MegaTech Guide: Jailbreaking Your Apple iDevice Part Two Michael Lim August 11, 2011 Guides In the first part of MegaTechNews’ iDevice Jailbreaking series, we covered the topic of jailbreaking – what it is, what it does, how to reverse these changes and the legal ramifications. The first article provides the average layperson with enough information to decide for themselves if jailbreaking is right for them, and is a necessary prelude to Part Two. This guide will mainly be concerned with Apple’s iPhone, iPod Touch and iPad products. While Apple TVs are also able to be jailbroken, it goes beyond the scope of this series of articles. Being Prepared Gets You Halfway There Too often, articles on the web teaching people how to jailbreak don’t start off with the necessary preparations and precautions, and as a result you sometimes see comments left by users along the lines of, “Help, I bricked my iPhone!” or “Help, I lost all my data!” The correct way to go about jailbreaking is to make sure you are properly prepared and to avoid those types of bad situations in the first place. Now for legal reasons, I’m going to have to state that MegaTechNews is providing the information ‘as is’ without any warranties or guarantees expressed or implied, and that we can’t be held liable for issues that may occur. If you decide to jailbreak your Apple product, you make that decision of your own free will and must ultimately accept responsibility for that. Having said that, the tools and procedures we will present here are so simple and straightforward that they are virtually bulletproof. Take the time to read through this article and make sure you understand and prepare everything in advance according to our recommendations. This will ensure that you have the easiest and most trouble-free experience as your introduction to the world of jailbreaking. So let’s get started, shall we? The 4-Step Master Checklist Tip #1: Check your iOS version number. Why? Because the most recent updates by Apple that were pushed out within the last two weeks — i.e. iOS 4.3.4/4.3.5 — can’t be jailbroken. Or more accurately, can’t be jailbroken in a way that would be useful for most people. In iOS 4.3.4/4.3.5, Apple patched security holes used by the ‘JailBreakMe’ tool in particular – more on that later. Here’s how to check your iOS version: Open your Settings app, select General, and finally About. In future references, we will use a shortcut notation: ‘Settings > General > About’ which will mean the same as the longhand instructions just given. The bold text will signify an app or some sort of control as opposed to the pages/selections which follow. Scroll down the About screen and look for ‘Version.’ That will tell you what version of firmware you currently have. iOS 4.3.3 or lower is what you will need. Background: There are two types of jailbreaks, called ‘tethered’ and ‘untethered’. A tethered jailbreak means that it is a “temporary” jailbreak that gets lost every time you restart your iDevice. This type of jailbreak requires you to connect your iDevice to your PC or Mac, thus the ‘tethered’ name, and jailbreak it each time you restart it. This will unfortunately be the case with iOS 4.3.4/4.3.5, so it is of limited use to most people. The best type of jailbreak is the untethered type, which is a permanent jailbreak until you decide to update or restore your iDevice which will cause the onboard firmware to be erased and re-flashed. As noted in Part One, this is also the way to reverse a jailbreak on any iDevice and restore it to its original condition. If you have updated to either iOS 4.3.4/4.3.5 or happen to have bought a new Apple product with this firmware already installed, sorry, but you’d be better served to just stop right here. There will probably not be any further work to create untethered jailbreaks for iOS 4.3.4 or 4.3.5 due to the fact that the next big revision, iOS5, is just around the corner. Every new exploit used for jailbreaking provides Apple the information it needs to fix the iOS security leaks, which also remain patched in future iOS releases. It’s a continual cat and mouse game between Apple and the jailbreaking community. We expect Apple to announce iOS5 in September when they push out their new 5th gen iPods and iPhones. Any new exploits which may have been found are being closely guarded as they will be aimed at jailbreaking iOS5. But if you are already on iOS 4.3.4 or 4.3.5, don’t lose hope – keep checking MegaTechNews in the September timeframe, and we will have information on jailbreaking iOS5 as soon as it is available. Tip #2: Don’t fix it if it ain’t broke. Occasionally, Apple’s iTunes update will give you a message that a new update for iTunes is available. These updates do two things: First, they usually patch bugs in iTunes, or in the case of a major revision from version 9 to version 10, for example, includes new features. Second, these new iTunes releases are also timed to coincide with new iOS firmware versions. While it’s generally acceptable to update to newer versions of iTunes, you should probably be wary of any suggestions to update to newer firmware revisions for your iDevice. The most recent iOS 4.3.4/4.3.5 revisions added no new features and only exist to make jailbreaking from hard to impossible for you. As a general rule, you should always take the initiative to find your own answers. Background: Google is an amazing resource for finding answers to your questions because chances are someone else has beaten you to the punch and posted a question online already. Be prepared to read up on forum posts from several sources to cross check replies. And never take any new iOS revisions at face value. You should always make a point of refusing newer firmware until you understand the implications of any potential update. On Google, just search for “jailbreak -insert your iOS version here-.” i.e. “jailbreak 4.3.3.” The best time to update to any revision of iOS is usually right when a new untethered jailbreak becomes available for it. Normally it will take Apple at least a week or more to figure out the exploit used, patch up iOS, test it and then push it out. For example, recent Redsn0w updates continued to work from iOS 4.3.0 through 4.3.3 before iOS 4.3.4 closed the untethered jailbreak and made a tethered only jailbreak possible. These windows of opportunity is all you need to ensure that you keep up with the latest jailbreakable firmware and avoid the revisions which will ruin your day. Tip #3: Make all necessary backups. The first step is to make an iTunes backup of your current iDevice. You may need this to restore your device back to its former configuration before you jailbreak it. The second step is to use a program called TinyUmbrella to backup your SHSH blobs. TinyUmbrella requires Java to run. Note that if you are a Mac user, Apple already bundles Java with Mac OS X, so you can ignore the following step. If you run Windows XP/Vista/7, you can get the Windows 32-bit Java offline installer here. Download and save the installer onto your PC, then run it to install Java. It should be noted that TinyUmbrella only works with the 32-bit version of Java, and 32-bit Java will install and run on either 32- or 64-bit versions of Windows. Now you can download TinyUmbrella from the TinyUmbrella Homepage. There are quicklinks in the right-side panel for OSX and Windows versions. Just download to your computer and run. If you are using Vista/7, you will want to set the compatibility mode for TinyUmbrella. Right-click on the TinyUmbrella executable and select ‘Properties’ at the bottom of the drop-down menu. Set for Windows XP (SP3) compatibility mode and also check ‘Run as Administrator.’ You will likely get a series of warnings from TinyUmbrella at startup, but these can be safely ignored. Just press ‘OK’ to get past them. There are only two things that should concern us. The first is TinyUmbrella not being able to find Java, but if you followed the previous instructions, then this should not occur. If you get a Windows Firewall warning that TinyUmbrella is trying to access the Internet, make sure you select ‘Allow.’ This will allow access to TinyUmbrella’s server, which will come in handy; more on this later. Make sure you have your iDevice connected to the PC or Mac that is running TinyUmbrella. The device in question will show up in the left-hand pane. The only thing you need to do at this point is to press ‘Save SHSHs.’ If you have more than one iDevice connected, highlighting ‘Show All SHSHs’ will also allow you to save ALL device SHSHs with a single button click. Before going to the next step, make sure you visually confirm that SHSHs have been saved. The list shows up in the white box on the General tab. Background: Performing an iTunes backup saves all of your current iDevice apps, app data and other settings. If you only plan to jailbreak your iDevice as is using its current firmware, you won’t need the backup at this time – but make the backup anyway. It’s always better to be prepared, just in case. However, if you plan to update your iDevice to a different iOS version that has an untethered jailbreak available, such as iOS 4.3.3, then you will need your iTunes backup to restore your iDevice afterwards. As noted before, updating to a different firmware using either the ‘Update’ or “Restore’ functions in iTunes will wipe out the data on your iDevice. SHSH blobs is the second bit of data that is critical to save. If you ever accidentally or purposefully update your firmware to a version that cannot be jailbroken, the SHSH blob is the only thing that will allow you to downgrade your firmware back to an older version. The SHSH blob is basically information about your current firmware that has been signed by Apple, and is used for version control. When newer versions of firmware become available over iTunes and you update, you lose the old blob because it gets replaced by a new one on Apple’s servers. That is why if you accidentally update to a newer firmware without having an older blob saved, there is no way to go back since normally, Apple only keeps the most current blob signature for your iDevice. Apple will only allow you to update/restore firmware that is the same or newer than what exists on your iDevice. By saving your old blobs, there is a way to trick iTunes into seeing valid signatures for older firmware versions that can then be installed on your iDevice. Note: Apple has stopped signing iOS 4.3.3 since the release of 4.3.4 and 4.3.5. Unless you had already updated to 4.3.3 and saved the SHSH blob, you won’t be able to use this firmware. The same is true for all other versions – you can always upgrade to the latest version of firmware, but downgrading to a prior firmware will require that you have that prior version’s SHSH blobs saved. Tip #4: Get powered up. Never mess around with device firmware updates if you are low on battery power. That is just asking for trouble. If for some reason your device shuts down in the middle of an update, you could end up with a brick. Now, ‘DFU Mode’ and ‘Recovery Mode’ exist to deal with situations like this, but why would you want to create trouble for yourself? Make sure to charge up your iDevice to about 30%-40% power and then you should be good to go. These are just common sense measures, and there’s nothing really earth-shattering about them. Spending that extra 20-30 minutes to ensure you have power can save you hours of headaches later. Part Two, Act Two In reality, the actual jailbreaking of your iDevice happens very quickly. Usually, you can be done in a few minutes or less. The preparation leading up to the jailbreak takes a bit longer, but it is always better to be prepared for trouble, than to have trouble and find yourself unprepared. Now the focus of the second part of this guide will be strictly on jailbreaking. Where the iPhone and 3G capable iPad are concerned, there is sometimes another process called ‘carrier unlocking’ or ‘unlocking’ for short. This doesn’t apply to the iPod Touch since it has been a WiFi only device up to now. The reason unlocking exists is that in certain markets, such as the US, iPhones and 3G capable iPads that are purchased as part of a carrier plan are locked to the carrier. Under normal circumstances, for example, you will never be able to use an AT&T iPhone or iPad with another carrier because the SIM is locked. Even after your subscription has ended you don’t have the choice to switch carriers. Unlocking will allow you to free your iDevice from a specific carrier. However, it relies on maintaining specific baseband versions (modem firmware versions) while updating the main firmware in order to achieve this. Normally, when you update to a newer version of iOS firmware, the modem firmware is automatically updated as well. Unlocking adds extra process steps that will unecessarily complicate this guide, so we will leave it as a separate topic for a later date. If you are fortunate enough to live in a country where carrier locking is illegal or unlocked phones not associated with carrier plans are available for purchase, unlocking will never be a concern for you. And this also explains why unlocked iPhones and 3G capable iPads are usually very popular and much sought after products. Different Strokes for Different Folks Depending on what generation product of iPhone, iPod Touch or iPad you are using, this will determine the jailbreaking tool that is most suitable for your use. The following table presents each of the major product lines and the different device generations. It also lists the most recent versions of iOS available for each device that will allow an untethered jailbreak. Are You Feeling Lucky? The best recommendation is to check the list above and see if your firmware is supported by Jailbreakme. Jailbreakme supports the last few versions of iOS 3.x firmware as well as iOS 4.3.0 up through 4.3.3. If you are on iOS 4.0.0 through 4.2.1, Part Three will cover alternate jailbreak tools for you. Jailbreakme is the easiest way to jailbreak your iDevice. It doesn’t require downloading any other files to your PC or Mac and putting your iDevice into DFU Mode which, despite the onscreen prompts, may require a few attempts before you can get right. Also Jailbreakme is the only way to jailbreak an iPad 2 at this moment using iOS 4.3.3. It is due to the ease of use, and the fact that the latest version of Jailbreakme can jailbreak the iPad 2 which up until recently wasn’t possible, that Apple quickly pushed out two new versions of iTunes and iOS 4.3.4 and 4.3.5 in the past two weeks. Simply put, these updates add no additional functionality and are only there to close exploits used by Jailbreakme. So, word to the wise… don’t do it. Alternatively, it is possible to change to a different firmware revision, however, the following rules apply: Rule #1: You can never upgrade to just any firmware newer than what is on your device. Apple enforces the signing of firmwares through iTunes, so you can only upgrade to the latest version. Rule #2: This is the corollary to Rule #1 – there is a way to trick iTunes into seeing valid SHSH blobs other than Apple’s latest firmware. So upgrading or downgrading is possible but requires that you have the SHSH blobs for the iOS version you plan to use – and these must be your own SHSH blobs. You cannot get someone else’s blobs and expect them to work on your device. The process for tricking iTunes is a bit involved and requires making some changes to Windows and Mac OSX ‘hosts’ file in order to redirect the iTunes server check for valid SHSH signatures. As it is not as straightforward as the jailbreak, we will hold off on it until Part Three of our jailbreaking guide. It’s All Downhill From Here If you have the proper iOS version on your iDevice, you can access Jailbreakme by going to the website located at www.jailbreakme.com using the Safari browser built into your iDevice. Here is a screenshot of Jailbreakme getting ready to run on an iPad. To start the jailbreak, just use the ‘Slide to Jailbreak’ at the bottom of the screen. Jailbreakme will first load the jailbreak program onto your iDevice. This could take several minutes, depending on your network speed. A progress bar will show up during the download. After the download completes, it automatically advances to the jailbreaking portion. Again this could take several minutes and a progress bar will show up during the jailbreak process. Once the jailbreak is complete, you will get an onscreen dialog telling you that Cydia has been added to your now jailbroken device. Press ‘OK’ and you’re finished! The last thing we will do before we end this guide is to set up Cydia. Find Cydia on your Springboard and tap it. The first time, and ONLY the first time that you start Cydia you will get some text about blobs with a Yes/No choice. Make sure you always select, “Yes, make my life easier!” This will save your current jailbreakable iOS SHSH blob on the Cydia server. The next question is about the user interface, and you should choose the graphical user interface as that is easiest way to get around Cydia. In Part Three of our iDevice jailbreaking guide, we will examine the other two jailbreaking methods using Redns0w and Limera1n for those of you who may be on an iOS firmware versions 4.0.0 – 4.2.1. We will also cover the more advanced topic of downgrading or how to install specific firmwares that you have SHSH blobs saved for. Finally we will jump into Cydia and familiarize ourselves with this new app and see what’s available on the Cydia market. Sources: Jailbreaking Guide Part One Share This With The World!