Jailbreak and Modify iPhone and iPod Touch

So you’ve decided to break free of the iTunes App store and install 3rd Party applications not sanctioned by Apple. Well Here is a tutorial to help you get through jailbreaking your iPhone or iPod Touch, plus how to install Apple sanctioned apps obtained through “other” sources.

First of all we’re working with the iPhone or iPod Touch firmware 2.1. You don’t necessarily have to reset or do a restore of your device because the tool we’re going to use for initially jailbreaking the iPhone or iTouch is called QuickPwn at http://www.quickpwn.com/. This software available for both Mac and WIndows makes a modified version of the restore firmware that iTunes downloads and updates the phone with the Installer.app and Cyndia packages. More on that later.

1: Download QuickPwn and Install modified firmware

Once you download QuickPwn you’re presented with a box where you can choose which device you want to modify. In my case I chose the iPod Touch. It will automatically choose for you when you plug your device in to the computer.

I will take this opportunity to absolve myself my from any issues your iPod or iPhone suffer. Do this at your own risk. If you feel confident that this is what you want to do, then do so, if you’re having second thoughts, quit the program now.

Follow the instructions provided by QuickPwn, this will take the firmware downloaded from Apple and modify it, it does take a little while and you will need to enter an administrator password.

Once the firmware has been modified, you will need to install it. QuickPwn will provide you with instructions on how to reset your iPhone or iPod Touch. The instructions can be a little confusing especially if you used ZiPhone to jailbreak previously.

1)Turn off your device by holding down the button on the top until the red slider appears.
2)QuickPwn will ask you to hold the home button and the button on the top together for about 10 seconds. It will do a countdown for you. Note: nothing will appear on the screen during this.
3)QuickPwn will prompt you to only hold the button on top for about another 5 seconds, all you have to do is let go of the home button. Note: nothing will appear on the screen during this.

If you’ve done everything correctly you should see QuickPwn start to copy some items to the device. Otherwise it will present a dialog asking you to try again.

One of the great things about QuickPwn is that it doesn’t completely restore your device. It only modifies the system so all your applications, web apps on your home screen, cookies and so forth are in tact.

You’ll notice two applications added to the home screen. Installer.app and Cyndia.app. You’ll also notice it’s mixed in with my other applications downloaded from the App Store.

At this point Cyndia.app will be your best friend. Installer.app was a better choice when jailbreaking the 1.x firmware.

One of the first things I would do is install Open SSH. This will allow you to have access the file system wirelessly.

First open Cyndia.app and do a search for OpenSSH. Tap is and install. In the next section we’ll work on being able to install downloaded apps from “other” sources.

2. Install downloaded apps to the device

One of the reasons for jailbreaking the device is to have the ability to run applications that Apple won’t let into the App Store. Recently an application called Podcaster was denied entry into the App Store, however it was highly anticipated by many users as the application that would have made their lives a lot easier for listening to podcasts on the go.

There may also come the time where you really really want a program like Star Wars The Force Unleashed, it’s only $10 on the App Store, but for many people who had to scrounge to buy the iTouch or the iPhone, and with the economy being the way it is, $10 is $10. That can buy a lot of Ramen Soup.

Cyndia.app really makes it easy to install apps, but like any other hack it can take a lot of exploring or painful searching to find the app you want. Other times you have to enable sources for applications and search from there. Not exactly the ease-of-use we’re looking for but it will have to do.

If you know where to look you can find applications downloaded by other users from the App Store. I won’t tell you where to look due to the nature of the legality of it, but let’s just say, they exist somewhere on the internet.

So let’s say I found a copy of Star Wars The Force Unleashed somewhere on the internet, and I don’t know who downloaded it from the App Store. I can take it and drag it into iTunes and it will appear in the applications source. Now trying to sync your device, oh, well the progress bar starts to go, indicating that it’s being install, then iTunes gives you the error that it cannot be installed. Well, yeah it can’t, because you didn’t buy it and aren’t authorized to sync it to your device. So what do you do? We have to modify a file on the device so that the authorization check is bypassed.

The file in question is the Mobileinstallation file located on the device. A modification to that file will bypass the authorization check and allow the app to be installed and played.

Again, I will not be responsible for any issues your iPhone or iPod Touch encounter.

The modified file for firmware 2.1 is located on the internet, again I can’t tell you where to find it due to legality, but a quick Google search for “Mobileinstallation iphone 2.1” will do a world of good. The file you find can be used on both the iPhone and iPod Touch. However, the file you find must be for the firmware you are using.

Hopefully you’ve installed OpenSSH on your device. Next you’ll need to download a tool to SSH into the device. For OS X the best one is Fugu http://rsug.itd.umich.edu/software/fugu/.

1) Go to your device and get the IP address of the device you are on. This can be found in Settings > Wifi and tap the blue arrow next to the wireless network you are connected to. In my case the IP is 10.0.1.3
2)Open Fugu. In the “Connect to:” field type the IP address, in the Username field type “root”
then click “Connect”. Make sure you device is on and showing something on the screen. OpenSSH seems to disable itself when the device is in hibernation mode. You can move your finger around the screen and open applications if you wish to keep it awake. At that point Fugu will prompt you for a password. Use the password “Alpine”.

3)You will now see the iPhone/iPod Touch root directory. This is for the user “root”. From here you can move through the file system and change or add files. Let’s modify that Mobileinstallation file so we can add our third party apps. Choose the pull down menu so you can see the breadcrumb trail, and click on the “/” option. In a similar fashion as to how OS X works, this is the top level of the iPhone/iPod Touch drive.

At this point you will follow the following path by double clicking: "/System/Library/PrivateFrameworks/MobileInstallation.framework". Make sure you are in the folder “MobileInstallation.framework”.

As you can see from the screenshot on the right, change the name of the Mobileinstallation file to “MobileInstallation.bak”. We do this just in case there are any issues. Copy the MobileInstallation file you found on the internet to this location. We are not done yet, this was the easy part, now comes the part where you pray or ask for help from any deity you desire if any. No matter what program you’re using there is a way to alter permissions of the file which is insanely important to make sure this works correctly.

Notice the info box on the left. You want to make sure you info box looks EXACTLY like this. If you are using a different program or a terminal make sure the Octal Mode Representation is 775.

We’re still not done. We need to put some other files in other places. Go back to the root of the drive described above. Navigate to "/private/var/mobile/" Don’t go into the folder but use the info box to change the Octal Mode Representation to 777.

Now go inside the "/private/var/mobile/applications/", i.e. from where you are, open the “mobile” folder and open the “applications” folder. Create a new folder in the ”applications” folder called “Documents”. Set the Octal Mode Representation of that “Documents” folder to 777.

Now go back to the root level of the drive and open the “Applications” folder, do the same thing again, create a folder called “Documents” and set it’s Octal Mode Representation to 777.

Please note that ONLY the MobileInstallation file is to have the Octal Mode Representation of 775, everything else gets 777.

At this point you can disconnect Fugu from the SSH session, it’s not required to do so, but I usually recommend it. Reboot the device by holding down the top button and waiting for the red slider to appear, slide to turn off.

Here’s the true test of your hackery. If all goes well the device will boot with the Apple logo or the QuickPwn pineapple logo. It should load as usual showing the home screen when you’re done. If the Apple logo or the pineapple logo don’t go away and the home screen doesn’t appear, don’t worry. There is more than likely a permissions error, but OpenSSH loaded during the boot cycle. Simply use Fugu to get back in and check the permissions. Yes, you can still SSH into the device while it is sitting on the Apple Logo. If worse comes to worse and nothing happens after making changes and rebooting, simply delete the modified MobileInstallation file, rename the MobileInstallation.bak file to Mobileinstallation without the .bak extension. I found that just doing that if the logo gets stuck will unstick the logo and return the device to the home screen with no modification. Also do make sure the MobileInstallation file you downloaded is the correct one for your firmware.

Test your work by placing an application downloaded from somewhere on the internet into the Applications source in iTunes and sync the device. If no errors pop up then the app should be installed and ready to be played. Only one problem, I have been noticing that updates from the App store don’t download even if you have the app in your Applications source. You may have to find updates on your own, mostly updates are just bug fixes and performance tweaks, it depends on the application.

I hope you found this tutorial informative and I also hope you won’t be afraid to do it. From what I’ve been hearing or seeing on line is very little bricking of iPhones or iPod touches using this method. If you find yourself in a position where it’s just not working for you, simply let iTunes do a complete restore from the unaltered firmware.

Any questions or concerns you can e-mail me at djmacintosh@gmail.com.

Download the modified Mobileinstallation file: mobileinstall.zip

Wednesday, October 1, 2008

If you like these tutorials and would like to see more please consider donating.

This has also been tested on iPhone and iPod Touch firmware 2.2 and has proved to work.

next >

< previous