iPod Touch Easiest jailbreak ever - no computer required!

Discussion in 'Jailbreaks and iOS Hacks' started by planetbeing, Oct 28, 2007.

Thread Status:
Not open for further replies.
  1. macrumors member

    Joined:
    Oct 11, 2007
    #1
    Thanks to hdm of Metasploit, we are now armed with the knowledge of how to custom-craft our own exploit tiffs. His groundwork with reliable code execution has made better jailbreaks possible. He is especially to be admired for the pedagogical detail that allows everyone to have a better understanding of his techniques and the internals of the device.

    Based upon his work, I have created a tiff that entirely jailbreaks the iPod, installs Installer.app and OpenSSH, along with an easy on/off program that lets you switch SSH/SFTP/SCP on or off for both security and battery saving purposes.

    SummerBoard is no longer installed since the latest version from Installer.app works fine and requires no tinkering.

    You do need a relatively stable wi-fi connection for this, since your iPod will be download a couple of megabytes of information.

    So, there are now two steps, one of which is optional:

    1. Restore and/or update your iPod/iPhone to a fresh copy of the 1.1.1 firmware. This is probably not necessary if you have not messed around with your iPod too much.
    2. In Safari on your iPod, visit dn.vc/jb (an alias for http://www.slovix.com/touchfree/jb)

    Safari will crash after a moment. Nothing will appear to happen for about 30 seconds (so be patient). Then, the iPod will automatically restart and you will be jailbroken!

    It's quite beautiful, in my opinion, because it's easy and platform-independent (doesn't matter if you're running Mac or PC).

    This will probably be the simplest way.... until Apple fixes the TIFF security hole, so enjoy while you can.

    I'll make the source code available to anyone who contacts me. It's pretty trivial to set up mirrors.

    Oh, and P.S.: A shout-out and props to rezn who was the first to get something like this working. My implementation is entirely independent and is neater (since it uses HTTP instead of requiring raw TCP and socat) IMHO, but he was the first, and his success prodded me to make my own.

    Video of what the process ought to look like: http://www.youtube.com/watch?v=RHHPVhDfxT8
     
  2. macrumors 6502a

    Joined:
    Apr 10, 2007
    Location:
    Spokane, WA
    #2
    Is it possible to do this and then later restore to an absolutely untouched state, so much so that :apple: doesn't know and void my warranty should I send it in for any reason?
     
  3. macrumors 6502

    Joined:
    Mar 4, 2007
    #3
    click on restore in itunes
     
  4. macrumors newbie

    Joined:
    Oct 28, 2007
    #4
    Hi

    I tried the http://www.slovix.com/touchfree/jb/ URL in my ipod touch, safari crashed and then the ipod rebooted, after the reboot it remains frozen in the apple logo. I cannot get past the logo and cannot enter restore mode either, I bricked my ipod!

    Any help will be appreciated.

    Thank You.
     
  5. macrumors regular

    Joined:
    May 7, 2007
    #5
    I've tried this after many unsuccessful attempts with other methods (see this thread) and I am glad to say that it worked! This is fantastic!

    Congratulations to the developer of this!

    Cheers
    Daniel
     
  6. macrumors regular

    Joined:
    Oct 23, 2007
    #6
    So does it work or not??
     
  7. thread starter macrumors member

    Joined:
    Oct 11, 2007
    #7
    The first reboot can take up to two minutes, so be patient. If you interrupted the reboot, you may have to restore. (I'm assuming the device rebooted automatically)
     
  8. macrumors member

    Joined:
    Oct 28, 2005
  9. macrumors regular

    Joined:
    Jun 27, 2007
    #9
    i have just done this and it works great!

    however, i have one question, how do i add other apps to this? the installer has a bunch of them, but i would like the iphone apps on my touch as well, how would i do this?

    thanks
    Liam
     
  10. macrumors regular

    Joined:
    May 7, 2007
    #10
    Using iJailbreak to install the iPhone apps might work, though I haven't tested that. If you try it, please let us know if it works.
     
  11. macrumors 6502a

    Lixivial

    Joined:
    Jan 13, 2005
    Location:
    Between cats, dogs and wanderlust.
    #11
    Yeah, kudos on the simplicity. But beautiful is not what I'd label a show-stopping, widely documented security flaw.

    The weakest vector to attack is the human element. People really want apps on their iPod touch and iPhone. To me, that's not a situation I'd label "beautiful."
     
  12. thread starter macrumors member

    Joined:
    Oct 11, 2007
    #12
    Hacks are beautiful, flaws are not. If you want to see something ugly, read the specifications for TIFF. The very fact that just by you browsing my website, I can do whatever I want to your device is obviously very dangerous. As soon as I have fully reviewed the patches that are now available for that security hole, I will automatically apply them. For now, despite ominous warnings by some security professionals, nothing malicious has appeared to exploit them. Though, it's not unimaginable that someone might eventually think having an iPhone/iPod botnet would be fun. Haha.

    I'm not really certain what you're getting at by your second paragraph. Are you saying that people wanting third-party applications is not "beautiful"? Who are you? Steve Jobs? ;)

    Or are you saying that, somehow, people wanting 3rd party applications on their device are security vulnerabilities. That's not really true; people are only security vulnerabilities when they act in unsafe ways. Using the TIFF exploit from a known source is as risky as installing a program from a known source. After all, I'm not BonzaiBuddy. Taking care not to open e-mails or visit websites from shady sources will still serve to guard safe people adequately for the time being (but not when malware start to actually pop up).

    The desire of people to have 3rd party applications does tend to make security vulnerabilities on the iPhone and iPod touch to appear faster than they would normally, because of the tremendous amount of effort the community expends on finding cracks in the armor and wedging them wide open. Arguing that that's bad is like arguing for security through obscurity. If the current hackers don't find these problems while searching for ways to enable 3rd party applications and publicize them, some others will and sell these vulnerabilities to spammers and botnet owners instead.

    At any rate, we can both agree that both the iPhone and iPod touch are currently woeful in terms of security. I just find your other comments, well, confusing.
     
  13. macrumors regular

    evilgreg

    Joined:
    Aug 13, 2007
    #13
    WOW! Nice job on this hack, and unlike the guy a few posts above me, I DO agree with you that this is beautifully done. This will save a LOT of people major headaches, and I know if I have to restore my iPod, I'll use this method for shure. Compatible with the iPhone I presume?
     
  14. macrumors newbie

    Joined:
    Sep 30, 2007
    #14
    I did my jailbreak the hard way a few weeks ago, but its really cool to see something like that.
     
  15. macrumors newbie

    Joined:
    Oct 28, 2007
    #15
    Problems Jailbreaking

    I was able to visit http://www.slovix.com/touchfree/jb/ in safari. Everything seemed to be working fine. The browser closed and the iphone restarted. But after the restart, nothing has changed. Any suggestions? I just got the phone and even did a restore.
     
  16. thread starter macrumors member

    Joined:
    Oct 11, 2007
    #16
    You're using an iPhone, correct? Are you activated?

    Also try restarting the device again. It also won't hurt if you try to visit the url again. If those actions don't work, come back here and tell me because that's really weird.
     
  17. macrumors newbie

    Joined:
    Oct 28, 2007
    #17
    I interrupted the rebooting process after the safari crash :S

    I can enter the restore mode and my PC recognizes and tries to "restore and update" but iTunes is giving me "The iPod could not be restored. Theres not enough memory available".

    I'm kinda lost here.
     
  18. macrumors newbie

    Joined:
    Oct 28, 2007
    #18
    That was easy!

    Yes, It worked fine with no problem!! Thanx to the responsible Geek
     
  19. macrumors member

    Joined:
    Oct 28, 2007
    #19
    FYI out there: third time was the charm for me. Very very sweet hack. Cheers!
     
  20. macrumors newbie

    Joined:
    Oct 28, 2007
    #20
    I am using an iPhone but am not activated. I have tried restarting it again,but still nothing.
     
  21. macrumors newbie

    Joined:
    Oct 28, 2007
    #21
    quick question

    Now lets say I use this expoilt get the installer app and such. now wen apple sounds out the newest firmware will i be able to do a restore and than be able to upgrade?
     
  22. macrumors 6502a

    Lixivial

    Joined:
    Jan 13, 2005
    Location:
    Between cats, dogs and wanderlust.
    #22
    I was thinking more like corrupting the baseband or muddling the nvram (single-user mode) -- parameters which a restore will *not* fix. But, yeah, any malicious intent.

    Anyroad, I apologise that I probably misread your comment I originally quoted. I just find it interesting that in this instance -- which is the very definition of "remote code execution" -- hacks based on this flaw are lauded with great applause. I'm just thinking about what would have happened if this was a Mac OS X flaw and it was disclosed to the public as a major problem with libtiff by a security expert.

    No, (the prospect of) third-party apps are why I bought my iPhone June 29th.

    Anyroad, I was saying that people's deep desire for an easy-to-use jailbreak method makes social engineering even easier than it already is. The prospects of a device that has and relies heavily on camera, microphone, and keyboard is a data gold mine. I wasn't saying it has or would happen, but more that it could (which is stating the obvious... obviously. ;)) And I wasn't implying you of creating a malicious piece of software, but I was giving general caution to just blindly following proclamations by people about their way to jailbreak the iPhone. That's all.

    I didn't mean to hijack your thread, but I, myself, wasn't exactly certain what you meant by your original comment so that's why I responded in the first place. I do agree that this method seems to be the easiest implementation I've seen, and I'll reiterate my kudos to your efforts. :)
     
  23. thread starter macrumors member

    Joined:
    Oct 11, 2007
    #23
    Oh no, it's fine. I just wanted to make those points anyway for awhile and needed to get it out, haha. Sorry you were on the receiving end of it!
     
  24. macrumors newbie

    Joined:
    Oct 29, 2007
    #24
    hey thanks this work great for me
    i was able to hack it but how can i edit/add my calendar
    and one more thing how can i get the note application too
     
  25. macrumors newbie

    Joined:
    Oct 28, 2007
    #25
    I was able to restore the Ipod finally, I'll try the hack again later on.
     
Thread Status:
Not open for further replies.

Share This Page