iPod touch Easiest jailbreak ever - no computer required!

Status
Not open for further replies.

planetbeing

macrumors member
Original poster
Oct 11, 2007
87
0
Thanks to hdm of Metasploit, we are now armed with the knowledge of how to custom-craft our own exploit tiffs. His groundwork with reliable code execution has made better jailbreaks possible. He is especially to be admired for the pedagogical detail that allows everyone to have a better understanding of his techniques and the internals of the device.

Based upon his work, I have created a tiff that entirely jailbreaks the iPod, installs Installer.app and OpenSSH, along with an easy on/off program that lets you switch SSH/SFTP/SCP on or off for both security and battery saving purposes.

SummerBoard is no longer installed since the latest version from Installer.app works fine and requires no tinkering.

You do need a relatively stable wi-fi connection for this, since your iPod will be download a couple of megabytes of information.

So, there are now two steps, one of which is optional:

1. Restore and/or update your iPod/iPhone to a fresh copy of the 1.1.1 firmware. This is probably not necessary if you have not messed around with your iPod too much.
2. In Safari on your iPod, visit dn.vc/jb (an alias for http://www.slovix.com/touchfree/jb)

Safari will crash after a moment. Nothing will appear to happen for about 30 seconds (so be patient). Then, the iPod will automatically restart and you will be jailbroken!

It's quite beautiful, in my opinion, because it's easy and platform-independent (doesn't matter if you're running Mac or PC).

This will probably be the simplest way.... until Apple fixes the TIFF security hole, so enjoy while you can.

I'll make the source code available to anyone who contacts me. It's pretty trivial to set up mirrors.

Oh, and P.S.: A shout-out and props to rezn who was the first to get something like this working. My implementation is entirely independent and is neater (since it uses HTTP instead of requiring raw TCP and socat) IMHO, but he was the first, and his success prodded me to make my own.

Video of what the process ought to look like: http://www.youtube.com/watch?v=RHHPVhDfxT8
 

David G.

macrumors 65816
Apr 10, 2007
1,083
400
Alaska
Is it possible to do this and then later restore to an absolutely untouched state, so much so that :apple: doesn't know and void my warranty should I send it in for any reason?
 
Comment

Corius

macrumors newbie
Oct 28, 2007
4
0
Hi

I tried the http://www.slovix.com/touchfree/jb/ URL in my ipod touch, safari crashed and then the ipod rebooted, after the reboot it remains frozen in the apple logo. I cannot get past the logo and cannot enter restore mode either, I bricked my ipod!

Any help will be appreciated.

Thank You.
 
Comment

dschiller

macrumors regular
May 7, 2007
138
0
I've tried this after many unsuccessful attempts with other methods (see this thread) and I am glad to say that it worked! This is fantastic!

Congratulations to the developer of this!

Cheers
Daniel
 
Comment

mmfy

macrumors regular
Oct 23, 2007
112
0
Hi

I tried the http://www.slovix.com/touchfree/jb/ URL in my ipod touch, safari crashed and then the ipod rebooted, after the reboot it remains frozen in the apple logo. I cannot get past the logo and cannot enter restore mode either, I bricked my ipod!

Any help will be appreciated.

Thank You.
I've tried this after many unsuccessful attempts with other methods (see this thread) and I am glad to say that it worked! This is fantastic!

Congratulations to the developer of this!

Cheers
Daniel
So does it work or not??
 
Comment

planetbeing

macrumors member
Original poster
Oct 11, 2007
87
0
Hi

I tried the http://www.slovix.com/touchfree/jb/ URL in my ipod touch, safari crashed and then the ipod rebooted, after the reboot it remains frozen in the apple logo. I cannot get past the logo and cannot enter restore mode either, I bricked my ipod!

Any help will be appreciated.

Thank You.
The first reboot can take up to two minutes, so be patient. If you interrupted the reboot, you may have to restore. (I'm assuming the device rebooted automatically)
 
Comment

LGShepherd

macrumors regular
Jun 27, 2007
214
11
Teesside, United Kingdom
i have just done this and it works great!

however, i have one question, how do i add other apps to this? the installer has a bunch of them, but i would like the iphone apps on my touch as well, how would i do this?

thanks
Liam
 
Comment

dschiller

macrumors regular
May 7, 2007
138
0
i have just done this and it works great!

however, i have one question, how do i add other apps to this? the installer has a bunch of them, but i would like the iphone apps on my touch as well, how would i do this?

thanks
Liam
Using iJailbreak to install the iPhone apps might work, though I haven't tested that. If you try it, please let us know if it works.
 
Comment

Lixivial

macrumors 6502a
It's quite beautiful, in my opinion, because it's easy and platform-independent (doesn't matter if you're running Mac or PC).
Yeah, kudos on the simplicity. But beautiful is not what I'd label a show-stopping, widely documented security flaw.

The weakest vector to attack is the human element. People really want apps on their iPod touch and iPhone. To me, that's not a situation I'd label "beautiful."
 
Comment

planetbeing

macrumors member
Original poster
Oct 11, 2007
87
0
Yeah, kudos on the simplicity. But beautiful is not what I'd label a show-stopping, widely documented security flaw.

The weakest vector to attack is the human element. People really want apps on their iPod touch and iPhone. To me, that's not a situation I'd label "beautiful."
Hacks are beautiful, flaws are not. If you want to see something ugly, read the specifications for TIFF. The very fact that just by you browsing my website, I can do whatever I want to your device is obviously very dangerous. As soon as I have fully reviewed the patches that are now available for that security hole, I will automatically apply them. For now, despite ominous warnings by some security professionals, nothing malicious has appeared to exploit them. Though, it's not unimaginable that someone might eventually think having an iPhone/iPod botnet would be fun. Haha.

I'm not really certain what you're getting at by your second paragraph. Are you saying that people wanting third-party applications is not "beautiful"? Who are you? Steve Jobs? ;)

Or are you saying that, somehow, people wanting 3rd party applications on their device are security vulnerabilities. That's not really true; people are only security vulnerabilities when they act in unsafe ways. Using the TIFF exploit from a known source is as risky as installing a program from a known source. After all, I'm not BonzaiBuddy. Taking care not to open e-mails or visit websites from shady sources will still serve to guard safe people adequately for the time being (but not when malware start to actually pop up).

The desire of people to have 3rd party applications does tend to make security vulnerabilities on the iPhone and iPod touch to appear faster than they would normally, because of the tremendous amount of effort the community expends on finding cracks in the armor and wedging them wide open. Arguing that that's bad is like arguing for security through obscurity. If the current hackers don't find these problems while searching for ways to enable 3rd party applications and publicize them, some others will and sell these vulnerabilities to spammers and botnet owners instead.

At any rate, we can both agree that both the iPhone and iPod touch are currently woeful in terms of security. I just find your other comments, well, confusing.
 
Comment

evilgreg

macrumors regular
Aug 13, 2007
132
0
WOW! Nice job on this hack, and unlike the guy a few posts above me, I DO agree with you that this is beautifully done. This will save a LOT of people major headaches, and I know if I have to restore my iPod, I'll use this method for shure. Compatible with the iPhone I presume?
 
Comment

lupka

macrumors newbie
Sep 30, 2007
12
0
I did my jailbreak the hard way a few weeks ago, but its really cool to see something like that.
 
Comment

zagnutts

macrumors newbie
Oct 28, 2007
2
0
Problems Jailbreaking

I was able to visit http://www.slovix.com/touchfree/jb/ in safari. Everything seemed to be working fine. The browser closed and the iphone restarted. But after the restart, nothing has changed. Any suggestions? I just got the phone and even did a restore.
 
Comment

planetbeing

macrumors member
Original poster
Oct 11, 2007
87
0
I was able to visit http://www.slovix.com/touchfree/jb/ in safari. Everything seemed to be working fine. The browser closed and the iphone restarted. But after the restart, nothing has changed. Any suggestions? I just got the phone and even did a restore.
You're using an iPhone, correct? Are you activated?

Also try restarting the device again. It also won't hurt if you try to visit the url again. If those actions don't work, come back here and tell me because that's really weird.
 
Comment

Corius

macrumors newbie
Oct 28, 2007
4
0
I interrupted the rebooting process after the safari crash :S

I can enter the restore mode and my PC recognizes and tries to "restore and update" but iTunes is giving me "The iPod could not be restored. Theres not enough memory available".

I'm kinda lost here.
 
Comment

jigimu

macrumors newbie
Oct 28, 2007
5
0
That was easy!

Yes, It worked fine with no problem!! Thanx to the responsible Geek
 
Comment

dxerboy

macrumors member
Oct 28, 2007
48
2
FYI out there: third time was the charm for me. Very very sweet hack. Cheers!
 
Comment

zagnutts

macrumors newbie
Oct 28, 2007
2
0
You're using an iPhone, correct? Are you activated?

Also try restarting the device again. It also won't hurt if you try to visit the url again. If those actions don't work, come back here and tell me because that's really weird.
I am using an iPhone but am not activated. I have tried restarting it again,but still nothing.
 
Comment

Shnoops

macrumors newbie
Oct 28, 2007
8
0
quick question

Now lets say I use this expoilt get the installer app and such. now wen apple sounds out the newest firmware will i be able to do a restore and than be able to upgrade?
 
Comment

Lixivial

macrumors 6502a
Though, it's not unimaginable that someone might eventually think having an iPhone/iPod botnet would be fun.
I was thinking more like corrupting the baseband or muddling the nvram (single-user mode) -- parameters which a restore will *not* fix. But, yeah, any malicious intent.

Anyroad, I apologise that I probably misread your comment I originally quoted. I just find it interesting that in this instance -- which is the very definition of "remote code execution" -- hacks based on this flaw are lauded with great applause. I'm just thinking about what would have happened if this was a Mac OS X flaw and it was disclosed to the public as a major problem with libtiff by a security expert.

I'm not really certain what you're getting at by your second paragraph. Are you saying that people wanting third-party applications is not "beautiful"? Who are you? Steve Jobs? ;)

... Arguing that that's bad is like arguing for security through obscurity.
No, (the prospect of) third-party apps are why I bought my iPhone June 29th.

Anyroad, I was saying that people's deep desire for an easy-to-use jailbreak method makes social engineering even easier than it already is. The prospects of a device that has and relies heavily on camera, microphone, and keyboard is a data gold mine. I wasn't saying it has or would happen, but more that it could (which is stating the obvious... obviously. ;)) And I wasn't implying you of creating a malicious piece of software, but I was giving general caution to just blindly following proclamations by people about their way to jailbreak the iPhone. That's all.

I didn't mean to hijack your thread, but I, myself, wasn't exactly certain what you meant by your original comment so that's why I responded in the first place. I do agree that this method seems to be the easiest implementation I've seen, and I'll reiterate my kudos to your efforts. :)
 
Comment

planetbeing

macrumors member
Original poster
Oct 11, 2007
87
0
I didn't mean to hijack your thread, but I, myself, wasn't exactly certain what you meant by that comment. I do agree that this method seems to easiest implementation I've seen, and I'll reiterate my kudos to your efforts. :)
Oh no, it's fine. I just wanted to make those points anyway for awhile and needed to get it out, haha. Sorry you were on the receiving end of it!
 
Comment

droogie69

macrumors newbie
Oct 29, 2007
1
0
hey thanks this work great for me
i was able to hack it but how can i edit/add my calendar
and one more thing how can i get the note application too
 
Comment

Corius

macrumors newbie
Oct 28, 2007
4
0
I was able to restore the Ipod finally, I'll try the hack again later on.
 
Comment
Status
Not open for further replies.

Similar threads

Register on MacRumors! This sidebar will go away, and you'll see fewer ads.