Go Back   MacRumors Forums > iPhone, iPod and iPad > iPod touch

Reply
 
Thread Tools Search this Thread Display Modes
Old Oct 11, 2007, 06:35 AM   #1
db2431
macrumors regular
 
Join Date: Sep 2007
iPod Touch Full JailBreak guide for Windows

THIS IS FOR WINDOWS!

Hey all, I take NO CREDIT for this guide, i followed it on the #itouch irc channel from the amazing PlanetBeing!

Enjoy!

--

RESTORE IPOD FIRST then download iphuc http://rapidshare.com/files/61742428/iphuc.zip
-------------------
1. Load http://jailbreak.toc2rta.com on iPod

2. Exit iTunes, and kill ituneshelper.exe process

3. Extract iPhuc to directory on computer

4. Copy iTunesMobileDevice.dll from C:\Program Files\Common

Files\Apple\Mobile Device Support\bin to the same folder as iPhuc.exe

5. Copy readline5.dll from

http://gnuwin32.sourceforge.net/down...ne-bin-zip.php to the

same folder as iPhuc.exe

6. Run iPhuc.exe

7. Plug in your iPod

8. In iPhuc type "getfile /dev/rdisk0s1 rdisk0s1 314572800", this will

take a while as it's a 300mb file

9. Make a backup copy of rdisk0s1 that you just downloaded.

10. You now need to do some hex editing. The tool I use for doing this

is HxD (http://www.mh-nexus.de/hxd/). Open rdisk0s1 with your hex

editor.

11. Search for the ASCII string "noexec" in the file. The second hit

should look like the /etc/fstab file: /dev/disk0s1 / hfs ro 0 1

/dev/disk0s2 /private/var hfs rw,noexec 0 2

Only, of course, hex editors will just display newlines as a '.'

character or similar. This series of characters are often found at

0xF8F9000-0xF8F9045. They will have the following character codes:

2F 64 65 76 2F 64 69 73 6B 30 73 31 20 2F 20 68 66 73 20 72 6F 20 30 20

31 0A 2F 64 65 76 2F 64 69 73 6B 30 73 32 20 2F 70 72 69 76 61 74 65 2F

76 61 72 20 68 66 73 20 72 77 2C 6E 6F 65 78 65 63 20 30 20 32 0A

(In "find" make sure it's set to find hex values)

12. Change these to /dev/disk0s1 / hfs rw 0 1 /dev/disk0s2 /private/var

hfs rw 0 2

With newlines padding the end of the string so it ends up being exactly

the same size as the old /etc/fstab. The new series of characters ought

to be:

2F 64 65 76 2F 64 69 73 6B 30 73 31 20 2F 20 68 66 73 20 72 77 20 30 20

31 0A 2F 64 65 76 2F 64 69 73 6B 30 73 32 20 2F 70 72 69 76 61 74 65 2F

76 61 72 20 68 66 73 20 72 77 20 30 20 32 0A 0A 0A 0A 0A 0A 0A 0A

13. Save your changes. I'm assuming that you're replacing the old

rdisk0s1 file on your hard drive with this modified version. As a final

safety check, make sure the file sizes of your modified version and your

backup versions are exactly the same, down to the last byte.

14. Upload the modified rdisk0s1 image to your iPod. In iPhuc, type

"putfile rdisk0s1 /dev/rdisk0s1".

15. Exit iPhuc and reboot your iPod

16. Open iPhuc again so it connects to your freshly rebooted iPod. As a

check, type "getfile /etc/fstab". This will download fstab to iPhuc's

directory. Open it up with your favorite text editor and confirm that

the changes we have made are still there. If they are, congratulations.

You have a jailbroken iPod. Sort of.

17. We now need to install ssh and associated tools. This is all now old

territory, but unfortunately, everything is either "one-click" or

designed for Macs. Thus we need to do some sweating here. Download

http://iphone.natetrue.com/dropbearkey.exe. You will also need

cygwin1.dll from

http://www.dll-files.com/dllindex/dl....shtml?cygwin1.

18. Open CMD and do:

dropbearkey -t rsa -f dropbear_rsa_host_key
dropbearkey -t dss -f dropbear_dss_host_key

You should now have two files in that directory, dropbear_rsa_host_key

and dropbear_dss_host_key. Copy or move these into your iPhuc directory.

19. Download and extract http://iphone.natetrue.com/BSD_Base-2.0.tar.gz

into your iPhuc directory.

20. Download and extract

http://www.abigato.com/iphone-ssh-kit-vr1.tar.bz2 into your iPhuc

directory. Make sure dropbear, fd6, au.asn.ucc.matt.dropbear.plist,

glob6, goto, osh and sh6 are in the same directory as iPhuc.exe. Move

them there if you have to.

21. Open up iPhuc and type in "mkdir /etc/dropbear",

22. "cd /etc/dropbear".

---
DIRECTORIES ARE
/etc/dropbear/dropbear_rsa_host_key,

/etc/dropbear/dropbear_dss_host_key, /bin/chmod, /bin/sh and

/usr/bin/dropbear
---

23. "putfile dropbear_rsa_host_key"

24. "putfile dropbear_dss_host_key"

25. "cd /bin"

26. "putfile chmod"

27. Rename sh6 in your iPhuc directory to sh, then "putfile sh" in

iPhuc.

28. "cd /usr/bin"

29. "putfile dropbear"

30. Make sure /etc/dropbear/dropbear_rsa_host_key,

/etc/dropbear/dropbear_dss_host_key, /bin/chmod, /bin/sh and

/usr/bin/dropbear now exist on your iPod with iPhuc.

31. "cd /usr/sbin"

32. "getfile update"

33. In Windows Explorer, rename "update", which you just downloaded, to

"update.orig".

34. Rename "chmod" in the iPhuc folder to "update".

35. In iPhuc, "putfile update", so you're replacing /usr/sbin/update

with chmod.

36. "cd /System/Library/LaunchDaemons/"

37. "getfile com.apple.update.plist"

38. Open com.apple.update.plist in a text editor

Right after it says <string>/usr/sbin/update</string> add:

<string>555</string>
<string>/bin/chmod</string>
<string>/bin/sh</string>
<string>/usr/bin/dropbear</string>

39. Save the file. Upload the modified version with "putfile

com.apple.update.plist"

40. Also, "putfile au.asn.ucc.matt.dropbear.plist"

41. Reboot the iPod twice. The first reboot should set the required

permissions. The second should start the ssh server (since proper

permissions are now set). And close iPhuc.

42. Theoretically, SSH should be working now. Find out the IP of your

iPod in the iPod's wireless settings.

43. Try to ssh to it with Putty

(http://www.chiark.greenend.org.uk/~s.../download.html).

Username root, password alpine.

---
So, okay, now we need to get sftp running, do some clean-up and then I

think we can install Installer.app and be good.

Download WinSCP (http://winscp.net/download/winscp404setup.exe)
---

44. Download http://apps.iphonexe.com/24940.zip. You will need

/libexec/sftp-server, /usr/bin/scp and /usr/lib/libarmfp.dylib from that

archive. Extract them all to your iPhuc folder.

45. Using iPhuc's putfile capability, put sftp-server in /usr/libexec/,

put scp in /usr/bin/, and put libarmfp.dylib in /usr/lib/.

46. Remember that BSD_Base folder you extracted? We need to raid it for

some commands. You will need /bin/ls, /bin/mv, /bin/pwd, and /bin/csh.

Copy those to your iPhuc directory.

47. In iPhuc:

cd /bin
putfile ls
putfile mv
putfile pwd
putfile csh

48. SSH into your iPod. What we now need to do is chmod them all

executable.

49. In SSH, "/bin/chmod 555 /bin/ls"
50. "/bin/chmod 555 /bin/mv"
51. "/bin/chmod 555 /bin/pwd"
52. "/bin/chmod 555 /bin/csh"
53. "/bin/chmod 555 /usr/bin/scp"
54. "/bin/chmod 555 /usr/libexec/sftp-server"

Theoretically, sftp should work now, yes.

55. Also upload glob6 to "/bin" with iPhuc and in SSH, "/bin/chmod 555

/bin/glob6".

56. Type "/bin/csh" to test out this shell (in SSH). This has advantages

of not requiring you to type in the full path of every executable in the

future.

57. In SSH "cd /var/root".

58. Type ls. You should have a Library, Mediaold, and Media directory.

59. "mv Media Media_sym"

60. "mv Mediaold Media"

61. Reboot your iPod and check your iPod in iTunes.

---
On to installing AppTap
---

62. Download and install 7-zip (http://www.7-zip.org/). We need it to

crack open the dumb Installer.app Nullsoft installer.

63. Download the Windows installer for Installer.app at

http://www.nullriver.com/~adam/AppTappInstaller.exe

64. Use 7-zip to open AppTappInstaller.exe and extract the Installer.app

folder from it.

65. Use SFTP to upload Installer.App into /Applications on your iPod.

66. In SSH, type "/bin/chmod -Rf +x /Applications/"

67. Slide to unlock your iPod then in SSH type

/Applications/Installer.app/Installer and hit return to launch

Installer.

68. After AppTapp opens, press control+c in SSH to close it

69. Open Safari on the iPod and navigate to

http://conceitedsoftware.com/iphone/beta. Please make sure while you're

doing this that the hacked TIFF image isn't loaded again. So if starts

loading, hit the X.

70. Tap yes to add it to Installer

71. Back in ssh, type "/Applications/Installer.app/Installer" and hit

return to launch Installer again.

72. Install the Community Sources package.

73. Install Trip1PogoStick located under the "System" category to

enable scrolling and applications.

74. Restart the iPod. You should be done.

Last edited by db2431; Oct 11, 2007 at 06:51 AM. Reason: missed things
db2431 is offline   0 Reply With Quote
Old Oct 11, 2007, 06:48 AM   #2
clevin
macrumors G3
 
clevin's Avatar
 
Join Date: Aug 2006
Thanks for the info
but,
really need 74 steps? and edit hex file? ......I am sure there would be much easier solutions soon, if not now
clevin is offline   1 Reply With Quote
Old Oct 11, 2007, 06:49 AM   #3
Oliver G
macrumors regular
 
Join Date: Sep 2007
Location: Melbourne, Australia
Great, Do you have a way to do it on PowerPC's.
__________________
13" MacBookPro, i7 2.9Ghz, 8GB, 750GB
iPhone 6 (Space Grey) (128GB)
iPad Air (Space Grey - LTE) (128GB)
Apple TV (3rd Gen)
Oliver G is offline   0 Reply With Quote
Old Oct 11, 2007, 06:49 AM   #4
db2431
Thread Starter
macrumors regular
 
Join Date: Sep 2007
Quote:
Originally Posted by clevin View Post
Thanks for the info
but,
really need 74 steps? and edit hex file? ......I am sure there would be much easier solutions soon, if not now
Sure, go right ahead and discover them, as noone else has yet.
db2431 is offline   0 Reply With Quote
Old Oct 11, 2007, 07:09 AM   #5
goundry
macrumors newbie
 
Join Date: Jun 2004
any way to undo the effects of browsing to the tiff file?

i've browsed to the tiff file and it has reduced the visible disk space on my ipod to 300mb and the audio and video apps no longer work. i recognise that this is all likely to be part of the process, but please can you advise what the best way is to make my ipod usable again?

Is it best to follow the above instructions to fully crack the ipod or is it better to somehow revert back to its default state?

Thanks
goundry is offline   0 Reply With Quote
Old Oct 11, 2007, 07:11 AM   #6
goundry
macrumors newbie
 
Join Date: Jun 2004
also... what's the end result?

so, let's say i continue and fully crack my ipod, what will the end result be?

Will itunes reckognise it as before? will i also have direct disk access to upload images, audio files, etc to the ipod?

thanks
goundry is offline   0 Reply With Quote
Old Oct 11, 2007, 07:13 AM   #7
Lin
macrumors member
 
Join Date: Sep 2007
Location: France
Quote:
Originally Posted by goundry View Post
visible disk space on my ipod to 300mb and the audio and video apps no longer work.
Check around on this site the other threads about the IPT jailbreak. They detail some restoration which alleviates this problem.
Lin is offline   0 Reply With Quote
Old Oct 11, 2007, 07:13 AM   #8
Four20
macrumors 6502a
 
Four20's Avatar
 
Join Date: Sep 2007
I was there the entire time. I now have a 100% fully working itouch with 3rd party apps. syncing with itunes now. sftp setup, ssh setup. basic ssh commands w/ permissions.

this is the RAW hack. there will eventually be a script that does all this. but until this, this is what you can use.

thanks alot planet!!!
Four20 is offline   0 Reply With Quote
Old Oct 11, 2007, 07:28 AM   #9
mahger
macrumors member
 
Join Date: Sep 2007
Thank you so much! I cant wait to get home from school and try this, although hopefully by then there will be an automated program to do this.
mahger is offline   0 Reply With Quote
Old Oct 11, 2007, 07:36 AM   #10
Lin
macrumors member
 
Join Date: Sep 2007
Location: France
Thumbs down 404 not found on several links

mmmm... currently (12:36GMT) NONE of the dll links are working

??? maybe it is the "..." in the link ???

Should be this.
Here are the full links:

readline5.dll
http://gpsim.sourceforge.net/gpsimWi...061112-bin.zip
{http://gpsim.sourceforge.net/gpsimWin32/packages/readline-5.2-20061112-bin.zip}

cygwin1.dll
http://www.dll-files.com/dllindex/dl....shtml?cygwin1
{http://www.dll-files.com/dllindex/dll-files.shtml?cygwin1}

Putty:
http://www.chiark.greenend.org.uk/~s.../download.html
{http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html}

The other links are OK

Last edited by Lin; Oct 11, 2007 at 07:48 AM.
Lin is offline   0 Reply With Quote
Old Oct 11, 2007, 07:44 AM   #11
Dublo7
macrumors regular
 
Join Date: Sep 2007
Location: Perth, Australia.
Eww... that looks mighty long and complicated. I hope a GUI comes out sometime soon.
Dublo7 is offline   0 Reply With Quote
Old Oct 11, 2007, 07:49 AM   #12
Lin
macrumors member
 
Join Date: Sep 2007
Location: France
Quote:
Originally Posted by db2431 View Post
THIS IS FOR WINDOWS!
GREAT THANKS, MAN
Lin is offline   0 Reply With Quote
Old Oct 11, 2007, 09:21 AM   #13
nylock10
macrumors regular
 
Join Date: Jun 2006
Well I've certainly decided what iPod I'm getting now lol

Thanks a lot for the jailbreak tutorial, I'm hoping an app will be built for this (just like the iPhone).

I'm looking forward to development in iPod touch-hacking
nylock10 is offline   0 Reply With Quote
Old Oct 11, 2007, 09:23 AM   #14
.cyanide
macrumors newbie
 
Join Date: Oct 2007
Going through it right now. Thanks for putting up the guide!

I'm stuck though, on 26. "putfile chmod"
There is no file called chmod in the iPhuc directory at this point.

Not sure if the step is crucial, I'm skipping it for now

Edit: Yeah, totally stuck. Anyone know where to find chmod?

Edit: Sorry, I'm an idiot. Step 19: it's in the BSD_Base/bin folder

Last edited by .cyanide; Oct 11, 2007 at 09:37 AM. Reason: Fix'd
.cyanide is offline   0 Reply With Quote
Old Oct 11, 2007, 09:42 AM   #15
rj5555
macrumors newbie
 
Join Date: Sep 2007
Please post the results when you´re done
rj5555 is offline   0 Reply With Quote
Old Oct 11, 2007, 09:47 AM   #16
JoshHerrick
macrumors newbie
 
Join Date: Oct 2007
What is http://gnuwin32.sourceforge.net/down...ne-bin-zip.php It only shows dots
JoshHerrick is offline   0 Reply With Quote
Old Oct 11, 2007, 09:50 AM   #17
Lin
macrumors member
 
Join Date: Sep 2007
Location: France
Quote:
Originally Posted by JoshHerrick View Post
See my post over there, there is the full link
Lin is offline   0 Reply With Quote
Old Oct 11, 2007, 09:53 AM   #18
PlayWithTV
macrumors regular
 
Join Date: Sep 2007
What if the iPod wont reboot? It's stuck on the Apple logo. This was right after Step 15.
__________________
Chris
http://ConeCode.com
PlayWithTV is offline   0 Reply With Quote
Old Oct 11, 2007, 10:06 AM   #19
Popop
macrumors newbie
 
Join Date: Oct 2007
Failed to open remote file: 8

I got an error in step 8.

Code:
iphuc 0.6.1 with tab completion.
>> By The iPhoneDev Team: nightwatch geohot ixtli warren nall mjc operator
notification: iPhone attached.
CFRunLoop: Waiting for iPhone.
AMDeviceStartService 'com.apple.afc': 0
(iPHUC) /: getfile /dev/rdisk0s1 rdisk0s1 314572800
File size: 314572800
getfile: Failed to open remote file: 8
I'm sorry.
I just didn't do a tiff exploit first.

Last edited by Popop; Oct 11, 2007 at 10:10 AM. Reason: mistake
Popop is offline   0 Reply With Quote
Old Oct 11, 2007, 10:17 AM   #20
krateein
macrumors newbie
 
Join Date: Oct 2007
In step 8 i get the message

getfile: Failed to open remote file: 8

Anyone know what is wrong?

Edit: same problem as the guy above me :S forgot to do the tiff exploit
krateein is offline   0 Reply With Quote
Old Oct 11, 2007, 10:30 AM   #21
.cyanide
macrumors newbie
 
Join Date: Oct 2007
Done! Works great

Some points in the guide could use a bit of clarification. If anyone has questions, I'll try to help out.
.cyanide is offline   0 Reply With Quote
Old Oct 11, 2007, 10:37 AM   #22
iMaster
macrumors newbie
 
Join Date: Oct 2007
I cant find the strings with the Hex editor in rdisk0s1.
Can anyone help me? (maybe .cyanide )
iMaster is offline   0 Reply With Quote
Old Oct 11, 2007, 10:45 AM   #23
PlayWithTV
macrumors regular
 
Join Date: Sep 2007
What if the iPod wont reboot? It's stuck on the Apple logo. This was right after Step 15.

No one's got any ideas? Do I just tell the apple genius my daughter turned off the switch on the surge protect while in the middle of a system restore?

Edit: krateein was nice enough to send me this: "Hold the sleep and home button until your ipod turns off. Keep holding them until the apple logo appears, then release the sleep button, but keep holding the home button. This will force a restore in itunes, your ipod will then completely restore."
__________________
Chris
http://ConeCode.com

Last edited by PlayWithTV; Oct 11, 2007 at 11:18 AM.
PlayWithTV is offline   0 Reply With Quote
Old Oct 11, 2007, 10:45 AM   #24
krateein
macrumors newbie
 
Join Date: Oct 2007
Quote:
Originally Posted by PlayWithTV View Post
What if the iPod wont reboot? It's stuck on the Apple logo. This was right after Step 15.
I'm having this problem now, any help?
krateein is offline   0 Reply With Quote
Old Oct 11, 2007, 10:55 AM   #25
.cyanide
macrumors newbie
 
Join Date: Oct 2007
Quote:
Originally Posted by iMaster View Post
I cant find the strings with the Hex editor in rdisk0s1.
Can anyone help me? (maybe .cyanide )
11. Search for the ASCII string "noexec" in the file.
-- You're using HxD right? Once rdisk0s1 is open, go to Search-->Find and type noexec into the box, and search. Once it finds something (takes a few seconds), go back to Search and hit F3, and it should bring you to the correct string

For the newline paddings, I just copy+pasted some of the "."'s so that the filesize stays the same. If it warns you that the filesize is changing, you're doing something wrong. Try replacing one character at a time to avoid accidents.
.cyanide is offline   0 Reply With Quote

Reply
MacRumors Forums > iPhone, iPod and iPad > iPod touch

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
iPod Touch: Found new site for jailbreak ipod guide sapadcy Jailbreaks and iOS Hacks 0 May 5, 2014 12:00 AM
Jailbreak iPod Touch 5G garirry Jailbreaks and iOS Hacks 86 May 23, 2013 11:57 AM
Resolved: GUIDE FOR Jailbreak iPod Touch 1G 3.1.3 kimchi8 iCloud and Apple Services 0 Dec 31, 2012 03:47 AM
iPod Touch/iPhone 5 Full Screen Apps Kmid24 iPod touch 3 Nov 28, 2012 02:37 PM
iPod touch 5 user guide now online! gerbilbox iPod touch 6 Oct 9, 2012 01:40 AM

Forum Jump

All times are GMT -5. The time now is 07:43 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC