updated 12:40 am EDT, Thu October 11, 2007
Jailbreak for iPhone 1.1.1
Over the last few days hackers have begun publicizing ways into and around Apple's newest iPhone v1.1.1 firmware update that disabled many third-party hacks. iPhone firmware v1.1.1, which Apple warned may damage (i.e., "brick") unlocked iPhones, also disabled many third-party applications and hackers,w ho have been feverishly working to find a way into updated iPhones to install third-party applications, have finally released details of "jail-breaking" an iPhone running v1.1.1 firmware -- a process that is still fairly complicated compared to the initial "one-click" methods.
On Wednesday, three different methods for hacking into the iPhone 1.1.1 filesystem are circulating on the Web, including one -- still in beta -- that takes advantage of a TIFF exploit security bug found in the embedded Safari browser; however, the most promising method to appears to be a publicly method of downgrading the firmware to v1.02, applying some modifications to the file system and then upgrading the firmware back to v1.1.1, thereby allowing users to run an application like AppTapp to install third-party applications.
Developed by the The iPhone Dev Team, the "jailbreak" procedure, described in a public download, is not designed for unlocked phones (those that have been modified to use non-AT&T networks) and requires use of several iPhone tools developed by third-parties.
- Downgrading to 1.0.2 (if necessary)
- Preparing the iPhone for a jailbroken update
- Performing a software update, leaving you with a jail-broken v1.1.1
- Forcing v1.1.1 to mount read-write so you can access it
- Installing SSH and BSD world
- Activating with a Non-ATT SIM
- Patching SpringBoard to allow third-party applications
Life with Toc2rta, a blog maintained by iPhone hacker Naicin, describes his (beta) "jail-break" process using the TIFF exploit by navigating to a certain site on the Web (URL requires modification; proceed at your own risk) to gain read/write access as root to the file system. While still in the testing phase, it requires use of the IPHUC file tool and some knowledge of how to put/get files, according to the blog post. Already confirmed by others, Niacin promises a full tutorial and a full breakdown of how the tiff works, but provides few details. However, Apple could simply (and likely will) patch the TIFF security flaw in the next update to easily disable this method.
Finally, another posting that appeared on Wednesday morning provides a detailed step-by-step tutorial for "jail-breaking" that seems substantially similar to iPhone Dev Team's method. Reports indicate that it is based on an leaked early version of their work: "This method is not refined yet. Read the entire guide over. If anything is confusing or unclear, don't do it. This guide is not meant for novice users. An easier solution will come soon from the dev team."