Apple ITouch/iPhone Hacks and Firmware Rollback

This instructable will show how to modify SOFTWARE on the Apple iTouch or iPhone. This will allow loading and modification of the firmware and use of opensource and third party software. These apps are specifically intended for the embedded ARM processor inside these devices.

I will show EASY SIMPLE STEPS...if you are NEW to iPod's iPhone or iTouch go to Bottom...

Good Luck!

Notice:
While there are some risks with modifying and updating any software. The iTouch and Phone have a "restore mode" which allows us to go back and reload any firmware version or updates necessary to recover from any failed attempts at this "hack"

Good luck,

E

-- BASICS --
If you just got your iPod out of the box, please go through the steps to download iTunes to your computer and synch it for the first time. Important: if iTunes offers to install new software on your iPod when you first set it up,say No.'

Also take a moment to familiarize yourself with a few important features, namely the Home button, which is a white square inside a round button on the front of your iTouch, and the Sleep button, which is a thin raised line on the top edge of your iTouch, the opposite edge from where the docking cable and earphones plug in.

Make sure you can get to the Internet. Find the Settings function--the square icon with gears on it--touch WiFi, and then choose a network. If you can't get to a wireless network, you're not going to be able to get much further than this. Once it looks like you've joined a network, press your Home button to get out of Settings, and bring up Safari. If Safari will show you a Web site (any Web site) you are ready to move on.

Check your version. Press your Home button to get out of Safari, bring up Settings again, go to General, and then About. If your version starts with 1.1.1--mine says 1.1.1 (3A110a)--skip the next step. (If you got your iTouch for Christmas, you've probably got 1.1.2.)

Ok, ready?

All your music, videos, photos and contacts SHOULD already be in your iTunes and safely stored ...if you have other files copy or save them and sync with iTunes.

Materials:

iTouch or iPhone ( I have iTouch so these steps will be here...)
Sync Cable
PC with iTunes
Enable your WiFi and use or goto a WiFi enabled hotspot.
Disable you Autolock and time outs...some items load a LONG time.
about 40 minutes...

Terms (via Wikipedia):

Hack- A Hack is usually a technique used to subvert, misuse or subtly change a program, gadget or mechanism in such a way as to change, or add to, its functionality.

Firmware-is a computer program that is embedded in a hardware device, for example a microcontroller. It can also be provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.

Apps- Short for Applications, term used for programs and utilities loaded on these devices from our hack program loader called aptly "AppSnapp".

Jailbreak- The exploit or hack that uses a small bug in the Safari Browser that allows loading of embedded code via the web in the form of a .TIFF file normally used for graphics but here used to get "in" to the device via a simple webpage.

Downgrade- term used to describe rolling back to previous versions and older software as a means for hacks, troubleshooting or recovery procedures from failed installations and upgrades.

See next steps...

Ok, this can ALL be undone and all functions restored to the original.
If you "brick" your iTouch...see the "Recovery Mode" instruction steps below...

Check your firmware versions via Settings/General/About (below)
or see the Update screen in iTunes when you sync. It MUST be 1.1.1!

You'll need to DOWNGRADE later versions TO THIS version 1.1.1 from ALL later versions.

Go to Apple support downloads and download the 1.1.1 firmware version...HERE

or ALTERNATE

Downgrade Technique ( RECOVERY MODE ) if required-

Download and SAVE the software as a .ipsw firmware file from Apple. Do this in Firefox .

Connect your iPod touch to your PC or Mac.

Put your iPod touch into restore mode: - first, turn off the ipod (slide to power off). - second, turn it back on but when the apple logo appears, also hold down''' the home button until it shows the connect to itunes picture. Now your ipod is in recovery mode Next, press and hold the Shift key on Windows or the Option key on Mac (In iTunes), then click Restore in iTunes. It will open up the File dialog. Now you can select the 1.1.1 firmware file (named .ipsw) you downloaded earlier!

Allow the restore to run.

Get a Snack...

The original iTouch and iPhones were 'locked' and prevented any use outside Apple supported software and Phone services. Hence the hack using a .tiff exploit in Safari was coined using the term "Jailbreak".

Ok, now we have 1.1.1 installed? If not go Back and CHECK versions...

Setup:

Enable your WiFi and use or goto a WiFi enabled hotspot.

Disable you Autolock and time outs...

1. Open Safari

2. Goto http://jailbreakme.com/, Scroll down to the bottom, click œInstall AppSnapp Safari will exit and youll return to your springboard. Slide to unlock, you are now jailbroken and are able to use the "Installer.app"...

3. Launch Installer.app (version 3). Click on the Install section at the bottom.

Troubleshooting:

jailbreaking your iTouch from 1.1.1 is easy. Bring up Safari on your iTouch and go here:

http://jailbreakme.com

Scroll to the very bottom, click Install AppSnap, and follow the prompts.
You'll see some loading going on, and then when your iTouch reboots, you'll see a new icon on your home screen,called -Installer-

Updated, 20080103: If you're seeing mysterious "cannot connect to your device" errors, you may be missing an /opt directory that needs to be installed in your root. I found details on macrumors.com that seem like they may help. I'm not totally clear whether this is a Mac-only problem, or an Intel vs. non-Intel problem; if it happens on PCs as well, I'm not sure where that "root" directory is. (thanks guys)

E

parting screens and available apps...

This is a list of all of the known Installer sources:

Original Secure

AppTapp Official: repository.apptapp.com
Conceited Software: conceitedsoftware.com/iphone
Ste Packaging: psmxy.org/iphone-apps

Rest of The Crew
HighTymes: hightymes.org/iphone/plist/index.xml (Not Working) Huh
iSwitcher: web.mac.com/iswitcher2/list.xml
Loring Studios: loringstudios.com/iPhone-schnapps/index.xml
BigBoss: markmon.mine.nu:90/iphone/repo/repo.plist
CedSoft: prog.cedsoft.free.fr (iSnake/Bounce)
Death to Design: iphone.deathtodesign.com
iApp-a-Day: iappaday.com/install
R4m0n: iphone.r4m0n.net/repos
Shai’s Apps: ride4.org/shai.xml (Customize Addons)
Slezak’s Stuff: www.spencerslezak.com (nothing on it yet)
Studded: studded.net/installer/index.xml
Surge: iphonesurge.com/iphonesurge.xml
Swell: lyndellwiggins.com/installer/Swell
AlohaSoft 1.0.2: homepage.mac.com/reinholdpenner/102.xml
AlohaSoft 1.1.1: homepage.mac.com/reinholdpenner/111.xml
AlohaSoft 1.1.2: homepage.mac.com/reinholdpenner/112.xml
aXP: lostsoul.aeroxp.org/iphone/index.xml
iBlackjack Beta: patrickmccarron.com/iphone/repo
Imagine09: home.twcny.rr.com/imagine09/Imagine09.xml
Mateo: bblk.net/iphone (BeatPhone)
Mobile Stacks: mobilestack.googlecode.com/svn/repository/internal.plist
MTL: home.mike.tl/iphone

Getting to Safari on Unactivated Phone

1. enter *#307# press call, now use the back button on the top of your screen to remove *#307# , now enter 0 , press call, press answer, press hold, press decline. And you get to the contact list. And thereafter every time you push the homebutton you just slide the "emergency call" slide, then enter 0 , press call, press hold, press decline

2. Push contacts, end call and you get called again, this time hit decline and you access one of menus with favorites, you can edit contacts, do a test ride on keyboard, take photos etc.

3. Now edit a new contact and type in http://jailbreakme.com as web-address.

4. When you tap the address safari opens but only displays an error saying that it cannot access the website, it also looks like safari freezes up.

5. Now press the home button, and for a split second the iPhone shows a screen where you can select wi-fi networks. Now you have to be really quick and select a network before the phone freezes.

6. Next you get Back to the "emergency call page" and every on screen button has frozen so the only thing you can do is turn off the phone.

7. Turn the iPhone off then on again

8. Now you can go back to the contact list by Dialing 0, push call, then answer, then contacts, then hit that web address you typed in.

Jailbreak for 1.1.2 Released

A new GUI jailbreak software released by Conceited Software/TouchFree. You’re supposed to run this only after you run OktoPrep in 1.1.1 (Also by Conceited Software, OktoPrep prepares the iPhone for the 1.1.2 jailbreak), and then upgrade to 1.1.2. It works on both OS X and Windows, and the whole procedure is said to take only ten minutes. Of course, you’ll need to downgrade to 1.1.1 if you already bought an iPhone with 1.1.2 on it, which is discussed in the README.txt file in the zip as well as JailBreakMe.com.

Source: iphoneatlas.com

Just downgrade firmware to 1.1.1 or 1.1.2 and use jailbreak or oktoprep to exploit and re-hack until native 1.1.3 is also exploited or jailbreaked...soon enough...

From Macrumors

Apple's 'Wobbling' Home Screen Icons in iPhone 1.1.3
Wednesday January 02, 2008 05:11 PM EST
Written by Arnold Kim

As further evidence to the authenticity of GearLive's leaked iPhone 1.1.3 firmware photos and videos that were leaked over the weekend, Hrmph.com dug up a patent application that was published in August of last year that clearly shows Apple describing how one might allow rearrangement of icons on a mobile device, and specifically describes varying the positions (wobbling) of the icons to indicate that the icons may be moved by the user.


Hrmpf compiled an animated gif demonstrating this wobbling effect, which looks identical to the 1.1.3 demo video. While it's certainly possible the images/video could simply be based on this patent application, it was not widely publicized at the time, and the description of wobbling icons is only obvious in retrospect.

One interesting description of the original patent application is that Apple suggested that icon movement could be elastic, allowing users to "throw" icons into the indended location.
Upon breaking contact with the touch-sensitive display, the respective icon may resume varying its position. In some embodiments, the respective icon can be “thrown,” so that the final position of the respective icon is different from the point at which the icon is released. In this embodiment, the final position can depend on a variety of factors, such as the speed of the “throw,” the parameters used in a simulated equation of motion for the “throw” (e.g., coefficient of friction), and/or the presence of a lay out grid with simulated attractive forces.


The leaked version of the firmware does not have this capability according to GearLive. The iPhone is currently at firmware version 1.1.2, and there's been no indication when 1.1.3 might be released.

E