Dev-Team Blog
To find yourself, think for yourself © Socrates 469 BC
Corona A5 jailbreak nearly ready to pop! 

Ever since the December release of @pod2g’s “corona” untether for iOS 5.x on A4 and earlier devices, all eyes have been on the attempts to extend it to the A5 devices: the iPhone4S and iPad2.  Due to the combined efforts of @pod2g and members of the iPhone Dev Team and Chronic Dev Team, we’re nearly ready for a general release!  All technical hurdles dealing with the underlying technique have been overcome, and it’s now all about making the jailbreak as bug free as possible.

On his blog, @pod2g playfully nicknamed the combined effort a “dream team”.  It’s an ironic name, because the past few weeks have left everyone involved with very little sleep and the opportunity to dream :) But we’re now near the final stages of testing the public version of the jailbreak.  Please allow time to clean up any remaining bugs in the jailbreak clients.

Jailbreak programs:

To be as flexible as possible, the A5 version of the corona jailbreak will take multiple forms:

  • Chronic Dev have incorporated the overall flow into a GUI that runs on your Mac or PC.  The goal is for the GUI to be enough for most cases.
  • iPhone Dev have also incorporated the exact same flow into an alternative command-line interface (CLI). This will allow us to help users through individual steps of the jailbreak manually, to both help the user and help improve the overall flow.  Although the CLI will also allow the user to perform the entire jailbreak from beginning to end, we anticipate it will be more useful in debugging the occasional errors.  The CLI currently has over 20 individual options (in addition to the single “jailbreak” option) that should be useful during debug after the GUI release.
  • Once all the bugs in the flow are worked out, we’ll also incorporate it into the redsn0w GUI (but still leave the CLI freely available too).  In order to maximize the chances of the jailbreak working for everyone, the redsn0w GUI will use native Apple iTunes libraries — this technique is slightly different than how the Chronic Dev GUI handles communications, and should provide nice combined coverage for all the odd computer configurations out there.

Paypal Contributions:

Because there were so many different people and teams involved in the A5 corona release, we all felt the most equitable approach to any Paypal contributions should involve a single shared account.  If you do feel the desire to contribute to the “dream team” Paypal account, it will be distributed to the members according to internally agreed-upon proportions :)  (Please refer to this blog post for that specific http://is.gd/39YMWg link, to avoid frauds!)  The same link will be on both the Chronic Dev and iPhone Dev versions of the GUI.  This method seemed like the fairest to everyone involved!

Firmware:

The supported firmware versions will be:

  • iPhone4S: 5.0 (9A334), 5.0.1 (9A405) and the “other” 5.0.1 (9A406)
  • iPad2: 5.0.1 (9A405)

iPhone4S owners looking to maximize their chances of achieving an eventual software-based carrier unlock should be staying at 5.0.  Everyone else should be at 5.0.1.  If you’re an iPhone4S owner who already updated to 5.0.1, it’s too late to go back down to 5.0, but if you’re on 9A406 it is possible to downgrade the BB by going to the 9A405 version of 5.0.1 while the window is still open.

Support:

The overall flow used by the GUI and CLI to inject the A5 corona jailbreak has never been done before, and there may be unforeseen problems once it’s released to the public.  It’s very important for you to sync your data, photos, and music before attempting any version of this jailbreak.  We’ll be watching the comments section below for signs of any widespread problems, but please be aware that you jailbreak at your own risk! 

When:

As mentioned at the start of this post: when testing has shown most of the bugs have been fixed!

Updates:

  1. If the Absinthe webclip shows “Error establishing a database connection”, please go to Settings, turn on VPN and wait instead.  
    • Toggle VPN only AFTER Absinthe says it’s done, or it will not work. 
    • VPN SHOULD error and then reboot soon. If it does not, rerun Absinthe!
  2. If you get a strange problem, we advise you to restore your iPhone with iTunes, if you can (i.e. if you’re not on 5.0 waiting for an eventual 4S unlock).
  3. The OS X version of the CLI mentioned in the post can be downloaded here.  It’s primarily to help us debug specific issues, but tinkerers might like to play around with some of its advanced options!  More info is here.
    • Version 0.4.3 adds support for Windows users.  It also makes the “-j” jailbreak option much more functional :)  See the README.txt for usage.
Untethered holidays 

@pod2g has created a terrific gift for iOS fans — an untethered 5.0.1 jailbreak for non-A5 devices! 

Many of you have already been following @pod2g’s blog where he’s been keeping everyone up to date on his progress.  And so you know that he recently decided to push the button on a release for all devices except the new iPhone4S and iPad2.  @pod2g’s untether involves two separate exploits and a few other “tricks” — and since he’s taken the @comex approach of doing nearly everything himself, you know his plate has been full these past few months!

A few days ago, @pod2g gave the untether to both the iPhone devteam and the chronic devteam.  We’ve put it into redsn0w 0.9.10 and PwnageTool, and the chronic devteam put it into a Cydia package (the same set of exploits is in all three).

Here are the basic steps for how to get it:

  • The untether is for iOS 5.0.1 on iPhone3GS, iPhone4, iPhone4-CDMA, iPad1, iPod touch 3G, iPod touch 4G
  • If you have one of those devices and are not on 5.0.1 yet, update now!  The SHSH window is still open for 5.0.1  If you unlock via ultrasn0w or gevey, make sure you only get to 5.0.1 via a custom IPSW!  See the guides at places like iClarified.com if you don’t know how.  Once you’re at 5.0.1, use the latest redsn0w 0.9.10 to both jailbreak and untether.
  • If you’re already at 5.0.1 with a tethered jailbreak, you have two choices: either run redsn0w 0.9.10 over your current jailbreak (deselect “Install Cydia” if you do that), or install the Cydia package prepared by the chronic devteam.  The patches are the same regardless of which you choose.
  • Some of you are using a hybrid 5.0/5.0.1 configuration.  If so, do not attempt to install this untether over that setup!  You will most likely get into a reboot cycle.  Do a sync and fresh restore to 5.0.1 then install the jailbreak + untether.

As mentioned earlier, @pod2g has spent months working on all the exploits and tricks in this untether, and many of you may be wondering how you can send donations.  Although the iPhone devteam itself doesn’t take donations, we thought it was appropriate to provide a link at the end of the redsn0w run for you to more easily donate directly to @pod2g if you wish (alternatively, you can go right here).  There’s a link in the Cydia package for donating to the chronic devteam for the Cydia version of @pod2g’s untether.

@pod2g is now looking for a way to extend this to A5 devices.  Because those devices cannot use geohot’s limera1n exploit to inject the untether, they require exploits above and beyond those used for this release.  Keep following pod2g on twitter or his blog for any progress reports!

Update #2: The b2 version of redsn0w includes the launchctl-related fix by @planetbeing as mentioned by @saurik here and here.  As usual, you can just re-run redsn0w in jailbreak mode over your existing 5.0.1 jailbreak (even a PwnageTool one), making sure to de-select “Install Cydia” if you do.  Always be sure to do a controlled “slide to power off” shutdown of your device before running redsn0w.
Update #3: The b3 version of redsn0w fixes a problem where re-running redsn0w over an existing jailbreak would cause MobileSubstrate-based apps to stop running until MS was installed again.  Now you can re-run the redsn0w jailbreak step without worrying about that (but still remember to de-select the “Install Cydia” option if it’s already installed).
Update #4: The b4 version of redsn0w incorporates the 5.0.1 fix for iBooks, and also for sporadic problems with launchctl.  Thanks to @xvolks for merging the iBooks (sandbox) fix from @comex’s github into the overall corona untether from @pod2g!  
Update #5: redsn0w version b5 incorporates yet another fix for iBooks, this time involving DRM.  @planetbeing wrote a utility called “crazeles” that overcomes jailbreak detection by iBooks that would cause about 10% of images to show incorrectly.  This fix is similar to the “hunnypot” fix that @comex wrote for the 4.x jailbreak.  As usual, you can choose to install the fix either by re-running redsn0w over your existing jailbreak (de-select Cydia if you do that), or by installing the corona package from Cydia (it’s the same set of files no matter which way you choose).
Updates #5b and #5c:  Version b5b fixes an issue with using custom ramdisks on iPhone3G and iPod2G, and version b5c prevents redsn0w from crashing due to the ever-growing ramdisk size :).
TIP: If auto-detection fails and redsn0w tells you no identifying data was found, you can always pre-select the appropriate 5.0.1 IPSW using “Extras->Select IPSW”.

Here are the redsn0w download links:

PwnageTool Official Bittorent Releases

SHA1 Sum = 32e90607378988cdebb6c76d3acf8ffac6366e35

Unofficial Mirrors

The following links are unofficial download mirrors, you download these archives at your own risk, we accept no responsibility if your computer explodes or if it becomes part of a NASA attacking botnet or even worse if your hands fall off mid-way during the use of these files. We do not check these links and we accept no responsibility with regard to the validity of the files, the other content that these links may provide or with the content that is on the third-party linked site.

Always check the files that you have downloaded against our published SHA1 hash.

We would prefer that you downloaded the official bittorrent release that is linked above, but you are welcome to try these if you really must.

Mirror owners should email mirrors to blog@iphone-dev.org - please ensure that they are direct dmg download links only  (no rapidshare type sites please) and that your web-server can serve DMG MIME types properly. — please don’t place mirrors in the comments as they will be deleted.

pre-QUALifier 

ultrasn0w 1.2.4

We’ve updated ultrasn0w to be compatible with iOS5, which came out a few days ago.  While ultrasn0w 1.2.4 (available now in Cydia) doesn’t add support for any new basebands, the update is required for any ultrasn0w unlockers trying out iOS5 (it remains backwards compatible though, so you should be able to use it no matter what firmware you have).  

The supported basebands for the iPhone 3G and 3GS are 04.26.08, 05.11.07, 05.12.01, 05.13.04, and 06.15.00.  The baseband supported for the iPhone4 is 01.59.00.

Remember, the only way to get to iOS5 while preserving your ultrasn0w-compatible baseband is by using a custom IPSW.  redsn0w now has the ability to create such a custom IPSW for you (at least on Macs…the same capability for Windows will be coming soon).

The majority of people who use ultrasn0w at iOS5 right now will probably be those with old-bootrom iPhone3GS devices, since they already have an untethered jailbreak via redsn0w.  For everyone else, the iOS5 jailbreak is currently tethered and you need to “Just boot” tethered with redsn0w every time your phone reboots.  That’s not always easy to do if your phone reboots while away from home!

Note: there’s a special “trick” that iPhone3GS owners with baseband 06.15 need for iOS5.  During the new setup screens you see when you start iOS5 for the first time, you’ll be asked about Location Services.  Be sure to select “Disable Location Services” when asked!  Later on in the setup, you’ll have the chance to turn on Location Services again when asked if you want to use “Find my iPhone”.  It’s fine to turn it back on at that point, if that’s your desire (or you can always go in and enable it in Settings.app).

Edit: The above “trick” is no longer needed as of v0.9.9b6 of redsn0w.

Also, some iPhone3GS users with the 06.15 baseband may have tried to install iOS5 using a stock IPSW (even though you should never ever try to use a stock IPSW if you’re an ultrasn0w unlocker).  If you did try this, your baseband is probably in an inconsistent state, and you’ll need to reflash the 06.15 baseband again (using redsn0w).  Be very careful if you use redsn0w to reflash the iPad baseband — don’t interrupt the process! And please avoid using stock IPSWs in the future :)  Unlockers should never go near stock IPSWs.

If you need to use redsn0w for any of the above tasks, please make sure it’s version 0.9.9b4 or higher, which is available here.

Enjoy!