Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > iPhone, iPod and iPad > iOS > Jailbreaks and iOS Hacks

Closed Thread
 
Thread Tools Search this Thread Display Modes
Old Oct 28, 2007, 06:49 PM   #1
planetbeing
macrumors member
 
Join Date: Oct 2007
Easiest jailbreak ever - no computer required!

Thanks to hdm of Metasploit, we are now armed with the knowledge of how to custom-craft our own exploit tiffs. His groundwork with reliable code execution has made better jailbreaks possible. He is especially to be admired for the pedagogical detail that allows everyone to have a better understanding of his techniques and the internals of the device.

Based upon his work, I have created a tiff that entirely jailbreaks the iPod, installs Installer.app and OpenSSH, along with an easy on/off program that lets you switch SSH/SFTP/SCP on or off for both security and battery saving purposes.

SummerBoard is no longer installed since the latest version from Installer.app works fine and requires no tinkering.

You do need a relatively stable wi-fi connection for this, since your iPod will be download a couple of megabytes of information.

So, there are now two steps, one of which is optional:

1. Restore and/or update your iPod/iPhone to a fresh copy of the 1.1.1 firmware. This is probably not necessary if you have not messed around with your iPod too much.
2. In Safari on your iPod, visit dn.vc/jb (an alias for http://www.slovix.com/touchfree/jb)

Safari will crash after a moment. Nothing will appear to happen for about 30 seconds (so be patient). Then, the iPod will automatically restart and you will be jailbroken!

It's quite beautiful, in my opinion, because it's easy and platform-independent (doesn't matter if you're running Mac or PC).

This will probably be the simplest way.... until Apple fixes the TIFF security hole, so enjoy while you can.

I'll make the source code available to anyone who contacts me. It's pretty trivial to set up mirrors.

Oh, and P.S.: A shout-out and props to rezn who was the first to get something like this working. My implementation is entirely independent and is neater (since it uses HTTP instead of requiring raw TCP and socat) IMHO, but he was the first, and his success prodded me to make my own.

Video of what the process ought to look like: http://www.youtube.com/watch?v=RHHPVhDfxT8

Last edited by planetbeing; Nov 2, 2007 at 02:55 PM.
planetbeing is offline   0
Old Oct 28, 2007, 06:59 PM   #2
David G.
macrumors 6502a
 
Join Date: Apr 2007
Location: Spokane, WA
Is it possible to do this and then later restore to an absolutely untouched state, so much so that doesn't know and void my warranty should I send it in for any reason?
David G. is offline   0
Old Oct 28, 2007, 07:08 PM   #3
parrotheadmjb
macrumors 6502
 
Join Date: Mar 2007
Quote:
Originally Posted by David G. View Post
Is it possible to do this and then later restore to an absolutely untouched state, so much so that doesn't know and void my warranty should I send it in for any reason?
click on restore in itunes
parrotheadmjb is offline   0
Old Oct 28, 2007, 07:37 PM   #4
Corius
macrumors newbie
 
Join Date: Oct 2007
Hi

I tried the http://www.slovix.com/touchfree/jb/ URL in my ipod touch, safari crashed and then the ipod rebooted, after the reboot it remains frozen in the apple logo. I cannot get past the logo and cannot enter restore mode either, I bricked my ipod!

Any help will be appreciated.

Thank You.
Corius is offline   0
Old Oct 28, 2007, 07:41 PM   #5
dschiller
macrumors regular
 
Join Date: May 2007
I've tried this after many unsuccessful attempts with other methods (see this thread) and I am glad to say that it worked! This is fantastic!

Congratulations to the developer of this!

Cheers
Daniel
__________________
"Speed has never killed anyone, suddenly becoming stationary... That's what gets you." Jeremy Clarkson, on Top Gear
dschiller is offline   0
Old Oct 28, 2007, 07:45 PM   #6
mmfy
macrumors regular
 
Join Date: Oct 2007
Question

Quote:
Originally Posted by Corius View Post
Hi

I tried the http://www.slovix.com/touchfree/jb/ URL in my ipod touch, safari crashed and then the ipod rebooted, after the reboot it remains frozen in the apple logo. I cannot get past the logo and cannot enter restore mode either, I bricked my ipod!

Any help will be appreciated.

Thank You.
Quote:
Originally Posted by dschiller View Post
I've tried this after many unsuccessful attempts with other methods (see this thread) and I am glad to say that it worked! This is fantastic!

Congratulations to the developer of this!

Cheers
Daniel
So does it work or not??
mmfy is offline   0
Old Oct 28, 2007, 07:53 PM   #7
planetbeing
Thread Starter
macrumors member
 
Join Date: Oct 2007
Quote:
Originally Posted by Corius View Post
Hi

I tried the http://www.slovix.com/touchfree/jb/ URL in my ipod touch, safari crashed and then the ipod rebooted, after the reboot it remains frozen in the apple logo. I cannot get past the logo and cannot enter restore mode either, I bricked my ipod!

Any help will be appreciated.

Thank You.
The first reboot can take up to two minutes, so be patient. If you interrupted the reboot, you may have to restore. (I'm assuming the device rebooted automatically)
planetbeing is offline   0
Old Oct 28, 2007, 07:54 PM   #8
coreybox
macrumors member
 
Join Date: Oct 2005
worked great for me
coreybox is offline   0
Old Oct 28, 2007, 08:09 PM   #9
LGShepherd
macrumors regular
 
Join Date: Jun 2007
i have just done this and it works great!

however, i have one question, how do i add other apps to this? the installer has a bunch of them, but i would like the iphone apps on my touch as well, how would i do this?

thanks
Liam
__________________
iMac 27" i3 3.2GHz | 16Gb iPhone4 | 16GB iPad | 1TB Time Capsule | Sony PS3
LGShepherd is offline   0
Old Oct 28, 2007, 08:32 PM   #10
dschiller
macrumors regular
 
Join Date: May 2007
Quote:
Originally Posted by LGShepherd View Post
i have just done this and it works great!

however, i have one question, how do i add other apps to this? the installer has a bunch of them, but i would like the iphone apps on my touch as well, how would i do this?

thanks
Liam
Using iJailbreak to install the iPhone apps might work, though I haven't tested that. If you try it, please let us know if it works.
__________________
"Speed has never killed anyone, suddenly becoming stationary... That's what gets you." Jeremy Clarkson, on Top Gear
dschiller is offline   0
Old Oct 28, 2007, 08:54 PM   #11
Lixivial
macrumors 6502a
 
Lixivial's Avatar
 
Join Date: Jan 2005
Location: Between cats, dogs and wanderlust.
Quote:
Originally Posted by planetbeing View Post
It's quite beautiful, in my opinion, because it's easy and platform-independent (doesn't matter if you're running Mac or PC).
Yeah, kudos on the simplicity. But beautiful is not what I'd label a show-stopping, widely documented security flaw.

The weakest vector to attack is the human element. People really want apps on their iPod touch and iPhone. To me, that's not a situation I'd label "beautiful."
Lixivial is offline   0
Old Oct 28, 2007, 09:47 PM   #12
planetbeing
Thread Starter
macrumors member
 
Join Date: Oct 2007
Quote:
Originally Posted by Lixivial View Post
Yeah, kudos on the simplicity. But beautiful is not what I'd label a show-stopping, widely documented security flaw.

The weakest vector to attack is the human element. People really want apps on their iPod touch and iPhone. To me, that's not a situation I'd label "beautiful."
Hacks are beautiful, flaws are not. If you want to see something ugly, read the specifications for TIFF. The very fact that just by you browsing my website, I can do whatever I want to your device is obviously very dangerous. As soon as I have fully reviewed the patches that are now available for that security hole, I will automatically apply them. For now, despite ominous warnings by some security professionals, nothing malicious has appeared to exploit them. Though, it's not unimaginable that someone might eventually think having an iPhone/iPod botnet would be fun. Haha.

I'm not really certain what you're getting at by your second paragraph. Are you saying that people wanting third-party applications is not "beautiful"? Who are you? Steve Jobs?

Or are you saying that, somehow, people wanting 3rd party applications on their device are security vulnerabilities. That's not really true; people are only security vulnerabilities when they act in unsafe ways. Using the TIFF exploit from a known source is as risky as installing a program from a known source. After all, I'm not BonzaiBuddy. Taking care not to open e-mails or visit websites from shady sources will still serve to guard safe people adequately for the time being (but not when malware start to actually pop up).

The desire of people to have 3rd party applications does tend to make security vulnerabilities on the iPhone and iPod touch to appear faster than they would normally, because of the tremendous amount of effort the community expends on finding cracks in the armor and wedging them wide open. Arguing that that's bad is like arguing for security through obscurity. If the current hackers don't find these problems while searching for ways to enable 3rd party applications and publicize them, some others will and sell these vulnerabilities to spammers and botnet owners instead.

At any rate, we can both agree that both the iPhone and iPod touch are currently woeful in terms of security. I just find your other comments, well, confusing.
planetbeing is offline   0
Old Oct 28, 2007, 10:33 PM   #13
evilgreg
macrumors regular
 
Join Date: Aug 2007
WOW! Nice job on this hack, and unlike the guy a few posts above me, I DO agree with you that this is beautifully done. This will save a LOT of people major headaches, and I know if I have to restore my iPod, I'll use this method for shure. Compatible with the iPhone I presume?
evilgreg is offline   0
Old Oct 28, 2007, 11:10 PM   #14
lupka
macrumors newbie
 
Join Date: Sep 2007
I did my jailbreak the hard way a few weeks ago, but its really cool to see something like that.
lupka is offline   0
Old Oct 29, 2007, 12:03 AM   #15
zagnutts
macrumors newbie
 
Join Date: Oct 2007
Problems Jailbreaking

I was able to visit http://www.slovix.com/touchfree/jb/ in safari. Everything seemed to be working fine. The browser closed and the iphone restarted. But after the restart, nothing has changed. Any suggestions? I just got the phone and even did a restore.
zagnutts is offline   0
Old Oct 29, 2007, 12:17 AM   #16
planetbeing
Thread Starter
macrumors member
 
Join Date: Oct 2007
Quote:
Originally Posted by zagnutts View Post
I was able to visit http://www.slovix.com/touchfree/jb/ in safari. Everything seemed to be working fine. The browser closed and the iphone restarted. But after the restart, nothing has changed. Any suggestions? I just got the phone and even did a restore.
You're using an iPhone, correct? Are you activated?

Also try restarting the device again. It also won't hurt if you try to visit the url again. If those actions don't work, come back here and tell me because that's really weird.

Last edited by planetbeing; Oct 29, 2007 at 12:22 AM.
planetbeing is offline   0
Old Oct 29, 2007, 12:35 AM   #17
Corius
macrumors newbie
 
Join Date: Oct 2007
I interrupted the rebooting process after the safari crash :S

I can enter the restore mode and my PC recognizes and tries to "restore and update" but iTunes is giving me "The iPod could not be restored. Theres not enough memory available".

I'm kinda lost here.
Corius is offline   0
Old Oct 29, 2007, 12:41 AM   #18
jigimu
macrumors newbie
 
Join Date: Oct 2007
That was easy!

Yes, It worked fine with no problem!! Thanx to the responsible Geek
jigimu is offline   0
Old Oct 29, 2007, 12:42 AM   #19
dxerboy
macrumors member
 
Join Date: Oct 2007
FYI out there: third time was the charm for me. Very very sweet hack. Cheers!
dxerboy is offline   0
Old Oct 29, 2007, 01:17 AM   #20
zagnutts
macrumors newbie
 
Join Date: Oct 2007
Quote:
Originally Posted by planetbeing View Post
You're using an iPhone, correct? Are you activated?

Also try restarting the device again. It also won't hurt if you try to visit the url again. If those actions don't work, come back here and tell me because that's really weird.
I am using an iPhone but am not activated. I have tried restarting it again,but still nothing.
zagnutts is offline   0
Old Oct 29, 2007, 01:55 AM   #21
Shnoops
macrumors newbie
 
Join Date: Oct 2007
quick question

Now lets say I use this expoilt get the installer app and such. now wen apple sounds out the newest firmware will i be able to do a restore and than be able to upgrade?
Shnoops is offline   0
Old Oct 29, 2007, 01:58 AM   #22
Lixivial
macrumors 6502a
 
Lixivial's Avatar
 
Join Date: Jan 2005
Location: Between cats, dogs and wanderlust.
Quote:
Originally Posted by planetbeing View Post
Though, it's not unimaginable that someone might eventually think having an iPhone/iPod botnet would be fun.
I was thinking more like corrupting the baseband or muddling the nvram (single-user mode) -- parameters which a restore will *not* fix. But, yeah, any malicious intent.

Anyroad, I apologise that I probably misread your comment I originally quoted. I just find it interesting that in this instance -- which is the very definition of "remote code execution" -- hacks based on this flaw are lauded with great applause. I'm just thinking about what would have happened if this was a Mac OS X flaw and it was disclosed to the public as a major problem with libtiff by a security expert.

Quote:
Originally Posted by planetbeing View Post
I'm not really certain what you're getting at by your second paragraph. Are you saying that people wanting third-party applications is not "beautiful"? Who are you? Steve Jobs?

... Arguing that that's bad is like arguing for security through obscurity.
No, (the prospect of) third-party apps are why I bought my iPhone June 29th.

Anyroad, I was saying that people's deep desire for an easy-to-use jailbreak method makes social engineering even easier than it already is. The prospects of a device that has and relies heavily on camera, microphone, and keyboard is a data gold mine. I wasn't saying it has or would happen, but more that it could (which is stating the obvious... obviously. ) And I wasn't implying you of creating a malicious piece of software, but I was giving general caution to just blindly following proclamations by people about their way to jailbreak the iPhone. That's all.

I didn't mean to hijack your thread, but I, myself, wasn't exactly certain what you meant by your original comment so that's why I responded in the first place. I do agree that this method seems to be the easiest implementation I've seen, and I'll reiterate my kudos to your efforts.

Last edited by Lixivial; Oct 29, 2007 at 02:04 AM. Reason: typos, cleanup, yay
Lixivial is offline   0
Old Oct 29, 2007, 02:03 AM   #23
planetbeing
Thread Starter
macrumors member
 
Join Date: Oct 2007
Quote:
Originally Posted by Lixivial View Post
I didn't mean to hijack your thread, but I, myself, wasn't exactly certain what you meant by that comment. I do agree that this method seems to easiest implementation I've seen, and I'll reiterate my kudos to your efforts.
Oh no, it's fine. I just wanted to make those points anyway for awhile and needed to get it out, haha. Sorry you were on the receiving end of it!
planetbeing is offline   0
Old Oct 29, 2007, 02:23 AM   #24
droogie69
macrumors newbie
 
Join Date: Oct 2007
hey thanks this work great for me
i was able to hack it but how can i edit/add my calendar
and one more thing how can i get the note application too
droogie69 is offline   0
Old Oct 29, 2007, 08:41 AM   #25
Corius
macrumors newbie
 
Join Date: Oct 2007
I was able to restore the Ipod finally, I'll try the hack again later on.
Corius is offline   0

Closed Thread
MacRumors Forums > iPhone, iPod and iPad > iOS > Jailbreaks and iOS Hacks

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Use iPhone as thumb drive - No Jailbreak required aaronmarsh632 iPhone Tips, Help and Troubleshooting 2 Jun 21, 2013 08:28 AM
iPod Touch: Newbie Jailbreak help required thegeeman Jailbreaks and iOS Hacks 5 Jan 30, 2013 02:35 PM
General: Some help required please (Jailbreak issue) lawrenma2 Jailbreaks and iOS Hacks 1 Sep 1, 2012 07:25 AM
iPhone: iPhone 4S with iOS 5.1 Untethered Jailbreak required ?? benzmask Jailbreaks and iOS Hacks 1 Jul 19, 2012 08:56 AM

Forum Jump

All times are GMT -5. The time now is 09:17 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC