Thanks to hdm of Metasploit, we are now armed with the knowledge of how to custom-craft our own exploit tiffs. His groundwork with reliable code execution has made better jailbreaks possible. He is especially to be admired for the pedagogical detail that allows everyone to have a better understanding of his techniques and the internals of the device. Based upon his work, I have created a tiff that entirely jailbreaks the iPod, installs Installer.app and OpenSSH, along with an easy on/off program that lets you switch SSH/SFTP/SCP on or off for both security and battery saving purposes. SummerBoard is no longer installed since the latest version from Installer.app works fine and requires no tinkering. You do need a relatively stable wi-fi connection for this, since your iPod will be download a couple of megabytes of information. So, there are now two steps, one of which is optional: 1. Restore and/or update your iPod/iPhone to a fresh copy of the 1.1.1 firmware. This is probably not necessary if you have not messed around with your iPod too much. 2. In Safari on your iPod, visit http://www.slovix.com/touchfree/jb/ Safari will crash after a moment. Nothing will appear to happen for about 30 seconds (so be patient). Then, the iPod will automatically restart and you will be jailbroken! It's quite beautiful, in my opinion, because it's easy and platform-independent (doesn't matter if you're running Mac or PC). This will probably be the simplest way.... until Apple fixes the TIFF security hole, so enjoy while you can. I'll make the source code available to anyone who contacts me. It's pretty trivial to set up mirrors. Oh, and P.S.: A shout-out and props to rezn who was the first to get something like this working. My implementation is entirely independent and is neater (since it uses HTTP instead of requiring raw TCP and socat) IMHO, but he was the first, and his success prodded me to make my own. EDIT: Oops, I meant to post this in the iPod touch hacks forum. However, this program will work for the iPhone as well, but you'll need to do extra steps for true activation.