Dev-Team Blog
To find yourself, think for yourself © Socrates 469 BC
Team Links
PwnageTool 4.3 Info
DevTeam Wiki
redsn0w.com
ultrasn0w.com
Blog tags
PwnageTool
redsn0w
redsn0w beta
ultrasn0w
Software
Official Torrents
Donations
/dev/null

Twitter
Team
bugout
bushing
comex
Jason Bourne iZsh
marcan
MuscleNerd
planetbeing
pumpkin
pytey
saurik
wizdaz
identi.ca
Team
bushing
Jason Bourne iZsh
MuscleNerd
pytey
saurik
Friends
The Misfits
hackmii.com
Stephen Fry
Woz
CCC - 27C3
HACK LINE
(347) DEV-TEAM
5x redux 

What’s old is new again!

Jailbreakers with devices that pre-date the iPad2 will always be able to downgrade (with SHSH blobs) to previous firmware versions due to geohot’s limera1n exploit, which allows us to bypass the restrictions that Apple places on restores.  But until now, that ability has been limited to those older devices (if you have an older device and don’t know how to do that, check the popular tutorial sites or ask in the comments below).

Starting with redsn0w version 0.9.11b1, those with newer devices (iPad2, iPad3, and iPhone4S) can join the downgrade fun too!  In a radical departure from previous versions of redsn0w, it now directly supports restoring IPSWs to your device.  The first use of this new feature implements a hack that allows A5 downgrades without a bootrom-level exploit.

Some important points:

  • The new feature is at Extras->Even More->Restore
  • You cannot downgrade without the personalized SHSH blobs for your device at that lower firmware.  You need to have fetched those blobs while the signing window was open, using either Cydia’s built-in TSS@Home feature, or with TinyUmbrella.  The new Restore screen of redsn0w lets you choose either the remote blobs or local ones (for the earlier firmware).  If you don’t know where TinyUmbrella put your blobs, TinyUmbrella has a button that will show you (copy them out of that folder and feed them to redsn0w).
  • The A5 downgrade method actually updates to the latest firmware before downgrading to the earlier one. This process updates your baseband to whatever is newest.  DO NOT USE THIS METHOD IF YOU RELY ON UNOFFICIAL UNLOCKS of your iPhone4S.  Those who used the temporary SAM technique to unlock their iPhones to specific SIMs shouldn’t be affected by this baseband update.
  • This method can be fixed by Apple with a firmware update.  It’s a (pleasant) mystery why they haven’t fixed it yet, because reverse-engineering of the restore ramdisk indicates they do know about it.  It’s possibly too niche to bother to fix right now.
  • The least-tested devices with this method are the iPad2,3 and iPad3,2 (because we don’t have those models).  If you do and you feel like experimenting, please let us know how it turns out in the comment section below!
  • This update involves a bunch of new redsn0w code.  We recommend sticking to the previous version 0.9.10b8b unless you’re specifically using this new feature, until all the bugs are worked out!  (Note: If redsn0w gets stuck at the “Waiting for device” stage for more than 30 seconds, you’ve hit a pesky GUI bug…that will be fixed in an upcoming version!)

Of course all eyes are on @pod2g for his upcoming 5.1 untethered jailbreak.  Watch his blog or twitter feed for the latest updates about that, but in the meantime if you accidentally updated your jailbroken A5 device to something later than 5.0.1, feel free to try this new A5 firmware downgrade feature of redsn0w!

Update #1: We accidentally left out one of the two flavors (“9A406”) of 5.0.1 for iPhone4S.  It’ll be in the next update, but in the meantime check if Cydia or TU saved your blobs for the other 5.0.1 for iPhone4S (“9A405”). Version 0.9.11b2 adds support for that second “9A406” flavor of 5.0.1 for the iPhone4S.

Update #2: Version 0.9.11b3 should fix the spurious “Restore failed” messages people were sometimes getting, and it behaves better with nearby devices that have wifi syncing enabled!

Update #3: Version 0.9.11b4 completes the tethered JB support for 5.1.1 on A4 devices and earlier, including proper “Stitching” and “Custom” creation of NO_BB IPSWs.

Here are the redns0w download links:

1 week ago
Comments
Tagged: redsn0w
iPad(3) Fever! 

Despite the awkward name Apple announced last week for the new iPad (we’ll continue to call it iPad3!), by all signs it’s going to be another big hit.  We suspect many of you are lined up at this very minute, and so it’s a good time to give you some info for maximizing your chance to eventually jailbreak the iPad3.

There are a few bits of good news already.

  • We can confirm that the method used to jailbreak the iPad2 4 months ago (before corona) still works even in 5.1.  That means we’ll at least be able to get our foot in the door to get the required kernel dumps on the iPad3.  That’s an important step, but by no means is it the end of the story.
  • Those of you following @i0n1c may have noticed he’s already tweeted pictures of his iPad2 jailbroken at 5.1.  As far as we know, he’s using a method completely unrelated to the one mentioned above.  That would be great news!
  • We’ve also seen bits and pieces of an entirely different jailbreak method being investigated by someone close to the Cydia repo scene: @phoenixdev

That’s three different angles, and we’re not even including the continuous work @pod2g makes towards a new jailbreak!  As always, keep in mind this is very preliminary progress, and it’s impossible to predict how or when these things turn out.  The only thing you need to remember is the golden rule:

Don’t update your new iPad3 past whatever iOS it comes shipped with

By the way, it’s rare but entirely possible that some of you may find your iPad3 comes with an iOS version that’s not quite 5.1.  If you do, be sure to let us know in the comments below!

Update #1: It turns out that all three of the jailbreak methods mentioned above have had great success today!  We’re off to a good start (but remember there’s still lots of work to do)!

2 months ago
Comments
March Mayhem 

As the whole tech world waits for today’s Apple Event, it seems like a good time to remind both veteran and amateur jailbreakers about the fundamental rule of jailbreaking:  Avoid firmware updates!

In all likelihood we’ll see the GM “gold master” version of 5.1 this week.  DO NOT UPDATE TO 5.1, because you may lose your jailbreak!  The rest of this post details the subtleties with this rule, but if there’s only one message to take home, it’s the overall “do not update” message!  Now for the nitty gritty exceptions:

  • Soon after 5.1 appears on Apple’s public servers (i.e. iTunes starts to offer it), Apple will stop signing 5.0.1 SHSH blobs.
  • If you have an iPhone4S, the basic rule above is really the only rule:  you cannot restore back to 5.0.1 once the 5.0.1 signing window is closed, no matter what (even if you saved your SHSH blobs).
  • If you have an iPad2 with saved 4.x hashes, you can in fact downgrade to that 4.x but you won’t be able to get to 5.0.1 once the 5.0.1 signing window is closed (even if you saved your 5.0.1 SHSH blobs).
  • If you have a device earlier than the iPad2, you can downgrade to whatever version you want, as long as you have saved SHSH blobs for that version.  You’ll need the assistance of geohot’s limera1n exploit with tools like redsn0w to get into “pwned DFU mode” and bypass the downgrade restriction.

As you can see, it really is a nuanced landscape so it’s sometimes hard to drive the message home to new jailbreakers.  But the basic rule is the simplest (and it’s better to be safe than sorry!):  If you update to 5.1 you’ll very likely lose your jailbreak, so don’t do it!  Exceptions are noted above.

Now let’s see what Apple unveils today!

Update #1:  First, please read and re-read the above warnings!  With all of that in mind, we realize that some of you non-A5 jailbreakers are itching to get to 5.1, even though there seems to be no compelling new feature there. Because of geohot’s limera1n exploit, those with devices earlier than the iPad2 can test the 5.1 jailbreak waters if they really want to, using redsn0w 0.9.10b6.  Here’s what you need to know:
  • This is a *tethered* 5.1 jailbreak for non-A5 devices.  You’ll need to use redsn0w to “Just Boot” your device every time it power cycles, otherwise jailbreak apps won’t work (neither will Safari).
  • If you use ultrasn0w for your carrier unlock, be sure to use a custom IPSW to get to 5.1 first!  Don’t ever restore to a stock Apple IPSW!  Use redsn0w’s “Custom IPSW” button to create a NO_BB_* version of the 5.1 IPSW and restore to that instead of the stock one.  (That option is available only to 3GS and iPhone4-GSM owners.)  ultrasn0w itself will be updated for 5.1 in the next few days (same baseband support, not 5.1’s baseband).
  • If you’re lucky enough to have an old-bootrom 3GS, this jailbreak is actually untethered (redsn0w will figure that part out automatically).
  • While we were at it, we added @pod2g’s steaks4uce exploit to support MC models of the iPod touch 2G (whose last firmware was 4.2.1).  So now redsn0w will auto-detect and jailbreak both MB and MC versions of that older device.
  • iBooks won’t work until a future update of redsn0w
Update #1b: The OS X version of redsn0w has been updated to fix an issue for those running OS X 10.5.x or earlier.
Update #2: Version 0.9.10b7 of redsn0w adds a collection of useful features:  It finally implements the corona-A5 jailbreak for iPhone4S and iPad2 devices still at 5.0.1.  It can also re-install that jailbreak for those who accidentally uninstalled the untether.  When stitching an IPSW, it can now grab your blobs directly from Cydia.   It now shows a lot more info about your device (for instance, whether your iPhone3G has the vulnerable baseband boot loader, or whether your iPhone3GS has the old exploitable bootrom.   (And the next new feature to be added will be built-in restore support, to provide an alternative to iTunes restores.)
Update #3: redsn0w 0.9.10b8 adds the ability to backup arbitrary directories or files from your device into a zip file on your Mac or PC.  The new button is Extras->Even More->Backup and it requires your device to be jailbroken with the afc2 service enabled (most jailbreaks include that).  By default it will backup your activation records from /var/root/Library/Lockdown, which is useful for everyone taking advantage of today’s SAM unlock using Loktar_Sun’s trick (more on that in a later post!).
Update #3b: The 0.9.10b8b update to redsn0w makes the zip files more compatible with the native Windows explorer (which doesn’t like leading slashes in the filenames).
Here are the redns0w download links:
2 months ago
Comments
Tagged: redsn0w
RSS Archive Powered by Tumblr