Here’s further proof that you should understand what it is you’re doing when you go to hack your handheld. Jailbreaking an iPhone has been made quite easy to the point that a lot of folks do it without reading any of the accompanying documentation. Those who didn’t heed the warning to change the default SSH password on a Jailbroken phone might get a bit of a surprise. A worm has been unleashed that finds Jailbroken iPhones and changes the background image to a picture of [Rick Astley]. That’s right, they’ve been Rickrolled.
It’s a clever little devil that propagates by grabbing the IP address of the iPhone it is currently on, then testing all of the IP address in that family to find other devices using the default password. Luckily this worm’s activities are not what we’d call malicious. It doesn’t format the root or create a cell based bot-net (that we know of). This would be akin to the antics of searching Google for unprotected installations of MythWeb and setting some poor schmuck’s MythTV to record every infomercial ever. The point is, this could have been a lot worse, but the attack is predicated on stupidity. In our digital age, why are people leaving default passwords in place?
The iPhone dev-team has released an updated version of PwnageTool. It supports jailbreaking iPhones using the 3.0 firmware. This update does not include the much easier to use QuickPwn, but it should be coming soon. The release also doesn’t include the UltraSn0w unlock which will be coming via Cydia.
The iPod Touch 2G jailbreak was first shown in January. It had to be applied every time the iPod was booted. The iphone-dev team just released the 24kpwn LLB patch to allow for a persistent jailbreak. The team had been hanging on to this patch because there was the possibility the exploit could be used on future iPhone versions. Unfortunately, a group started selling the code, so the team was forced to release it for free. iPod owners are certainly happy though. There is a tutorial available for updating a factory reset iPod (backup link). The team will include the patch in future official tools.
UPDATE: [cptfalcon] pointed out a post that covers the technical details of the exploit.
Now that the iphone-dev team has unlocked the iPhone 3G they’re moving onto jailbreaking the iPod Touch 2G. While they have a fully working jailbreak, it’s not yet in a user friendly format. [MuscleNerd] did a live video demo this afternoon to show what progress they had made. It starts with him showing the iPod on but not booting. He’s already patched the kernel, but it’s failing the signature check in iboot. He then uses the team’s recoverytool to exploit a hole in iboot and patch out the signature check. The ipod then boots normally and he shows non-App Store software like Mobile Terminal, Cydia, and an NES Emulator (which makes use of the iPod’s internal speaker).
The redsn0w jailbreak works, but it has to be applied via tether every time the iPod boots. The team won’t release anything until they’ve found a way around this problem. For more insight into the boot process, check out our coverage of their Hacking the iPhone talk at 25C3.
Hackers are continuing to outpace Apple with feature additions. The team at iMobileCinema has created a flash plugin for the Mobile Safari browser. It’s a beta release and still a bit buggy. This app is only available to people who have jailbroken their iPhones. You just need to add d.imobilecinema.com to your sources in Cydia to get the package to appear. While it can crash from time to time, it’s certainly better than no support at all.
Earlier today, the iPhone Dev Team teased that they wouldn’t release their latest Pwnage Tool until Sunday. Since this was yet another in a week long bit of teasing, we were somewhat surprised when a few hours later they posted a rather relaxed Thanks for waiting :) post announcing that Pwnage Tool 2.0 is available. Here’s a direct link to the tool and a mirror courtesy of [_BigBoss_].
According to TUAW, Pwnage Tool 2.0 will activate, jailbreak, and unlock first generation iPhones running any firmware up to and including version 2.0. Unfortunately, it will not unlock an iPhone 3G (at least, not yet). iPhone 3G owners can still use the tool for activation and jailbreaking (so you can run 3rd party apps not supported by Apple and the new iPhone App Store).
So far, skimming through the 1322 comments on their announcement post, I’ve not seen any complaints or death threats about the tool bricking iPhones, but one should still proceed with caution. According to one update to the post, some people either get an error 1600 from iTunes or they notice a “failure to prepare x12220000_4_Recovery.ipsw” in the log. They’ve provided a workaround, however. If this happens to you, simply
mkdir ~/Library/iTunes/Device Support or alternately nuke all the files in that already extant folder and re-run Pwnage Tool.
UPDATE: Image is from Engadget’s iPhone review we covered earlier.
They still haven’t released the jailbreak yet, but the iPhone dev team hasn’t been sitting idly by either. They recently posted this video of ssh access on the iPhone 3G. Not only have they succeeded in hacking into the phone, they say that apple can’t fix it without a hardware change. Having root level access to the device opens up many more possibilities than just hooking an API.