; CODE XREF: _MobileInstallationInstall+D44�j<br />
__text:33244E9C 05 00 A0 E1 MOV R0, R5 ; Rd = Op2<br />
__text:33244EA0 6E 26 01 EB BL _CFRelease ; Branch with Link<br />
__text:33244EA4 00 00 54 E3 CMP R4, #0 ; ohai. is R4 = 0?<br />
__text:33244EA4 ; If the sig is valid, then it should be.<br />
__text:33244EA4 ; If it is invalid, then it should not.<br />
__text:33244EA4 ; If the above MVN is patched to MOV, then it should be<br />
__text:33244EA8 1B 04 00 0A BEQ loc_33245F1C ; Is the signature valid?<br />
__text:33244EA8 ; Or to make more sense in our case:<br />
__text:33244EA8 ; Is R4 really = 0?<br />
__text:33244EA8 ;<br />
__text:33244EA8 ; If the MVN > MOV patch is done,<br />
__text:33244EA8 ; R4 will be equal to 0.<br />
__text:33244EA8 ;<br />
__text:33244EA8 ; So basically, what we just patched made it pass the test,<br />
__text:33244EA8 ; even though the signature is not valid :P</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=Baker_8B117_(iPhone1,2)&diff=16172Baker 8B117 (iPhone1,2)2011-02-17T06:53:45Z<p>Windows Helpdesk: </p>
<hr />
<div>==Decryption Keys==<br />
=== Root Filesystem (018-7060-114.dmg)===<br />
* '''VFDecrypt''': 4c3c83d3899ea9bef415b1c9c656aaef966b2362494d2c9093a9283d388257562a228c86<br />
<br />
===Update Ramdisk (018-7072-079.dmg)===<br />
* '''IV''': 4f545fda195abfded796f10627fedd6f<br />
* '''Key''': dc4ee98876c3106888fc501576f0c1b7<br />
<br />
===Restore Ramdisk (018-7079-079.dmg)===<br />
* '''IV''': a0fc6ca4ef7ef305d975e7f881ddcc7f<br />
* '''Key''': 18eab1ba646ae018b013bc959001fbde<br />
<br />
===applelogo===<br />
* '''IV''': 9cdcfbdf36175c103d4f3d4993bc8423<br />
* '''Key''': 91f2b4c9a8a69f502a294200472059f3<br />
<br />
===DeviceTree===<br />
* '''IV''':<br />
* '''Key''':<br />
<br />
===[[iBEC]]===<br />
* '''IV''':<br />
* '''Key''':<br />
<br />
===[[IBoot (Bootloader)|iBoot]]===<br />
* '''IV''': 4c8dd5528dcf283bec1ecd8d741aa540<br />
* '''Key''': 9b5a1fc8c62912cc1404a6bd5cc45685<br />
<br />
===[[iBSS]]===<br />
* '''IV''':<br />
* '''Key''':<br />
<br />
===[[kernelcache]]===<br />
* '''IV''': 7238dcea75bf213eff209825a03add51<br />
* '''Key''': 0295d4ef87b9db687b44f54c8585d2b6<br />
<br />
===[[LLB]]===<br />
* '''IV''':<br />
* '''Key''':<br />
<br />
===recoverymode===<br />
* '''IV''': 8926b78e0a2b9e4ec9dd34b0f99148fb<br />
* '''Key''': 536e5c0303edd8f11ca90535c0770963<br />
<br />
==[[KBAG]]s==<br />
<br />
*FF151AE2EA05DB7B0560D020D6585A8F4380791B328DCAE4F9BE893068136BB1420CE4A4A5E52107F340623BAC9DCF9D<br />
*178B23D908C53DAD3845F37205049B4769CE477A6B7D068134A93ED6FB6E9A2D443CD202EE14CFFFBAE71CBA41B59718<br />
*FACD21F6A8025FC42EAB70079EA100EC569D64DC53A2ACA3C2D97CB21992A030478B22E221024AA0FBDA57EE627AFB61<br />
*C519CCC4F340A1760B4F7C40FB86324B8BF70C08D30F8D14BF6A19BF0E29D58696A3F62496457CF8CC5972FD5109B4B2<br />
*3A8F4FAEF3EC187142F07CE765F4E565851AE032671070F5CBE410C00303EE6378B0BDB8882DD43DCE3D4B5B05F27A97<br />
*43F0801E46FB8DF9F7AA822D747AD8DA0301A4E2BBF15EF74DDE804510CF0E104DF0AB2669F1B6DB35DBA488D17FDEE6<br />
*BEB46F205200448423DC64D01FEBB3558B2DE5DDB1049689EEB59D1BD33574D94883E3F1D246EBBC88CA2816E5C2F2F8<br />
*B8D45AEE6FA609547557A17CC3ACBCF64DC9D1AFC6FA4A2BEFB8636ED56DE24D63AE4264E6E6D55844F0C140F180CAB7<br />
*293B47BB992B1C3616E656AA0CBAE42445437F86F08DF7ACC02C335A13509AFB3DED848E3957406BBBE9AFA66127EC2C<br />
*EB891CAD6E84E984F929894C67F97195F2CF51BEC832A99F4FABDDA0D9896CFBA2825DBA0D7E8CA13C3146731B61A36B<br />
*0AAE41ADAD3D839641A2F2D00972B7DEDA237EBE2DBF38344A26EE270DE5EF808AE041F352A564FC4F5A745DCB537A7D<br />
*48CD6268C3BBAB37D3D8FA9CFE9A3B5447985FB323DC8FBD1D01AB5DF6A1A43F33181A91BFE7F724C660D37DC2E20FB0<br />
*4F99FF1D9E3CE51EAD16B13B04B9AC9997CE029BD4ED83BA12287AAACC74B62633AF2459F228E831DA9EC22F82512EA1<br />
*663223565501F9F7868BE20E34DCE088FDCA7C5A1418227B85931EB6020E47B7A9B20FC8FBF41B659D2733F66873EFE4<br />
*9DA950A5965E2BEC144D0F06BC95A58113F744214CA88C277345D4892BB4B7D0F7718743FBDE200946CE3BC3C32827E5</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=PwnStrap&diff=16150PwnStrap2011-02-16T15:40:21Z<p>Windows Helpdesk: Fixed an iRecovery syntax error that would course ome issues :)</p>
<hr />
<div>[http://www.bingner.com/pwnstrap.html Link to original info and some binaries]<br />
<br />
This is the procedure to use greenpois0n to bootstrap the loading of a new limera1n exploit-based pwnagetool image via windows or other irecovery and a supported device:<br />
# irecovery -c<br />
# setenv boot-args 2<br />
# setenv auto-boot false<br />
# saveenv<br />
# run greenpois0n - it will stop on a white screen.<br />
# extract iBSS from your custom pwnagetool image<br />
# irecovery -f iBSS<br />
# irecovery -s<br />
# setenv boot-args 0<br />
# saveenv<br />
# go image decrypt 0x41000000<br />
# go jump 0x41000040<br />
# restore your CFW from itunes<br />
<br />
<br />
You will need one of the new binaries posted above if you have an AppleTV2</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=DurangoVail_8F5166b_(iPad1,1)&diff=15858DurangoVail 8F5166b (iPad1,1)2011-02-05T19:44:40Z<p>Windows Helpdesk: </p>
<hr />
<div>== Decryption Keys ==<br />
=== Root Filesystem (038-0643-002.dmg) ===<br />
*'''[[VFDecrypt]] Key''': 151e95e585f0e91a2670631647c573b5be26acb37ea59eff5339be78499033a5553e03e4 <---- This is incorrect. Should be 55f5f54a3e2e1c84b3a90a50cc2c5e9c2754f2b8bfc8abcf3d3778f8fb2ba34cfca6ea96<br />
<br />
=== [[Update Ramdisk]] (038-0626-002.dmg) ===<br />
* '''IV''': b7bd49e0485f73fae9f5385be204548d<br />
* '''Key''': e7ee8997a9fd68bce0edfd4e1cff22aca30a3e5f4983c171a6fc0ebd27bb6d67<br />
<br />
=== [[Restore Ramdisk]] (038-0632-002.dmg) ===<br />
* '''IV''': fb29f188174a77ebda8210e742c4dfe1 <---- This appears to be incorrect. It should be 45ccea703036c26e852c22b58261cd47<br />
* '''Key''': 177e5c25cd340629e4a793694969c6ce190a1187223300df8f72e7489a4f564e<br />
<br />
=== AppleLogo ===<br />
* '''IV''': 13ef35d473b11285cd14ee4bd2036e02 <br />
* '''Key''': 6fe70b4a9537f6a3f955c1dfafe69020e7bae153d2958181df3eaf1f9462a9cf<br />
<br />
=== BatteryCharging0 ===<br />
* '''IV''': 4c4eab68692960d7feb0b5e701a90ef1 <br />
* '''Key''': 391558b2bc5b4db0dc21597a53b0081992feea0fb1348eb97a2f433169a1bc74<br />
<br />
=== BatteryCharging1 ===<br />
* '''IV''': aac32d989c1c564cb000eda64f8f2e94 <br />
* '''Key''': 569349fb1a7117e48f2ba679f2c3e658f406b3e834dee97fd1ef8eb5ac9aaba8<br />
<br />
=== BatteryFull ===<br />
* '''IV''': fe77739db313f6dc40aaeb55682d7344<br />
* '''Key''': 0eac094bc2d2142d308432a98033b92eae77bfbbe3dff46bd423333aec1f6a19<br />
<br />
=== BatteryLow0 ===<br />
* '''IV''': e2fc34dc2e1d7985744897c34b6a81f5<br />
* '''Key''': d3cb415521475aa2574aadf7aa6263405c66e99c61cec44d578d5594858d7691<br />
<br />
=== BatteryLow1 ===<br />
* '''IV''': ff2e7ec112264a088eaadaec5fd44505<br />
* '''Key''': 13d9398afb4a1579012946b6e85c5bfb62b5c97346764ea67a015af7a9faa9ee<br />
<br />
=== DeviceTree ===<br />
* '''IV''': e2b69ab77e43e283b500185969b0360b<br />
* '''Key''': d46baa685d455bbb1398c622a7e11c658bde8716004d76cbedb164e255114991<br />
<br />
=== GlyphCharging ===<br />
* '''IV''': 49215969a24a16f7a4ce22625e8e4179<br />
* '''Key''': 05ddd0571e1b29ee2c81a6d4da69b8009367b5e03865f64ea8471f0e7d3bf218<br />
<br />
=== GlyphPlugin ===<br />
* '''IV''': bc74cac165c81d5ea2655d172d42b231<br />
* '''Key''': 5ed251f5bc9aedbe9a05d5ae8fef0ee5d86da277c677290613d11a250554cc4d<br />
<br />
=== [[iBEC]] ===<br />
* '''IV''': 17dbbf6385541cf3803f8a9a71421ec5<br />
* '''Key''': 8afd73cbcffa1401986384f23f926613cf656617381eb11a4e1e009fc73265a4<br />
<br />
=== [[iBoot (Bootloader)|iBoot]] ===<br />
* '''IV''': 1776ba9aad46b6c47f6ac76afec2492d<br />
* '''Key''': bfee293ed82fe6d912deeac83b4bebb90a53d873ad5185607dafcc328fe2e206<br />
<br />
=== [[iBSS]] ===<br />
* '''IV''': 1fab5924e925acf5b926f394d48431c9<br />
* '''Key''': 4275deeb32b84852ac1d0fb9db7203fc629e5efdae767534f12eaae3b76d809f<br />
<br />
=== [[Kernelcache]] ===<br />
* '''IV''': 27db369177ebafd86161d1ecc5679463<br />
* '''Key''': 635830f23c86fe9abf4626bc0bf11e2d17b4cfdcd7de9017daed7360be0cdd08<br />
<br />
=== [[LLB]] ===<br />
* '''IV''': 1ef143e9356ac5136713e40efb187c10<br />
* '''Key''': e5af292fca4e33da0f8fa856f3e77d69936a15cb54bb32c99e66ddef1ab47086<br />
<br />
=== RecoveryMode ===<br />
* '''IV''': bd01efc0d4723dc5277b2c40003fa9b2<br />
* '''Key''': b3dbc230e03fb7d272f98d1d053ffb1c9d54e9fa898a8ac79ea7c3bd30668d90</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=DurangoVail_8F5148c_(AppleTV2,1)&diff=15593DurangoVail 8F5148c (AppleTV2,1)2011-01-31T07:06:31Z<p>Windows Helpdesk: </p>
<hr />
<div>This is 4.3 beta 1 for the AppleTV 2G<br />
<br />
I put kbags because I've never posted keys before and I don't trust myself. The ones with kbags are untested<br />
<br />
'''RootFS:''' 038-0438-003.dmg<br />
'''Key:''' 74e3afbad43debe898a556fa1446740598a556fa1446740598a556fa1446740598a556fa<br />
<br />
Restore Ramdisk ('''038-0402-003.dmg'''): TESTED<br />
-iv ea93723ad2e0e9ce252d4c95691d07b6 -k 1cc89a211ed0cbecdb222169cabe25112980134b17a873d0c60b7c9d6591257e<br />
<br />
Update Ramdisk ('''038-0408-003.dmg''')<br />
3353d7ccf69dfbf3f173f7b35fe42ded303388c128fd3538e6da5ae25979c4330719c4fc7998e2091b7356054f42ba4a<br />
-iv 25e638a9d572cc37e131547abc8155fb -k d671cec0ae62bf928f85dbb893c6e9fc90643a3f4bdb79a66ba7356301d67f82<br />
<br />
'''iBSS.k66ap.RELEASE.dfu'''<br />
e9126276ccb2f32ca7e32b5e9614a1d7a0468fb458d597bf593da1940ef01c16a17d4fb461ff6c564b19bde211797bc7<br />
-iv e18e4360159e669c24d0d94555746016 -k 83a9fee07856571a428632fb2d0227f1d9ce083305dd9b5cab6ed4f868da6839<br />
<br />
'''kernelcache.release.k66'''<br />
e870e3e26b4f146ed736cb995e76ca45a1ecf75c9b2f96d30cb4b6b87d9559ca6fa92a7919fe0d78f9938c2b4c498f9d<br />
-iv 6936e9cc4b3ee02d2b0a5f8dbc39d08b -k bdf4479ca901e2fa868259734a2a4a6aea8e3009f1e59ef65e8ad71bc3196de4<br />
<br />
'''iBEC.k66ap.RELEASE.dfu'''<br />
52b7194fe0bd7d53bd53ad96f107e20d38e6530c939d346d501427802c3ad42012047eb229899c84a7652307d5ac4213<br />
-iv 82bffa2356e8b794df70303404310309 -k aba91200c7c91aac934ee3f0e1d8216e0d8fc530deca82467e9bfbc9e470a8d9<br />
<br />
'''AppleLogo'''<br />
6039c3cb408147f03ecebe37894522170771d9c485de5ef8d2ac946dd1aaab38fc0123f28ee4c9cf48dc706af0ceb0de<br />
-iv 51c88759c37e4bb7fc9e95056f467f84 -k f13cf994a2595c3a29137c8acad8e376ab7b5538f7fe1a659b9b6cd2ce00acc8<br />
<br />
'''RecoveryLogo'''<br />
3eae40fb2e26672bd50d345b7ea59cc646aa06989cc6bae411a678364d37014a8d897ed7b1ada7aedaba98b432ff3d30<br />
-iv 75e27d1493ac7129d21e69217a4c4c00 -k 55a69b0eaf2dfebba75f44f604ae6971e03b11b232b073bdb208ad2eace14dca<br />
<br />
~[[User:Windows Helpdesk|blackthund3r]]</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=DurangoVail_8F5148c_(AppleTV2,1)&diff=15592DurangoVail 8F5148c (AppleTV2,1)2011-01-31T07:02:49Z<p>Windows Helpdesk: </p>
<hr />
<div>This is 4.3 beta 1 for the AppleTV 2G<br />
<br />
I put kbags because I've never posted keys before and I don't trust myself. The ones with bags are untested<br />
<br />
'''RootFS:''' 038-0438-003.dmg<br />
'''Key:''' 74e3afbad43debe898a556fa1446740598a556fa1446740598a556fa1446740598a556fa<br />
<br />
Restore Ramdisk ('''038-0402-003.dmg'''): TESTED<br />
-iv ea93723ad2e0e9ce252d4c95691d07b6 -k 1cc89a211ed0cbecdb222169cabe25112980134b17a873d0c60b7c9d6591257e<br />
<br />
Update Ramdisk ('''038-0408-003.dmg''')<br />
3353d7ccf69dfbf3f173f7b35fe42ded303388c128fd3538e6da5ae25979c4330719c4fc7998e2091b7356054f42ba4a<br />
-iv 25e638a9d572cc37e131547abc8155fb -k d671cec0ae62bf928f85dbb893c6e9fc90643a3f4bdb79a66ba7356301d67f82<br />
<br />
'''iBSS.k66ap.RELEASE.dfu'''<br />
e9126276ccb2f32ca7e32b5e9614a1d7a0468fb458d597bf593da1940ef01c16a17d4fb461ff6c564b19bde211797bc7<br />
-iv e18e4360159e669c24d0d94555746016 -k 83a9fee07856571a428632fb2d0227f1d9ce083305dd9b5cab6ed4f868da6839<br />
<br />
'''kernelcache.release.k66'''<br />
e870e3e26b4f146ed736cb995e76ca45a1ecf75c9b2f96d30cb4b6b87d9559ca6fa92a7919fe0d78f9938c2b4c498f9d<br />
-iv 6936e9cc4b3ee02d2b0a5f8dbc39d08b -k bdf4479ca901e2fa868259734a2a4a6aea8e3009f1e59ef65e8ad71bc3196de4<br />
<br />
'''iBEC.k66ap.RELEASE.dfu'''<br />
52b7194fe0bd7d53bd53ad96f107e20d38e6530c939d346d501427802c3ad42012047eb229899c84a7652307d5ac4213<br />
-iv 82bffa2356e8b794df70303404310309 -k aba91200c7c91aac934ee3f0e1d8216e0d8fc530deca82467e9bfbc9e470a8d9<br />
<br />
'''AppleLogo'''<br />
6039c3cb408147f03ecebe37894522170771d9c485de5ef8d2ac946dd1aaab38fc0123f28ee4c9cf48dc706af0ceb0de<br />
-iv 51c88759c37e4bb7fc9e95056f467f84 -k f13cf994a2595c3a29137c8acad8e376ab7b5538f7fe1a659b9b6cd2ce00acc8<br />
<br />
'''RecoveryLogo'''<br />
3eae40fb2e26672bd50d345b7ea59cc646aa06989cc6bae411a678364d37014a8d897ed7b1ada7aedaba98b432ff3d30<br />
-iv 75e27d1493ac7129d21e69217a4c4c00 -k 55a69b0eaf2dfebba75f44f604ae6971e03b11b232b073bdb208ad2eace14dca<br />
<br />
~[[User:Windows Helpdesk|blackthund3r]]</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=DurangoVail_8F5148c_(AppleTV2,1)&diff=15591DurangoVail 8F5148c (AppleTV2,1)2011-01-31T07:02:11Z<p>Windows Helpdesk: </p>
<hr />
<div>This is 4.3 beta 1 for the AppleTV 2G<br />
<br />
I put kbags because I've never posted keys before and I don't trust myself. The ones with bags are untested<br />
<br />
'''RootFS:''' 038-0438-003.dmg<br />
'''Key:''' 74e3afbad43debe898a556fa1446740598a556fa1446740598a556fa1446740598a556fa<br />
<br />
Restore Ramdisk ('''038-0402-003.dmg'''): TESTED<br />
-iv ea93723ad2e0e9ce252d4c95691d07b6 -k 1cc89a211ed0cbecdb222169cabe25112980134b17a873d0c60b7c9d6591257e<br />
<br />
Update Ramdisk ('''038-0408-003.dmg''')<br />
3353d7ccf69dfbf3f173f7b35fe42ded303388c128fd3538e6da5ae25979c4330719c4fc7998e2091b7356054f42ba4a<br />
-iv 25e638a9d572cc37e131547abc8155fb -k d671cec0ae62bf928f85dbb893c6e9fc90643a3f4bdb79a66ba7356301d67f82<br />
<br />
'''iBSS.k66ap.RELEASE.dfu'''<br />
e9126276ccb2f32ca7e32b5e9614a1d7a0468fb458d597bf593da1940ef01c16a17d4fb461ff6c564b19bde211797bc7<br />
-iv e18e4360159e669c24d0d94555746016 -k 83a9fee07856571a428632fb2d0227f1d9ce083305dd9b5cab6ed4f868da6839<br />
<br />
'''kernelcache.release.k66'''<br />
e870e3e26b4f146ed736cb995e76ca45a1ecf75c9b2f96d30cb4b6b87d9559ca6fa92a7919fe0d78f9938c2b4c498f9d<br />
-iv 6936e9cc4b3ee02d2b0a5f8dbc39d08b -k bdf4479ca901e2fa868259734a2a4a6aea8e3009f1e59ef65e8ad71bc3196de4<br />
<br />
'''iBEC.k66ap.RELEASE.dfu'''<br />
52b7194fe0bd7d53bd53ad96f107e20d38e6530c939d346d501427802c3ad42012047eb229899c84a7652307d5ac4213<br />
-iv 82bffa2356e8b794df70303404310309 -k aba91200c7c91aac934ee3f0e1d8216e0d8fc530deca82467e9bfbc9e470a8d9<br />
<br />
'''AppleLogo'''<br />
6039c3cb408147f03ecebe37894522170771d9c485de5ef8d2ac946dd1aaab38fc0123f28ee4c9cf48dc706af0ceb0de<br />
-iv 51c88759c37e4bb7fc9e95056f467f84 -k f13cf994a2595c3a29137c8acad8e376ab7b5538f7fe1a659b9b6cd2ce00acc8<br />
<br />
'''RecoveryLogo'''<br />
3eae40fb2e26672bd50d345b7ea59cc646aa06989cc6bae411a678364d37014a8d897ed7b1ada7aedaba98b432ff3d30<br />
-iv 75e27d1493ac7129d21e69217a4c4c00 -k 55a69b0eaf2dfebba75f44f604ae6971e03b11b232b073bdb208ad2eace14dca<br />
<br />
~[[Windows Helpdesk|blackthund3r]]</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=DurangoVail_8F5148c_(AppleTV2,1)&diff=15590DurangoVail 8F5148c (AppleTV2,1)2011-01-31T06:56:23Z<p>Windows Helpdesk: </p>
<hr />
<div>This is 4.3 beta 1 for the AppleTV 2G<br />
<br />
I put kbags because I've never posted keys before and I don't trust myself. The ones with bags are untested<br />
<br />
'''RootFS:''' 038-0438-003.dmg<br />
'''Key:''' 74e3afbad43debe898a556fa1446740598a556fa1446740598a556fa1446740598a556fa<br />
<br />
Restore Ramdisk ('''038-0402-003.dmg'''): TESTED<br />
-iv ea93723ad2e0e9ce252d4c95691d07b6 -k 1cc89a211ed0cbecdb222169cabe25112980134b17a873d0c60b7c9d6591257e<br />
<br />
Update Ramdisk ('''038-0408-003.dmg''')<br />
3353d7ccf69dfbf3f173f7b35fe42ded303388c128fd3538e6da5ae25979c4330719c4fc7998e2091b7356054f42ba4a<br />
-iv 25e638a9d572cc37e131547abc8155fb -k d671cec0ae62bf928f85dbb893c6e9fc90643a3f4bdb79a66ba7356301d67f82<br />
<br />
'''iBSS.k66ap.RELEASE.dfu'''<br />
e9126276ccb2f32ca7e32b5e9614a1d7a0468fb458d597bf593da1940ef01c16a17d4fb461ff6c564b19bde211797bc7<br />
-iv e18e4360159e669c24d0d94555746016 -k 83a9fee07856571a428632fb2d0227f1d9ce083305dd9b5cab6ed4f868da6839<br />
<br />
'''kernelcache.release.k66'''<br />
e870e3e26b4f146ed736cb995e76ca45a1ecf75c9b2f96d30cb4b6b87d9559ca6fa92a7919fe0d78f9938c2b4c498f9d<br />
-iv 6936e9cc4b3ee02d2b0a5f8dbc39d08b -k bdf4479ca901e2fa868259734a2a4a6aea8e3009f1e59ef65e8ad71bc3196de4</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=DurangoVail_8F5148c_(AppleTV2,1)&diff=15589DurangoVail 8F5148c (AppleTV2,1)2011-01-31T06:55:45Z<p>Windows Helpdesk: </p>
<hr />
<div>This is 4.3 beta 1 for the AppleTV 2G<br />
<br />
I put kbags because I've never posted keys before and I don't trust myself. The ones wish bags are untested<br />
<br />
'''RootFS:''' 038-0438-003.dmg<br />
'''Key:''' 74e3afbad43debe898a556fa1446740598a556fa1446740598a556fa1446740598a556fa<br />
<br />
Restore Ramdisk ('''038-0402-003.dmg'''): TESTED<br />
-iv ea93723ad2e0e9ce252d4c95691d07b6 -k 1cc89a211ed0cbecdb222169cabe25112980134b17a873d0c60b7c9d6591257e<br />
<br />
Update Ramdisk ('''038-0408-003.dmg''')<br />
3353d7ccf69dfbf3f173f7b35fe42ded303388c128fd3538e6da5ae25979c4330719c4fc7998e2091b7356054f42ba4a<br />
-iv 25e638a9d572cc37e131547abc8155fb -k d671cec0ae62bf928f85dbb893c6e9fc90643a3f4bdb79a66ba7356301d67f82<br />
<br />
'''iBSS.k66ap.RELEASE.dfu'''<br />
e9126276ccb2f32ca7e32b5e9614a1d7a0468fb458d597bf593da1940ef01c16a17d4fb461ff6c564b19bde211797bc7<br />
-iv e18e4360159e669c24d0d94555746016 -k 83a9fee07856571a428632fb2d0227f1d9ce083305dd9b5cab6ed4f868da6839<br />
<br />
'''kernelcache.release.k66'''<br />
e870e3e26b4f146ed736cb995e76ca45a1ecf75c9b2f96d30cb4b6b87d9559ca6fa92a7919fe0d78f9938c2b4c498f9d<br />
-iv 6936e9cc4b3ee02d2b0a5f8dbc39d08b -k bdf4479ca901e2fa868259734a2a4a6aea8e3009f1e59ef65e8ad71bc3196de4</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=DurangoVail_8F5148c_(AppleTV2,1)&diff=15588DurangoVail 8F5148c (AppleTV2,1)2011-01-31T06:54:56Z<p>Windows Helpdesk: New page: This is 4.3 beta 1 for the AppleTV 2G I put kbags because I've never posted keys before and I don't trust myself. The ones wish bags are untested RootFS: 038-0438-003.dmg Key: 74e3afbad4...</p>
<hr />
<div>This is 4.3 beta 1 for the AppleTV 2G<br />
<br />
I put kbags because I've never posted keys before and I don't trust myself. The ones wish bags are untested<br />
<br />
RootFS: 038-0438-003.dmg<br />
Key: 74e3afbad43debe898a556fa1446740598a556fa1446740598a556fa1446740598a556fa<br />
<br />
Restore Ramdisk (038-0402-003.dmg): TESTED<br />
-iv ea93723ad2e0e9ce252d4c95691d07b6 -k 1cc89a211ed0cbecdb222169cabe25112980134b17a873d0c60b7c9d6591257e<br />
<br />
Update Ramdisk (038-0408-003.dmg)<br />
3353d7ccf69dfbf3f173f7b35fe42ded303388c128fd3538e6da5ae25979c4330719c4fc7998e2091b7356054f42ba4a<br />
-iv 25e638a9d572cc37e131547abc8155fb -k d671cec0ae62bf928f85dbb893c6e9fc90643a3f4bdb79a66ba7356301d67f82<br />
<br />
iBSS.k66ap.RELEASE.dfu<br />
e9126276ccb2f32ca7e32b5e9614a1d7a0468fb458d597bf593da1940ef01c16a17d4fb461ff6c564b19bde211797bc7<br />
-iv e18e4360159e669c24d0d94555746016 -k 83a9fee07856571a428632fb2d0227f1d9ce083305dd9b5cab6ed4f868da6839<br />
<br />
kernelcache.release.k66<br />
e870e3e26b4f146ed736cb995e76ca45a1ecf75c9b2f96d30cb4b6b87d9559ca6fa92a7919fe0d78f9938c2b4c498f9d<br />
-iv 6936e9cc4b3ee02d2b0a5f8dbc39d08b -k bdf4479ca901e2fa868259734a2a4a6aea8e3009f1e59ef65e8ad71bc3196de4</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=Talk:Jasper_8C154_(AppleTV2,1)&diff=15583Talk:Jasper 8C154 (AppleTV2,1)2011-01-30T12:58:41Z<p>Windows Helpdesk: </p>
<hr />
<div>I think there is a mistake here: there is no restore ramdisk on the page and no update ramdisk in the firmware. Could somebody check this?? Thx [[User:Windows Helpdesk|blackthund3r]] 12:06, 30 January 2011 (UTC)<br />
<br />
Ah it has now been sorted - great stuff!! [[User:Windows Helpdesk|blackthund3r]] 12:58, 30 January 2011 (UTC)</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=Talk:Jasper_8C154_(AppleTV2,1)&diff=15581Talk:Jasper 8C154 (AppleTV2,1)2011-01-30T12:06:24Z<p>Windows Helpdesk: New page: I think there is a mistake here: there is no restore ramdisk on the page and no update ramdisk in the firmware. Could somebody check this?? Thx ~~~~</p>
<hr />
<div>I think there is a mistake here: there is no restore ramdisk on the page and no update ramdisk in the firmware. Could somebody check this?? Thx [[User:Windows Helpdesk|blackthund3r]] 12:06, 30 January 2011 (UTC)</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=User:Greggturner98&diff=14726User:Greggturner982011-01-04T21:12:52Z<p>Windows Helpdesk: Grammar Nazi Alert!!</p>
<hr />
<div>Hi! My name is Gregg J Turner and I am currently the youngest person to be developing iPhone modification applications. I use Visual Studio. I have developed the m0nster 3.1.2 Hacktivate though this is only a shell to ipsw.exe for 3.1.3 (Because ipsw.exe can't patch the 3.1.3 kernal on the iPhone 2G) once I have got 3.1.3 working I will include support for more devices like the iPhone 3G (if i can get one of eBay). M0nster is a free download from m0nster.info. Thanks, Gregg</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=Talk:Preventing_Baseband_Update&diff=14094Talk:Preventing Baseband Update2010-12-07T06:35:04Z<p>Windows Helpdesk: /* No success */</p>
<hr />
<div>==No success==<br />
I tried this and it didn't work. I used an iPhone 4 with firmware 4.1 and baseband 1.59.00, trying to upgrade it to stock firmware 4.2.1, preserving the baseband.<br />
<br />
One thing that was unclear is the plist edit. There was another entry SystemPartitionSyize=1024(integer) (<nowiki><key>SystemPartitionSize</key><integer>1024</integer></nowiki>). It was not clear if this should be removed or not. I tried both.<br />
<br />
To reencrypt, it used the command<br />
xpwntool 038-0032-002_modified.dmg 038-0032-002_reencrypted.dmg -t 038-0032-002_original.dmg -k 06849aead2e9a6ca8a82c3929bad5c2368942e3681a3d5751720d2aacf0694c0 -iv 9b20ae16bebf4cf1b9101374c3ab0095<br />
With key and iv [[Jasper 8C148 (iPhone 4)|from here]] (must be correct, otherwise decryption wouldn't have worked).<br />
Then rename 038-0032-002_reencrypted.dmg to original name and back into the ipsw.<br />
<br />
To prepare for custom firmware flashing, I used redsn0w 0.9.6b4, reading initial 4.1 firmware.<br />
<br />
Without the SystemPartitionSize, I received an iTunes unknown error 46 when it started to flash. With the SystemPartitionSize it went a few seconds longer and I got iTunes error 14.<br />
<br />
Anything I am doing wrong? Did anybody else complete this successfully? Or was this just a joke?<br />
--[[User:Http|http]] 03:14, 29 November 2010 (UTC)<br />
:well what ipsw did you restore to because [[restored]] will signature check the root filesystem after [[ASR]] but the SystemPartitionSize should be replaced with <nowiki> <key>SystemImage</key> <false/> </nowiki> if you dont want to update the root partition --[[User:Liamchat|liamchat]] 16:06, 29 November 2010 (UTC)<br />
::ipsw: 4.2.1 as I said. Why should I not update the root partition? The goal is to upgrade firmware from 4.1 to 4.2.1, without updating the baseband. Did you do this and were successful? --[[User:Http|http]] 19:40, 29 November 2010 (UTC)<br />
:::why are you using the original file as a template --[[User:Liamchat|liamchat]] 23:02, 29 November 2010 (UTC)<br />
::::Because [[xpwntool]] says so. Is that wrong? --[[User:Http|http]] 23:17, 29 November 2010 (UTC)<br />
:::::it is optional if you want to the code just says create an abstract copy of template if has key --[[User:Liamchat|liamchat]] 23:30, 29 November 2010 (UTC)<br />
::::::Are you guessing? Did you ever try all this? If yes: Did it work for you? If no: no guessing please and better no answer in that case. Thanks. --[[User:Http|http]] 00:48, 30 November 2010 (UTC)<br />
:::::::when you used xpwn did it output <br />
img3.c:createAbstractFileFromImg3:645: d65fdeb907a78562210697cf5e57bcaefde672d1a64fda4ec7d1da9df9c6502d23cd01d17ccb0f60b3bdcce154216af8<br />
img3.c:createAbstractFileFromImg3:645: d65fdeb907a78562210697cf5e57bcaefde672d1a64fda4ec7d1da9df9c6502d23cd01d17ccb0f60b3bdcce154216af8<br />
:::::::--[[User:Liamchat|liamchat]] 10:45, 30 November 2010 (UTC)<br />
<br />
:I don't have MUCH experience with this, but I assume that since you've got yourself a modded ramdisk, you have to pwn the bootstrapper iBEC and the other fw parts, as in pwnagetool. --[[User:Dra1nerdrake|dra1nerdrake]] 01:24, 30 November 2010 (UTC)<br />
::well no because if he see's the apple logo and the empty bar that is in the ramdisk --[[User:Liamchat|liamchat]] 08:29, 30 November 2010 (UTC)<br />
<br />
::Step 7 should take care of that. I used redsn0w to prepare. --[[User:Http|http]] 08:49, 30 November 2010 (UTC)<br />
<br />
It works. [[restored]] checks the plist and skips BB update if the option is set to false. Now are you saying that your hand-made ipsw failed the restore process or that your BB was in fact updated?<br />
--[[User:Msft.guy|Msft.guy]] 03:59, 7 December 2010 (UTC)<br />
<br />
Just to confirm: all those that are claiming it doesn't work are patching the correct ramdisk right? Some people are talking about the restore ramdisk then mentioning updates?? Surely if you want to prevent update when updating software you need to patch the update ramdisk and in the same way for restores patch the restore ramdisk? I'm sure this isn't happening but I thought it right to check to rule it out as a possibility -- [[User:Windows Helpdesk|blackthund3r]] 06:20, 7 December 2010 (UTC)<br />
<br />
== merge all ipsw modifications ==<br />
<br />
Shuld all pages that describe how to make changes to the restore process be merged into one page --[[User:Liamchat|liamchat]] 23:02, 29 November 2010 (UTC)<br />
<br />
== deletion request ==<br />
<br />
there are 2 point's i am going to make<br />
*1. if this is wrong then how does [[PwnageTool]] and [[sn0wbreeze]] work<br />
*2. if this is wrong then the [[NOR-only_ipsw]] is also wrong ( also being outdated ) --[[User:Liamchat|liamchat]] 13:30, 6 December 2010 (UTC)<br />
*3. if this is wrong then my ipsw patch will not work [http://filebin.ca/ngqkhx/iPhone31_4.2.1_8C148.bundle.zip iPhone31_4.2.1_8C148.bundle] --[[User:Liamchat|liamchat]] 15:41, 6 December 2010 (UTC)<br />
<br />
:The ONLY thing you should do to skip a BB update is to set UpdateBaseband to false, don't change anything else. To just flash NOR you have do disable baseband and rootfs, I don't really know the proper way to disable it but there's more than what's listed on the nor-only page. --[[User:Ryccardo|Ryccardo]] 21:33, 6 December 2010 (UTC)</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=Talk:Preventing_Baseband_Update&diff=14091Talk:Preventing Baseband Update2010-12-07T06:31:21Z<p>Windows Helpdesk: /* No success */</p>
<hr />
<div>==No success==<br />
I tried this and it didn't work. I used an iPhone 4 with firmware 4.1 and baseband 1.59.00, trying to upgrade it to stock firmware 4.2.1, preserving the baseband.<br />
<br />
One thing that was unclear is the plist edit. There was another entry SystemPartitionSyize=1024(integer) (<nowiki><key>SystemPartitionSize</key><integer>1024</integer></nowiki>). It was not clear if this should be removed or not. I tried both.<br />
<br />
To reencrypt, it used the command<br />
xpwntool 038-0032-002_modified.dmg 038-0032-002_reencrypted.dmg -t 038-0032-002_original.dmg -k 06849aead2e9a6ca8a82c3929bad5c2368942e3681a3d5751720d2aacf0694c0 -iv 9b20ae16bebf4cf1b9101374c3ab0095<br />
With key and iv [[Jasper 8C148 (iPhone 4)|from here]] (must be correct, otherwise decryption wouldn't have worked).<br />
Then rename 038-0032-002_reencrypted.dmg to original name and back into the ipsw.<br />
<br />
To prepare for custom firmware flashing, I used redsn0w 0.9.6b4, reading initial 4.1 firmware.<br />
<br />
Without the SystemPartitionSize, I received an iTunes unknown error 46 when it started to flash. With the SystemPartitionSize it went a few seconds longer and I got iTunes error 14.<br />
<br />
Anything I am doing wrong? Did anybody else complete this successfully? Or was this just a joke?<br />
--[[User:Http|http]] 03:14, 29 November 2010 (UTC)<br />
:well what ipsw did you restore to because [[restored]] will signature check the root filesystem after [[ASR]] but the SystemPartitionSize should be replaced with <nowiki> <key>SystemImage</key> <false/> </nowiki> if you dont want to update the root partition --[[User:Liamchat|liamchat]] 16:06, 29 November 2010 (UTC)<br />
::ipsw: 4.2.1 as I said. Why should I not update the root partition? The goal is to upgrade firmware from 4.1 to 4.2.1, without updating the baseband. Did you do this and were successful? --[[User:Http|http]] 19:40, 29 November 2010 (UTC)<br />
:::why are you using the original file as a template --[[User:Liamchat|liamchat]] 23:02, 29 November 2010 (UTC)<br />
::::Because [[xpwntool]] says so. Is that wrong? --[[User:Http|http]] 23:17, 29 November 2010 (UTC)<br />
:::::it is optional if you want to the code just says create an abstract copy of template if has key --[[User:Liamchat|liamchat]] 23:30, 29 November 2010 (UTC)<br />
::::::Are you guessing? Did you ever try all this? If yes: Did it work for you? If no: no guessing please and better no answer in that case. Thanks. --[[User:Http|http]] 00:48, 30 November 2010 (UTC)<br />
:::::::when you used xpwn did it output <br />
img3.c:createAbstractFileFromImg3:645: d65fdeb907a78562210697cf5e57bcaefde672d1a64fda4ec7d1da9df9c6502d23cd01d17ccb0f60b3bdcce154216af8<br />
img3.c:createAbstractFileFromImg3:645: d65fdeb907a78562210697cf5e57bcaefde672d1a64fda4ec7d1da9df9c6502d23cd01d17ccb0f60b3bdcce154216af8<br />
:::::::--[[User:Liamchat|liamchat]] 10:45, 30 November 2010 (UTC)<br />
<br />
:I don't have MUCH experience with this, but I assume that since you've got yourself a modded ramdisk, you have to pwn the bootstrapper iBEC and the other fw parts, as in pwnagetool. --[[User:Dra1nerdrake|dra1nerdrake]] 01:24, 30 November 2010 (UTC)<br />
::well no because if he see's the apple logo and the empty bar that is in the ramdisk --[[User:Liamchat|liamchat]] 08:29, 30 November 2010 (UTC)<br />
<br />
::Step 7 should take care of that. I used redsn0w to prepare. --[[User:Http|http]] 08:49, 30 November 2010 (UTC)<br />
<br />
It works. [[restored]] checks the plist and skips BB update if the option is set to false. Now are you saying that your hand-made ipsw failed the restore process or that your BB was in fact updated?<br />
--[[User:Msft.guy|Msft.guy]] 03:59, 7 December 2010 (UTC)<br />
<br />
Just to confirm: all those that are claiming it doesn't work are patching the correct ramdisk right? Some people are talking about the restore ramdisk then mentioning updates?? Surely if you want to prevent update when updating software you need to patch the restore ramdisk. I'm sure this isn't happening but I thought it right to check -- [[User:Windows Helpdesk|blackthund3r]] 06:20, 7 December 2010 (UTC)<br />
<br />
== merge all ipsw modifications ==<br />
<br />
Shuld all pages that describe how to make changes to the restore process be merged into one page --[[User:Liamchat|liamchat]] 23:02, 29 November 2010 (UTC)<br />
<br />
== deletion request ==<br />
<br />
there are 2 point's i am going to make<br />
*1. if this is wrong then how does [[PwnageTool]] and [[sn0wbreeze]] work<br />
*2. if this is wrong then the [[NOR-only_ipsw]] is also wrong ( also being outdated ) --[[User:Liamchat|liamchat]] 13:30, 6 December 2010 (UTC)<br />
*3. if this is wrong then my ipsw patch will not work [http://filebin.ca/ngqkhx/iPhone31_4.2.1_8C148.bundle.zip iPhone31_4.2.1_8C148.bundle] --[[User:Liamchat|liamchat]] 15:41, 6 December 2010 (UTC)<br />
<br />
:The ONLY thing you should do to skip a BB update is to set UpdateBaseband to false, don't change anything else. To just flash NOR you have do disable baseband and rootfs, I don't really know the proper way to disable it but there's more than what's listed on the nor-only page. --[[User:Ryccardo|Ryccardo]] 21:33, 6 December 2010 (UTC)</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=Talk:Preventing_Baseband_Update&diff=14090Talk:Preventing Baseband Update2010-12-07T06:20:44Z<p>Windows Helpdesk: </p>
<hr />
<div>==No success==<br />
I tried this and it didn't work. I used an iPhone 4 with firmware 4.1 and baseband 1.59.00, trying to upgrade it to stock firmware 4.2.1, preserving the baseband.<br />
<br />
One thing that was unclear is the plist edit. There was another entry SystemPartitionSyize=1024(integer) (<nowiki><key>SystemPartitionSize</key><integer>1024</integer></nowiki>). It was not clear if this should be removed or not. I tried both.<br />
<br />
To reencrypt, it used the command<br />
xpwntool 038-0032-002_modified.dmg 038-0032-002_reencrypted.dmg -t 038-0032-002_original.dmg -k 06849aead2e9a6ca8a82c3929bad5c2368942e3681a3d5751720d2aacf0694c0 -iv 9b20ae16bebf4cf1b9101374c3ab0095<br />
With key and iv [[Jasper 8C148 (iPhone 4)|from here]] (must be correct, otherwise decryption wouldn't have worked).<br />
Then rename 038-0032-002_reencrypted.dmg to original name and back into the ipsw.<br />
<br />
To prepare for custom firmware flashing, I used redsn0w 0.9.6b4, reading initial 4.1 firmware.<br />
<br />
Without the SystemPartitionSize, I received an iTunes unknown error 46 when it started to flash. With the SystemPartitionSize it went a few seconds longer and I got iTunes error 14.<br />
<br />
Anything I am doing wrong? Did anybody else complete this successfully? Or was this just a joke?<br />
--[[User:Http|http]] 03:14, 29 November 2010 (UTC)<br />
:well what ipsw did you restore to because [[restored]] will signature check the root filesystem after [[ASR]] but the SystemPartitionSize should be replaced with <nowiki> <key>SystemImage</key> <false/> </nowiki> if you dont want to update the root partition --[[User:Liamchat|liamchat]] 16:06, 29 November 2010 (UTC)<br />
::ipsw: 4.2.1 as I said. Why should I not update the root partition? The goal is to upgrade firmware from 4.1 to 4.2.1, without updating the baseband. Did you do this and were successful? --[[User:Http|http]] 19:40, 29 November 2010 (UTC)<br />
:::why are you using the original file as a template --[[User:Liamchat|liamchat]] 23:02, 29 November 2010 (UTC)<br />
::::Because [[xpwntool]] says so. Is that wrong? --[[User:Http|http]] 23:17, 29 November 2010 (UTC)<br />
:::::it is optional if you want to the code just says create an abstract copy of template if has key --[[User:Liamchat|liamchat]] 23:30, 29 November 2010 (UTC)<br />
::::::Are you guessing? Did you ever try all this? If yes: Did it work for you? If no: no guessing please and better no answer in that case. Thanks. --[[User:Http|http]] 00:48, 30 November 2010 (UTC)<br />
:::::::when you used xpwn did it output <br />
img3.c:createAbstractFileFromImg3:645: d65fdeb907a78562210697cf5e57bcaefde672d1a64fda4ec7d1da9df9c6502d23cd01d17ccb0f60b3bdcce154216af8<br />
img3.c:createAbstractFileFromImg3:645: d65fdeb907a78562210697cf5e57bcaefde672d1a64fda4ec7d1da9df9c6502d23cd01d17ccb0f60b3bdcce154216af8<br />
:::::::--[[User:Liamchat|liamchat]] 10:45, 30 November 2010 (UTC)<br />
<br />
:I don't have MUCH experience with this, but I assume that since you've got yourself a modded ramdisk, you have to pwn the bootstrapper iBEC and the other fw parts, as in pwnagetool. --[[User:Dra1nerdrake|dra1nerdrake]] 01:24, 30 November 2010 (UTC)<br />
::well no because if he see's the apple logo and the empty bar that is in the ramdisk --[[User:Liamchat|liamchat]] 08:29, 30 November 2010 (UTC)<br />
<br />
::Step 7 should take care of that. I used redsn0w to prepare. --[[User:Http|http]] 08:49, 30 November 2010 (UTC)<br />
<br />
It works. [[restored]] checks the plist and skips BB update if the option is set to false. Now are you saying that your hand-made ipsw failed the restore process or that your BB was in fact updated?<br />
--[[User:Msft.guy|Msft.guy]] 03:59, 7 December 2010 (UTC)<br />
<br />
Just to confirm: all those that are claiming it doesn't work are patching the correct ramdisk right? Some people are talking about the restore ramdisk then mentioning updates?? Surely if you want to prevent update when updating software you need to patch the restore ramdisk. I'm sure this isn't happening but I thought it right to check [[User:Windows Helpdesk|blackthund3r]] 06:20, 7 December 2010 (UTC)<br />
== merge all ipsw modifications ==<br />
<br />
Shuld all pages that describe how to make changes to the restore process be merged into one page --[[User:Liamchat|liamchat]] 23:02, 29 November 2010 (UTC)<br />
<br />
== deletion request ==<br />
<br />
there are 2 point's i am going to make<br />
*1. if this is wrong then how does [[PwnageTool]] and [[sn0wbreeze]] work<br />
*2. if this is wrong then the [[NOR-only_ipsw]] is also wrong ( also being outdated ) --[[User:Liamchat|liamchat]] 13:30, 6 December 2010 (UTC)<br />
*3. if this is wrong then my ipsw patch will not work [http://filebin.ca/ngqkhx/iPhone31_4.2.1_8C148.bundle.zip iPhone31_4.2.1_8C148.bundle] --[[User:Liamchat|liamchat]] 15:41, 6 December 2010 (UTC)<br />
<br />
:The ONLY thing you should do to skip a BB update is to set UpdateBaseband to false, don't change anything else. To just flash NOR you have do disable baseband and rootfs, I don't really know the proper way to disable it but there's more than what's listed on the nor-only page. --[[User:Ryccardo|Ryccardo]] 21:33, 6 December 2010 (UTC)</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=Talk:Recovery_Mode_Controller&diff=13279Talk:Recovery Mode Controller2010-11-19T18:59:05Z<p>Windows Helpdesk: </p>
<hr />
<div>I seem to have a problem with the image memory allocated and the screeny won't show. Seems we need this in the LocalSettings.php file: $wgMaxShellMemory = 524288; for a 512kb RAM allocation or maybe a bit more. Should generally sort out any image issues {{unsigned|Windows Helpdesk|07:41, August 28, 2010 (UTC)}}<br />
<br />
EDIT: This seems to have been working again. Perhaps some users have left the site and freed up the RAM for us :P {{unsigned|Windows Helpdesk|07:50, August 28, 2010 (UTC)}}<br />
<br />
:The picture problem always happens at the beginning after uploading them or using them, but after a few hours everything is ok again. -- [[User:Http|http]] 12:22, 28 August 2010 (UTC)<br />
:Oh okay thanks for that :) -- [[User:Windows Helpdesk|blackthund3r]] 21:16, 28 August 2010 (GMT)<br />
<br />
Marked for deletion =( what is this about? [[User:Windows Helpdesk|blackthund3r]] 18:59, 19 November 2010 (UTC)</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=User:Windows_Helpdesk&diff=12302User:Windows Helpdesk2010-11-07T08:14:38Z<p>Windows Helpdesk: </p>
<hr />
<div>== Who I am and what I do ==<br />
I own the website http://www.windowshelpdesk.co.uk and I also created the blackthund3r Dev Team. See http://www.blackthund3r.co.uk. I create tools for assisting the jailbreaking community as well as having fun with arbitrary code execution on my [[iPod touch 2G]] (MC Model) and learning how to create / boot custom ramdisks etc. I also want to one day understand how exploits such as the 0xA1 on (CBA to get full name :D) work and how I can send / implement them manually etc. I know loads but I'm fully aware there's loads more to come! I hope to at some point (when I can be asked!) learn ARM assembly and use IDA for something useful [http://www.lol.com LOL]. My real name is Christopher and I live in the UK<br />
<br />
I created the semi-tethered jailbreak called [[Snowst0rm]] Cloud (Windows port) but it is unfortunately broken due to kernel issues. I hope to release at some point open source to demonstrate how unsigned code execution can be gained on the ipt2G MC w/o [[0x24000 Segment Overflow]] Exploit / [[usb_control_msg(0xA1, 1) Exploit]] / [[limera1n]] exploit (also used in [[greenpois0n]])<br />
<br />
I also wrote a few GUI tools in the hope they will help the lives of jailbreak devs everywhere. By far the most popular is [[Recovery Mode Controller]]. All can be downloaded from http://www.blackthund3r.co.uk<br />
[[Recovery Mode Controller]] - Easy putting into / getting out of recovery mode for all iDevices. It uses iPHUCWIN32 for entering and iTunnel for exiting unless you tell it to use libUSB. It was inspired by [[User:iH8sn0w|iH8sn0w's]] controller he depicts in his videos<br />
[[thund3rCrypt]] - GUI-based decryption of both [[IMG3 File Format|IMG3s]] (including Ramdisks) with [[xpwntool]] and Root Filesystems with [[VFDecrpyt]]<br />
[[iRecovery Controller]] - GUI for iRecovery<br />
[[iDisco]] - An application for making the screen of an iDevice flash random colours. Worked on 3.1.2 and below before the bgcolor command was removed in [[iOS]] 4.0. It basically just needs to upload an [[iBSS]] from an in-putted [[IPSW]] then it should work again. It is open source at http://www.github.com/blackthund3r/iDisco<br />
[[Multi-Hashing Hasher]] was a bit of VB fun. It can take any file - or a block of text - and create the MD5 and SHA1 hash of it with ease!<br />
== My Devices ==<br />
I currently own a jailbroken [[iPod touch 2G]] 8GB MC model (I used [[greenpois0n]] FTW and it's currently on [[iOS]] 4.1) but hope to get the iPod touch 4G for my birthday/Christmas :)<br />
<br />
== Contact ==<br />
You can find me at:<br />
blackthund3rjailbreak [AT] gmail.com<br />
blackthund3rtesting [AT] gmail.com for product testing / feedback / beta feedback only<br />
christopher [AT] blackthund3r.co.uk<br />
http://www.blackthund3r.co.uk<br />
Twitter: [http://www.twitter.com/blackthund3r @blackthund3r]<br />
Hope that's enough!</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=User:Windows_Helpdesk&diff=12300User:Windows Helpdesk2010-11-07T07:59:02Z<p>Windows Helpdesk: </p>
<hr />
<div>== Who I am and what I do ==<br />
I own the website http://www.windowshelpdesk.co.uk and I also created the blackthund3r Dev Team. See http://www.blackthund3r.co.uk. I create tools for assisting the jailbreaking community as well as having fun with arbitrary code execution on my [[iPod touch 2G]] (MC Model) and learning how to create / boot custom ramdisks etc. I also want to one day understand how exploits such as the 0xA1 on (CBA to get full name :D) work and how I can send / implement them manually etc. I know loads but I'm fully aware there's loads more to come! I hope to at some point (when I can be asked!) learn ARM assembly and use IDA for something useful [http://www.lol.com LOL]. My real name is Christopher and I live in the UK<br />
<br />
I created the semi-tethered jailbreak called [[Snowst0rm]] Cloud (Windows port) but it is unfortunately broken due to kernel issues. I hope to release at some point open source to demonstrate how unsigned code execution can be gained on the ipt2G MC w/o [[0x2400 Segment Overflow|Pwnage 2]]<br />
/ [[Usb_control_msg(0xA1,1) Exploit]]<br />
<br />
I also wrote a few GUI tools in the hope they will help the lives of jailbreak devs everywhere. By far the most popular is [[Recovery Mode Controller]]. All can be downloaded from http://www.blackthund3r.co.uk<br />
[[Recovery Mode Controller]] - Easy putting into / getting out of recovery mode for all iDevices. It uses iPHUCWIN32 for entering and iTunnel for exiting unless you tell it to use libUSB. It was inspired by [[User:iH8sn0w|iH8sn0w's]] controller he depicts in his videos<br />
[[thund3rCrypt]] - GUI-based decryption of both [[IMG3 File Format|IMG3s]] (including Ramdisks) with [[xpwntool]] and Root Filesystems with [[VFDecrpyt]]<br />
== My Devices ==<br />
I currently own a jailbroken [[iPod touch 2G]] 8GB MC model (I used [[greenpois0n]] FTW and it's currently on [[iOS]] 4.1) but hope to get the iPod touch 4G for my birthday/Christmas :)<br />
<br />
== Contact ==<br />
You can find me at:<br />
blackthund3rjailbreak [AT] gmail.com<br />
blackthund3rtesting [AT] gmail.com for product testing / feedback / beta feedback only<br />
christopher [AT] blackthund3r.co.uk<br />
http://www.blackthund3r.co.uk<br />
Twitter: [http://www.twitter.com/blackthund3r @blackthund3r]<br />
Hope that's enough!</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=Talk:PwnPie&diff=12299Talk:PwnPie2010-11-07T07:41:57Z<p>Windows Helpdesk: </p>
<hr />
<div>Actually that app works. If anyone needs it, write now. If you are cba, bookmark the link. --[[User:Qwertyoruiop|Qwertyoruiop]] 21:22, 6 November 2010 (UTC)<br />
<br />
I really want to use it :) Shame I don't haz a Mac that can run greenpois0n :( [[User:Windows Helpdesk|blackthund3r]] 07:41, 7 November 2010 (UTC)</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=Talk:Usb_control_msg(0xA1,_1)_Exploit&diff=12046Talk:Usb control msg(0xA1, 1) Exploit2010-11-03T17:47:24Z<p>Windows Helpdesk: </p>
<hr />
<div>Is this even suppose to be here? :S<br />
<br />
[[User:Ih8sn0w|iH8sn0w]] 00:31, 21 September 2010 (UTC)<br />
:[[User:Pod2g|Pod2g]] posted it himself so I don't see much of a problem for it as it doesn't sound like it will work on new devices. --[[User:OMEGA_RAZER|OMEGA_RAZER]]<br />
<br />
So would this exploit lead to a tethered jailbreak or would it be untethered? --[[User:JacobVengeance|JacobVengeance]] 01:50, 21 September 2010 (UTC)<br />
<br />
:Tethered. This just allows unsigned code execution to be performed regardless of SHSH or model revision at the DFU/bootrom level. This is useful for redsn0w or blackra1n type hacks as they provide a quick and unclosable exploit to perform the actual jailbreak. Functionally, this replaces the need for sending 2.1.1 iBSS + iBEC to use Arm7Go or the 3.1.2 iBSS/iBEC (if that can even be done?) for that other USB control msg exploit in 3.1.2 iBoot. [[User:Iemit737|Iemit737]] 02:37, 21 September 2010 (UTC)<br />
<br />
the new bootrom ipod touch 2g where ipod touch 3g so will this exploit work on ipod3g and iphone 3gs --[[User:Liamchat|liamchat]] 14:51, 21 September 2010 (UTC)<br />
<br />
:I don't completely understand your question, but no, this exploit will work on nothing other than the 2nd generation iPod touch (and is not particularly big news, since we can already run unsigned code on the second gen touch). [[User:AriX|AriX]] 18:01, 21 September 2010 (UTC)<br />
<br />
[[User:Pod2g|Pod2g]] : I released this one because it's old devices only (Apple engineers already found and fixed it).<br />
The good thing about it, is that it's a way to execute unsigned assembly code easily ''in the context of the bootrom''.<br />
Researchers can use it to explore the bootrom, try things, etc. Also, maybe it could be useful for iDroid ?<br />
<br />
palz2015 : So could it be untethered using the exploit to run code that patches the kernel, and preform a userland-only jailbreak, just from DFU?<br />
<br />
no because the exploit will replace the rdisk with a pwnd one ( that will fail the check ) and cydia will need to know how to use the exploit but you can re inject apple's rdisk --[[User:Liamchat|liamchat]] 18:55, 27 September 2010 (UTC)<br />
: What are you talking about? Filesystem modification causes no problems, dropping in a dylib, adding a daemon for a userland jailbreak and changing FStab is a fully functional jailbreak. Also cydia does not have knowledge of how to use any exploit... [[User:Iemit737|Iemit737]] 21:19, 30 September 2010 (UTC)<br />
<br />
What is classified as a 'New Device'. Would an iPod Touch 2G with the 2nd revision of the S5L8720 bootrom be classified as a new device? --[[User:Ac3xx|ac3xx]] 17:44, 30 September 2010 (UTC)<br />
<br />
:The second revision of the touch 2G does have this exploit, but no devices after that. [[User:Iemit737|Iemit737]] 21:19, 30 September 2010 (UTC)<br />
<br />
But really, you could execute an unsigned ramdisk, have it patch the kernel at boot (so no recovery mode), and userland jailbreak. Untethered? --[[User:Palz|Palz]] 21:41, 30 September 2010 (UTC)<br />
:Where would this ramdisk come from that patches the kernel at boot?? Ramdisks only come from Recovery/DFU mode which is what SHAtter is all about. But if this ramdisk's purpose is just to drop in a dynamic library / binary you can convince iOS to execute that uses another userland exploit in some framework, then you would have an untethered jailbreak. [[User:Iemit737|Iemit737]] 21:46, 30 September 2010 (UTC)<br />
:You could do that. So long as you have an exploit (like this) and a payload, you can exploit, upload payload and then upload a pwned iBSS. Then, once in a pwned environment you can easily boot a pwned ramdisk with a userland jailbreak on it - no problem :) [[User:Windows Helpdesk|blackthund3r]] 06:14, 18 October 2010 (UTC)<br />
::Yeah, I mean use this, run the ramdisk, patch the kernel, it adds a daemon for jailbreame star or spirit to make it untethered. Like limera1n. --[[User:Palz|Palz]] 16:51, 18 October 2010 (UTC)<br />
:::Oh yes you can do that - no problem xD - wonder if you could install an AFC2 service with it? [[User:Windows Helpdesk|blackthund3r]] 17:47, 3 November 2010 (UTC)<br />
you don't need to [[IBoot-240.4]] and [[IBoot-240.5.1]] don't check [[SHSH]] so you can inject any copy of [[IBoot]] into the memory then run an old exploit to modify the kernel --[[User:Liamchat|liamchat]] 21:25, 18 October 2010 (UTC)<br />
<br />
Might sound like a n00by question but how do u actually use it?? Can I use iRecovery? Or compile something with GNU ARM? I want to work on AES decryption stuff but I can't seem to work it out :S can anybody make it a little less technical? Thanks for any help possible :P [[User:Windows Helpdesk|blackthund3r]] 17:39, 3 November 2010 (UTC)<br />
== Steaks4U? ==<br />
Is this the Steaks4U exploit pod2g mentioned on twitter? --[[User:Rekoil|Rekoil]] 14:43, 18 October 2010 (UTC)<br />
:Yes. Look at article's history, last two edits by him. -- [[User:Http|http]] 16:44, 18 October 2010 (UTC)</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=Talk:Usb_control_msg(0xA1,_1)_Exploit&diff=12045Talk:Usb control msg(0xA1, 1) Exploit2010-11-03T17:39:54Z<p>Windows Helpdesk: </p>
<hr />
<div>Is this even suppose to be here? :S<br />
<br />
[[User:Ih8sn0w|iH8sn0w]] 00:31, 21 September 2010 (UTC)<br />
:[[User:Pod2g|Pod2g]] posted it himself so I don't see much of a problem for it as it doesn't sound like it will work on new devices. --[[User:OMEGA_RAZER|OMEGA_RAZER]]<br />
<br />
So would this exploit lead to a tethered jailbreak or would it be untethered? --[[User:JacobVengeance|JacobVengeance]] 01:50, 21 September 2010 (UTC)<br />
<br />
:Tethered. This just allows unsigned code execution to be performed regardless of SHSH or model revision at the DFU/bootrom level. This is useful for redsn0w or blackra1n type hacks as they provide a quick and unclosable exploit to perform the actual jailbreak. Functionally, this replaces the need for sending 2.1.1 iBSS + iBEC to use Arm7Go or the 3.1.2 iBSS/iBEC (if that can even be done?) for that other USB control msg exploit in 3.1.2 iBoot. [[User:Iemit737|Iemit737]] 02:37, 21 September 2010 (UTC)<br />
<br />
the new bootrom ipod touch 2g where ipod touch 3g so will this exploit work on ipod3g and iphone 3gs --[[User:Liamchat|liamchat]] 14:51, 21 September 2010 (UTC)<br />
<br />
:I don't completely understand your question, but no, this exploit will work on nothing other than the 2nd generation iPod touch (and is not particularly big news, since we can already run unsigned code on the second gen touch). [[User:AriX|AriX]] 18:01, 21 September 2010 (UTC)<br />
<br />
[[User:Pod2g|Pod2g]] : I released this one because it's old devices only (Apple engineers already found and fixed it).<br />
The good thing about it, is that it's a way to execute unsigned assembly code easily ''in the context of the bootrom''.<br />
Researchers can use it to explore the bootrom, try things, etc. Also, maybe it could be useful for iDroid ?<br />
<br />
palz2015 : So could it be untethered using the exploit to run code that patches the kernel, and preform a userland-only jailbreak, just from DFU?<br />
<br />
no because the exploit will replace the rdisk with a pwnd one ( that will fail the check ) and cydia will need to know how to use the exploit but you can re inject apple's rdisk --[[User:Liamchat|liamchat]] 18:55, 27 September 2010 (UTC)<br />
: What are you talking about? Filesystem modification causes no problems, dropping in a dylib, adding a daemon for a userland jailbreak and changing FStab is a fully functional jailbreak. Also cydia does not have knowledge of how to use any exploit... [[User:Iemit737|Iemit737]] 21:19, 30 September 2010 (UTC)<br />
<br />
What is classified as a 'New Device'. Would an iPod Touch 2G with the 2nd revision of the S5L8720 bootrom be classified as a new device? --[[User:Ac3xx|ac3xx]] 17:44, 30 September 2010 (UTC)<br />
<br />
:The second revision of the touch 2G does have this exploit, but no devices after that. [[User:Iemit737|Iemit737]] 21:19, 30 September 2010 (UTC)<br />
<br />
But really, you could execute an unsigned ramdisk, have it patch the kernel at boot (so no recovery mode), and userland jailbreak. Untethered? --[[User:Palz|Palz]] 21:41, 30 September 2010 (UTC)<br />
:Where would this ramdisk come from that patches the kernel at boot?? Ramdisks only come from Recovery/DFU mode which is what SHAtter is all about. But if this ramdisk's purpose is just to drop in a dynamic library / binary you can convince iOS to execute that uses another userland exploit in some framework, then you would have an untethered jailbreak. [[User:Iemit737|Iemit737]] 21:46, 30 September 2010 (UTC)<br />
:You could do that. So long as you have an exploit (like this) and a payload, you can exploit, upload payload and then upload a pwned iBSS. Then, once in a pwned environment you can easily boot a pwned ramdisk with a userland jailbreak on it - no problem :) [[User:Windows Helpdesk|blackthund3r]] 06:14, 18 October 2010 (UTC)<br />
::Yeah, I mean use this, run the ramdisk, patch the kernel, it adds a daemon for jailbreame star or spirit to make it untethered. Like limera1n. --[[User:Palz|Palz]] 16:51, 18 October 2010 (UTC)<br />
you don't need to [[IBoot-240.4]] and [[IBoot-240.5.1]] don't check [[SHSH]] so you can inject any copy of [[IBoot]] into the memory then run an old exploit to modify the kernel --[[User:Liamchat|liamchat]] 21:25, 18 October 2010 (UTC)<br />
<br />
Might sound like a n00by question but how do u actually use it?? Can I use iRecovery? Or compile something with GNU ARM? I want to work on AES decryption stuff but I can't seem to work it out :S can anybody make it a little less technical? Thanks for any help possible :P [[User:Windows Helpdesk|blackthund3r]] 17:39, 3 November 2010 (UTC)<br />
== Steaks4U? ==<br />
Is this the Steaks4U exploit pod2g mentioned on twitter? --[[User:Rekoil|Rekoil]] 14:43, 18 October 2010 (UTC)<br />
:Yes. Look at article's history, last two edits by him. -- [[User:Http|http]] 16:44, 18 October 2010 (UTC)</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=SHSH&diff=10736SHSH2010-10-19T07:15:05Z<p>Windows Helpdesk: </p>
<hr />
<div>0x80 byte RSA signature of a firmware image.<br />
<br />
This often also refers to the backup file with the signature. This signature is needed to restore a specific firmware version. The signature is being created by Apple and is being generated based on some hardware keys of the device and the hash of the firmware. Using a [[wikipedia:replay attack|replay attack]], with the saved signature old firmware can be restored, although Apple doesn't issue the signatures anymore and therefore disallows installing older firmware. Therefore it is recommended to save the signature for your device as long as Apple issues it.<br />
<br />
To downgrade the firmware, simply change your hosts file to map any request to an Apple server to point to [[Saurik]]'s server instead, if your certificate is there. If you have the file yourself, run [[TinyUmbrella]] on your local machine.<br />
<br />
Not all devices have this check built in. Older devices allow installation of any correctly signed firmware, so no backup of the certificate is necessary. Devices that need Apple signatures are: [[N88ap|iPhone 3GS]], [[N90ap|iPhone 4]], [[N18ap|iPod touch 3G]], [[K48ap|iPad]], [[n81ap|iPod touch 4G]], [[K66ap|Apple TV 2G]]) (later 2010 model) and all newer devices. (Note that no versions of the [[iPod touch 2G]] requires SHSH blobs: even the 'MC' models). To restore to arbitrary versions of iOS 4.0, the SHSH is also needed for the [[N72ap|iPod touch 2G]] and [[N82ap|iPhone 3G]]. Not only does [[DFU Mode]] require the [[iBSS]]/[[iBEC]] files to be signed with an SHSH that includes the device's [[ECID]], but the normal boot-chain requires the [[LLB]] to be fully signed with an [[ECID]]+SHSH, so a downgrade [[IPSW File Format|IPSW]] is not possible without a bootrom exploit of normal boot-chain (e.g. [[0x24000 Segment Overflow]]). See also the [http://blog.iphone-dev.org/post/833937433 Dev Team Blog post] about this.<br />
<br />
With the tools mentioned below it is possible to backup the signature. It is not necessary that the device is jailbroken to do the backup. Usually the shsh signature file is stored on [[Saurik]]'s server. If it is stored there, then you can see in [[Cydia]] (on jailbroken devices) for which version a backup exists.<br />
<br />
Users usually make the mistake that (even if they understand all this) they think the shsh firmware version they backup depends on the firmware version they have installed on their device. It does NOT depend on the device which signature you can save - it only depends on which version Apple signs. And that depends on the date. For example in April 2010 you could only backup the certificate for firmware 3.1.3, even if you have still 3.1.2 installed on you phone. Here's a timeline:<br />
<br />
==Timeline==<br />
{| class="wikitable" style="text-align: center; width: auto; table-layout: fixed; border-collapse: collapse;" border="1"<br />
|-<br />
!width="50"| iOS<br />
!width="480"| for Device(s)<br />
!width="130"| From<br />
!width="130"| Until<br />
|-<br />
| 3.0<br />
| [[N88ap|iPhone 3GS]]<br />
| 19 June 2009<br />
| 9 September 2009<br />
|-<br />
| 3.0.1<br />
| [[N88ap|iPhone 3GS]]<br />
| 31 July 2009<br />
| 9 September 2009<br />
|-<br />
| 3.1<br />
| [[N88ap|iPhone 3GS]]<br />
| 9 September 2009<br />
| 8 October 2009<br />
|-<br />
| 3.1.1<br />
| [[N18ap|iPod touch 3G]]<br />
| 9 September 2009<br />
| 8 October 2009<br />
|-<br />
| 3.1.2<br />
| [[N88ap|iPhone 3GS]], [[N18ap|iPod touch 3G]]<br />
| 8 October 2009<br />
| 2 February 2010<br />
|-<br />
| 3.1.3<br />
| [[N88ap|iPhone 3GS]], [[N18ap|iPod touch 3G]]<br />
| 2 February 2010<br />
| 21 June 2010<br />
|-<br />
| 3.2<br />
| [[K48ap|iPad]]<br />
| 3 April 2010<br />
| 15 July 2010<br />
|-<br />
| 3.2.1<br />
| [[K48ap|iPad]]<br />
| 15 July 2010<br />
| 19 August 2010<br />
|-<br />
| 3.2.2<br />
| [[K48ap|iPad]]<br />
| 11 August 2010<br />
| {{yes|open}}<br />
|-<br />
| 4.0<br />
| [[N72ap|iPod touch 2G]]<br />
| 21 June 2010<br />
| 9 September 2010<br />
|-<br />
| 4.0<br />
| [[N18ap|iPod touch 3G]]<br />
| 21 June 2010<br />
| 19 August 2010<br />
|-<br />
| 4.0<br />
| [[N82ap|iPhone 3G]], [[N88ap|iPhone 3GS]]<br />
| 21 June 2010<br />
| 15 July 2010<br />
|-<br />
| 4.0<br />
| [[N90ap|iPhone 4]]<br />
| 24 June 2010<br />
| 15 July 2010<br />
|-<br />
| 4.0.1<br />
| [[N82ap|iPhone 3G]]<br />
| 15 July 2010<br />
| 9 September 2010<br />
|-<br />
| 4.0.1<br />
| [[N88ap|iPhone 3GS]], [[N90ap|iPhone 4]]<br />
| 15 July 2010<br />
| 19 August 2010<br />
|-<br />
| 4.0.2<br />
| [[N82ap|iPhone 3G]], [[N72ap|iPod touch 2G]]<br />
| 11 August 2010<br />
| 18 September 2010<!--Apple may have ceased signing earlier.--><br />
|-<br />
| 4.0.2<br />
| [[N88ap|iPhone 3GS]], [[N90ap|iPhone 4]], [[N18ap|iPod touch 3G]]<br />
| 11 August 2010<br />
| 9 September 2010<br />
|-<br />
| 4.1<br />
| [[N82ap|iPhone 3G]], [[N88ap|iPhone 3GS]], [[N90ap|iPhone 4]], [[N72ap|iPod touch 2G]], [[N18ap|iPod touch 3G]], [[N81ap|iPod touch 4G]]<br />
| 8 September 2010<br />
| {{yes|open}}<br />
|-<br />
| 4.1<br />
| [[K66ap|Apple TV 2G]]<br />
| 29 September 2010<br />
| {{yes|open}}<br />
|}<br />
<br />
==Protocol==<br />
To request a SHSH blob from Apple, a simple [[wikipedia:Hypertext Transfer Protocol|HTTP]] request can be made. For a full description, please see the separate article [[SHSH Protocol]].<br />
<br />
==Links and Tools==<br />
* [[TinyUmbrella]] requires Java installed<br />
* [http://www.saurik.com/id/12 Detailed background info from Saurik]<br />
<br />
[[Category:Firmware Tags]]<br />
[[Category:Firmware Parsing]]</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=SHSH&diff=10735SHSH2010-10-19T07:14:08Z<p>Windows Helpdesk: </p>
<hr />
<div>0x80 byte RSA signature of a firmware image.<br />
<br />
This often also refers to the backup file with the signature. This signature is needed to restore a specific firmware version. The signature is being created by Apple and is being generated based on some hardware keys of the device and the hash of the firmware. Using a [[wikipedia:replay attack|replay attack]], with the saved signature old firmware can be restored, although Apple doesn't issue the signatures anymore and therefore disallows installing older firmware. Therefore it is recommended to save the signature for your device as long as Apple issues it.<br />
<br />
To downgrade the firmware, simply change your hosts file to map any request to an Apple server to point to [[Saurik]]'s server instead, if your certificate is there. If you have the file yourself, run [[TinyUmbrella]] on your local machine.<br />
<br />
Not all devices have this check built in. Older devices allow installation of any correctly signed firmware, so no backup of the certificate is necessary. Devices that need Apple signatures are: [[N88ap|iPhone 3GS]], [[N90ap|iPhone 4]], [[N18ap|iPod touch 3G]], [[K48ap|iPad]], [[n81ap|iPod touch 4G]], [[K66AP|Apple TV 2G]]) (later 2010 model) and all newer devices. (Note that no versions of the [[iPod touch 2G]] requires SHSH blobs: even the 'MC' models). To restore to arbitrary versions of iOS 4.0, the SHSH is also needed for the [[N72ap|iPod touch 2G]] and [[N82ap|iPhone 3G]]. Not only does [[DFU Mode]] require the [[iBSS]]/[[iBEC]] files to be signed with an SHSH that includes the device's [[ECID]], but the normal boot-chain requires the [[LLB]] to be fully signed with an [[ECID]]+SHSH, so a downgrade [[IPSW File Format|IPSW]] is not possible without a bootrom exploit of normal boot-chain (e.g. [[0x24000 Segment Overflow]]). See also the [http://blog.iphone-dev.org/post/833937433 Dev Team Blog post] about this.<br />
<br />
With the tools mentioned below it is possible to backup the signature. It is not necessary that the device is jailbroken to do the backup. Usually the shsh signature file is stored on [[Saurik]]'s server. If it is stored there, then you can see in [[Cydia]] (on jailbroken devices) for which version a backup exists.<br />
<br />
Users usually make the mistake that (even if they understand all this) they think the shsh firmware version they backup depends on the firmware version they have installed on their device. It does NOT depend on the device which signature you can save - it only depends on which version Apple signs. And that depends on the date. For example in April 2010 you could only backup the certificate for firmware 3.1.3, even if you have still 3.1.2 installed on you phone. Here's a timeline:<br />
<br />
==Timeline==<br />
{| class="wikitable" style="text-align: center; width: auto; table-layout: fixed; border-collapse: collapse;" border="1"<br />
|-<br />
!width="50"| iOS<br />
!width="480"| for Device(s)<br />
!width="130"| From<br />
!width="130"| Until<br />
|-<br />
| 3.0<br />
| [[N88ap|iPhone 3GS]]<br />
| 19 June 2009<br />
| 9 September 2009<br />
|-<br />
| 3.0.1<br />
| [[N88ap|iPhone 3GS]]<br />
| 31 July 2009<br />
| 9 September 2009<br />
|-<br />
| 3.1<br />
| [[N88ap|iPhone 3GS]]<br />
| 9 September 2009<br />
| 8 October 2009<br />
|-<br />
| 3.1.1<br />
| [[N18ap|iPod touch 3G]]<br />
| 9 September 2009<br />
| 8 October 2009<br />
|-<br />
| 3.1.2<br />
| [[N88ap|iPhone 3GS]], [[N18ap|iPod touch 3G]]<br />
| 8 October 2009<br />
| 2 February 2010<br />
|-<br />
| 3.1.3<br />
| [[N88ap|iPhone 3GS]], [[N18ap|iPod touch 3G]]<br />
| 2 February 2010<br />
| 21 June 2010<br />
|-<br />
| 3.2<br />
| [[K48ap|iPad]]<br />
| 3 April 2010<br />
| 15 July 2010<br />
|-<br />
| 3.2.1<br />
| [[K48ap|iPad]]<br />
| 15 July 2010<br />
| 19 August 2010<br />
|-<br />
| 3.2.2<br />
| [[K48ap|iPad]]<br />
| 11 August 2010<br />
| {{yes|open}}<br />
|-<br />
| 4.0<br />
| [[N72ap|iPod touch 2G]]<br />
| 21 June 2010<br />
| 9 September 2010<br />
|-<br />
| 4.0<br />
| [[N18ap|iPod touch 3G]]<br />
| 21 June 2010<br />
| 19 August 2010<br />
|-<br />
| 4.0<br />
| [[N82ap|iPhone 3G]], [[N88ap|iPhone 3GS]]<br />
| 21 June 2010<br />
| 15 July 2010<br />
|-<br />
| 4.0<br />
| [[N90ap|iPhone 4]]<br />
| 24 June 2010<br />
| 15 July 2010<br />
|-<br />
| 4.0.1<br />
| [[N82ap|iPhone 3G]]<br />
| 15 July 2010<br />
| 9 September 2010<br />
|-<br />
| 4.0.1<br />
| [[N88ap|iPhone 3GS]], [[N90ap|iPhone 4]]<br />
| 15 July 2010<br />
| 19 August 2010<br />
|-<br />
| 4.0.2<br />
| [[N82ap|iPhone 3G]], [[N72ap|iPod touch 2G]]<br />
| 11 August 2010<br />
| 18 September 2010<!--Apple may have ceased signing earlier.--><br />
|-<br />
| 4.0.2<br />
| [[N88ap|iPhone 3GS]], [[N90ap|iPhone 4]], [[N18ap|iPod touch 3G]]<br />
| 11 August 2010<br />
| 9 September 2010<br />
|-<br />
| 4.1<br />
| [[N82ap|iPhone 3G]], [[N88ap|iPhone 3GS]], [[N90ap|iPhone 4]], [[N72ap|iPod touch 2G]], [[N18ap|iPod touch 3G]], [[N81ap|iPod touch 4G]]<br />
| 8 September 2010<br />
| {{yes|open}}<br />
|-<br />
| 4.1<br />
| [[K66ap|Apple TV 2G]]<br />
| 29 September 2010<br />
| {{yes|open}}<br />
|}<br />
<br />
==Protocol==<br />
To request a SHSH blob from Apple, a simple [[wikipedia:Hypertext Transfer Protocol|HTTP]] request can be made. For a full description, please see the separate article [[SHSH Protocol]].<br />
<br />
==Links and Tools==<br />
* [[TinyUmbrella]] requires Java installed<br />
* [http://www.saurik.com/id/12 Detailed background info from Saurik]<br />
<br />
[[Category:Firmware Tags]]<br />
[[Category:Firmware Parsing]]</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=SHSH&diff=10734SHSH2010-10-19T07:08:15Z<p>Windows Helpdesk: </p>
<hr />
<div>0x80 byte RSA signature of a firmware image.<br />
<br />
This often also refers to the backup file with the signature. This signature is needed to restore a specific firmware version. The signature is being created by Apple and is being generated based on some hardware keys of the device and the hash of the firmware. Using a [[wikipedia:replay attack|replay attack]], with the saved signature old firmware can be restored, although Apple doesn't issue the signatures anymore and therefore disallows installing older firmware. Therefore it is recommended to save the signature for your device as long as Apple issues it.<br />
<br />
To downgrade the firmware, simply change your hosts file to map any request to an Apple server to point to [[Saurik]]'s server instead, if your certificate is there. If you have the file yourself, run [[TinyUmbrella]] on your local machine.<br />
<br />
Not all devices have this check built in. Older devices allow installation of any correctly signed firmware, so no backup of the certificate is necessary. Devices that need Apple signatures are: [[N88ap|iPhone 3GS]], [[N90ap|iPhone 4]], [[N18ap|iPod touch 3G]], [[K48ap|iPad]], [[n81ap|iPod touch 4G]], [[Apple TV]] (From the late 2010 model onwards (2,1)) and all newer devices. (Note that no versions of the [[iPod touch 2G]] requires SHSH blobs: even the 'MC' models). To restore to arbitrary versions of iOS 4.0, the SHSH is also needed for the [[N72ap|iPod touch 2G]] and [[N82ap|iPhone 3G]]. Not only does [[DFU Mode]] require the [[iBSS]]/[[iBEC]] files to be signed with an SHSH that includes the device's [[ECID]], but the normal boot-chain requires the [[LLB]] to be fully signed with an [[ECID]]+SHSH, so a downgrade [[IPSW File Format|IPSW]] is not possible without a bootrom exploit of normal boot-chain (e.g. [[0x24000 Segment Overflow]]). See also the [http://blog.iphone-dev.org/post/833937433 Dev Team Blog post] about this.<br />
<br />
With the tools mentioned below it is possible to backup the signature. It is not necessary that the device is jailbroken to do the backup. Usually the shsh signature file is stored on [[Saurik]]'s server. If it is stored there, then you can see in [[Cydia]] (on jailbroken devices) for which version a backup exists.<br />
<br />
Users usually make the mistake that (even if they understand all this) they think the shsh firmware version they backup depends on the firmware version they have installed on their device. It does NOT depend on the device which signature you can save - it only depends on which version Apple signs. And that depends on the date. For example in April 2010 you could only backup the certificate for firmware 3.1.3, even if you have still 3.1.2 installed on you phone. Here's a timeline:<br />
<br />
==Timeline==<br />
{| class="wikitable" style="text-align: center; width: auto; table-layout: fixed; border-collapse: collapse;" border="1"<br />
|-<br />
!width="50"| iOS<br />
!width="480"| for Device(s)<br />
!width="130"| From<br />
!width="130"| Until<br />
|-<br />
| 3.0<br />
| [[N88ap|iPhone 3GS]]<br />
| 19 June 2009<br />
| 9 September 2009<br />
|-<br />
| 3.0.1<br />
| [[N88ap|iPhone 3GS]]<br />
| 31 July 2009<br />
| 9 September 2009<br />
|-<br />
| 3.1<br />
| [[N88ap|iPhone 3GS]]<br />
| 9 September 2009<br />
| 8 October 2009<br />
|-<br />
| 3.1.1<br />
| [[N18ap|iPod touch 3G]]<br />
| 9 September 2009<br />
| 8 October 2009<br />
|-<br />
| 3.1.2<br />
| [[N88ap|iPhone 3GS]], [[N18ap|iPod touch 3G]]<br />
| 8 October 2009<br />
| 2 February 2010<br />
|-<br />
| 3.1.3<br />
| [[N88ap|iPhone 3GS]], [[N18ap|iPod touch 3G]]<br />
| 2 February 2010<br />
| 21 June 2010<br />
|-<br />
| 3.2<br />
| [[K48ap|iPad]]<br />
| 3 April 2010<br />
| 15 July 2010<br />
|-<br />
| 3.2.1<br />
| [[K48ap|iPad]]<br />
| 15 July 2010<br />
| 19 August 2010<br />
|-<br />
| 3.2.2<br />
| [[K48ap|iPad]]<br />
| 11 August 2010<br />
| {{yes|open}}<br />
|-<br />
| 4.0<br />
| [[N72ap|iPod touch 2G]]<br />
| 21 June 2010<br />
| 9 September 2010<br />
|-<br />
| 4.0<br />
| [[N18ap|iPod touch 3G]]<br />
| 21 June 2010<br />
| 19 August 2010<br />
|-<br />
| 4.0<br />
| [[N82ap|iPhone 3G]], [[N88ap|iPhone 3GS]]<br />
| 21 June 2010<br />
| 15 July 2010<br />
|-<br />
| 4.0<br />
| [[N90ap|iPhone 4]]<br />
| 24 June 2010<br />
| 15 July 2010<br />
|-<br />
| 4.0.1<br />
| [[N82ap|iPhone 3G]]<br />
| 15 July 2010<br />
| 9 September 2010<br />
|-<br />
| 4.0.1<br />
| [[N88ap|iPhone 3GS]], [[N90ap|iPhone 4]]<br />
| 15 July 2010<br />
| 19 August 2010<br />
|-<br />
| 4.0.2<br />
| [[N82ap|iPhone 3G]], [[N72ap|iPod touch 2G]]<br />
| 11 August 2010<br />
| 18 September 2010<!--Apple may have ceased signing earlier.--><br />
|-<br />
| 4.0.2<br />
| [[N88ap|iPhone 3GS]], [[N90ap|iPhone 4]], [[N18ap|iPod touch 3G]]<br />
| 11 August 2010<br />
| 9 September 2010<br />
|-<br />
| 4.1<br />
| [[N82ap|iPhone 3G]], [[N88ap|iPhone 3GS]], [[N90ap|iPhone 4]], [[N72ap|iPod touch 2G]], [[N18ap|iPod touch 3G]], [[N81ap|iPod touch 4G]]<br />
| 8 September 2010<br />
| {{yes|open}}<br />
|-<br />
| 4.1<br />
| [[K66ap|Apple TV 2G]]<br />
| 29 September 2010<br />
| {{yes|open}}<br />
|}<br />
<br />
==Protocol==<br />
To request a SHSH blob from Apple, a simple [[wikipedia:Hypertext Transfer Protocol|HTTP]] request can be made. For a full description, please see the separate article [[SHSH Protocol]].<br />
<br />
==Links and Tools==<br />
* [[TinyUmbrella]] requires Java installed<br />
* [http://www.saurik.com/id/12 Detailed background info from Saurik]<br />
<br />
[[Category:Firmware Tags]]<br />
[[Category:Firmware Parsing]]</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=User:Windows_Helpdesk&diff=10723User:Windows Helpdesk2010-10-18T16:54:25Z<p>Windows Helpdesk: </p>
<hr />
<div>== Who I am and what I do ==<br />
I own the website http://www.windowshelpdesk.co.uk and I also created the blackthund3r Dev Team. See http://www.blackthund3r.co.uk. I create tools for assisting the jailbreaking community as well as having fun with arbitrary code execution on my [[iPod touch 2G]] (MC Models) and learning how to create / boot custom ramdisks etc. I also want to one day understand how exploits such as the 0xA1 on (CBA to get full name :D) work and how I can send / implement them manually etc. I know loads but I'm fully aware there's loads more to come! I hope to at some point (when I can be asked!) learn ARM assembly and use IDA for something useful [http://www.lol.com LOL]. My real name is Christopher and I live in the UK<br />
<br />
== My Devices ==<br />
I currently own a jailbroken [[iPod touch 2G]] 8GB MC model (I used [[greenpois0n]] FTW) but hope to get the iPod touch 4G for my birthday/Christmas :)<br />
<br />
== Contact ==<br />
You can find me at:<br />
blackthund3rjailbreak [AT] gmail.com<br />
blackthund3rtesting [AT] gmail.com for product testing only<br />
christopher [AT] blackthund3r.co.uk<br />
http://www.blackthund3r.co.uk<br />
Twitter: [http://www.twitter.com/blackthund3r @blackthund3r]<br />
Hope that's enough!</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=Talk:Usb_control_msg(0xA1,_1)_Exploit&diff=10703Talk:Usb control msg(0xA1, 1) Exploit2010-10-18T06:14:20Z<p>Windows Helpdesk: </p>
<hr />
<div>Is this even suppose to be here? :S<br />
<br />
[[User:Ih8sn0w|iH8sn0w]] 00:31, 21 September 2010 (UTC)<br />
:[[User:Pod2g|Pod2g]] posted it himself so I don't see much of a problem for it as it doesn't sound like it will work on new devices. --[[User:OMEGA_RAZER|OMEGA_RAZER]]<br />
<br />
So would this exploit lead to a tethered jailbreak or would it be untethered? --[[User:JacobVengeance|JacobVengeance]] 01:50, 21 September 2010 (UTC)<br />
<br />
:Tethered. This just allows unsigned code execution to be performed regardless of SHSH or model revision at the DFU/bootrom level. This is useful for redsn0w or blackra1n type hacks as they provide a quick and unclosable exploit to perform the actual jailbreak. Functionally, this replaces the need for sending 2.1.1 iBSS + iBEC to use Arm7Go or the 3.1.2 iBSS/iBEC (if that can even be done?) for that other USB control msg exploit in 3.1.2 iBoot. [[User:Iemit737|Iemit737]] 02:37, 21 September 2010 (UTC)<br />
<br />
the new bootrom ipod touch 2g where ipod touch 3g so will this exploit work on ipod3g and iphone 3gs --[[User:Liamchat|liamchat]] 14:51, 21 September 2010 (UTC)<br />
<br />
:I don't completely understand your question, but no, this exploit will work on nothing other than the 2nd generation iPod touch (and is not particularly big news, since we can already run unsigned code on the second gen touch). [[User:AriX|AriX]] 18:01, 21 September 2010 (UTC)<br />
<br />
[[User:Pod2g|Pod2g]] : I released this one because it's old devices only (Apple engineers already found and fixed it).<br />
The good thing about it, is that it's a way to execute unsigned assembly code easily ''in the context of the bootrom''.<br />
Researchers can use it to explore the bootrom, try things, etc. Also, maybe it could be useful for iDroid ?<br />
<br />
palz2015 : So could it be untethered using the exploit to run code that patches the kernel, and preform a userland-only jailbreak, just from DFU?<br />
<br />
no because the exploit will replace the rdisk with a pwnd one ( that will fail the check ) and cydia will need to know how to use the exploit but you can re inject apple's rdisk --[[User:Liamchat|liamchat]] 18:55, 27 September 2010 (UTC)<br />
: What are you talking about? Filesystem modification causes no problems, dropping in a dylib, adding a daemon for a userland jailbreak and changing FStab is a fully functional jailbreak. Also cydia does not have knowledge of how to use any exploit... [[User:Iemit737|Iemit737]] 21:19, 30 September 2010 (UTC)<br />
<br />
What is classified as a 'New Device'. Would an iPod Touch 2G with the 2nd revision of the S5L8720 bootrom be classified as a new device? --[[User:Ac3xx|ac3xx]] 17:44, 30 September 2010 (UTC)<br />
<br />
:The second revision of the touch 2G does have this exploit, but no devices after that. [[User:Iemit737|Iemit737]] 21:19, 30 September 2010 (UTC)<br />
<br />
But really, you could execute an unsigned ramdisk, have it patch the kernel at boot (so no recovery mode), and userland jailbreak. Untethered? --[[User:Palz|Palz]] 21:41, 30 September 2010 (UTC)<br />
:Where would this ramdisk come from that patches the kernel at boot?? Ramdisks only come from Recovery/DFU mode which is what SHAtter is all about. But if this ramdisk's purpose is just to drop in a dynamic library / binary you can convince iOS to execute that uses another userland exploit in some framework, then you would have an untethered jailbreak. [[User:Iemit737|Iemit737]] 21:46, 30 September 2010 (UTC)<br />
:You could do that. So long as you have an exploit (like this) and a payload, you can exploit, upload payload and then upload a pwned iBSS. Then, once in a pwned environment you can easily boot a pwned ramdisk with a userland jailbreak on it - no problem :) [[User:Windows Helpdesk|blackthund3r]] 06:14, 18 October 2010 (UTC)</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=Talk:Malformed_CFF_Vulnerability&diff=10488Talk:Malformed CFF Vulnerability2010-10-12T05:45:56Z<p>Windows Helpdesk: </p>
<hr />
<div>==New name?==<br />
I'm not a fan of the article's name, as it somewhat implies that the vulnerability involves the PDF parser, so I was thinking about renaming the article. Does anyone else agree? If so, are there any name suggestions? I'm partial to "Malformed CFF Font Vulnerability." --[[User:Dialexio|<span style="color:#C20; font-weight:normal;">Dialexio</span>]] 03:40, 12 October 2010 (UTC)<br />
<br />
I agree as this is misleading. Or even just "Safari CFF Font Stack Overflow".<br />
<br />
How about using 'Malformed CFF Font Vulnerability' and keep this page an a redirect? And we need to make sure it is listed all over the wiki or nobody will find it! It's quite a name :D [[User:Windows Helpdesk|blackthund3r]] 05:45, 12 October 2010 (UTC)</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=Greenpois0n_(jailbreak)&diff=10233Greenpois0n (jailbreak)2010-10-09T06:41:50Z<p>Windows Helpdesk: </p>
<hr />
<div>Greenpois0n is a cross-platform hacker toolkit that helps users to find their own exploits for jailbreaks, write custom ramdisks, and create custom firmwares. <br />
<br />
== Current Toolset ==<br />
<br />
*[http://github.com/chronicdev/cyanide GreenPois0n Cyanide]: [[iBoot]] payload toolkit to help developers discover new vulnerabilities and design super fast, low-level iBoot jailbreaks and exploit payloads, much like the way [[blackra1n]]/[[purplera1n]] works.<br />
<br />
*[http://github.com/chronicdev/libdioxin GreenPois0n Dioxin]: MobileDevice toolkit designed to help developers design awesome userland jailbreaks, like how [[Spirit]] works.<br />
<br />
*[http://github.com/chronicdev/anthrax GreenPois0n Anthrax]: iPhone ramdisk toolkit to help developers design extremely stable and portable ramdisk jailbreaks, much like the same way [[QuickPwn]]/[[redsn0w]] works.<br />
<br />
*[http://github.com/chronicdev/arsenic GreenPois0n Arsenic]: custom firmware toolkit to help developers design jailbreaks to help preserve [[Baseband Firmware|baseband]] and keep unlocks, much in the same way [[PwnageTool]]/[[sn0wbreeze]] works.<br />
<br />
==Jailbreak Tool==<br />
<br />
Greenpos0n is also a jailbreak tool using the [[SHAtter]] exploit and a userland exploit provided by [[Comex]]. Some known facts are:<br />
<br />
* The SHAtter exploit is a tethered jailbreak, but is being combined with a userland exploit from [[Comex]] to make it untethered<br />
<br />
* ONLY works on devices that have Apple's A4 processor<br />
<br />
* Release date 10/10/10<br />
<br />
* Most likely there won't be a 4.1 baseband unlock</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=Limera1n&diff=10232Limera1n2010-10-09T06:36:39Z<p>Windows Helpdesk: </p>
<hr />
<div>== Background Information ==<br />
Limera1n is a jailbreak by [[User:Geohot|geohot]]. It is presumed to be untethered on all supported devices, which include the following (but aren't necessarily limited to):<br />
* [[N88ap|iPhone 3GS]]<br />
* [[N90ap|iPhone 4]]<br />
* [[N72ap|iPod touch 2G]] ([[iBoot-240.5.1|new bootrom]])<br />
* [[N18ap|iPod touch 3G]]<br />
* [[N81ap|iPod touch 4G]]<br />
* [[K48ap|iPad]]<br />
* Any other [[iOS]] device released thus far (though support for the AppleTV is negligible and hasn't been clarified)<br />
<br />
It has been demonstrated multiple times by geohot, using blog posts on his now private blog. Geohot showed off a high-res picture of Cydia on an iPhone 4. [http://1.bp.blogspot.com/_NJ4JFBfr1tY/TDgkAsTQEmI/AAAAAAAAAcw/ZNHDxMNNL4Y/s1600/iphone4.png] He displayed an [[untethered jailbreak]] that met MuscleNerd's requirements for a good video on the iPod touch 3G. [http://www.youtube.com/watch?v=__TR86PLiHw] In addition, he demonstrated Cydia, blackra1n, and a verbose boot on an iPad (before Spirit was released). [http://4.bp.blogspot.com/_NJ4JFBfr1tY/S7_OvGMqJMI/AAAAAAAAAcE/R5WLrCizGw0/s1600/ipad_jb.jpg]<br />
<br />
== Technical Information ==<br />
* This does not use [[SHAtter]].<br />
* This uses a [[bootrom]] exploit (different to the [[greenpois0n]] one) to achieve the tethered jailbreak and unsigned code execution<br />
* This also uses the same userland exploit discovered independently by [[User:comex|comex]]<br />
* [[Chronic Dev (team)|Chronic Dev]] knows about this exploit and has confirmed its legitimacy<br />
<br />
== Controversy ==<br />
The timing impact of this jailbreak release will have major negative consequences on everyone, especially since this jailbreak IS patchable. If this jailbreak is released, the holes used in it might be needlessly burned, seeing as how [[greenpois0n]] is expected to be released the day before limera1n. <br />
* Limera1n will reportedly not affect greenpois0n's release. [http://twitter.com/chronicdevteam/status/26794756189]<br />
* Limera1n is probably only being released to pressure chronic dev into using the exploit in greenpois0n. [http://twitter.com/p0sixninja/status/26795401167]<br />
* The [[Chronic Dev (team)|Chronic Dev Team]] are working extremely hard to implement [[User:geohot|geohot's]] limera1n exploit before the [[greenpois0n]] release date, though it will probably not use that exploit because timing is tight. limera1n is due to be released on Monday anyway burning two [[bootrom]] exploits in the same number of days<br />
<br />
== External Links ==<br />
* [http://loadingchanges.com/wp-content/uploads/2010/10/limetime.jpg Picture of limera1n in action]<br />
* http://limera1n.com/<br />
* http://theiphonewiki.com/limera1n (cached copy)<br />
* [http://www.twitlonger.com/show/6d31jr Info from cdevwill]</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=NitroKey&diff=9948NitroKey2010-10-05T21:02:12Z<p>Windows Helpdesk: Undo revision 9946 by Dialexio (Talk)</p>
<hr />
<div>[[NitroKey]] was a product released in late February of 2009, by the company "NitroKey," in order to aid those with a tethered jailbroken [[N72ap|iPod touch 2G]] to boot their iPods. It consisted of a small dongle that looked EXACTLY like the end of an iPod cable, with no cord on it. The product was being sold for an outrageous price of $55.00 to those unfortunate enough to have made the decision to purchase one, as it went obsolete not two weeks after its release.<br />
<br />
They also released a '''stolen''' version of the [[0x24000 Segment Overflow]], the vulnerability that the untethered [[N72ap|iPod Touch 2G]] jailbreak uses, giving Apple enough time to fix the [[N18ap|iPod Touch 3G]] so that it CAN NOT be directly jailbroken from its release. In addition, NitroKey's irresponsible handling gave Apple enough time to add the [[ECID]] tag to the [[IMG3 File Format]] in the [[N88AP|iPhone 3GS]], preventing a permanent untethered [[jailbreak]] without a new [[iBoot]] exploit in every firmware.<br />
<br />
NitroKey has also leaked [[AT+FNS]], a [[baseband]] hole which was meant to be kept secret. [http://nitrokey.com/Hash.html] The hash was posted by NitroKey one day after [[User:Oranav|Oranav]] found and shared the exploit with the [[iPhone Dev Team]], making things very suspicious. Apple has now patched the hole, needlessly burning an exploit that could have been used as an unlock vector for a future firmware.<br />
<br />
May the thieving bastards of NitroKey burn in hell for all eternity. Their selfish leaks have done nothing short of hold the entire Jailbreak community backwards in the name of pure selfish desires. For this, the actions of NitroKey are condemned, with the suggestion they exercise sincere moral introspection before continuing their inconsiderate and obtuse line of action.<br />
The Jailbreak community has always kept the interests of the public and developers as the foremost topic on their agenda. NitroKey stand as a damning symbol against this, and for these reasons, we ask you all to stand with us and shout: '''SCREW NITROKEY'''.</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=/Applications&diff=9821/Applications2010-10-02T07:21:50Z<p>Windows Helpdesk: </p>
<hr />
<div>== Summary ==<br />
This is where all of the main, non-[[App Store]] applications are stored. [[Cydia]] will move this directory to the user partition and create a symlink to it.<br />
/Applications --> /var/stash/Applications.*****<br />
<br />
NOTE: In the title, the asterisks represent randomly generated characters that are generated when the folder is created and symlinked<br />
<br />
== Children ==<br />
This directory typically contains only application bundles.<br />
<br />
*Folders<br />
**[[/var/stash/Applications.*****/AdSheet.app|AdSheet.app]] (Hidden app for iAds to be displayed)<br />
**[[/var/stash/Applications.*****/AppStore.app|AppStore.app]] (Apple AppStore for downloading Apps)<br />
**[[/var/stash/Applications.*****/Calculator.app|Calculator.app]] (Calculator)<br />
**[[/var/stash/Applications.*****/Compass.app|Compass.app]] (Compass - [[iPhone 3GS]] and [[iPhone 4]] only)<br />
**[[/var/stash/Applications.*****/Contacts.app|Contacts.app]] (Contacts)<br />
**[[/var/stash/Applications.*****/DemoApp.app|DemoApp.app]] (Displays a video continuously when the device is not being used. Invoke by putting a file called demo.mov in (I think; can this be checked) [[/var/root]] - used by Apple Stores)<br />
**[[/var/stash/Applications.*****/GameCenter~iphone.app|GameCenter~iphone.app]] (Game Center (This is the same folder on [[N81ap|iPod touch 4g]]))<br />
**[[/var/stash/Applications.*****/iOS Diagnostics.app|iOS Diagnostics]] (this can be accessed through Safari; just type diags:// into the URL bar.)<br />
**[[/var/stash/Applications.*****/iPodOut.app|iPodOut.app]] (Hidden app for iPodOut functionality)<br />
**[[/var/stash/Applications.*****/Maps.app|Maps.app]] (Maps)<br />
**[[/var/stash/Applications.*****/MobileCal.app|MobileCal.app]] (Calander)<br />
**[[/var/stash/Applications.*****/MobileMail.app|MobileMail.app]] (Mail)<br />
**[[/var/stash/Applications.*****/MobileMusicPlayer.app|MobileMusicPlayer.app]] (Music)<br />
**[[/var/stash/Applications.*****/MobileNotes.app|MobileNotes.app]] (Notes)<br />
**[[/var/stash/Applications.*****/MobilePhone.app|MobilePhone.app]] (iPod touch 4G has this - for FaceTime)<br />
**[[/var/stash/Applications.*****/MobileSafari.app|MobileSafari.app]] (Safari)<br />
**[[/var/stash/Applications.*****/MobileSlideShow.app|MobileSlideShow.app]] (Photos and Camera)<br />
**[[/var/stash/Applications.*****/MobileSMS.app|MobileSMS.app]] (Messages<br />
**[[/var/stash/Applications.*****/MobileStore.app|MobileStore.app]] (iTunes Store)<br />
**[[/var/stash/Applications.*****/MobileTimer.app|MobileTimer.app]] (Clock app)<br />
**[[/var/stash/Applications.*****/Nike.app|Nike.app]] (Nike+iPod)<br />
**[[/var/stash/Applications.*****/Preferences.app|Preferences.app]] (Settings)<br />
**[[/var/stash/Applications.*****/Stocks.app|Stocks.app]] (Stocks)<br />
**[[/var/stash/Applications.*****/TrustMe.app|TrustMe.app]] (Used for visiting webpages with https protocol)<br />
**[[/var/stash/Applications.*****/VoiceMemos.app|VoiceMemos.app]] (Voice Memos)<br />
**[[/var/stash/Applications.*****/Weather.app|Weather.app]] (Weather)<br />
**[[/var/stash/Applications.*****/Web.app|Web.app]] (unknown hidden app)<br />
**[[/var/stash/Applications.*****/WebSheet.app|WebSheet.app]] (Used for overlaying web data. Usually for logging in to WiFi Hotspots in Preferences.app)<br />
**[[/var/stash/Applications.*****/YouTube.app|YouTube.app]] (YouTube)<br />
<br />
== Parents ==<br />
[[/]] (Symlinked)<br />
[[/var/stash]]</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=/Applications&diff=9820/Applications2010-10-02T07:21:12Z<p>Windows Helpdesk: </p>
<hr />
<div>== Summary ==<br />
This is where all of the main, non-[[App Store]] applications are stored. [[Cydia]] will move this directory to the user partition and create a symlink to it.<br />
/Applications --> /var/stash/Applications.*****<br />
<br />
NOTE: In the title, the asterisks represent randomly generated characters that are generated when the folder is created and symlinked<br />
<br />
== Children ==<br />
This directory typically contains only application bundles.<br />
<br />
*Folders<br />
**[[/var/stash/Applications.*****/AdSheet.app|AdSheet.app]] (Hidden app for iAds to be displayed)<br />
**[[/var/stash/Applications.*****/AppStore.app|AppStore.app]] (Apple AppStore for downloading Apps)<br />
**[[/var/stash/Applications.*****/Calculator.app|Calculator.app]] (Calculator)<br />
**[[/var/stash/Applications.*****/Compass.app|Compass.app]] (Compass - [[iPhone 3GS]] and [[iPhone 4]] only)<br />
**[[/var/stash/Applications.*****/Contacts.app|Contacts.app]] (Contacts)<br />
**[[/var/stash/Applications.*****/DemoApp.app|DemoApp.app]] (Displays a video continuously when the device is not being used. Invoke by putting a file called demo.mov in (I think; can this be checked) [[/var/root]] - used by Apple Stores)<br />
**[[/var/stash/Applications.*****/GameCenter~iphone.app|GameCenter~iphone.app]] (Game Center (This is the same folder on [[N81ap|iPod touch 4g]]))<br />
**[[/var/stash/Applications.*****/iOS Diagnostics.app|iOS Diagnostics]] (this can be accessed through Safari; just type diags:// into the URL bar.)<br />
**[[/var/stash/Applications.*****/iPodOut.app|iPodOut.app]] (Hidden app for iPodOut functionality)<br />
**[[/var/stash/Applications.*****/Maps.app|Maps.app]] (Maps)<br />
**[[/var/stash/Applications.*****/MobileCal.app|MobileCal.app]] (Calander)<br />
**[[/var/stash/Applications.*****/MobileMail.app|MobileMail.app]] (Mail)<br />
**[[/var/stash/Applications.*****/MobileMusicPlayer.app|MobileMusicPlayer.app]] (Music)<br />
**[[/var/stash/Applications.*****/MobileNotes.app|MobileNotes.app]] (Notes)<br />
**[[/var/stash/Applications.*****/MobilePhone.app|MobilePhone.app]] (iPod touch 4G has this - for FaceTime)<br />
**[[/var/stash/Applications.*****/MobileSafari.app|MobileSafari.app]] (Safari)<br />
**[[/var/stash/Applications.*****/MobileSlideShow.app|MobileSlideShow.app]] (Photos and Camera)<br />
**[[/var/stash/Applications.*****/MobileSMS.app|MobileSMS.app]] (Messages<br />
**[[/var/stash/Applications.*****/MobileStore.app|MobileStore.app]] (iTunes Store)<br />
**[[/var/stash/Applications.*****/MobileTimer.app|MobileTimer.app]] (Clock app)<br />
**[[/var/stash/Applications.*****/Nike.app|Nike.app]] (Nike+iPod)<br />
**[[/var/stash/Applications.*****/Preferences.app|Preferances.app]] (Settings)<br />
**[[/var/stash/Applications.*****/Stocks.app|Stocks.app]] (Stocks)<br />
**[[/var/stash/Applications.*****/TrustMe.app|TrustMe.app]] (Used for visiting webpages with https protocol)<br />
**[[/var/stash/Applications.*****/VoiceMemos.app|VoiceMemos.app]] (Voice Memos)<br />
**[[/var/stash/Applications.*****/Weather.app|Weather.app]] (Weather)<br />
**[[/var/stash/Applications.*****/Web.app|Web.app]] (unknown hidden app)<br />
**[[/var/stash/Applications.*****/WebSheet.app|WebSheet.app]] (Used for overlaying web data. Usually for logging in to WiFi Hotspots in Preferences.app)<br />
**[[/var/stash/Applications.*****/YouTube.app|YouTube.app]] (YouTube)<br />
<br />
== Parents ==<br />
[[/]] (Symlinked)<br />
[[/var/stash]]</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=/Applications&diff=9819/Applications2010-10-02T07:18:49Z<p>Windows Helpdesk: </p>
<hr />
<div>== Summary ==<br />
This is where all of the main, non-[[App Store]] applications are stored. [[Cydia]] will move this directory to the user partition and create a symlink to it.<br />
/Applications --> /var/stash/Applications.*****<br />
<br />
NOTE: In the title, the asterisks represent randomly generated characters that are generated when the folder is created and symlinked<br />
<br />
== Children ==<br />
This directory typically contains only application bundles.<br />
<br />
*Folders<br />
**[[/var/stash/Applications.*****/AdSheet.app|AdSheet.app]] (Hidden app for iAds to be displayed)<br />
**[[/var/stash/Applications.*****/AppStore.app|AppStore.app]] (Apple AppStore for downloading Apps)<br />
**[[/var/stash/Applications.*****/Calculator.app|Calculator.app]] (Calculator)<br />
**[[/var/stash/Applications.*****/Compass.app|Compass.app]] (Compass - [[iPhone 3GS]] and [[iPhone 4]] only)<br />
**[[/var/stash/Applications.*****/Contacts.app|Contacts.app]] (Contacts)<br />
**[[/var/stash/Applications.*****/DemoApp.app|DemoApp.app]] (Demo App - Does nothing, can be found without spotlight search)<br />
**[[/var/stash/Applications.*****/GameCenter~iphone.app|GameCenter~iphone.app]] (Game Center (This is the same folder on [[N81ap|iPod touch 4g]]))<br />
**[[/var/stash/Applications.*****/iOS Diagnostics.app|iOS Diagnostics]] (this can be accessed through Safari; just type diags:// into the URL bar.)<br />
**[[/var/stash/Applications.*****/iPodOut.app|iPodOut.app]] (Hidden app for iPodOut functionality)<br />
**[[/var/stash/Applications.*****/Maps.app|Maps.app]] (Maps)<br />
**[[/var/stash/Applications.*****/MobileCal.app|MobileCal.app]] (Calander)<br />
**[[/var/stash/Applications.*****/MobileMail.app|MobileMail.app]] (Mail)<br />
**[[/var/stash/Applications.*****/MobileMusicPlayer.app|MobileMusicPlayer.app]] (Music)<br />
**[[/var/stash/Applications.*****/MobileNotes.app|MobileNotes.app]] (Notes)<br />
**[[/var/stash/Applications.*****/MobilePhone.app|MobilePhone.app]] (iPod touch 4G has this - for FaceTime)<br />
**[[/var/stash/Applications.*****/MobileSafari.app|MobileSafari.app]] (Safari)<br />
**[[/var/stash/Applications.*****/MobileSlideShow.app|MobileSlideShow.app]] (Photos and Camera)<br />
**[[/var/stash/Applications.*****/MobileSMS.app|MobileSMS.app]] (Messages<br />
**[[/var/stash/Applications.*****/MobileStore.app|MobileStore.app]] (iTunes Store)<br />
**[[/var/stash/Applications.*****/MobileTimer.app|MobileTimer.app]] (Clock app)<br />
**[[/var/stash/Applications.*****/Nike.app|Nike.app]] (Nike+iPod)<br />
**[[/var/stash/Applications.*****/Preferences.app|Preferances.app]] (Settings)<br />
**[[/var/stash/Applications.*****/Stocks.app|Stocks.app]] (Stocks)<br />
**[[/var/stash/Applications.*****/TrustMe.app|TrustMe.app]] (Used for visiting webpages with https protocol)<br />
**[[/var/stash/Applications.*****/VoiceMemos.app|VoiceMemos.app]] (Voice Memos)<br />
**[[/var/stash/Applications.*****/Weather.app|Weather.app]] (Weather)<br />
**[[/var/stash/Applications.*****/Web.app|Web.app]] (unknown hidden app)<br />
**[[/var/stash/Applications.*****/WebSheet.app|WebSheet.app]] (Used for overlaying web data. Usually for logging in to WiFi Hotspots in Preferences.app)<br />
**[[/var/stash/Applications.*****/YouTube.app|YouTube.app]] (YouTube)<br />
<br />
== Parents ==<br />
[[/]] (Symlinked)<br />
[[/var/stash]]</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=/Applications&diff=9818/Applications2010-10-02T07:18:07Z<p>Windows Helpdesk: </p>
<hr />
<div>== Summary ==<br />
This is where all of the main, non-[[App Store]] applications are stored. [[Cydia]] will move this directory to the user partition and create a symlink to it.<br />
/Applications --> /var/stash/Applications.*****<br />
<br />
NOTE: In the title, the asterisks represent randomly generated characters that are generated when the folder is created and symlinked<br />
<br />
== Children ==<br />
This directory typically contains only application bundles.<br />
<br />
*Folders<br />
**[[/var/stash/Applications.*****/AdSheet.app|AdSheet.app]] (Hidden app for iAds to be displayed)<br />
**[[/var/stash/Applications.*****/AppStore.app|AppStore.app]] (Apple AppStore for downloading Apps)<br />
**[[/var/stash/Applications.*****/Calculator.app|Calculator.app]] (Calculator)<br />
**[[/var/stash/Applications.*****/Compass.app|Compass.app]] (Compass - [[iPhone 3GS]] and [[iPhone 4]] only)<br />
**[[/var/stash/Applications.*****/Contacts.app|Contacts.app]] (Contacts)<br />
**[[/var/stash/Applications.*****/DemoApp.app|DemoApp.app]] (Demo App - Does nothing, can be found without spotlight search)<br />
**[[/var/stash/Applications.*****/GameCenter~iphone.app|GameCenter~iphone.app]] (Game Center (This is the same folder on [[N81ap|iPod touch 4g]]))<br />
**[[/var/stash/Applications.*****/iOS Diagnostics.app|iOS Diagnostics]] (this can be accessed through Safari; just type diags:// into the URL bar.)<br />
**[[/var/stash/Applications.*****/iPodOut.app|iPodOut.app]] (Hidden app for iPodOut functionality)<br />
**[[/var/stash/Applications.*****/Maps.app|Maps.app]] (Maps)<br />
**[[/var/stash/Applications.*****/MobileCal.app|MobileCal.app]] (Calander)<br />
**[[/var/stash/Applications.*****/MobileMail.app|MobileMail.app]] (Mail)<br />
**[[/var/stash/Applications.*****/MobileMusicPlayer.app|MobileMusicPlayer.app]] (Music)<br />
**[[/var/stash/Applications.*****/MobileNotes.app|MobileNotes.app]] (Notes)<br />
**[[/var/stash/Applications.*****/MobilePhone.app|MobilePhone.app]] (iPod touch 4G has this - for FaceTime)<br />
**[[/var/stash/Applications.*****/MobileSafari.app|MobileSafari.app]] (Safari)<br />
**[[/var/stash/Applications.*****/MobileSlideShow.app|MobileSlideShow.app]] (Photos and Camera)<br />
**[[/var/stash/Applications.*****/MobileSMS.app|MobileSMS.app]] (Messages<br />
**[[/var/stash/Applications.*****/MobileStore.app|MobileStore.app]] (iTunes Store)<br />
**[[/var/stash/Applications.*****/MobileTimer.app|MobileTimer.app]] (Clock app)<br />
**[[/var/stash/Applications.*****/Nike.app|Nike.app]] (Nike+iPod)<br />
**[[/var/stash/Applications.*****/Preferances.app|Preferances]] (Settings)<br />
**[[/var/stash/Applications.*****/Stocks.app|Stocks.app]] (Stocks)<br />
**[[/var/stash/Applications.*****/TrustMe.app|TrustMe.app]] (Used for visiting webpages with https protocol)<br />
**[[/var/stash/Applications.*****/VoiceMemos.app|VoiceMemos.app]] (Voice Memos)<br />
**[[/var/stash/Applications.*****/Weather.app|Weather.app]] (Weather)<br />
**[[/var/stash/Applications.*****/Web.app|Web.app]] (unknown hidden app)<br />
**[[/var/stash/Applications.*****/WebSheet.app|WebSheet.app]] (Used for overlaying web data. Usually for logging in to WiFi Hotspots in Preferences.app)<br />
**[[/var/stash/Applications.*****/YouTube.app|YouTube.app]] (YouTube)<br />
<br />
== Parents ==<br />
[[/]] (Symlinked)<br />
[[/var/stash]]</div>Windows Helpdeskhttps://www.theiphonewiki.com/w/index.php?title=/Applications&diff=9800/Applications2010-10-01T19:54:22Z<p>Windows Helpdesk: </p>
<hr />
<div>== Summary ==<br />
This is where all of the main, non-[[App Store]] applications are stored. [[Cydia]] will move this directory to the user partition and create a symlink to it.<br />
/Applications --> /var/stash/Applications.*****<br />
<br />
NOTE: In the title, the asterisks represent randomly generated characters that are generated when the folder is created and symlinked<br />
<br />
== Children ==<br />
This directory typically contains only application bundles.<br />
<br />
*Folders<br />
**[[/var/stash/Applications.*****/AdSheet.app|AdSheet.app]] (Hidden app for iAds to be displayed)<br />
**[[/var/stash/Applications.*****/AppStore.app|AppStore.app]] (Apple AppStore for downloading Apps)<br />
**[[/var/stash/Applications.*****/Calculator.app|Calculator.app]] (Calculator)<br />
**[[/var/stash/Applications.*****/Compass.app|Compass.app]] (Compass - [[iPhone 3GS]] and [[iPhone 4]] only)<br />
**[[/var/stash/Applications.*****/GameCenter.app|GameCenter.app]]<br />
**[[/var/stash/Applications.*****/iPodOut.app|iPodOut.app]] (Hidden app for iPodOut functionality)<br />
**[[/var/stash/Applications.*****/MobileCal.app|MobileCal.app]] (Calander)<br />
**[[/vat/stash/Applications.*****/MobileiPod.app|MobileiPod.app]] (iPod)<br />
**[[/var/stash/Applications.*****/MobileMail.app|MobileMail.app]] (Mail)<br />
**[[/var/stash/Applications.*****/MobileMusicPlayer.app|MobileMusicPlayer.app]] (Music)<br />
**[[/var/stash/Applications.*****/MobilePhone.app|MobilePhone.app]] (iPod touch 4G has this - for FaceTime)<br />
**[[/var/stash/Applications.*****/MobileSlideShow.app|MobileSlideShow.app]] (Photos and Camera)<br />
**[[/var/stash/Applications.*****/MobileStore.app|MobileStore.app]] (iTunes Store)<br />
**[[/var/stash/Applications.*****/MobileTimer.app|MobileTimer.app]] (Clock app)<br />
**[[/var/stash/Applications.*****/MobileVideoPlayer.app|MobileVideoPlayer.app]] (Videos)<br />
**[[/var/stash/Applications.*****/TrustMe.app|TrustMe.app]] (Used for visiting webpages with https protocol)<br />
<br />
== Parents ==<br />
[[/]] (Symlinked)<br />
[[/var/stash]]</div>Windows Helpdesk