littlecloud92

macrumors newbie
Original poster
Jun 24, 2011
14
0
We all know how "well" the VoiceOver backdoor activation method works in the latest beta of iOS5. OH NOES! Apple has "fixed" it! You can swipe till the cows come home but there will be no Notification Center sliding down at all!

Well, it's time for some serious business!

LOTS of pictures to illustrate the steps to the best of my ability!

[UPDATED] If you want an untethered boot and don't care about jailbreaking, skip installing Cydia. However, SSH will not work while your phone is untether booted.

[UPDATED] Windows users, use PuTTY and WinSCP in place of Terminal and SCP respectively!

[UPDATED] Citing security concerns, please change your system passwords once SSHed in! Type: passwd root followed by passwd mobile in the shell, and remember the password(s) for future ssh logins.


Pre-requisites:
[UPDATED] Any phone that can be officially activated - lock state doesn't matter

[UPDATED] iTunes 10.5 beta 2 - iTunes 10.5b1 will activate iOS5b2 but it will not be able to sync any media.

iOS5 beta 1 and 2 IPSWs – in my case, iPhone 4 GSM:
iPhone3,1_5.0_9A5220p_Restore.ipsw - beta 1
iPhone3,1_5.0_9A5248d_Restore.ipsw - beta 2

redsn0w 0.9.8b1

redsn0w SSH2 bundle - http://sites.google.com/a/iphone-dev.com/files/home/SSH2_bundle.tgz?attredirects=0&d=1

SystemVersion.plist.zip (an attachment to this post) – Unzip and put in the root directory of your hard drive (open your hard drive icon, the same “folder” as where Applications, System, Users are)

Terminal – Found under /Applications/Utilities



Steps:
Put your iPhone in DFU mode (remove your SIM card if you have one inserted)

Option (or shift-restore) to beta 2 IPSW:
2rempn4.jpg


Wait for restore to finish:
2ns84d5.jpg


Slide to set up and join a wireless network, but go no further:
293afci.png


After the wifi icon appears in the status bar, power off the iPhone.

Put device with DFU mode, jailbreak with redsn0w 0.9.8b1 – give it the beta 1 IPSW, uncheck Install Cydia and check Install Custom Bundle – select SSH2_bundle.tgz
a12vbk.png


The phone will reboot when the jailbreak is complete. Power the phone off once it’s started up and use redsn0w to “just boot tethered”.

Once the phone has rebooted (yet again!) and is at the slide to set up screen, open terminal and prepare to type:

ssh root@<ip address of iphone>

The IP address of the iPhone can typically be acquired from your router’s DHCP clients list:
5p1jiq.png


In this example, 192.168.1.240

Apropos, I would type:

ssh root@192.168.1.240

For the initial connection to a freshly-installed phone, it will take quite a while for the password prompt to appear as some SSH security keys need to be generated on the phone. Answer yes to the key fingerprint prompt.

type “alpine” (without quotes) for the password, and press Enter.

35ib15k.png


What you are now presented with, is the shell prompt.

Type the following (Enter after each line):

cd /Applications

mv Setup.app Setup.app.old

killall SpringBoard


Note: After the phone resprings, you will see the “classic” 4.2.1+ activation screen!
x51bf4.png


rm /System/Library/CoreServices/SystemVersion.plist

2rrkp3c.png


Open a new terminal window, and type the following – remember the IP address is just an example, and should be replaced with that of your own iPhone’s. (Enter after each line):

scp /SystemVersion.plist root@192.168.1.240:/System/Library/CoreServices/

(alpine for password)

lxwtw.png


Next, power off the phone and use redsn0w to boot tethered (yet) again.

When the phone comes up, it will still be showing the iOS 4.2.1+ activation screen instead of the new setup wizard type thing. Disconnect the phone from the computer at this point, if it is connected.

Insert your SIM card into the phone and connect to iTunes just like a “normal” activation. It should activate and the SpringBoard should come up!

This is a proper activation per se, not a hacktivation, so iMessages and the like should work fine.

2z4adef.png


Put the phone into DFU mode and use redsn0w to install Cydia.

After it comes up, power off the phone and use redsn0w to boot tethered yet yet again.

Now open Cydia and enjoy your completed jailbreak of iOS5 b2!

No trickery was involved, as these “real” picture will prove!

oi6uu0.jpg


210aaug.jpg


29xzq6x.jpg


29bnadx.jpg


2lwq0c0.jpg


4j2qsl.jpg
 

Attachments

  • SystemVersion.plist.zip
    761 bytes · Views: 1,243
Last edited:

Avalon74

macrumors member
Mar 3, 2011
66
3
I understand this is a bit off topic, but Im interested in the wallpapers you have. Mind telling me where you found them?
 

arteggio

macrumors member
Dec 15, 2010
51
1
Pittsburgh
Insert your SIM card into the phone and connect to iTunes just like a “normal” activation. It should activate and the SpringBoard should come up!

This is a proper activation per se, not a hacktivation, so iMessages and the like should work fine.

So, just to be clear, following this guide, a non-dev iPhone running iOS 5 beta 2 can make calls, etc?...

iPhone that can be wildcard activated (typically factory-unlocked units)


...If the phone is a factory-unlocked version? As in, a non (still-locked) AT&T model?

If so, that's too bad, but thanks for the guide nonetheless!
 

littlecloud92

macrumors newbie
Original poster
Jun 24, 2011
14
0
So, just to be clear, following this guide, a non-dev iPhone running iOS 5 beta 2 can make calls, etc?...



...If the phone is a factory-unlocked version? As in, a non (still-locked) AT&T model?

If so, that's too bad, but thanks for the guide nonetheless!

I've personally tested all cellular functions with the exception of FaceTime and tethering (3G, SMS, Phone, Speakerphone, surfing via 3G) and they all work flawlessly.

Yes, my phone factory-unlocked. I cannot say for certain, but I think it will work with any phone that can be activated normally (in your case, if you can use your phone now without relying on an unlock). If that is so, you should still be able to use my guide; I am just erring on the side of caution as I do not have a carrier-locked phone to test with - both my "guinea pig" and production iPhones being factory unlocked units.

However, if you have a currently unlocked phone, please stay far far away from this!
 

chiledog

macrumors newbie
Jul 2, 2010
10
0
I've personally tested all cellular functions with the exception of FaceTime and tethering (3G, SMS, Phone, Speakerphone, surfing via 3G) and they all work flawlessly.

Yes, my phone factory-unlocked. I cannot say for certain, but I think it will work with any phone that can be activated normally (in your case, if you can use your phone now without relying on an unlock). If that is so, you should still be able to use my guide; I am just erring on the side of caution as I do not have a carrier-locked phone to test with - both my "guinea pig" and production iPhones being factory unlocked units.

However, if you have a currently unlocked phone, please stay far far away from this!

Wicked guide dude. Thanks!

I have a carrier locked phone that I can activate normally and the guide worked great.
I've checked I can make calls and send and recieve iMessages so I guess the rest will work. If not I'll edit my post.

I didn't use the old setup app either (mv Setup.app Setup.app.old).
I just finished the new setup app once i had placed the SystemVersion.plist on the phone, shutdown and tether rebooted with redsn0w. Then continued past the Wifi selection screen and finished activating.

Thanks for the great guide.
 
Last edited:

littlecloud92

macrumors newbie
Original poster
Jun 24, 2011
14
0
Is this iPhone only or iPad2 too? Great tutorial!

There's no jailbreak for iPad 2 yet, hence this guide will not apply :rolleyes:

Wicked guide dude. Thanks!

I have a carried locked phone that I can activate normally and the guide worked great.
I've checked I can make calls and send and recieve iMessages so I guess the rest will work. If not I'll edit my post.

I didn't use the old setup app either (mv Setup.app Setup.app.old).
I just finished the new setup app once i had placed the SystemVersion.plist on the phone, shutdown and tether rebooted with redsn0w. Then continued past the Wifi selection screen and finished activating.


Thanks for the great guide.

I'm certainly happy to hear of your experience. The reason I disabled Setup.app was because of it refusing to get itself past the Apple ID screen on my phone. I will try restoring my guinea-pig iPhone, starting over, and seeing the results tomorrow.
 

labman

macrumors 604
Jun 9, 2009
7,786
1
Mich near Detroit
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

Needs to also be notedthat musclenerd says iOS 5 beta 2 will kill the gevey sim unlock.
 

littlecloud92

macrumors newbie
Original poster
Jun 24, 2011
14
0
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

Needs to also be notedthat musclenerd says iOS 5 beta 2 will kill the gevey sim unlock.

All unlockers should be staying far far away from official fw updates in the first place :rolleyes:

Even if curiosity managed to get the better of them, they could still downgrade to 4.3.3 as of this writing, so we shouldn't be too worried for them... yet! ;)
 

chiledog

macrumors newbie
Jul 2, 2010
10
0
There's no jailbreak for iPad 2 yet, hence this guide will not apply :rolleyes:



I'm certainly happy to hear of your experience. The reason I disabled Setup.app was because of it refusing to get itself past the Apple ID screen on my phone. I will try restoring my guinea-pig iPhone, starting over, and seeing the results tomorrow.
Yeah, so far no issues.
I'm not in the US so that may have something to do with the setup behaving differently.
The only other thing I guess I should mention is that I kept it connected until it had finished the first boot after restoring.
All the way until the 'iPhone' screen showed up.
I doubt that had anything to do with it though.
 

arteggio

macrumors member
Dec 15, 2010
51
1
Pittsburgh
AT&T iPhone: just got this to work. (It took a while because I ignored the part about opening a new Terminal window for the SCP command, but I just went back and did it.) Thanks again!
 

Ed29592

macrumors newbie
Jun 25, 2011
2
0
Is than an alternative to Terminal ? As in a version for Windows 7. Winscp wont work because it doesnt have the SSH from cydia ?
 

Galaxas0

macrumors regular
Mar 2, 2011
131
84
If I restart it without tethering, and it loses its jailbreak (Which I don't want), will I be able to still use iOS 5?
 

littlecloud92

macrumors newbie
Original poster
Jun 24, 2011
14
0
Is than an alternative to Terminal ? As in a version for Windows 7. Winscp wont work because it doesnt have the SSH from cydia ?

You'll want PuTTY, http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe

If I restart it without tethering, and it loses its jailbreak (Which I don't want), will I be able to still use iOS 5?
Hmm, it seems possible. Try not installing Cydia and seeing what happens. It might not take because of the need to modify SystemVersion.plist though.
 
Last edited:

Galaxas0

macrumors regular
Mar 2, 2011
131
84
Tried doing it without installing Cydia, and since my iPhone isn't a phone, it works GREAT.

So don't install Cydia, then IF YOU DO NOT HAVE A PHONE PLAN, lock your SIM. Then restart without redsnow. Then it'll bot up nice, and it'll say Locked SIM. Press OK and it'll work great ^_^ And I do believe you have SSH access too?

EDIT: Nope, no SSH :] Jailbreak "removed".
 

littlecloud92

macrumors newbie
Original poster
Jun 24, 2011
14
0
Tried doing it without installing Cydia, and since my iPhone isn't a phone, it works GREAT.

So don't install Cydia, then IF YOU DO NOT HAVE A PHONE PLAN, lock your SIM. Then restart without redsnow. Then it'll bot up nice, and it'll say Locked SIM. Press OK and it'll work great ^_^ And I do believe you have SSH access too?

Nope - there won't be SSH access - SSH is prevented from loading by the kernel because it is, after all, an unsigned addition to iOS. You will get

ssh_exchange_identification: Connection closed by remote host

if you try to ssh while untether booted.
 

Galaxas0

macrumors regular
Mar 2, 2011
131
84
Yeah, that's what I got. :] iOS 5. Slightly laggy, but GREAT overall. Anyone try this on their iPad 1? or will I be the first >:D
 

Ed29592

macrumors newbie
Jun 25, 2011
2
0
I was messing around with it last night, and it worked without editing the .plist.....Calls working, Notification working....really wish I knew what I did :/
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.