Dev-Team Blog
To find yourself, think for yourself © Socrates 469 BC
Pre-DC 

With only a week to go before WWDC 2012 and the surprises Apple will announce there, today seems like a good time to release updates to our suite of free software to include the rocky-racoon jailbreak and untether developed by @pod2g and @planetbeing!  Today’s updates are:

  • PwnageTool 5.1.1
  • redsn0w 0.9.12b1
  • cinject 0.5.4 (version 0.5.3 also had rocky-racoon but this includes some updates)
  • ultrasn0w 1.2.7 (5.1.1 compatibility only - no new baseband support)

If you’ve already installed rocky-racoon, don’t bother reinstalling it unless you’ve had problems and would like to try a different tool.  The underlying untethered jailbreak (rocky-racoon) is identical to what is already installed by last week’s tools like Absinthe, cinject-0.5.3, and the rocky-racoon Cydia package — only the injection method offered by the above tools differs.

redsn0w allows owners of A4+earlier devices to install rocky-racoon two different ways:

  • backup/restore method similar to Absinthe and cinject
  • its traditional limera1n-based ramdisk install.  If you have a lot of media on your A4 device (music, movies, TV shows, etc), then the ramdisk method is preferrred because it avoids any possibility of later problems related to syncing to iCloud (including Photo Stream and Music Match).  The ramdisk method is not available for A5 devices or later because limera1n can’t be used.  If you’d like to use redsn0w’s ramdisk method, just be sure to put the A4 device in DFU or Recovery mode before starting redsn0w (otherwise it will immediately start to use the backup/restore method).

We’ve also added a new redsn0w feature specifically for those who got in on the SAM unlock: you can now include your SAM tickets as part of your initial ramdisk jailbreak of iPhone4 or earlier, or alternatively you can upload your SAM tickets to any device after its been jailbroken.  redsn0w accepts either the individual SAM activation ticket plist file, or the entire zip file created by redsn0w’s “Backup” button.  As usual, redsn0w continues to cover all of its previous jailbreaks and untethers (so redsn0w-0.9.12b1 covers everything from 5.1.1 all the way back to 4.1). 

PwnageTool also avoids any possible sync issues, but again it applies only to A4+earlier devices.  If you unlock your iPhone with ultrasn0w or a commercial method, you must use PwnageTool to avoid updating your baseband otherwise you’ll lose the unlock.  PwnageTool will also jailbreak+untether the AppleTV2,1 5.0_2B206f (unless you customize the IPSW further, you’ll have just basic SSH access to the device).

If you’d like to contribute to those that actually developed rocky-racoon, please visit here (any other links you may see are not going to the actual rocky-racoon developers, they’re being diverted to other “related” or fraudulent accounts).

This particular jailbreak brought an unusual amount of fanfare and hoopla to the table, including “press releases” and other haughty silliness.  We’d just like to take this opportunity to remind everyone that jailbreaking is about freedom, not fame and donations!

Here are the download links.  Please use our comment section below to give feedback.  Enjoy!

Update #1: Starting with version 0.9.12b2, redsn0w will now explicitly ask users with limera1n-able devices whether they want to inject rocky-racoon using the DFU ramdisk method or the backup/restore method (the ramdisk method is better for those with lots of media on their device that would create very large backups, and it’s required for those with unactivated iPhones).  If you’ll always want to use limera1n, you can select that in the Preferences pane.  It also fixes an iBooks issue on old-bootrom 3GS iPhones, and provides more useful error messages when things go wrong.

Untethered holidays 

@pod2g has created a terrific gift for iOS fans — an untethered 5.0.1 jailbreak for non-A5 devices! 

Many of you have already been following @pod2g’s blog where he’s been keeping everyone up to date on his progress.  And so you know that he recently decided to push the button on a release for all devices except the new iPhone4S and iPad2.  @pod2g’s untether involves two separate exploits and a few other “tricks” — and since he’s taken the @comex approach of doing nearly everything himself, you know his plate has been full these past few months!

A few days ago, @pod2g gave the untether to both the iPhone devteam and the chronic devteam.  We’ve put it into redsn0w 0.9.10 and PwnageTool, and the chronic devteam put it into a Cydia package (the same set of exploits is in all three).

Here are the basic steps for how to get it:

  • The untether is for iOS 5.0.1 on iPhone3GS, iPhone4, iPhone4-CDMA, iPad1, iPod touch 3G, iPod touch 4G
  • If you have one of those devices and are not on 5.0.1 yet, update now!  The SHSH window is still open for 5.0.1  If you unlock via ultrasn0w or gevey, make sure you only get to 5.0.1 via a custom IPSW!  See the guides at places like iClarified.com if you don’t know how.  Once you’re at 5.0.1, use the latest redsn0w 0.9.10 to both jailbreak and untether.
  • If you’re already at 5.0.1 with a tethered jailbreak, you have two choices: either run redsn0w 0.9.10 over your current jailbreak (deselect “Install Cydia” if you do that), or install the Cydia package prepared by the chronic devteam.  The patches are the same regardless of which you choose.
  • Some of you are using a hybrid 5.0/5.0.1 configuration.  If so, do not attempt to install this untether over that setup!  You will most likely get into a reboot cycle.  Do a sync and fresh restore to 5.0.1 then install the jailbreak + untether.

As mentioned earlier, @pod2g has spent months working on all the exploits and tricks in this untether, and many of you may be wondering how you can send donations.  Although the iPhone devteam itself doesn’t take donations, we thought it was appropriate to provide a link at the end of the redsn0w run for you to more easily donate directly to @pod2g if you wish (alternatively, you can go right here).  There’s a link in the Cydia package for donating to the chronic devteam for the Cydia version of @pod2g’s untether.

@pod2g is now looking for a way to extend this to A5 devices.  Because those devices cannot use geohot’s limera1n exploit to inject the untether, they require exploits above and beyond those used for this release.  Keep following pod2g on twitter or his blog for any progress reports!

Update #2: The b2 version of redsn0w includes the launchctl-related fix by @planetbeing as mentioned by @saurik here and here.  As usual, you can just re-run redsn0w in jailbreak mode over your existing 5.0.1 jailbreak (even a PwnageTool one), making sure to de-select “Install Cydia” if you do.  Always be sure to do a controlled “slide to power off” shutdown of your device before running redsn0w.
Update #3: The b3 version of redsn0w fixes a problem where re-running redsn0w over an existing jailbreak would cause MobileSubstrate-based apps to stop running until MS was installed again.  Now you can re-run the redsn0w jailbreak step without worrying about that (but still remember to de-select the “Install Cydia” option if it’s already installed).
Update #4: The b4 version of redsn0w incorporates the 5.0.1 fix for iBooks, and also for sporadic problems with launchctl.  Thanks to @xvolks for merging the iBooks (sandbox) fix from @comex’s github into the overall corona untether from @pod2g!  
Update #5: redsn0w version b5 incorporates yet another fix for iBooks, this time involving DRM.  @planetbeing wrote a utility called “crazeles” that overcomes jailbreak detection by iBooks that would cause about 10% of images to show incorrectly.  This fix is similar to the “hunnypot” fix that @comex wrote for the 4.x jailbreak.  As usual, you can choose to install the fix either by re-running redsn0w over your existing jailbreak (de-select Cydia if you do that), or by installing the corona package from Cydia (it’s the same set of files no matter which way you choose).
Updates #5b and #5c:  Version b5b fixes an issue with using custom ramdisks on iPhone3G and iPod2G, and version b5c prevents redsn0w from crashing due to the ever-growing ramdisk size :).
TIP: If auto-detection fails and redsn0w tells you no identifying data was found, you can always pre-select the appropriate 5.0.1 IPSW using “Extras->Select IPSW”.

Here are the redsn0w download links:

PwnageTool Official Bittorent Releases

SHA1 Sum = 32e90607378988cdebb6c76d3acf8ffac6366e35

Unofficial Mirrors

The following links are unofficial download mirrors, you download these archives at your own risk, we accept no responsibility if your computer explodes or if it becomes part of a NASA attacking botnet or even worse if your hands fall off mid-way during the use of these files. We do not check these links and we accept no responsibility with regard to the validity of the files, the other content that these links may provide or with the content that is on the third-party linked site.

Always check the files that you have downloaded against our published SHA1 hash.

We would prefer that you downloaded the official bittorrent release that is linked above, but you are welcome to try these if you really must.

Mirror owners should email mirrors to blog@iphone-dev.org - please ensure that they are direct dmg download links only  (no rapidshare type sites please) and that your web-server can serve DMG MIME types properly. — please don’t place mirrors in the comments as they will be deleted.

Tic tac toe… 

… three in a row!  Apple released iOS 4.3.3 on Wednesday, and once again the untethered jailbreak exploit that @i0n1c created for 4.3.1 still works.  That makes it an unprecedented three firmwares where the same userland exploit works.  We’re not exactly sure why Apple hasn’t fixed the hole yet, but we’re not complaining!

Today’s PwnageTool and redsn0w incorporate @i0n1c’s port to 4.3.3 (it’s ironic that such a long-lasting untether doesn’t even have an official name!).  It also of course uses geohot’s limera1n bootrom exploit to inject the jailbreak. The 4.3.3 untether works on all devices that actually support 4.3.3 except for the iPad2:

  • iPhone3GS
  • iPhone4 (GSM)  
  • iPhone4 (CDMA) (4.2.8 - See update #3)
  • iPod touch 3G
  • iPod touch 4G
  • iPad1
  • AppleTV2G (v4.3 8F202…see update #2 below for the v4.3 8F305 bundle)

Some things to note:

  1. ultrasn0w unlockers must stay away from redsn0w!  Use only a custom IPSW to update to 4.3.3, to avoid updating your baseband.  There are plenty of tutorials for both redsn0w and PwnageTool at sites like iClarified.com.  Or feel free to ask away in our comments section below.
  2. ultrasn0w has been updated to v1.2.3 to be compatible with iOS 4.3.3 and earlier (the ultrasn0w update does not include any new baseband support!).  Please reboot your iPhone using the normal “slide to power off” swipe after installing ultrasn0w 1.2.3.
  3. By popular demand, redsn0w now allows you to enable multitasking gestures (although most will find it useful only on iPads).
  4. iPad2 update:  The iPad2 jailbreak remains under development.  As you may know, the original exploit @comex developed in the first week of the iPad2 release was mysteriously fixed by Apple within days of its development.  Partly because of this, don’t expect much public discussion of the iPad2 jailbreak until it’s actually finished and ready for release (and please avoid asking about it).  In all liklihood, it will be a userland exploit like the first (unreleased) one, not dependent on bootrom dumps.  The first one can’t be released even for those with the original 4.3 firmware due to legal (distribution) reasons.

As always, please feel free to ask for help or advice in our comment section, with our friendly moderators Confucious, sherif_hashim, dhlizard, Frank55, and subarurider (and many other very knowledgable commenters too!)


Update #1: PwnageTool and redsn0w have been updated to include a fix for the iPhone3GS/i4 side switch vibration issue (only for 4.3.3!).  Thanks to @i0n1c for tracking this down (even though he doesn’t even have an iPhone!).

If you’re already jailbroken at 4.3.3 (by either redsn0w rc15 or custom IPSW), you can install this fix simply by running redsn0w rc16 over your existing 4.3.3 jailbreak.  Just uncheck the “Install Cydia” option and check any other options you want.  The fix will be installed no matter what you’ve selected.  This is safe for even ultrasn0w unlockers to do (because redsn0w itself won’t update your baseband…only an iTunes stock IPSW update/restore will do that).

redsn0w rc16 has a few more improvements:  Windows 7 and Vista users should no longer need to set their CPU affinity…just run redsn0w as Administrator in XP compatiblity mode.  Also, the “verbose boot” option for old-bootrom iPhone 3GS has been fixed for 4.3.3 (remember: old-bootrom 3GS users can even have custom bootlogos that show right at power-up).  Enjoy!


Update #2:  Apple released a minor update to iOS 4.3 for AppleTV2G (the IPSW name still says 4.3, but the build version changed from 8F202 to 8F305).  @i0n1c was once again able to quickly port his original 4.3.1 untether (the exploit that wouldn’t die!) to this version.  

If you do feel like updating to the “new” 4.3, you’ll need to drop this bundle into the correct folder in PwnageTool.app.  If you don’t know how to do that, there are lots of tutorials on the web, and we’d be glad to help in the comments below.  

Thanks once again, @i0n1c!


Update #3: We’ve updated redsn0w (0.9.6rc18) to also include the Verizon iPhone4-CDMA iOS version 4.2.8 untether (which uses the HFS exploit).


Update #4: redsn0w has been updated to 0.9.6rc19 to include changes in the way custom bundles are handled.  Now when you use a custom bundle, most of the normal jailbreak steps (like stashing and untethering) are skipped.  This makes it easier for custom bundles like the Verizon i4 jailbreakme fix.


redsn0w 0.9.6rc19:


PwnageTool Official BitTorrent Release

SHA1 Sum = 2c8b17c28ae10295b72dabde30bb4b39b0e85821

Unofficial Mirrors

The following links are unofficial download mirrors, you download these archives at your own risk, we accept no responsibility if your computer explodes or if it becomes part of a NASA attacking botnet or even worse if your hands fall off mid-way during the use of these files. We do not check these links and we accept no responsibility with regard to the validity of the files, the other content that these links may provide or with the content that is on the third-party linked site.

Always check the files that you have downloaded against our published SHA1 hash.

We would prefer that you downloaded the official bittorrent release that is linked above, but you are welcome to try these if you really must.

Mirror owners should email mirrors to blog@iphone-dev.org - please ensure that they are direct dmg download links only  (no rapidshare type sites please) and that your web-server can serve DMG MIME types properly. — please don’t place mirrors in the comments as they will be deleted.