iPod Touch Easiest jailbreak ever - no computer required!

Discussion in 'Jailbreaks and iOS Hacks' started by planetbeing, Oct 28, 2007.

Thread Status:
Not open for further replies.
  1. planetbeing macrumors member

    Oct 11, 2007
    Thanks to hdm of Metasploit, we are now armed with the knowledge of how to custom-craft our own exploit tiffs. His groundwork with reliable code execution has made better jailbreaks possible. He is especially to be admired for the pedagogical detail that allows everyone to have a better understanding of his techniques and the internals of the device.

    Based upon his work, I have created a tiff that entirely jailbreaks the iPod, installs Installer.app and OpenSSH, along with an easy on/off program that lets you switch SSH/SFTP/SCP on or off for both security and battery saving purposes.

    SummerBoard is no longer installed since the latest version from Installer.app works fine and requires no tinkering.

    You do need a relatively stable wi-fi connection for this, since your iPod will be download a couple of megabytes of information.

    So, there are now two steps, one of which is optional:

    1. Restore and/or update your iPod/iPhone to a fresh copy of the 1.1.1 firmware. This is probably not necessary if you have not messed around with your iPod too much.
    2. In Safari on your iPod, visit dn.vc/jb (an alias for http://www.slovix.com/touchfree/jb)

    Safari will crash after a moment. Nothing will appear to happen for about 30 seconds (so be patient). Then, the iPod will automatically restart and you will be jailbroken!

    It's quite beautiful, in my opinion, because it's easy and platform-independent (doesn't matter if you're running Mac or PC).

    This will probably be the simplest way.... until Apple fixes the TIFF security hole, so enjoy while you can.

    I'll make the source code available to anyone who contacts me. It's pretty trivial to set up mirrors.

    Oh, and P.S.: A shout-out and props to rezn who was the first to get something like this working. My implementation is entirely independent and is neater (since it uses HTTP instead of requiring raw TCP and socat) IMHO, but he was the first, and his success prodded me to make my own.

    Video of what the process ought to look like: http://www.youtube.com/watch?v=RHHPVhDfxT8
  2. David G. macrumors 6502a

    Apr 10, 2007
    Is it possible to do this and then later restore to an absolutely untouched state, so much so that :apple: doesn't know and void my warranty should I send it in for any reason?
  3. parrotheadmjb macrumors 6502

    Mar 4, 2007
    click on restore in itunes
  4. Corius macrumors newbie

    Oct 28, 2007

    I tried the http://www.slovix.com/touchfree/jb/ URL in my ipod touch, safari crashed and then the ipod rebooted, after the reboot it remains frozen in the apple logo. I cannot get past the logo and cannot enter restore mode either, I bricked my ipod!

    Any help will be appreciated.

    Thank You.
  5. dschiller macrumors regular

    May 7, 2007
    I've tried this after many unsuccessful attempts with other methods (see this thread) and I am glad to say that it worked! This is fantastic!

    Congratulations to the developer of this!

  6. mmfy macrumors regular

    Oct 23, 2007
    So does it work or not??
  7. planetbeing thread starter macrumors member

    Oct 11, 2007
    The first reboot can take up to two minutes, so be patient. If you interrupted the reboot, you may have to restore. (I'm assuming the device rebooted automatically)
  8. coreybox macrumors member

    Oct 28, 2005
  9. LGShepherd macrumors regular

    Jun 27, 2007
    i have just done this and it works great!

    however, i have one question, how do i add other apps to this? the installer has a bunch of them, but i would like the iphone apps on my touch as well, how would i do this?

  10. dschiller macrumors regular

    May 7, 2007
    Using iJailbreak to install the iPhone apps might work, though I haven't tested that. If you try it, please let us know if it works.
  11. Lixivial macrumors 6502a


    Jan 13, 2005
    Between cats, dogs and wanderlust.
    Yeah, kudos on the simplicity. But beautiful is not what I'd label a show-stopping, widely documented security flaw.

    The weakest vector to attack is the human element. People really want apps on their iPod touch and iPhone. To me, that's not a situation I'd label "beautiful."
  12. planetbeing thread starter macrumors member

    Oct 11, 2007
    Hacks are beautiful, flaws are not. If you want to see something ugly, read the specifications for TIFF. The very fact that just by you browsing my website, I can do whatever I want to your device is obviously very dangerous. As soon as I have fully reviewed the patches that are now available for that security hole, I will automatically apply them. For now, despite ominous warnings by some security professionals, nothing malicious has appeared to exploit them. Though, it's not unimaginable that someone might eventually think having an iPhone/iPod botnet would be fun. Haha.

    I'm not really certain what you're getting at by your second paragraph. Are you saying that people wanting third-party applications is not "beautiful"? Who are you? Steve Jobs? ;)

    Or are you saying that, somehow, people wanting 3rd party applications on their device are security vulnerabilities. That's not really true; people are only security vulnerabilities when they act in unsafe ways. Using the TIFF exploit from a known source is as risky as installing a program from a known source. After all, I'm not BonzaiBuddy. Taking care not to open e-mails or visit websites from shady sources will still serve to guard safe people adequately for the time being (but not when malware start to actually pop up).

    The desire of people to have 3rd party applications does tend to make security vulnerabilities on the iPhone and iPod touch to appear faster than they would normally, because of the tremendous amount of effort the community expends on finding cracks in the armor and wedging them wide open. Arguing that that's bad is like arguing for security through obscurity. If the current hackers don't find these problems while searching for ways to enable 3rd party applications and publicize them, some others will and sell these vulnerabilities to spammers and botnet owners instead.

    At any rate, we can both agree that both the iPhone and iPod touch are currently woeful in terms of security. I just find your other comments, well, confusing.
  13. evilgreg macrumors regular


    Aug 13, 2007
    WOW! Nice job on this hack, and unlike the guy a few posts above me, I DO agree with you that this is beautifully done. This will save a LOT of people major headaches, and I know if I have to restore my iPod, I'll use this method for shure. Compatible with the iPhone I presume?
  14. lupka macrumors newbie

    Sep 30, 2007
    I did my jailbreak the hard way a few weeks ago, but its really cool to see something like that.
  15. zagnutts macrumors newbie

    Oct 28, 2007
    Problems Jailbreaking

    I was able to visit http://www.slovix.com/touchfree/jb/ in safari. Everything seemed to be working fine. The browser closed and the iphone restarted. But after the restart, nothing has changed. Any suggestions? I just got the phone and even did a restore.
  16. planetbeing thread starter macrumors member

    Oct 11, 2007
    You're using an iPhone, correct? Are you activated?

    Also try restarting the device again. It also won't hurt if you try to visit the url again. If those actions don't work, come back here and tell me because that's really weird.
  17. Corius macrumors newbie

    Oct 28, 2007
    I interrupted the rebooting process after the safari crash :S

    I can enter the restore mode and my PC recognizes and tries to "restore and update" but iTunes is giving me "The iPod could not be restored. Theres not enough memory available".

    I'm kinda lost here.
  18. jigimu macrumors newbie

    Oct 28, 2007
    That was easy!

    Yes, It worked fine with no problem!! Thanx to the responsible Geek
  19. dxerboy macrumors member

    Oct 28, 2007
    FYI out there: third time was the charm for me. Very very sweet hack. Cheers!
  20. zagnutts macrumors newbie

    Oct 28, 2007
    I am using an iPhone but am not activated. I have tried restarting it again,but still nothing.
  21. Shnoops macrumors newbie

    Oct 28, 2007
    quick question

    Now lets say I use this expoilt get the installer app and such. now wen apple sounds out the newest firmware will i be able to do a restore and than be able to upgrade?
  22. Lixivial macrumors 6502a


    Jan 13, 2005
    Between cats, dogs and wanderlust.
    I was thinking more like corrupting the baseband or muddling the nvram (single-user mode) -- parameters which a restore will *not* fix. But, yeah, any malicious intent.

    Anyroad, I apologise that I probably misread your comment I originally quoted. I just find it interesting that in this instance -- which is the very definition of "remote code execution" -- hacks based on this flaw are lauded with great applause. I'm just thinking about what would have happened if this was a Mac OS X flaw and it was disclosed to the public as a major problem with libtiff by a security expert.

    No, (the prospect of) third-party apps are why I bought my iPhone June 29th.

    Anyroad, I was saying that people's deep desire for an easy-to-use jailbreak method makes social engineering even easier than it already is. The prospects of a device that has and relies heavily on camera, microphone, and keyboard is a data gold mine. I wasn't saying it has or would happen, but more that it could (which is stating the obvious... obviously. ;)) And I wasn't implying you of creating a malicious piece of software, but I was giving general caution to just blindly following proclamations by people about their way to jailbreak the iPhone. That's all.

    I didn't mean to hijack your thread, but I, myself, wasn't exactly certain what you meant by your original comment so that's why I responded in the first place. I do agree that this method seems to be the easiest implementation I've seen, and I'll reiterate my kudos to your efforts. :)
  23. planetbeing thread starter macrumors member

    Oct 11, 2007
    Oh no, it's fine. I just wanted to make those points anyway for awhile and needed to get it out, haha. Sorry you were on the receiving end of it!
  24. droogie69 macrumors newbie

    Oct 29, 2007
    hey thanks this work great for me
    i was able to hack it but how can i edit/add my calendar
    and one more thing how can i get the note application too
  25. Corius macrumors newbie

    Oct 28, 2007
    I was able to restore the Ipod finally, I'll try the hack again later on.
Thread Status:
Not open for further replies.

Share This Page