Archives

gravatar

iPhone SDK on 3/6

MacRumors 消息 apple 將在 3/6 舉辦一場特別的活動,並且在禮拜二已經把邀請函發給記者。此外除了 SDK,還有令人振奮的新 enterprise features。

Please join us to learn about the iPhone software roadmap, including the iPhone SDK and some exciting new enterprise features. The event takes place at Apple, Building 4, Town Hall on March 6 at 10:00 a.m. Registration begins at 9:00 a.m. Arrive early for this invitation-only event. RSVP to rsvp.media@apple.com

gravatar

Fully software jailbreak for 1.1.3 iPod touch/

ZiPhone 可以直接針對 1.1.3 firmware 的 iPod touch/iPhone 作 jailbreak。在我的 Mac OS X 10.5.2 環境下,iTunes 為 7.6,iPod touch 1.1.3版。直接接上 usb 後,離開 iTunes,執行 ziphone -j -v 一段時間後,iPod 就自己重新開機,並且顯示一堆文字模式的開機和安裝過程。經過再一次重新開機,裡面就已經安裝有 Installer,這時候就算已經 jailbreak 成功,並且可以自己安裝程式。
破解原理:透過 Apple Mobile Device 的介面把 zibri.dat 這個 ramdisk 傳送到 iPod/iPhone,然後設定 nvram 裡面屬性(把要做的事情記在 nvram),並且設 boot-args rd=md0 pmd0=0x09CC2000.0x0133D000,OpenFirmware 使用者應該很清楚,可以設定 boot-args 在開機時候指定 root disk,這裡指定到 memory disk。開機後就會執行到 /etc/profile。然後就 mount 系統本來 flash 裡面的 disk,開始 patch,然後清掉設定的 nvram 屬性,恢復原本開機 root disk,重開機 done。Great Works!!

# System-wide .profile for sh(1)
PATH="/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin"
export PATH
/bin/sleep 5
/bin/echo "Starting unlock..."
if [ "`/usr/bin/nvram -p|/bin/grep unlock1`" != "" ] ; then /zib/gunlock /zib/secpack /zib/ICE04.02.13_G.fls; fi
if [ "`/usr/bin/nvram -p|/bin/grep unlock2`" != "" ] ; then /zib/gunlock2 /zib/secpack /zib/ICE04.02.13_G.fls a12345
6789012345 ; fi
/sbin/fsck_hfs /dev/disk0s1
/sbin/fsck_hfs /dev/disk0s2
if [ "`/usr/bin/nvram -p|/bin/grep jailbreak`" != "" ] ; then
/bin/echo "Starting jailbreak..."
/sbin/mount_hfs -o noasync,sync /dev/disk0s1 /mnt1
/sbin/mount_hfs -o noasync,sync /dev/disk0s2 /mnt2
if [ -e /dev/rmd1 ]; then /bin/dd if=/dev/rmd1 of=/mnt2/root/mem_dump.bin bs=4096 count=4096; fi
#/zib/bbupdater -l /zib/BOOT03.09_M3S2.fls
#/bin/sleep 20
# jailbreak
# disk0s1
if [ "`/usr/bin/nvram -p|/bin/grep activate`" != "" ] ; then 
/bin/echo "Patching lockdownd..."
/bin/ipatcher -l /mnt1/usr/libexec/lockdownd
/bin/cp /zib/fstab /mnt1/private/etc/fstab
/usr/bin/unzip -o -K -X /zib/Installer.zip -d /mnt1/Applications/
#/usr/bin/unzip -o -K -X /zib/BSD_Subsystem.zip -d /mnt1/
#/usr/bin/unzip -o -K -X /zib/openssh-4.6p1-1.zip -d /mnt1/
# disk0s2
if [ "`/usr/bin/nvram -p|/bin/grep activate`" != "" ] ; then
/bin/echo "Activating youtube..."
/bin/mkdir -p /mnt2/private/var/root/Library/Lockdown
/bin/cp /zib/data_ark.plist /mnt2/root/Library/Lockdown/
/bin/cp /zib/device_private_key.pem /mnt2/root/Library/Lockdown/
/bin/cp /zib/device_public_key.pem /mnt2/root/Library/Lockdown/
/bin/mkdir -p /mnt2/mobile/Library/Installer/Temp
/bin/mkdir -p /mnt2/root/Library/Installer/Temp
/bin/cp /zib/LocalPackages.plist /mnt2/mobile/Library/Installer/ 
/bin/cp /zib/LocalPackages.plist /mnt2/root/Library/Installer/ 
#/bin/cp /zib/RemotePackages.plist /mnt2/mobile/Library/Installer/ 
#/bin/cp /zib/RemotePackages.plist /mnt2/root/Library/Installer/ 
/bin/cp /zib/PackageSources.plist /mnt2/mobile/Library/Installer/ 
/bin/cp /zib/PackageSources.plist /mnt2/root/Library/Installer/ 
/bin/cp /zib/TrustedSources.plist /mnt2/mobile/Library/Installer/ 
/bin/cp /zib/TrustedSources.plist /mnt2/root/Library/Installer/
/bin/cp /zib/com.apptapp.Installer.plist /mnt2/mobile/Library/Preferences/
/bin/cp /zib/com.apptapp.Installer.plist /mnt2/root/Library/Preferences/
#end jailbreak
/bin/echo "Unmounting filesystems..."
/usr/bin/umount /mnt1
/usr/bin/umount /mnt2
/sbin/fsck_hfs /dev/disk0s1
/sbin/fsck_hfs /dev/disk0s2
/usr/bin/nvram auto-boot=true
/usr/bin/nvram boot-args=""
/usr/bin/nvram -d unlock1
/usr/bin/nvram -d unlock2
/usr/bin/nvram -d jailbreak
/usr/bin/nvram -d activate
#/usr/bin/nvram -d unlock2
/bin/echo "Now rebooting..."
/sbin/reboot
while (true); do sleep 1; done