iPhone Dev Team Archive

Today we're pleased to release redsn0w version 0.9.15b1, with significant new features supporting restoring to older firmware no longer being signed by Apple.  For brevity, we'll list most of the new features in bullet form.  For more details, please feel free to drop by our comments section, or check out any upcoming guides on tutorial sites like http://iclarified.com

First, the high-level new feature list:

Today marks the public release of iOS6!  For those devices capable of running 6.0, the 5.1.1 SHSH blob signing window will soon close, so it's very important that you backup your 5.1.1 blobs now while you still can.  We advise you do it for every device you have (see tutorial sites like iClarified if you don't know the process).

A few months back we released a redsn0w feature that lets you downgrade A5+ devices from 5.1.1 to anything lower (if you had saved blobs).  Unfortunately once the 5.1.1 window closes, redsn0w's 5.x downgrade feature will no longer work.  Most A5+ users will not be able to downgrade.  So if you're an A5+ owner up at 6.0 when the 5.1.1 window closes, you'll be stuck there without a jailbreak for now.

We're happy to report there are some serious deficiences in the 5.x restore process that are permanently exploitable. They'll never be fixable by Apple because they're all self-contained in the 5.x IPSWs.  Here's the breakdown:

Happy 4th of July!  Today's release of redsn0w 0.9.14b2 improves the iPad baseband downgrade and should cover anyone who couldn't downgrade with 0.9.14b1.  This version covers 3 different types of NOR chips in the iPhone 3G and 3GS (the earlier version covered only the most prevalent NOR chip).  We've also simplified the process and added logging to help diagnose any remaining stubborn iPhones.

The revised steps are:

The iPhone Dev Team is happy to announce a baseband downgrade option in redsn0w for those who are using the iPad's 06.15 baseband on the iPhone3G or iPhone3GS.

Typically you'd have the 06.15 baseband if you unlock with ultrasn0w but updated your iPhone baseband past 05.13.04.  With this new capability, you can now downgrade specifically from 06.15 to 05.13.04 (even if you never had 05.13.04 on that device before).  This gives you the best of both worlds: ultrasn0w compatibility and a normal iPhone baseband with full GPS and the ability to use stock IPSWs again.

Here are the steps:

With only a week to go before WWDC 2012 and the surprises Apple will announce there, today seems like a good time to release updates to our suite of free software to include the rocky-racoon jailbreak and untether developed by @pod2g and @planetbeing!  Today's updates are:

What's old is new again!

Jailbreakers with devices that pre-date the iPad2 will always be able to downgrade (with SHSH blobs) to previous firmware versions due to geohot's limera1n exploit, which allows us to bypass the restrictions that Apple places on restores.  But until now, that ability has been limited to those older devices (if you have an older device and don't know how to do that, check the popular tutorial sites or ask in the comments below).

Starting with redsn0w version 0.9.11b1, those with newer devices (iPad2, iPad3, and iPhone4S) can join the downgrade fun too!  In a radical departure from previous versions of redsn0w, it now directly supports restoring IPSWs to your device.  The first use of this new feature implements a hack that allows A5 downgrades without a bootrom-level exploit.

Some important points:

Despite the awkward name Apple announced last week for the new iPad (we'll continue to call it iPad3!), by all signs it's going to be another big hit.  We suspect many of you are lined up at this very minute, and so it's a good time to give you some info for maximizing your chance to eventually jailbreak the iPad3.

There are a few bits of good news already.

As the whole tech world waits for today's Apple Event, it seems like a good time to remind both veteran and amateur jailbreakers about the fundamental rule of jailbreaking:  Avoid firmware updates!

In all likelihood we'll see the GM "gold master" version of 5.1 this week.  DO NOT UPDATE TO 5.1, because you may lose your jailbreak!  The rest of this post details the subtleties with this rule, but if there's only one message to take home, it's the overall "do not update" message!  Now for the nitty gritty exceptions:

Here's a quick breakdown of how many A5 owners have jailbroken their devices since Friday morning.  The numbers as of Monday afternoon are:

Total: 953,232 new A5 jailbreaks in a little over 3 days

Ever since the December release of @pod2g's "corona" untether for iOS 5.x on A4 and earlier devices, all eyes have been on the attempts to extend it to the A5 devices: the iPhone4S and iPad2.  Due to the combined efforts of @pod2g and members of the iPhone Dev Team and Chronic Dev Team, we're nearly ready for a general release!  All technical hurdles dealing with the underlying technique have been overcome, and it's now all about making the jailbreak as bug free as possible.

On his blog, @pod2g playfully nicknamed the combined effort a "dream team".  It's an ironic name, because the past few weeks have left everyone involved with very little sleep and the opportunity to dream :) But we're now near the final stages of testing the public version of the jailbreak.  Please allow time to clean up any remaining bugs in the jailbreak clients.

Jailbreak programs:

To be as flexible as possible, the A5 version of the corona jailbreak will take multiple forms:

@pod2g has created a terrific gift for iOS fans -- an untethered 5.0.1 jailbreak for non-A5 devices! 

Many of you have already been following @pod2g's blog where he's been keeping everyone up to date on his progress.  And so you know that he recently decided to push the button on a release for all devices except the new iPhone4S and iPad2.  @pod2g's untether involves two separate exploits and a few other "tricks" -- and since he's taken the @comex approach of doing nearly everything himself, you know his plate has been full these past few months!

A few days ago, @pod2g gave the untether to both the iPhone devteam and the chronic devteam.  We've put it into redsn0w 0.9.10 and PwnageTool, and the chronic devteam put it into a Cydia package (the same set of exploits is in all three).

Here are the basic steps for how to get it:

We've updated ultrasn0w to be compatible with iOS5, which came out a few days ago.  While ultrasn0w 1.2.4 (available now in Cydia) doesn't add support for any new basebands, the update is required for any ultrasn0w unlockers trying out iOS5 (it remains backwards compatible though, so you should be able to use it no matter what firmware you have).  

The supported basebands for the iPhone 3G and 3GS are 04.26.08, 05.11.07, 05.12.01, 05.13.04, and 06.15.00.  The baseband supported for the iPhone4 is 01.59.00.

Remember, the only way to get to iOS5 while preserving your ultrasn0w-compatible baseband is by using a custom IPSW.  redsn0w now has the ability to create such a custom IPSW for you (at least on Macs...the same capability for Windows will be coming soon).

The majority of people who use ultrasn0w at iOS5 right now will probably be those with old-bootrom iPhone3GS devices, since they already have an untethered jailbreak via redsn0w.  For everyone else, the iOS5 jailbreak is currently tethered and you need to "Just boot" tethered with redsn0w every time your phone reboots.  That's not always easy to do if your phone reboots while away from home!

Note: there's a special "trick" that iPhone3GS owners with baseband 06.15 need for iOS5.  During the new setup screens you see when you start iOS5 for the first time, you'll be asked about Location Services.  Be sure to select "Disable Location Services" when asked!  Later on in the setup, you'll have the chance to turn on Location Services again when asked if you want to use "Find my iPhone".  It's fine to turn it back on at that point, if that's your desire (or you can always go in and enable it in Settings.app).

We loved the chase!  

Good luck, Steve.

Signed, Jailbreakers and tinkerers everywhere.

Once again, @comex has resurrected http://www.jailbreakme.com for your jailbreaking ease and pleasure!

@comex developed what is now the third installment (and his second) of jailbreakme.com, the easiest way to jailbreak your iPhone, iPod touch, and iPad (including the iPad2!).  No computer is necessary for jbme3.0...just browse to http://www.jailbreakme.com on your device and install it from there!

While @comex and others have worked hard to make this as simple as possible, some people may have questions and problems may arise.  Rather than inundate comex with any questions over twitter, please consider using either our comments section below, or visit http://jbqa.me 

Please read "More Information" on the jbme3.0 page for some basic background information and ways you can thank @comex.  Here are some additional Q&As beyond that:

Q: Which devices and firmware versions are supported? A: In this initial release, the following configurations are supported:

It looks like Apple is about to aggressively combat the "replay attacks" that have until now allowed users to use iTunes to restore to previous firmware versions using saved SHSH blobs.

Those of you who have been jailbreaking for a while have probably heard us periodically warn you to "save your blobs" for each firmware using either Cydia or TinyUmbrella (or even the "copy from /tmp during restore" method for advanced users).  Saving your blobs for a given firmware on your specific device allows you to restore *that* device to *that* firmware even after Apple has stopped signing it.  That's all about to change.

Starting with the iOS5 beta, the role of the "APTicket" is changing -- it's being used much like the "BBTicket" has always been used.  The LLB and iBoot stages of the boot sequence are being refined to depend on the authenticity of the APTicket, which is uniquely generated at each and every restore (in other words, it doesn't depend merely on your ECID and firmware version...it changes every time you restore, based partly on a random number).  This APTicket authentication will happen at every boot, not just at restore time.  Because only Apple has the crypto keys to properly sign the per-restore APTicket, replayed APTickets are useless.

This will only affect restores starting at iOS5 and onward, and Apple will be able to flip that switch off and on at will (by opening or closing the APTicket signing window for that firmware, like they do for the BBTicket).  geohot's limera1n exploit occurs before any of this new checking is done, so tethered jailbreaks will still always be possible for devices where limera1n applies.  Also, restoring to pre-5.0 firmwares with saved blobs will still be possible (but you'll soon start to need to use older iTunes versions for that). Note that iTunes ultimately is *not* the component that matters here..it's the boot sequence on the device starting with the LLB.

Although it's always been just "a matter of time" before Apple started doing this (they've always done this with the BBTicket), it's still a significant move on Apple's part (and it also dovetails with certain technical requirements of their upcoming OTA "delta" updates).

... three in a row!  Apple released iOS 4.3.3 on Wednesday, and once again the untethered jailbreak exploit that @i0n1c created for 4.3.1 still works.  That makes it an unprecedented three firmwares where the same userland exploit works.  We're not exactly sure why Apple hasn't fixed the hole yet, but we're not complaining!

Today's PwnageTool and redsn0w incorporate @i0n1c's port to 4.3.3 (it's ironic that such a long-lasting untether doesn't even have an official name!).  It also of course uses geohot's limera1n bootrom exploit to inject the jailbreak. The 4.3.3 untether works on all devices that actually support 4.3.3 except for the iPad2:

Only a few weeks after the 4.3.1 untether created by @i0n1c was released, Apple pushed out firmware 4.3.2. Thankfully, it appears Apple didn't have a chance to fix the hole used by @i0n1c's untether, so he ported his code over to 4.3.2's kernel.  Today's redsn0w has been updated to include it.

The 4.3.2 untether works on all devices that actually support 4.3.2 except for the iPad2:

Three years ago (almost to the day!), the first version of PwnageTool was released for firmware 1.1.4.  So today we're excited to release another edition of both PwnageTool and redsn0w to bring an untethered jailbreak for Apple's latest firmware, FW 4.3.1.

The 4.3.1 untether exploit comes courtesy of Stefan Esser (@i0n1c on twitter), a security researcher based in Germany.  Stefan has a long history of vulnerability research, and ironically his first contribution to the iPhone jailbreak community was improved security -- last year he beat Apple to the punch and implemented ASLR for jailbroken iPhones with his "antid0te" framework. We're happy to see that Stefan then turned his iPhone attention over to an untethered jailbreak exploit!

The 4.3.1 untether works on all devices that actually support 4.3.1 except for the iPad2:

What's in a name?  Well in the case of an HFS volume name on iOS, an untether exploit -- as the Chronic Dev Team revealed last week with an untether for the 4.2.1 jailbreak, which had previously been a tethered JB for most recent devices since 4.2.1's release in November.  With their permission, we've incorporated their 4.2.1 "feedface" untether into today's PwnageTool 4.2.  This means iPhone unlockers can safely restore to a custom 4.2.1 pre-jailbroken IPSW and retain their current baseband and unlock.  PwnageTool also supports all the other 4.2.1 devices other than iPod touch 2G:

Today we're pleased to announce our free carrier unlock for iPhone3G/3GS owners with a baseband later than 05.13.04.  The unlock for that baseband exploited the AT+XAPP command, thanks to a crash initially discovered by @sherif_hashim (@Oranav also found this crash).  So what hole are we exploiting today, since Apple closed that AT+XAPP hole?  Well, we're exploiting the exact same hole!

It turns out that the very first iPad firmware 3.2.2 has baseband version 06.15.00 still vulnerable to AT+XAPP. The iPad baseband is built for the exact same baseband chip as the iPhone3G/3GS -- they're fully compatible! Some of us have been running 06.15 for weeks now on our iPhones in preparation for this release.   (And some have known about this possibility of 06.15 on the iPhones for a while -- kudos to @w1kedZ and @DHowett for keeping it hush!)

Unlockers have been reporting mixed results about GPS functionality at 06.15.00.  Until we can track down what differentiates those who retain GPS vs. those who lose it, be conservative and assume you'll lose GPS at 06.15.00. As we work on finding the cause (and possibly a fix), please report your personal findings in our comments section.  (Update: early indications are that while 06.15.00 is capable of GPS, it will require some further hacks.  But please still be conservative and assume you will lose GPS at 06.15, in case the hacks don't work).

SIMPLIFIED ROUTE #1 (redsn0w for OSX + Windows):

With Turkey Day a few days off, today Apple publicly released FW version 4.2.1.  As always, ultrasn0w unlockers please stay far far away from this official firmware (and all official firmware).  Wait for the ability to create custom 4.2.1. IPSWs that don't update your baseband!  If you're not an unlocker, read on!

The best news of all is for owners of iPhone3G, older iPhone3GS, and non-MC iPod touch 2G.  Due to a combination of our original pwnage2 exploit, the arm7_go exploit, 24kpwn, and limera1n, your device is "just as jailbreakable as ever."  You reap the full benefit of an untethered 4.2.1 jailbreak.

Next are the owners of all the more recent devices.  The good news there is that due to geohot's limera1n exploit, all recent devices can be jailbroken (this will be true until Apple released new hardware that fixes geohot's limerain exploit in the bootrom).  The bad news is that right now, the 4.2.1 jailbreak is *tethered* on all of these recent devices.  A tethered jailbreak means that each time your device loses battery power or needs to be rebooted, you must attach it to a PC or Mac to boot into the jailbroken state.  @comex is working hard on a method that may untether the 4.2.1 jailbreak, but it may require you to have your 4.1 SHSH blobs in order to use it.  No word on how much more effort it will take though (please don't bug @comex about it!).  (We also have an alternative method that may work, but @comex's method is much more elegant.)

So when does all this 4.2.1 jailbreak action happen?  Well if you're a JB developer or tinkerer, you've already probably used the redsn0w mentioned in our last post to jailbreak 4.2.1 and at least get SSH working.  But beyond that, there are still some last minute issues with MobileSubstrate and comex's kernel patches that are being fixed.  We'll tweet and post a blog update when it's all available (we hate to give ETAs, but barring any unforeseen problems, probably later today).  It happens "now'...see Update #1.

In the meantime, please make sure you have your 4.1 SHSH blobs for all your devices.  These will be important even for firmware beyond 4.1 (using both comex's method and our alternative, depending on how each of them turn out.)

It looks like geohot's recent limera1n exploit for iPhone3GS/iPhone4/iPad/ipt3g/ipt4g/atv2g will be very beneficial to jailbreakers and unlockers for the next few months (at least).  geohot's limera1n program and the alternative greenpois1on program both use his same exploit (although greenpois0n refuses to tell you that, FWIW), and hopefully SHAtter can be saved for some later device.

In the meantime, we've also incorporated the limera1n exploit into redsn0w.  But we've added a few extras:

This latest redsn0w is available at:

We're pleased to release PwnageTool 4.1 4.1.2 for Mac OS X (free of charge, blog ads, and donation requests -- as always!).  Today's big new addition to the jailbreak family is AppleTV 2G, which was first shown jailbroken in its release week!

[Update: Version 4.1.2 should fix any issues that OS X 10.5.x users were seeing.  You only need to run this version if you're at OS X 10.5.x and were seeing Cydia errors]

ULTRASN0W UNLOCKERS BEWARE!!  ULTRASN0W UNLOCKERS BEWARE!!  The biggest mistake you can make (and it is a big one!) is lettings iTunes restore to the official IPSW -- you'll lose the unlock and won't be able to go back!  You must use Option-Restore, not just the Restore button by itself.  Then navigate to your custom IPSW -- not to the stock one!  If you accidentally started a restore to the official IPSW, unplug your iPhone immediately before the restore gets to the "Updating Firmware" step!

Through a combination of the recently released geohot limera1n exploit , @comex's recently released pf kernel exploit, and our original pwnage2 exploit, PwnageTool 4.1 4.1.2 works untethered on these devices at firmware 4.1:

After a few very dramatic days in the jailbreak community, geohot has come out of nowhere to release limera1n.  It's a bootrom-level jailbreak that works on the iPhone3GS, iPhone4, iPod touch 3G, iPod touch 4G, the iPad, and (technically) the AppleTV 2G.

DO NOT USE LIMERA1N IF YOU USE THE ULTRASN0W CARRIER UNLOCK -- wait for PwnageTool to incorporate the limera1n exploit.  This is so that you can avoid updating your baseband and losing the unlock (possibly forever).

Limera1n uses a different exploit than SHAtter, and in fact covers more devices.  Although some may question geohot's dramatic and competitive style, he obviously does have considerable skill pulling this together in just over a day (although he's had the underlying exploit for months).  Credit also goes to @comex, who provides the untethered aspect of limera1n via another one of his growing list of kernel hacks.

The release of limera1n has (thankfully!) averted the burning of 2 bootrom holes at once (both his and SHAtter). Releasing SHAtter now would be a complete waste of a perfectly good bootrom hole in light of limera1n, and so it can be held until Apple closes limera1n's hole.  While there's no guarantee that Apple won't also close SHAtter by then, it provides a ray of hope for devices after Apple's bootrom respin.

Update #1: Because the "untethered" part of this jailbreak comes from a userland hack from @comex, you should still backup your SHSH hashes for 4.1.  Do this by either letting Cydia keep them ("make my life easier"), or using Tiny Umbrella.   This way you can always come back to an untethered, jailbreakable 4.1 on your devices after Apple has closed their 4.1 signing window (they'll close the 4.1 window once they push out their next firmware version). If you fail to do this and ever need to restore to 4.1 again, you can still jailbreak but it will be a tethered JB (you'll need to connect to your computer to finish the booting process, each and every time).

Those of you with Apple's new iPod touch 4G, or those of you who bought another recent device after the jailbreakme.com exploit was closed, have probably heard about a brand new exploit called SHAtter. The exploit (and payload) was developed by @pod2g a few months after @p0sixninja of the Chronic Dev Team discovered the crash. That team is hard at work bringing you a brand new tool to make use of the exploit. It's not the sort of thing that can be developed overnight so please be patient while waiting for any announcements from them.

In the meantime, we've put @pod2g's exploit into a beta version of PwnageTool to test the waters. The SHAtter exploit was enough to convince the iPod touch 4G to restore to our custom IPSW. The successful result is shown below!  It's all working: customized Preferences to show battery percentage, Cydia, root shell...the works!

Although PwnageTool was a useful first test of a full iPod 4G jailbreak via SHAtter, it's really overkill compared to the faster tools being developed. Its main use in PwnageTool will be for those with iPhone4's, to allow updates while preserving the baseband and ultrasn0w carrier unlock. In any event, this is another exciting time for iPhone and iPod touch users...the cat and mouse game continues!

UPDATE #1:  It's looking like SHAtter is going to be the gift that keeps on giving.  Even though the new AppleTV isn't yet in people's homes, the firmware is available on Apple's normal public distribution servers and SHAtter has been used to decrypt its keys!  The main filesystem ("Mojave8M89.K66OS") key for 018-8609-066.dmg is:

31c700a852f1877c88efc05bc5c63e8c7f081c4cb28d024ed7f9b0dbc98c7e1406e499c6

We've released a beta version of redsn0w for the iPhone3G and iPod Touch 2G at FW 4.1 or 4.0.  It uses the same pwnage2 DFU-mode exploit that we've been using since the 2.x days.  It does not include the SHAtter exploit developed by pod2g.  Nothing new is revealed to Apple with this jailbreak.

IF YOU USE THE ULTRASN0W UNLOCK, PLEASE WAIT FOR PWNAGETOOL TO SUPPORT 4.1.  DO NOT USE REDSN0W.  That's because to use redsn0w at 4.1, you need to already have updated to official 4.1 from Apple.  If you do that, you lose the ultrasn0w unlock (possibly forever).

The Windows version needs further testing, so for now this is available only for Mac OS X x86.  The Windows version will come as soon as the bugs are ironed out.

Note: if you have an "MC" model of the ipt2g, your 4.1 jailbreak will be tethered...sorry!  (Consider rolling back to a FW supported by jailbreakme.com or spiritjb.com)

===== What devices, platforms, and FW versions are supported? =====

Today you'll likely start seeing iTunes innocently offer you a new version of iOS...version 4.1.  Don't accept it...it's a trap!

This time of year there are lots of new iPhone owners, and not everybody knows that accepting new iOS updates is the surest way to lose your jailbreak and/or unlock.  While those of you who have Cydia or TinyUmbrella backups of your FW hashes will always be able to get back to 4.0.1 if you make this mistake, this doesn't hold for unlockers. There's currently no known way to revert your baseband -- if you update your baseband you'll lose the ultrasn0w unlock, possible forever.

Please stay away from this 4.1 release until a safe jailbreak procedure (which also preserves ultrasn0w) is developed and released.

P.S.  There are a tiny number of iPhone3G owners who can revert their basebands due to a flaw in very early bootloaders...you will already know if you fit in this category!

Jailbreakme v2.0 was a great success, and it's provided a nice leveling point for all jailbreakers and unlockers on all devices at firmware versions less than 4.0.2/3.2.2.  We hope that everybody ever interested in jailbreaks or unlocks was able to join in on the jailbreakme bonanza.  Those of you who had Cydia capture your SHSH blobs, or those of you who captured them locally, will always be able to benefit from the jailbreakme.com v2.0 release. Congratulations!

Now it's a few weeks later, and Apple has closed the jailbreakme.com hole.  They're shipping devices with FW 4.0.2/3.2.2, impervious to this particular jailbreak.  So now, people will begin to ask: will there be a jailbreak for devices that shipped with 4.0.2/3.2.2, out of the box?

No, there won't be.  FW 4.0.2/3.2.2 was *only* released to fix the jailbreakme hole.  With FW 4.1 still in its beta stages, it makes no sense to escalate the "cat & mouse" with Apple for FW updates that only fix the jailbreak holes. To quote WOPR, "the only winning move is not to play".

If the cat & mouse game escalates too quickly, especially during beta FW periods, nobody but Apple benefits.  For this reason, there won't be a 4.0.2/3.2.2 jailbreak specifically during the period where 4.0.2/3.2.2 is the latest public release.  At best, some future 4.1x FW jailbreak *may* be compatible with 4.0.2/3.2.2 (but don't count on that).

If any of this is confusing, please ask below in our comments section!

On Wednesday, Apple (finally) released firmware 4.0.2, which patches the very large security holes exploited by @comex in the 2nd incarnation of jailbreakme.com.  The only problem is they outright abandoned iPhone2G and iPod Touch 1G users!  Even though Apple acknowledges in their security update the severity of these holes, they left iPhone2G and ipt1G owners high and dry -- completely vulnerable to truly malicious variants of jailbreakme (these variants aren't out yet, but they're sure to come!).

Luckily for Apple, the Jailbreak community isn't so callous. @saurik has been burning the midnight oil coding a Cydia package that will fix the holes for all devices and all firmware versions (even going back to version 2.x!).  It will be released very soon, after some more testing is done.  (Update: it's available now...see update #2 below).

                                                            Since the only reason for 4.0.2 was to fix the security holes, and since the upcoming Cydia package will fix them too (and then some!), everybody should sit tight on 4.0.1 (or lower) and install the Cydia package as soon as it's out.  Jailbreakers can have their cake and eat it too. 

P.S. Dear Apple: you're welcome!

Update #1: For those who know their way around the bash shell and dpkg, please try out this fix and send any pertinent feedback to @saurik.

We're happy to tell you that our ultrasn0w carrier unlock now supports the iPhone4!

                                                  Version 1.0-1 of ultrasn0w works for:

(If ultrasn0w doesn't show when you search Cydia, add the repo:  repo666.ultrasn0w.com)

jailbreakme.com is back!

Thanks to some serious work by @comex, you can now jailbreak your iPhone, iPod Touch, or iPad right from MobileSafari -- no PC or Mac needed!

Just visit http://jailbreakme.com on your device.

For those needing a carrier unlock, use the existing ultrasn0w in Cydia on your iPhone3G or iPhone3GS.  After a short testing period, we'll push out the iPhone4 version.

Note: The earlier MMS and Facetime issues have been fixed.  If you already ran the version with those problems, launch Cydia and accept its offer to update.

Fantastic news today from the Electronic Frontier Foundation (EFF).  After a lot of hard work and mountains of paperwork, jailbreaking your iPhone is now explicitly a permitted fair use under the DMCA!

The EFF also successfully renewed the existing DMCA exception for carrier unlocking.  More on the ruling by the Library of Congress is here and here (and many other places, since this is huge news!). The full ruling is here, and EFF's history with this case is here (EFF's servers are understandably getting hammered today!).

This doesn't mean that Apple will stop their technical attempts to thwart jailbreaking, but it does mean that our iPhone jailbreaks and unlocks are now unambiguously legal under the DMCA.

Those of you with jailbroken iPhone3G and ipt2G devices may now have noticed Cydia starting to save your SHSH blobs too, just like it does for iPhone3GS, ipt3G and later devices. That's because starting with 4.0, Apple started putting a "soft" SHSH blob check in the firmware. The SHSH blob check is very real in the sense that if iTunes can't get your blobs (because the Apple signing window has closed), the iTunes restore will error out. But it's "soft" in the sense that those devices can always use redsn0w or PwnageTool to get past the error (the bootroms themselves for those devices don't require blobs to be in the firmware files, unlike the newer bootroms).

Furthermore, since the 3.x IPSWs for these devices don't enforce it, you can always restore to 3.x IPSWs outside of any signing windows.

So, Cydia is doing this to allow you to continue to use iTunes to restore to 4.x on iPhone3G and ipt2g outside of Apple's signing window without needing to use redsn0w or PwnageTool to get around Apple's annoying new restriction.

Those of you who follow @MuscleNerd or @planetbeing on Twitter probably already know that the team has had a series of successes with the carrier unlock on iPhone4 (#1, #2, #3, #4, #5-video).  We're fine-tuning the payload to make it as quick to load as possible (and making sure it remains crash-free of course!).

As usual before a public release, there are lots of fake Twitter and Facebook accounts trying to capitalize on the public's eagerness to get the unlock.  For those who only want to know when it's released, either of these two official accounts will do.  All other variations of these account names are fake!

@ultrasn0w

@iphone_dev

If you want to be kept up to date on progress as it's being made, you can also follow:

PwnageTool 4.0 Release Info

PwnageTool 4.01 Release Info (UPDATED TO V 4.01)

On Monday, Apple released firmware 4.0 for the iPhone and iPod touch devices.  This of course was a major upgrade.

As advised, you shouldn't have upgraded your devices if you have previously relied on our tools for hacktivation and/or a carrier unlock.

With that said, today we are releasing PwnageTool 4.0  PwnageTool 4.01

Around an hour ago the new version of the iPhone Operating System (now called 'iOS') was released.

 iOS 4 is a huge release for Apple with many many changes and those changes offer slick additional features.

These new features are being offered by Apple as a free upgrade to qualifying devices.

We are working hard on a release to our tools that will jailbreak your device (or give you iOS 4 via the jailbreak train) and provide you with a carrier unlock.

Until these tools are released you should hold off on updating your device until we have fully tested our tools with all the relevant devices.

The Spirit jailbreak is now out!  Congratulations to @comex for the first userland jailbreak since the 1.x days.

Spirit provides an untethered jaibreak on those newer devices which used to require a computer nearby to finish the boot process.  Spirit is able to do this because it doesn't actually kick in until after the kernel is running.

You can get the goodies at http://spiritjb.com

At some point after (don't ask when!) the iPad 3G is actually in customers' hands, the first "userland" jailbreak since firmware 1.x will be released by @comex.  It's called "Spirit" and was first demonstrated working on an iPad by @MuscleNerd within 24 hours of the iPad's release on April 3.

Userland jailbreaks are more troublesome for Apple since they expose security weaknesses that exist even for non-jailbroken owners.  As such, Apple is likely to close them soon after they're made public. One recent example of this is the SMS vulnerability exposed at Blackhat last summer.  Apple released new firmware to close that hole within a day.

The Spirit jailbreak is most useful for newer devices: iPhone 3GS, iPod Touch 3G, and the iPads.  Unfortunately those devices are the same ones that Apple can prevent you from downgrading unless you've got a backup of your personalized SHSH blobs.  Unless you've backed up your SHSH blobs for vulnerable firmware versions, you'll lose the ability to use the current Spirit jailbreak if you accidentally upgrade.

Please take the steps now to backup your SHSH blobs.  Use either Firmware Umbrella to create a local copy, or go through saurik's server.  If you are getting an iPad 3G, it's safest to backup your blobs using Firmware Umbrella, in case saurik's server gets bogged down with requests.

Other things about Spirit that are useful to know:

Some interesting features were revealed in today's preview of iphoneos 4.0.  We'll use this post as a placeholder for discussion about these features and how they relate to the jailbreak.

Also, it seemed like a good idea to move away from our last post, which was made on April 1 for a reason :)

The iPhone DevTeam has been passed confidential internal information relating to the next version of the tablet computer the 'iPad'. An upcoming redesign of the iPad tablet computer will miniaturize the device so that it will be able to be carried on the user's person (such as a pocket or small bag). Also a radical move to add a minimum of a 13 kbits/s speech codec to the miniaturized tablet variant is planned.

The inclusion of the voice codec will allow the user to directly utilize the GSM nomadic network, allowing person to person communications directly using your mini-iPad from anywhere dramatically speeding up the usual typed email or instant messaging capabilities that the iPad offers today.

It is the plan of the iPhone DevTeam to target this device as soon as it is released. 

While Apple's 3.1.3 firmware was minor in terms of new features, it's had the side effect of opening up a huge market for scam sites.  These sites will promise you a 3.1.3 jailbreak for newer devices like the iPod touch 3G, or a baseband 05.12 software unlock.  Those desperate enough to "just give it a shot" will find, 100% of the time, that they were misled.  After money has changed hands they'll be told "well the 05.12 unlock is coming, in the meantime here's the 05.11 unlock" (of course the 05.11 unlock was intended to be free, as you all know).  They'll hold your money until one day the 05.12 unlock does come out, even if that's months later (and of course it'll be released for free).  In the meantime they'll be able to claim they gave you part of what they advertised, and keep at least part of your money (in actuality they'll usually keep all of it).

Don't fall for these scam sites!  None of them have a 05.12 unlock, none have the 05.11 unlock working on 3.1.3, none have a 3.1.3 jailbreak for newer devices like the ipt3G.  They're trying to capitalize on your upgrade mistake, and they only need a very small percentage of people to fall for them to make their money and run.

Those following twitter may have seen some recent very early developments in the 05.12 unlock situation.  One of our more helpful commenters sherif_hashim (at a rating of 84p you know he's helped others much already!) found what looks like a very promising crash in the new baseband.  He's put in a lot of work looking for crashes over this past year, and he's still looking for more!  We've started to look at his crash but it's a long road between any given crash and a fully working unlock, and we couldn't put an ETA on it even if we wanted to.  It's not even guaranteed that an working unlock will come from this particular crash -- it's just too early to tell.

In the meantime, please stay vigilant against these scam sites.  Don't be part of the small percentage of people that fall for them because that small percentage is all they need.

On Tuesday, Apple released firmware 3.1.3 for the iPhone and iPod touches.  Unless you've personally observed a problem with the reporting of your battery percentage, there's no reason to update to 3.1.3.  We know some of you will want to anyway.  Superbowl Sunday's PwnageTool 3.1.5 for Mac OS X will let you do so safely, preserving your jailbreak and ultrasn0w unlock.  (If you use the blacksn0w unlock (at baseband 05.11.07), you need to stay at 3.1.2.)

iPhone 3G and 3GS unlockers should always be very wary to update their firmware.  This is no exception.  If you make a mistake along the way you may find yourself updating to official 3.1.3 in which case you will lose your unlock, possibly forever.

iPhone 3GS users (regardless of unlock) should stay away from this and all 3.1.3 jailbreak tools unless you know you have your "SHSH hashes" backed up via Cydia.  That's because if you make a mistake you may find yourself stuck at official 3.1.3 with no way to jailbreak or come back down to 3.1.2 to jailbreak.

If you really truly feel that you need to update, this version creates a custom 3.1.3 IPSW for you to restore to on your iPhone 2G, iPhone 3G, iPhone 3GS with early bootrom, iPod touch 1G, and iPod touch 2G with early bootrom.  If you don't know if you have an early bootrom or not, please avoid updating until you learn more.

You don't need to be pre-jailbroken on anything but the iPod touch 2G early bootrom.  And really for that device, it's faster and easier to use redsn0w 0.9.4 as mentioned in our last post.  For that matter, if you have an ipt1g, iphone2g, or iphone3g(and don't need an unlock), you should use redsn0w too (but version 0.9.3).  It's faster and you won't have to go through a full restore process (just do an update then run redsn0w, pointing it at 3.1.2 FW instead of 3.1.3).

WARNING! At 10.30AM PST on February 2nd 2010 Apple released the 3.1.3 version (7E18) of the iPhoneOS.

If you care about your jailbreak and unlock, don't update your device - 3G and 3G(S) owners should pay particular attention to this warning.

It sure has been a while since we last saw a firmware update from Apple.  (And by the way, which will come first...the iPad wifi, FW version 3.1.3/4.0 for iPhones, or the new iPhone itself?)  Anyway, while we're waiting, we updated redsn0w to be compatible with FW 3.1.2.  We also added a few new features!

It's actually been in "open beta" for a while now, and those of you who already follow @MuscleNerd on twitter may already have tried the new redsn0w.  You can read all about it and download it from our our wikee.  Compared to our last release, we've given you the ability to quickly change your boot or recovery logos and enable "verbose" booting.  And for those of you who want to experiment with your internet tethering options over cellular, try version 0.9.3 in the extra links at the bottom of that wikee page.

After reading the brief Q&A on our wikee, feel free to ask any questions below in the comments.  Briefly though, if you're already happy with your current jailbroken system (whether it's via PwnageTool or blackra1n), and if you don't want boot logos, then you can safely ignore this post and we'll continue the wait for Apple's next release together :) Otherwise go ahead and try some new boot logos using redsn0w, or use it for fresh jailbreaks.  If you use it on an already jailbroken phone, be sure to checkmark "Already pwned" and don't reinstall Cydia again (doing so will probably make Cydia lose track of what it has installed).

Caution: if you're using the ultrasn0w or yellowsn0w unlocks then don't be tempted to update to official 3.1.2 just to use redsn0w (and remember, redsn0w still works at 3.0 anyway).  If you update to official 3.1.2, redsn0w will still work but you'll lose ultrasn0w and yellowsn0w.  There is geohot's blacksn0w for those who updated to official 3.1.2 but there are still wifi problems with the unlock at that firmware in a small number of cases.  iPhone 2G unlockers don't need to worry about any of this, since BootNeuter handles all that regardless of firmware version (BootNeuter is installed for you by redsn0w if you have an iPhone 2G and choose "unlock").

This version of redsn0w does not provide an untethered jailbreak for those of you with brand new iPhone 3GS, iPod touch 2G, or any iPod touch 3G.  redsn0w will jailbreak those but it will still be a tethered jailbreak until some new exploit is found and released.

Today we released an ultrasn0w update that fixes an issue for those running firmware 3.1.x with the 04.26 baseband.  That specific combination resulted in a missing carrier name in the upper left-hand corner of your home screen.  Today's ultrasn0w update from 0.91 to 0.92 fixes that problem (which was an important issue for roaming). You should see the update available if you have http://repo666.ultrasn0w.com as a Cydia source.  Enjoy!

iPhone 3G/3GS owners who found themselves stuck with version 05.11 of the baseband (either by accident or because they bought it that way) are now in luck!  geohot was able to turn the already-public at+xemn crash into an injection vector, which can be used to inject his version of the unlock.  The blacksn0w unlock is available for free via Cydia by adding the repository http://blackra1n.com in the Manage->Sources panel.  Congratulations, geohot!

Those of you who are already unlocked at 3.1.2 because you kept your 04.26 baseband now have an extra cushion of comfort, and more choices: ultrasn0w, purplesn0w, and now blacksn0w (and of course the original yellowsn0w too if you're still back at FW 2.x).   Whether or not you choose to update your baseband solely to use the new unlock is a personal choice, but so far there are no advantages to doing so (and remember you can't come back to 04.26 after you've gone to 05.11).

As with all the unlocks, it will probably very soon be re-sold through scam sites that charge you money for what is offered to the community for free.  Please stay vigilant for these scam sites and steer your friends away from them.

Update: Some commenters are reporting a lingering problem with WiFi while using blacksn0w.  Some are able to solve it with a single "Reset Network Settings" but others say they need to do that periodically.  So far there seems to be no pattern to those affected or the best way to fix it.

No, this is not a release post!  Just wanted to wish iPhone and iPod touch users everywhere a Happy Halloween!

This next one obviously isn't a pumpkin but who can pass up on laser art by marcan!

If you have an iPhone or Apple related pumpkin photo you'd like to share, send it on in to [email protected] or tweet it to MuscleNerd :)  The first pumpkin with our dev team pwnapple logo is MuscleNerd's and for credit on the others, just click on them.

Here are some details on our latest version of PwnageTool 3.1.4 for Mac OS X which supports the 3.1.2 release of the iPhone software for iPhone 2G/3G/3GS and iPod Touch 1G/2G.

If you're already jailbroken (by whatever means), you don't need to mess around with DFU mode at all.  Just create (or get from a friend) your custom IPSW and Option-Restore (Shift-Restore on Windows) to it via iTunes.  Don't enter DFU mode at all.  Please make sure you are restoring to the custom IPSW, not the stock one from Apple!  For best results, use the latest iTunes (9.0.1) -- which includes a nice new application organizer.

This release allows your baseband to remain unlocked at 3.1.2, but it does not unlock a new baseband put there by restoring to official 3.1.x.  It is super important that people who need the unlock to understand they can keep it only by starting at 3.0 (or earlier) and updating solely to custom IPSWs that don't update the baseband.  For those who have been onboard the "unlock train", simply install ultrasn0w via Cydia once you've restored to your custom IPSW.  Don't forget to turn off the "3G" setting in Settings->General->Network if you use T-Mobile in the U.S.A.

Note for 3GS users not already jailbroken and stuck at 3.1.x: this version of PwnageTool has a side feature to jailbreak your 3GS.  It uses a simple implementation of the usb control msg hole found by chronicdev, geohot, and our very own gray.  (Update: please make sure iTunes and iTunesHelper are not running when PwnageTool asks you if your 3GS is already jailbroken/pwned).  Now that the hole is public and in use, we expect Apple to close it by the next major firmware update. That's why 3GS users need to get their ECID hashes for 3.1.x now, and need to stay onboard the "jailbreak train" in all future updates.  For more details on what this means, please see our earlier posts or ask in our comments section (moderated by the always helpful @angie and @confucious!).

For the early adopters who ran blackra1n and are having problems with mobilesubstrate, winterboard, diskaid, or ifunbox, you can install a custom .ipsw from PwnageTool to fix these issues.  That's because all jailbroken devices accept a custom .ipsw created by PwnageTool.  (However, if you ran blackra1n on a 3G or 3GS that means you updated to stock 3.1.x, and the carrier unlock is now out of reach.  We'll continue to work on a carrier unlock for the latest basebands, but the timeframe for such an unlock is unknowable.)

WARNING! At 10.20AM PDT on October 8th 2009 Apple released the 3.1.2 version (7D11) of the iPhoneOS.

If you care about your jailbreak and unlock, don't update your device - 3G and 3G(S) owners should pay particular attention to this warning.

Here are some details on our latest version of PwnageTool for Mac OS X that adds support for the 3.1 release of the iPhone software for iPhone 3GS and iPod Touch 2G.

SUMMARY:

The iPhone 3GS is now supported in PwnageTool 3.1.3, assuming the phone was pwned at 3.0 or 3.0.1 - PwnageTool does not support the 3GS out of the box. If your iPhone 3GS has 3.1 preinstalled and is not Pwned then there is no tested jailbreak solution at the moment.

The iPod 2G is now supported in PwnageTool 3.1.3, assuming the iPod 2G was pwned at 3.0 or 3.0.1 - PwnageTool does not support the iPod 2G with 3.1 software out of the box.

DETAILS:

This is the low down on our tools for use with the 3.1 firmware from Apple, please read the whole post in full before attempting anything. Because of changes with Apple's update techniques (that complicate the 3GS upgrade process) this will be a multipart release. This release starts with PwnageTool 3.1 for Mac OS X - this application supports the iPhone 1st Generation (2G), the iPhone 3G and the iPod touch 1G. NB: THIS DOES NOT SUPPORT THE 3GS OR 2G/3G IPOD TOUCH. redsn0w for Mac OS X and Windows will follow sometime in the near future, please don't bug us about it - we'll release when we have something ready.

If there's one thing we've been stressing the last few weeks, it's that if you want to keep the jailbreak or unlock on your 3GS, you should resist all urges to install Apple's official firmware updates without knowing if a jailbreak exists for that version yet.  Unless another (different) bootrom exploit is found for the 3GS that doesn't require a "foot in the door" with a signed official iBoot, then accepting official updates willy-nilly may cause you to be cutoff from the jailbreak.  And it will definitely cause you to be cutoff from the carrier unlock.

Now, there are ways to ensure that even after taking an official 3GS update (which you really shouldn't do!), that you'll nonetheless be able to revert to a jailbreakable 3GS (this is NOT true for the unlock, see NOTE #1 below).  We've been explaining these methods (like the iTunes /tmp technique) over the last few weeks, and there's been some great discussion and feedback for the methods in the comments.

Having said all that, we realize that some of you updated your 3GS to 3.1 anyway.  If you want to come back to the world of the jailbreak (but NOT the sim unlock, sorry!) then saurik's new "on file" server may be able to help.  He's got all the details in a new article so do check it out.

Even if you did not update your 3GS to official 3.1 (good job!  You really shouldn't do that!), then you should still read the article and make those changes today.  We fully recommend redirecting your iTunes signing process through saurik's "on file" server to future-proof your 3GS jailbreak through all future updates.

This week Apple will be all over the news with their announcements at Wednesday's "Let's Rock" event.   But with so many new owners of the iPhone 3GS, and with so many new owners of the iPhone 3G (perhaps sold to them by these new 3GS owners)...now is a good time to send out this general advisory.

If you update to Apple's new software using the normal iTunes process, you will lose your ultrasn0w unlock.  In fact you may lose it permanently, because for most people the baseband firmware cannot be reverted to a previous version (unlike the main application CPU firmware).

But don't worry...our PwnageTool program -- when it's updated for 3.1 -- will let you update your main firmware without touching your baseband firmware, so you can still have the best of both worlds.  But you must be diligent about saying "no" to your iTunes request this week to update your firmware.

Update: We're currently working on PwnageTool for 3.1, and will be sure to let you know when it's available!

Snow Leopard, the OS released for Mac on Friday, poses no new wrinkles for the redsn0w jailbreak or ultrsn0w unlock.  

To summarize the status of our tools (all of which are available through the links at the left):

Last week, Joey Hess revealed that the Palm Pre running on WebOS uploads very specific information about your location and application usage to Palm on a daily basis.  Although it's allowed by the EULA that you must accept to use the Palm Pre, it still seems a little...creepy, especially if used for the wrong reasons.  The only "bright" side to this story is that it was for the Palm Pre, not for the iPhone.  Apple has been in the news a lot lately for its AppStore shenanigans, but at least they don't go so far as to track your location.  Right?

Well, sort of.  Although we have yet to find an application by Apple that tracks your location, there are certainly a number of "free" applications in the official AppStore that are designed to do just that.  Case in point:  there's this rather cute/gimicky app that lets you determine the tip for your waiter or waitress by tilting your phone as you pass it around the restaurant table.  But if you dig a little deeper (like bushing did) you'll find it uses a library by Pinch Media that is specifically designed to track your geographical location through time, then upload that data to Pinch Media.  (Oh and it also show you an ad, as an extra bonus).

Being an approved app, it must first ask you for permission to use your location.  If you tap "Don't Allow", it will ask you again in about a minute, the next time its ad changes.  So you either stop using this app (because it pesters you so much about the location question), or you finally submit and tap "OK".  From that point on, your location and path info (your actual physical path through your area each time you launch the app) belongs to Pinch Media, Inc. We think that's a Pinch too much.

Update: A commenter named fusen pointed out this post by 0th3lo. who details Pinch Media's SQL info (it includes your gender and birthday, when possible) and goes so far as to say "no doubt, ANY pinchmedia iPhone application is spyware".  Maybe it's time to pressure Apple to boot Pinch Media apps from the AppStore?

Update: Pinch Media have blogged about the data collected by their analytics library here.

Short version:

You can re-use redsn0w v0.8 we released a few weeks ago to jailbreak today's 3.0.1 update.  Just let iTunes update or restore you to official 3.0.1 then run redsn0w.  The only "trick" is that when redsn0w asks you to identify the IPSW used, point it at the 3.0 IPSW instead of the 3.0.1 one.   After the jailbreak, reinstall ultrasn0w 0.9 if you need the unlock.

More details:

The 3.0.1 release is a "branch" from 3.0 that occurs (code-wise) before all the 3.1 betas.  The programs redsn0w needs to change for the jailbreak are identical when you compare the 3.0 and 3.0.1 versions.  It seems pretty much the only changes Apple made were for the SMS bug, which affects programs that redsn0w doesn't touch.  That's why you can re-use redsn0w 0.8 on 3.0.1 even though it was written for 3.0. 

And since 3.0.1 doesn't touch the baseband either, ultrasn0w 0.9 works for those needing the soft unlock.  Just install it from the repo666.ultrasn0w.com repository using Cydia as usual.

It looks like version 0.9 of ultrasn0w fixed up the vast majority of any problems people were seeing with the 3G/3GS carrier unlock. But here's a brief list of fixes for anyone still seeing problems:

Short version:

ultrasn0w version 0.9 is out!  We believe it solves pretty much all of the various random issues that have been reported.  Its features include:

Last night we released updated versions of our redsn0w jailbreak and ultrasn0w carrier unlock.  These versions are now compatible with the iPhone 3GS running at 3.0.  Welcome aboard, 3GS owners!  (The tools of course remain compatible with all of the other platforms too.)   Also last night, saurik released 3GS-compatible versions of MobileSubstrate and WinterBoard, components that enable many different add-ons and themes.

We realize we upset some folks (e.g. existing 3GS owners) with our earlier announcement that we wanted to hold onto the 3GS iBoot-family hole until 3.1 was out.  Our aim there was to get as many people as possible onboard (within reason of course) before revealing the hole, since Apple will fix it immediately.  But all of that became moot when the purplera1n release was made, since it uses the same hole.

For those of you who already own 3GS phones, the outlook is bright. As long as you have your personalized (signed) dfu/img3 files, you'll always be able to jailbreak (even if you slip up and install stock Apple firmware in the future).  For those of you without 3GS phones, it's a race against the clock to use this particular hole.  There's nothing we can do about that, but we will always be looking for new holes.

ultrasn0w unlockers -- You all must remain particularly vigilant against upgrading your basebands, since doing so will kill the unlock (for most phones, there's no going backwards in baseband version).  Apple has gotten very serious with the latest baseband -- they've removed 180 (!) commands in an effort to cut down their exposure to holes.  So please always stay away from stock Apple IPSWs and instead use our tools as we release them.  These tools let you update your firmware without updating your baseband.

Those installing ultrasn0w will probably also need to do a single run of Settings->General->Reset->Reset Network Settings.  We're testing various fixes for that particular glitch.

Do not upgrade to 3.1 yet if you want this unlock!

Here's a brief video demonstration by @planetbeing of the iPhone Dev Team's ultrasn0w unlock for the new iPhone 3G S. Special thanks to @Oranav for the at+xlog crash -- a gift to the community that has kept on giving!

Our ultrasn0w program uses the at+xlog crash as an injection vector of our unlocking payload -- and it does so on the 3GS in exactly the same way as on the 3G!  But this injection vector will be lost if you update to 3.1 using the official Apple IPSW, which updates the baseband.  So stay away from official 3.1 IPSWs until we release the tools that let you update the firmware without updating the baseband.

Remember we warned you to stay away from any updates to 3.1 if you want to be able to jailbreak or unlock your 3GS.

Well this is an additional message to all you 3GS owners that would like to jailbreak your device sometime soon, but this advice comes with a warning! A warning that if you accidentally upgrade to 3.1, you will not be able to use Ultransn0w, so please re-read and double check this warning at the bottom of this post before proceeding.

You may have read or heard about techniques to capture files during the iTunes restore process. These will be required to jailbreak your phone in the near future, most of the methods involve icky USB snoops. Well, there is an even better and more reliable method to get your hands on those lovely files.

During the restore process iTunes nicely keeps these oh-so-top-secret-files in a lovely accessible place for us to copy out and backup, that place?  /tmp on Mac OS X or %TEMP% on Windows.  Thanks Apple -- handy!

The downside to this approach is that you actually need to go through the restore process to get these signed files, which has risks if you are anywhere near 3.1 or 3.1 beta :-)

You've seen us give this warning before, and there are only so many ways to say it or come up with a clever title :) But here it is: ultrasn0w users must stay away from any firmware updates past 3.0 (including today's 3.1 beta) until we release the tools that let you update the firmware without updating the baseband.  For most phones out there, baseband updates are irreversible and you'll lose ultrasn0w.

The 3.0 jailbreak was one of those (rare) times where both the jailbreak and the unlock coincided (the only other time was 2.2).  It's important that people realize that *most* firmware releases aren't like that, and you need to take steps (via the tools) to separate the firmware update from its included baseband update.

This warning does not apply to the iPhone 2G, which uses BootNeuter for the unlock, not ultrasn0w.

Spock said it best: "The needs of the many outweigh the needs of the few..."

Summary:

We can jailbreak the 3GS right now.  But making our jailbreak public at this point in time would benefit relatively few people.  It would in fact be detrimental to many more people than it would help.  So we feel it's best to keep our version of the jailbreak out of Apple's sights for the time being.

Details:

If you already have a 3GS phone and have already done a full USB dump or captured your img3's signed with your ECID, then you're in great shape.  You will always be able to jailbreak.  But many people who plan on getting a 3GS do not yet have one. For instance, many people are waiting for their existing contracts to mature to the point where they get a price break on the 3GS.  Many people are trying to sell their 3G before they can buy the 3GS.  There are parts of the globe where you can't even buy a 3GS yet!  The reasons are varied, but they are many.

About 5 hours ago (Thursday evening, less than a week after the 3GS launch), we were able to verify that the 24Kpwn exploit that the hybrid team used on the iPod Touch 2G is still applicable to the bootrom of the iPhone 3GS. That means we can use the same sort of technique used by our current redsn0w tool to jailbreak and unlock the iPhone 3GS. 

This is great news, but how did it happen?  Why didn't Apple fix this in their normal cat&mouse fashion?  Well it seems this bootrom was cut in about the August 2008 timeframe, so the unintended early reveal of 24Kpwn earlier this year didn't affect the iPhone 3GS.

For our technical notes on where the 24Kpwn exploit is in the 3GS, see here (pastebin hash of it is here).    Our original blog post for when this exploit was first found is here.

And yes, ultrasn0w will be able to be used on the iPhone 3GS for you unlockers!  (In fact, without any modifications whatsoever!)

Important: Apple has not given up on the cat&mouse game, and in fact there are challenging aspects of the 3GS jailbreak that aren't in the other devices.  It'll take some time to safely work these into our tools, but the fundamental weaknesses are there:  The bootrom is exploitable via 24Kpwn, and the baseband is exploitable via ultrasn0w.  (And just like with the 3G, ultrasn0w for 3GS requires that you not update your baseband when Apple comes out with new firmware.)

Ultrasn0w for iPhone 3G is ready!

Read the whole post in full before attempting anything!

redsn0w is an easy to use, multi-platform, multi-device jailbreaking and unlocking tool for the iPhone 2G (original iPhone), the iPhone 3G/3GS and also the iPod touch (first and second generation). It is available for Linux,  Mac OS X and Windows.

REDSN0W PROVIDES SIMILAR FUNCTIONALITY TO QUICKPWN.

If you want to build custom firmware files with more flexibility it is suggested that you use 'PwnageTool' on Mac OS X.

This is the low down on our tools for use with the 3.0 firmware from Apple, read the whole post in full before attempting anything. Because of some bugs and unexpected changes this will be a multipart release, starting with the release of PwnageTool for Mac OS X. QuickPwn for Mac OS X and Windows will follow sometime soon, please don't bug us about it, we are working flat out to get everything finished to release them.

As anyone reading this blog must already know, this is the big week where Apple releases their official 3.0 FW to the public (Wednesday), and then the new iPhone2,1 hardware, aka the iPhone 3GS (Friday).

On Tuesday evening (just before the big Apple release) we'll do a live demo of the yellowsn0w carrier unlock working on official 3.0 firmware.   The actual link for the feed will be twittered by @MuscleNerd and also placed here when the feed starts.  The demo should answer everything you need to know about the new yellowsn0w.  But it's good news for iPhone 3G unlockers everywhere.

Meanwhile, we're in the middle of testing our PwnageTool and QuickPwn tools, which will work with iTunes 8.2. The jailbreak of course continues to work on 3.0 for all devices it ever worked on, thanks due the Pwnage 2.0 technique released last summer.   Our tools will be released no sooner than the Apple release (just in case!).

P.S. For the new iPhone 3GS, please don't expect periodic updates about any progress we have or don't have.  Nothing gives Apple the upper hand like someone tweeting or blogging partial hack results.  That's not how cat & mouse is played :)  That's how the cat gets fed.

Updates after the video.  Please skip ahead to 02:00 to see the demo.

These are very exciting days ahead!  WWDC, the new 3.0 firmware, the new iPhone2,1 device.  All in the span of a month or two.  Nobody is more excited than we are :)

Unfortunately, there are predators out there that are counting on your over-exuberance.  Maybe we should call it yell0w fever.  One very recent example is a certain yellowsn0w221 page on wordpress.com.  Do not download anything from that page if you're on a PC, else you'll be infected with a virus.  The page talks and talks about a supposed Firmware 2.2.1 yellowsn0w exploit, but it's all a ruse to get you to download and infect your PC.

We're used to (though still aren't happy about) less predatory websites, like quickpwn.com.  That site (1) is not us. We don't consult with them in any way (2) makes money from their Google hits (they're usually near the top) (3) sometimes gives very very bad advice (like tweeting yellowsn0w users to use QuickPwn on 3.0 betas.  Bad suggestion).  (4)  also owns yellowsn0w.net, another money making website.

The wordpress page, though, is at another level.  It's out to 0wn your PC for spamming purposes.  Please be on the lookout for any pages that mention "dev team" news that you don't actually see on this blog first.  We are very good at not leaking sensitive info (since that really wrecks this whole "cat&mouse" thing).  So no blog or forum or youtube page would have any "insider" dev team knowledge that you won't see announced here first.

About the unlock (the real yellowsn0w): you all paid lots of money for your iPhones, and so we know that if you are depending on a software unlock, this is a sensitive issue.  It's a very sensitive issue to us too, which is why we can't say or release anything prematurely that could potentially compromise any 3.0 software unlock.  The commenters on this blog that have high ratings (20 or above) understand this intimately so please listen to them when they try to assist those waiting for any unlock :)

Yesterday, Apple started pushing out their official iTunes 8.2, which supports mobile devices at firmware 3.0. Here's why you jailbreakers and yellowsn0w-users shouldn't really accept that "Update now?" question:

Apple just released the fifth beta of their 3.0 OS.  Back when 2.0 was still in beta, they released about nine beta firmwares, so it's reasonable to assume we're about half way through the 3.0 beta process.

As should be expected, the modern devteam jailbreak process is still valid.   The picture below is 3.0beta5 jailbroken on an iPhone 3G.   As we've said in previous posts, nothing other than a hardware respin can prevent our jailbreak from working on all exisiting iPhone and iPod Touches.  They've chased our jailbreak so far down in the chain of trust, the only way they can fix it is in hardware.

Because there are so many beta releases, we couldn't possible refine, test, and release both PwnageTool and QuickPwn for each of them.  That's why we're waiting until the final release.  You may have seen other "hijacked" versions of QuickPwn out there, but all of them are buggy, none of them work on OSX, and almost everyone who uses them reverts back to 2.2.1 (because none of the useful jailbroken apps (Qik, Cycorder, and others) work on 3.0 yet).

But this is a good time to remind everyone.  If you care about the yellowsn0w unlock, don't go anywhere near the beta releases.   You will lose your unlock, possibly forever.

Today at exactly 2 minutes past Beta O'Clock we are releasing a beta version of redsn0w. The release hopes to simplify the jailbreaking of your iPod touch 2G.

redsn0w is currently in beta as it relies on the user running it from the command line, but this new redsn0w functionality is being added into our GUI applications.

If you are not fully confident with using the command line, then hold off for those simpler tools that will be released sometime soon.

Related links

Well, the cat is out of the bag.  The 3.0 firmware from Apple can be jailbroken, and there are now sites out there giving you that jailbreak (after you sort through various ads and browser popups, etc).

Of course it's not really a surprise that it can be jailbroken.  One of the nicest things about the jailbreaking iPhones and iPod Touches nowadays is that once a given device can be jailbroken, it can always be jailbroken.  The exploits we're forced to resort to are down at the hardware level, where nothing can be done about them via software.   That's why within a day or two of 3.0 beta1's release we were able to snap this screenshot of a jailbroken system:

(we also captured the date of the SHA1 of the above image for historical purposes here and here)

Why did we not release the jailbreak two weeks ago when the above image was captured and hashed?  There are many reasons, mostly resource-related:

It almost goes without saying, but we will say it anyway :)

With all of the great stuff lined up for us with the 3.0 OS that Apple described today, many 3G owners may find themselves with itchy update fingers.  If you find yourself with access to the 3G IPSW for 3.0 via the iPhone Dev Center program, and you are using yellowsn0w, do not update or restore to that official IPSW.  You will lose yellowsn0w and find yourself unable to revert the baseband to get it back. 

And for those wondering, yes the 3.0 OS is jailbreakable on all devices.   It's just those using 3G yellowsn0w that have to show some restraint and wait for PwnageTool to create a custom IPSW that avoids the baseband update.

The iPod Touch 2G is now another member of the "pwned for life" family. It has a fatal flaw in its bootrom that means you will always be able to pwn these devices no matter what firmware updates come along. This is the full, untethered jailbreak, something that iPod Touch 2G users have not had before today.

Those of you who hang out on IRC or were able to read between the lines in the various blogs, forums, wikis and twitters may realize that we -- and importantly, that's a that's a collective, cross-team "we" :) -- had been hoping to hold onto this full ipt2g jailbreak until the next version of the iPhone came out. That didn't happen, but maybe it's too late for Apple to fix the bootrom in the next iPhone.

The raw patch to the firmware that transforms the "tethered" jailbreak into an untethered one was released here but it's not yet packaged up into the PwnageTool or QuickPwn flows. But other threads there are pulling together tutorials and other tips for those of you anxious to try this out now.  For the curious, the hole itself is explained here.    There's also a "pen and paper" analysis that helped the hybrid team venture transform the hole into an exploit.  Hopefully that will be up for viewing soon too, if only because of its geeky beauty :)

Anyway, to all those iPod Touch 2G users out there who waited so patiently through all the various incarnations of the jailbreak for Apple's latest device -- welcome to the family!

For the rest of us, the jailbreak "cat and mouse" game will continue in the summer with the next iPhone. And the carrier unlock "cat and mouse" game continues as ever. :)

This is the low down on our tools for use with the 2.2.1 firmare from Apple, read the whole post in full before attempting anything. Please note that the Windows version of QuickPwn has been updated to version 2.2.5-2

There is an iPhone and iPod update available in iTunes - it is numbered 2.2.1 (5H11a).

Please DO NOT update. We will investigate and report back to you ASAP.

Update 1:  Here's a video overview of what this update means.

What a week it's been for the 3G unlock!  Here's where we're at:

Past

Present

Seems like "Jody Sanders" of the West Midlands, UK (who we mentioned in our release post) is at it again and is stealing our work and passing it off as his own, he has done this before and this scam was reported by the Guardian and also by on this blog last year and was also covered in a very very long thread over at hackint0sh forums.

We specifically restrict the commercial use of our software, and yellowsn0w is included in these restrictions. This dodgy geezer is selling our software to you at a bargain £19.99 he says:-

"We can now fully unlock the iPhone 3G for use on any GSM network for just £19.99 DIY (£49.99 in-store at either London or Birmingham) - just in time for the release of the iPhone 3G PAYG in the UK (available from Carphone Warehouse and o2)."

Jody's "software" contains our code and also copyrighted code from elsewhere. All you need is free and outlined here . What he is doing just isn't cool. If you are in Birmingham or London then if you could find out any information about Jody Sanders at "iph*neunl*ckuk" we'd be very appreciative.

Also if there are any UK based lawyers or student lawyers that could help us with this, then please contact us at [email protected] of course student lawyers can't give us specific legal advice, but even your informal opinion helps.

Hello all,

We wish you a very happy, healthy, and hopeful 2009!

Once you have installed yellowsn0w, please report your success or failure here. it'll help us with the bug fixes.

We have released the 0.9.6 beta yellowsn0w 3G unlock application, 0.9.6 beta should fix EVEN MORE problems :-). Please remember to add feedback -> here <- as we can get useful feedback that will help us. We suggest that everyone upgrade to this version.

Please note the following:

01110110 01110100 01100001 01100010 01100101 01110010 00100000 00110110 00110001 00110000 00110110 00110000 00110001 00110111 00110100 00100000

Update 1: yellowsn0w isn't released yet. Don't  wastekeypresses and valuable drinking time searching repos or the web for it ;-) as soon as it is released we'll announce the details here :-)

Update 2: What do we have here then??

Update 3:  Now to explain the above screenshot.  The soft unlock has undergone many changes in the last two days.  The most significant one: the soft unlock will now be only for baseband 02.28.00 (the most recent baseband).  Yes we've been advising everyone to avoid updating their basebands, and in general that will always be the best policy.  Not every baseband version is guaranteed to have a hole through which we can inject the unlock. 

Update 4: (a) The yellowsn0w Cydia package will be available as soon as our devteam member in charge of the repo wakes up to fix a file permission error.  (b) Once it's out, those users with SIMs that have apps and other menus on them will need to do that extra step we've been talking about.  They'll need to pull and reinsert the SIM once after rebooting the phone to engage the unlock.  Even though it's needed only once per boot, it's still a nuisance and we'll be fixing that ASAP.  (c) You'll know if you fall into that "extra step" category if your carrier doesn't show up within about 10 seconds of the slide to unlock screen.  (d) Yes it really is for baseband 02.28.00.  That means everyone can use it now! (e) Happy New Year!

The iPhone Dev team had the pleasure of joining forces tonight with Team Twiizers -- the guys behind http://hackmii.com -- in a spirited game of Capture the Flag.    The joint team was called WiiPhonies, and the contest lasted 8 hours.   There were over two dozen teams competing.

WiiPhonies won :)

The following is a visualization of the WiiPhonies progress throughout the night.  The performance of the teams in each of the categories is also available as well as the list of advisories that were submitted during the game.

But the statistics don't convey the fun back-and-forth between all the teams throughout the whole night...so congratulations to everyone :)

This week's DevTeam Funday features a live demo of yellowsn0w!

MuscleNerd will use Qik to broadcast a live video and audio stream (from an iPhone 2G) of an iPhone 3G being soft-unlocked with yellowsn0w.   He's in Florida for the holidays so there won't actually be any snow in the live demo (although strangely enough if he were back home in Los Angeles he'd be very close to snow this week!).

Qik creates a chatroom for its videos but it may not be feasible to field questions live from the chatroom.  So if you have a question that hasn't already been answered in our previous blog posts, please tweet them in advance to Musclenerd.

We're aiming to do the live demo in about 12 hours, or 3PM EST/9PM CET.  The actual URL will be tweeted via MuscleNerd's twitter account just as it starts.

Hope to see you there!

Now that you guys have got used to the sunburn and blindness caused by the glare of our new blog template, we can get back to normal business. We'll give you some updates and also tell you our schedule for the festive season.

Over the Christmas break some of our members will be talking at the Chaos Computer Club's 25C3 Congress. This talk will be a juicy technical talk relating to iPhone platform and our previous exploits. You can see more information about the talk "Hacking the iPhone" and some more info at the CCC event blog. There is even a super-cool TeamPwnapple T-Shirt ;-)

3G Unlock

We have been working hard on a few other things. The main one being the 3G unlock codenamed "yellowsn0w". This is now completed and is currently being packaged into a user-friendly application with the simplicity that you see in QuickPwn or BootNeuter.

Over the last week we have made a few changes to our blog. The first major change was the migration of 35,000 comments from a hosted service called Disqus to our new comment provider IntenseDebate. The Disqus system was causing problems for many of our readers and in our opinion the threading and user-interface was inconsistent, we also had some other service related problems with Disqus which didn't help matters, but we think that moving to IntenseDebate has been the best option for us, and ultimately for you. IntenseDebate helped us migrate our comments in super quick time, with the guys turning things around for us as if we were paying them a fortune, but of course we pay them nothing, nada, zilch, this was all for free. Thank you guys.

We also have a lovely new template. This was created by the graphics genius that is Jacob Bijani he is not only super cool and makes things look very very pretty, but he works for the awesome tumblr who provide the bandwidth and tumblogging platform you are seeing here, thanks Jacob, thanks tumblr.

Here is a great video we found that reflects the good feeling -

"Feeling Good" by Nina Simone. Video (found on dailymotion) by Tamara Gildengers Connolly

We are making a few adjustments to the site and moving around some servers that host our images, so if you see any broken images or anything else weird then you know what is going on. We’re working on this remotely from Europe and the US over IRC and SSH. We’ve closed comments on the other posts temporarily while we complete this work, and we’ll delete this post when the work is complete.  Feel free to have a bit of a chat in the comments — consider it a free for all — we’ll try to answer what we can. How about you guys: where are you from? what do you do for a job? We’re interested in that type of stuff while we wait for our files to copy over to our new servers.

This week's funday is today!  Devteam member planetbeing has done a phenomenal job reverse engineering Apple's hardware drivers and now for the first time ever, linux is available on the iPhone and first-gen iPods.

The official announcement is here. Video, downloads, and instructions....all included.

(P.S. Feel free to digg this to help get the word out!)

Update: Geek Hero gets it.

We already know that Woz is an advocate of Pwnage but here is a recent interview with him from the BBC's Click Online show, the interviewer is Cambridge Computer Science graduate Spencer Kelly.

Some interesting information :-

So, as anticipated our friends the misfits have recently released the long awaited 2.2 update. We can confirm that this update SHOULD NOT be applied using iTunes if you want the chance of a soft-unlock in the near future.

If you want to keep that option of a 'soft-unlock in the near future' available but you want the new features of 2.2, you will be able to update to 2.2 using a PwnageTool created custom ipsw file that disables the baseband update. You will be able to do this using an updated version of PwnageTool that will be released sometime soon.

Some facts -

This ability we now have to spawn background tasks means we are one step closer to the 3G soft unlock.  We have a clear path to follow, and "all" that remains is the implementation.

A quick summary of the key 3G-unlock-related achievements we've made so far:

Masks and fun stuff!

We've had a total 39,317 downloads of the PwnApple mask in the last 7 days.

Photos of people wearing the masks were submitted and seem to come from all over the world, these certainly made us chuckle! Judging by the comments most of you guys enjoyed the photos. Three or four of the photos submitted couldn't be shown to the public as they were, erm, not quite "work safe". One of these secret photos was almost amazing, so amazing in fact that most of the guys couldn't even believe that an iPhone 3G and USB charger would fit in there, very, very impressive.

The PwnApple mask had a bit of a hidden meaning for the team, a kind of inside joke, one or two commenters on the blog speculated to what was the true meaning, they were kinda close, but most of all it was a bit of fun, the kinda fun that keeps morale high and talk lighthearted and this really does help when people are concentrating and working so hard.

We've made some decent progress with the iPhone 3G, nothing worthy of a party as yet but we are moving along nicely, we'll keep you updated on this.

We've made a printable facemask that is available for you to download here. We'd love to see photos of you guys wearing these, we'll publish the best ones, so send them over to [email protected] - 23:16 CET: 5831 mask downloads

A few of the submitted photos:-

The second beta of firmware version 2.2 has been out for a few days.  It looks like Apple still doesn't have a fix for devices already prone to the pwnage jailbreak and unlock.

Here's our obligatory screenshot of a jailbroken and unlocked 1G/2G iPhone running 2.2beta2 (which also shows an interesting daemon they left lying around).

Seems like Mrs Ari Gold desperately needs some lessons in how to correctly use her iPhone 2G. This gaffe was made in last night's Entourage titled First Class Jerk. With all their money you'd think that Ari would have bought her a 3G version and paid for lessons on how to use it ;-) We have a member in LA, maybe we'll send him over ;-)

There are some shots of here using the phone correctly in the same scene here and here.

Higher resolution version (available via bittorrent) here

We made some significant 3G progress this week.

Here's a screenshot of a 3G iPhone whose baseband has been modified.  And even though it's modified -- and fails the integrity check -- it's still running.  Can you guess where the patch was made?

Running modified baseband code is a very useful ability, but it's still not possible to accurately estimate how close we are to the ultimate goal.

Update: A video of the above session is available here.

... one step back.

Disclaimer!!  This is a purely technical post with no pragmatic use! There is no 3G unlock in this post.  There is no iPod Touch 2G jailbreak in this post.  It's just a random technical post related to the 3G unlock.

We've been exploring different ideas with the 3G unlock, but this past weekend one of us hit a big snag. For whatever reason, all of our poking and prodding of the 3G baseband caused it to finally have a breakdown.   After one specific exploit run, all of a sudden our baseband stopped responding to the OS.   Even after multiple restore attempts, we were plagued with errors like this:

Somehow our software hacking had caused the baseband chip's SPI bus to stop responding (so it looked like a hardware problem).   Even though BBUpdaterExtreme reported the correct baseband version, it failed basic tests like memtest:

If you're familiar with the baseband revision history for the 3G iPhone, you may have noticed that the above captures were done at the original 01.45 baseband.  As dire (and hardware-related) as these messages sounded, though, there was a simple solution.  We just updated to 01.46 and then downgraded again (because we can run unsigned code on the baseband CPU) to 01.45.

While we continue working on the two current remaining challenges from Apple (the iPhone 3G soft unlock and iPod Touch 2G jailbreak...see the end of this post), we're also watching the latest beta releases from Apple.

The first beta 2.2 from Apple reveals a few things:

Window QuickPwn 2.1

Supports 2.1 firmware with the unlocking and jailbreaking of iPhone 1st generation (2G) device. Supports the jailbreaking of iPod Touch 1st generation device and iPhone 3G. Your device will need to be upgraded to 2.1 (using iTunes 8) before running this application.

"U Can't Touch This" were the words of the great MC Hammer in 1990, but we just couldn't wait to "touch it" as soon as the new slinky wafer-thin iPod was unveiled by Father Jobs a week ago.

We are especially eager to experiment with this device because the n72ap in the new iPod Touch 2G may give us insight into upcoming iPhones.

So a few hours ago the large truck backed into the DevTeam warehouse where the crate of iPod touché devices were dropped off and we started the very earliest stages of investigation (which means fun!) ;-)

We won't have more to say unless there's more to say. Hammertime!

                                Some of the popular press and blogs have been backing the opposition. :-)

While criticism and competition is fine it should be reported correctly, with all the facts and certainly minus the FUD. Do you guys think we are "less and less relevant with each passing day" ?   We don't think so, and we certainly prefer our hacks to theirs.

Though even if the world deems us irrelevant, the iPhone family of devices is still fun to hack!  

By the way we figured out a way to combat iTunes 8 without patches...and we're waiting to see what Apple tries next.  But we think they might want to rethink their priorities.  They probably won't though, and so we get back to the "cat and mouse" game between Apple and the Dev Team and other third-party communities.

Here are the new versions of PwnageTool and QuickPwn that support the 2.1 firmware.  And as we just mentioned, iTunes was not harmed in the process ;-) no patching was required.

We would just like to point out that that there are lots of fake sites using the QuickPwn name, these muppets don't know anything special, and they don't have anything unique. They are vultures that sit on the domain names and plagiarize content and information in the hope that you donate to them, or click the google ads. 

As we've mentioned before we don't accept donations and we certainly don't allow ads on our site, anyone who asks for donations in our name is lying, end of story.

So we would recommend that you stay away from badly designed chaotic sites (especially ones of a monochrome variety) that capitalize on the name of our tools.

Spammers should also watch out (even if they are part of the extended iPhone community). Like any decent blog we do not moderate our comments, we let the criticism flow alongside the praise but we certainly do filter on spamwords and then decide if they get posted. Play nice people, spamming just isn't cool.

Now of course all that stuff isn't cool, but be prepared for some stuff from us today that is cool.

If you've been following the technical aspects of our blog since July, you may have noticed that we've asserted multiple times that Apple can't fix the bug we've exploited in PwnageTool unless they fix their hardware.

That hardware fact is still true.  But one way they can try to combat Pwnage for existing hardware is to program iTunes to detect and prevent the Pwnage exploit.  In fact, they've already done that in iTunes 8.  The screenshot below from iTunes 8 using a Pwned ipsw (with an unPwned device attached) is one example.

The nice thing about iTunes decisions is that we can provide you with patches to counter them.  We have one such patch already for Mac iTunes 8 for iPod touch.  We'll be working out the full suite of patches for all the combinations over the next week.

Here are 2 screenshots that Apple doesn't want you to see.  Notice the Terminal icon at the end of:

Then once we've launched it, despite mobiledevice's best intentions:

                     Q: What do a bunch of Slavic speaking iPhone geeks do at the end of the summer to get some R&R, brainstorm and make sure they get the maximum amount of sunshine possible?

A: They go to beautiful Varvara in Bulgaria of course! they talk iPhones, drink vodka and super strong rakia, then party late into the night :-)

iPhoff '08 was the first meeting of the Bulgarian iPhone fans where a few DevTeam members held honorary guest positions.

Lots of interesting chat took place, and by the second bottle of rakia iPhones became building blocks, ashtrays, cigarette lighters and various things they were not made for :) Don't worry about the iPhones most of these guys needed an excuse to buy 3G handsets anyhow ;)

Extra special thanks to Атанас Чобанов for being an excellent host and looking after our guys.

A DevTeam member by-proxy "Duchess" was so upset with the lack of 3G unlock she went around and bought up all the available SIM-free 3G handsets in her town. Wow, her gold-card must have been manxed out that day. All this spending is tab-be expected from such a girl. Previously it has been suggested  that all the time we spend geeking out, we'd have no time for pussy, well you were wrong. 

  NB: This is NOT any cryptic update on 3G unlock progress, just a cool photo from one of our members,  so conspiracy theorists please replace your tin-foil hats ;) We are still working on the 3G unlock as hard as we can.

Here's one happy Pwnage advocate.  Anyone know who he is?  :)

Update: By the way, Woz is no stranger to iPhone Dev Team hacks.  Some of you may remember his visiting the Dev Team's ridiculously easy 1.1.1 jailbreak that required absolutely no PC or Mac at all...just a web page visit to http://jailbreakme.com

That was done on Kathy Griffin's actual show:  http://www.viddler.com/explore/engadget/videos/23/

Here is the long awaited "QuickPwn" for Mac OS X. You'll see a similarity to the user-interface of PwnageTool, this is because of the great feedback we've had since we moved to that interface with PwnageTool 2.x. 

QuickPwn is not a replacement for PwnageTool, they are different tools and provide different features, QuickPwn is for quickly pwning a device, whereas PwnageTool is designed to custom build and tailor the ipsw production process, both tools will be actively developed in the future.

To use QuickPwn 1.0 Mac OS X your device should be running 2.0.2, if it isn't then you can upgrade it to 2.0.2 using iTunes and then use the QuickPwn tool, we repeat, it'll only work on version 2.0.2 of the iPhone or iPod touch firmware. 

If you don't want specific things to happen such as baseband updates then PwnageTool should be used to create a custom .ipsw with your specifics.

Here is the official torrent for the release, we are seeding it on a few different servers so it should be well seeded already, but we think it'll be a popular download, so we thought we'd use bittorrent as some of you were not too happy about 2kb/s downloads :)

The iPhone Dev Team was nicely represented at the most recent DefCon in Las Vegas,  bushing, MuscleNerd, and 2 other unnamed members were there soaking up the info. At one of the nite parties we got a Cycorder capture of the GRL's awesome laser tag system, this uses a DLP projector to project an image that is drawn in real time from the motion capture of the point produced by a high-power green laser, check out the message.

DefCon from iphonedev on Vimeo.

If you'd like to see more of the GRL laser tag system, there is a great video of them bombing El Corte Inglés and other high-profile locations in Barcelona. 

We've also got some nice video of Woz, doing some cool stuff (well we think it is cool) but we're just need to make sure it's ok to show and that names are changed to protect the innocent :)

One of our members "planetbeing" has written an interesting blog post over at his very cool blog. It talks about the "similarities and differences between QuickPwn and ZiPhone". It was posted last week, but it is such an insightful post that we thought we'd link to it here 

We've had some issues with iPod touch devices and the latest version of PwnageTool for the Mac, in certain conditions incorrect permissions will be used and the keychain doesn't save passwords. So hold on and wait for the next release, we'll push out the updated version via Sparkle as soon as it is tested (it is being tested right now). We have also encountered some issues with the Windows Beta of QuickPwn, and we have an update that should fix the issues seen with 64-bit Windows versions and should be able to be used with all versions of Windows, but as with all beta software other bugs may be present.

UPDATE: New Windows QuickPwn Release Candidate (RC3)

UPDATE: Sparkle update for PwnageTool (Mac) being pushed out now! Direct link here 

NB: Only use the .tbz file that is distributed by us. the SHA1 sum for  PwnageTool_2.0.3.1.tbz is a3faf5c074d5556a40ce4c7678a51995b5767073

PwnageTool 2.0.3 is available. This version provides support for iPhone/iPod firmware 2.0.2 5C1, it has an updated Installer.app beta (b6) and contains a new .de localization for our large amount of German friends. The application SHOULD ONLY be downloaded as a .tbz file from our servers and should NOT be decompressed using the application called "the unarchiver" (this breaks permissions within PwnageTool) just use the standard OS X built in 'Archive Utility' to decompress. The SHA1 sum of PwnageTool_2.0.3.tbz is 91e670e0c623cd43f5e8cfbfaae6c23d98d8f31b

Also released today is the '150' beta update to the Windows QuickPwn application, this contains a revised GUI from Poorlad that has tighter integration into the the main updated QuickPwn executable which has fixes for YouTube and  provides BootNeuter support for the unlock of 2G iPhones, remember this is still beta software, use at your own risk. The updated tool is available for download here NB: QuickPwn Windows doesn't work well with virtualization as there are some problems with the way USB resets are handled, so we wouldn't advise trying it, we have had reports of some success with VMWare Fusion 2.0 Beta 2, but this shouldn't be relied on, use PwnageTool instead, or wait for QuickPwn Mac.

QuickPwn for Mac is being tested right now by a group of testers and we'll release this when it is ready for public beta (this won't be within the next 24 hours, but should be within the next week).

There are no significant updates with regard to the 3G baseband unlock, most of us have been busy with real life, when we get any further we'll let you know.

Here is the updated QuickPwn for Windows, wrapped by Poorlad's GUI. It contains our new bundles for 2.0.2 and we've added support for version 2.0 devices which means you can QuickPwn and jailbreak the device if it is running 2.0, 2.0.1 or 2.0.2.

Remember this is still beta software, so usual rules apply, no complaints ifanything goes wrong and use the tool at at your own risk! 

Download here!  SHA1 = 8e1ed2ce9e7e473d38a9dc7824a384a9ac34d7d0

NB: Using QuickPwn does not update the firmware itself, this tool is designed to 'Pwn' (the ability to install future custom non-Apple firmwares) , 'Jailbreak' and install Installer or Cydia on a given device. If your device is running 2.0.1 and you QuickPwn it, it'll still be running 2.0.1, although it will now be Pwned and Jailbroken, similarly if your device is running 2.0.2 and you QuickPwn it, it will then be running 2.0.2 but the device will now be Pwned and Jailbroken. It will also activate (not unlock) devices that are being used outside of their intended territories and cannot be activated using iTunes.

If you want to update to 2.0.2 then use the normal iTunes update to get to 2.0.2 and then use QuickPwn to Pwn, Jailbreak and Activate, remember that the 2.0.2 update includes a baseband update for the 3G iPhone, so depending what your long term intentions are for the phone, update wisely, of course in the upcoming PwnageTool application you'll be able to create a custom ipsw without the baseband update enabled.

"poorlad" has stepped up and created a GUI version of QuickPwn based on our Windows release earlier, this is a stopgap solution that he created in a little over 5 hours, great stuff poorlad!

It is available for download here  but beware this is still beta software, it is fairly self explanatory and easy to use. You'll still see a command-line window popping up when the actual QuickPwn process takes place, but the device and ipsw selection is handled by the GUI. 

A final cross platform GUI for QuickPwn is also being developed, but this version should help some of you guys and gals right now.

This version fixes some issues that were reported with the iPod touch.

We've also heard reports of 2.0.2 version of the iPhone software being released, we'll be looking at this tomorrow, but for the moment we'd recommend you stay at 2.0.1.

We've got something for you! (No, it's not the 3G unlock, but still something very useful.)

It's a tool we've been working on to jailbreak a phone more quickly and easily, without requiring a full restore. Unless you are making a custom firmware with specific features, there is nothing inherent in the pwnage process that requires a restore, and we have been planning this tool for some time. It's more convenient because you do not need to make a full IPSW and use iTunes with it, but your phone still ends up pwned and jailbroken.

In an attempt to be more open about our development process, we're releasing a beta version of quickpwn, for Windows only. Other platforms are coming soon.

What you're getting here is a development version (mostly feature complete) of an upcoming tool that we see as a complement to our current PwnageTool. It's not ready for everyone just yet, but with a bit of expertise, it should work nicely for those of you adventurous enough to try it.

Currently QuickPwn requires your device to be running version 2.0.1 of the iPhone/iPod firmware. This requirement will change in a subsequent release.

While we work on the unlock of the 3G iPhone (we are making slow, but steady progress and we have no estimation of when, or even if we'll be able to unlock the 3G iPhone) we've had lots of requests to see some blog usage statistics, so here are some for the last month (July 13th - August 13th 2008).

Page Statistics:-

One of our members (Pumpkin) was struck with a huge technical problem on his MacBook Pro yesterday

Thank you guys for all the offers, Pumpkin was brought a shiny new SATA internal hard disk and some brand new RAM by a really helpful reader this afternoon (thanks Mike), with some of his prodding and poking the machine is alive! Yay!

Again, thanks for all the support.

Did you think we'd sleep? really? 

Recommended method for updating is Sparkle (the internal updater inside PwnageTool) or using the Finder to decompress the files, don't use command line tools to decompress as incorrect use will not preserve permissions, just double click the download above in the Finder. 

NOTE: DO NOT USE "THE UNARCHIVER"  to decompress our .tbz files, it'll corrupt them, just use the existing Apple utility called "Archive Utility" that ships with OS X, usually a double click will do, but in case you have something else weird and non-standard installed the correct decompression tool can be located at /System/Library/CoreServices/Archive Utility.app 

Installer 4 Beta is included, it is added in any mode by default. The main installer package management interface within PwnageTool isn't enabled yet, and will report that installer.app isn't available, but the actual Installer.app package is added as a default option in both modes.

The latest Cydia is also enabled by default 

Just as we moved PwnageTool to the sparkle update system (just after making this original post) one of our team noticed a nasty bug that only happened on his intel iMac running Leopard, we held off and tried to fix it and get it out but it still isn't fixed. This isn't anything to do with 2.0.1 being unhackable or other kooky idea, so don't worry about that, it is a bug with the building of the final ipsw, which is kinda fundamental and we were worried that it would appear on similar systems, the bug wouldn't have caused any damage to systems, but it would have been a support nightmare, and it just wouldn't work. We'll post the fixed version to sparkle as soon as it is fixed, (which will be after we've had some sleep) and also post a direct link too. We were considering releasing a beta "at your own risk" release, but it is just too risky as we didn't test on all our machines yet. Remember we ship "safe-tools".

See you in the morning guys and gals.

We've just had word that our friends at RiPDev almost have Installer 4 (Beta) ready for public beta release, with that awesome news we've decided to include it in the PwnageTool 2.0.2 release, we are waiting for the software from them and we need to quickly test and add a small couple of changes that go alongside Installer.

Usually we don't give release dates, this is so we don't feel pressured into releasing something if it isn't ready, or we can hold off if something comes up in the last minute (last time this was the addition of the 3G jailbreak), today we thought we were releasing, and you guys seemed restless (we read the comments) so we said "sometime today".

We think the Installer 4 beta is big news, and I'm sure lots of you guys want it and because of this the release should now take place sometime tomorrow (Friday), we want to do all this in one hit, we don't want to make two releases in two days (we all have day jobs too!), and besides the work has already begun to prepare PwnageTool for Installer 4, people will always say "you should have done this" and "you should have done that", but we think that this is the best way to lighten the load on our servers and more importantly our team-members, while of course still giving you guys all the features you want.

We don't want to keep you guys refreshing and commenting to ask where the latest update is, so we thought we'd just tell you now.

This release will of course include the new release of cydia that has bugfixes and new features.

We've found a journalist that nicely demonstrates PwnageTool!  you can see it here. Great work CNET :)

We chuckled at a pronunciation of one of the tools, but we are not telling you which one. How do you pronounce PwnageTool, Pwnage and Cydia? Send in your sound clips to [email protected] tell us which country/city you are from and we'll publish them alongside our postcard site that we are about to build :-)

BTW PwnageTool 2.0.2 is undergoing final checks and will be packaged, signed and should be uploaded within the next few hours, so count on it being released sometime on Thursday. This will be available via the PwnageTool software updater that is built in and checked when you start PwnageTool, we'll also publish a link here for direct downloads.

We've been reading some comments in our previous post "Updates!" and certain people have been a little bit excited and hastily updated using yesterday's iTunes update without getting the information first ;-)

If you want a quick summary of what to do go to the end of this post if not continue reading ;-)

We don't see any major problems with the release that Apple made, but we have not released an update for PwnageTool for it as yet and therefore PwnageTool 2.0.1 will currently not work!

If you absolutely can't wait then original (2G) iPhone owners can update using iTunes if they really need to, but you'll lose third-party applications that rely on the Jailbreak, although it is reported that the 2G device remains activated, we have not clarified this.

3G owners can in theory update, but you'll lose the jailbreak, and you should only carry out this update if you always plan to use the 3G phone with the original carrier, but be warned that there is a baseband update that occurs during this update that could impact the ability to unlock the device (if and when an unlock becomes available), we have not fully tested this baseband update as yet, but we think it is better to be safe than sorry, officially unlocked SIM-Free iPhone 3Gs will always remain unlocked with the updates you apply from Apple, but again the jailbreaks will be lost.

We'd like to update you on what we've been doing for the last week or so, and to bring you up to speed with a couple of workstreams.

Things are certainly hotting up for the DevTeam with most of our members being able to obtain 3G iPhones, which means a distributed workload and lots of fun for our team members.

A week ago, we posted a screenshot of an iPhone 3G downgraded to an earlier baseband firmware.  We are able to execute unsigned code on the baseband in order to circumvent a security check, which then allows us to flash the baseband to an earlier version.  Of course, this isn't a 3G unlock (as yet) but it is a demonstration of our ability to hand-control the baseband.

With all this upgrading and downgrading,  we were worried about bricks, so we've developed a method to dump the WiFi tables and the seczones.  Now we can modify without sweating, since a successful recovery can be made at any point.  With this out of the way, changing our underwear every 5 minutes isn't necessary! 

So, we are making steady progress towards the goal of a software-based iPhone 3G unlock.  Please note though that we are working hard on it with no estimates of if and when it will be completed.  We'll update you as soon as we know anything else so stay tuned and watch this space.

The other day our friends over at RiPDev posted some awesome looking screenshots of their upcoming Installer 4. We don't know exactly when they'll be releasing this but it certainly looks very polished and along with Cydia this is another slick alternative to Apple's AppStore. Hopefully it should be with us quite soon. Nice work chaps!

This image is the "About" screen from a 3G iPhone that was bought in a store last week. As you can see the modem firmware version has been successfully downgraded to an older "beta" firmware. This is not an unlock (yet), but it is our illustration of the first progress made with regard to hacking the 3G baseband. We have accomplished this by being able to execute our own code on the baseband that allows us to circumvent security checks and flash the baseband with older, disallowed firmware. Please note this has been accomplished using software only, the iPhone 3G has not been disassembled or hardware modified in any way.

Two weeks ago, the 3G iPhone and 2.0 firmware were released by Apple.  Last week around this time we released our jailbreak for all devices, and unlock for the 1G iPhone.  Since that time, it's been a busy week!

Dev Team's planetbeing released xpwn, cmw released winpwn, and Apple pushed out 2.1 firmware to beta testers.  And meanwhile the pursuit of the 3G unlock goes on.  Whew that's a lot of activity for one week!

Here's a screenshot of 2.1 running on an unlocked iPhone 1G.  Pwnage remains in effect.   Unlike all other jailbreaks (and unlocks for 1G), we believe Pwnage to be fixable only via a hardware revision.  So far Pwnage has worked for 1.1.4, all eight (!) 2.0 betas, 2.0 itself, and now 2.1 beta1.

For those of you on Windoze who haven't yet followed the guides on how to restore to an OSX-created IPSW, or for those of you who don't trust IPSW's created by others, good news!

cmw has released winpwn, the Windoze version of pwnagetool! The rapidshare download is at rapidshare, or visit http://winpwn.com for updates.

We don't directly support winpwn, but if done right it should be a GUI implementation of xpwn from DevTeam's planetbeing.

Hey guys, The development sources for xpwn 0.3, the firmware 2.0 version of our cross-platform jailbreaking library/command-line utility have been pushed onto github. We've tested it on Linux, Windows XP, and Windows Vista for both the iPhone 2G and iPhone 3G thus far, but since it uses the same FirmwareBundles files as PwnageTool, and we know those work for the iPod touch, there ought not be any problems. Being a suite of command-line utilities, this release is meant primarily for developers. While you can certainly jailbreak (both 3G and first-gen) and unlock (first-gen) with it, it's not really something you want to try without reading the lengthy, detailed README. If you don't have the patience to do that, this release is not for you. We're hoping the community will use this to create useful, easy-to-use jailbreak related applications for all platforms. This is an open source endeavor and you are more than welcome to fork it, fix our bugs, submit patches, etc. Now it's time for you guys to step up to the plate. :)

pumpkin has been a little frustrated of late, and decided to write up what was bothering him over on his site. You may find it interesting.

Well, the response was overwhelming. :) The downloads brought down several of our servers, and some of them have yet to recover!

It seems that some people have been having problems with our initial release, so we have PwnageTool 2.0.1 for you. It addresses the following issues:

Here you go. [appears to be down for now, we took link down until we can revive the poor wounded server] We'll be releasing a more official announcement soon, but we wanted to get the tool out there. We sincerely hope you enjoy using it as much as we enjoyed making it :)

Update 1: Just to clear up some confusion over what this actually does: yes, it jailbreaks and unlocks older iPhones, and jailbreaks iPhone 3Gs and iPod Touches. We only support the 2.0 firmwares.

Update 2: It looks like there aren't enough TCP ports on that server, so _BigBoss_ has generously offered to it.

Update 3: If you get Error 1600 from iTunes (or if you see in your log a failure to prepare x12220000_4_Recovery.ipsw), try: mkdir ~/Library/iTunes/"Device Support" ;  if that directory already exists, remove any files in it.  Then re-run PwnageTool.  

Update 4: Here's another mirror

We love Sundays. We think you will too.

Boldog Születésnapot pytey! Most nem tudunk neked egy letölthető születésnapi ajandékot adni, de nagyon hamar az is megérkezik!

So we've been working hard on getting the release ready and during this process we've been fixing some final bugs, the actual base of PwnageTool application is working fine and working with all devices that we support. We've been restoring our devices to various firmware revisions so that we can try to reproduce the conditions that most users will have. We are able to fully install any applications on any part of the current devices running 2.0 (and b103) and these versions are the iPhone 114, iPhone 2.0, iPhone 3G. 

Apple released an update (b103) just before we were about to release and that support had to be added to the current version, it is pointless to release something that doesn't work on devices out of the box (we've been told new 3Gs will have this firmware), we don't want drama, and we want to do as little support as possible, so we want to make it right the first time.

It was lucky that we delayed slightly as we discovered a bug that causes unexpected behavior when using AppStore and third party applications on the same device. We are working on fixing that bug now, we don't anticipate it is a big one, it has some really odd side effects, causing WiFi dropouts and the loss of stored passwords for WiFi networks. Of course this is only a minor software issue, nothing like the horrible static MAC address that another "elite byte adjuster" forced upon their users.

So, currently (when released) PwnageTool 2.0 will support:-

iPhone (1st Gen) with 2.0 - Activated, Unlocked & Jailbroken, (with support for third party applications).

We've read some points in the comments that we would like to formally reply to, and of course we like to keep you updated with our progress and keep you "in the loop".

The iPhone 3G came out on Friday the 11th of July (a little over 5 days ago).

We had hacks and exploits in our toolbox that we were pretty sure would work on the retail 3G device and not only pre-release devices (these exploits form the basis of the Jailbreak and Pwnage system) so we needed to test these out on real hardware that we'd bought in the stores, our guys in North and South America had to get hold of these devices in the usual way (by driving long distances and queuing up in the stores) and our guys in Europe, Eastern Europe and Russia needed to obtain devices from further afield (one example is a 3G device being personally couriered from Switzerland).

Once the hardware was in our hands the distributed work effort could begin (we reported on our first initial tests being successful on the 11th of July), various members of the team worked on different parts of the hack, they worked on elements that could speed up the packaging of the hack into something that we could deliver to you. The hack that we use is then tested and incorporated into PwnageTool and bugs and glitches are ironed out, these are non-trivial bugs these are the kind of bugs that can brick your phone, we don't release stuff that we feel will risk your device, we want to make sure that everyone can use it properly and be happy.

We are not holding back on a release to make a UI prettier, we are not working on drop-shadows, pretty UI elements or color-schemes, we know a fantastic graphic artist that just deals with this stuff for us, so we don't waste any time there, we are just making sure that everything is OK, everything is tested and everything is safe,  also the posting of videos and blogging doesn't use any time as videos are taken in "down time" when we are celebrating progress or a specific achievement (remember how we said this is a hobby and fun), video making, blogging and other public facing activities come second, the real work comes first.

So some might think we've been twiddling our thumbs or sat on our hands, but this couldn't be further from the truth.

That truth is that we've have added a little feature that a few people might like. Here is a screenshot of the new and improved device selection screen.

Here is another video to illustrate this.

Untitled from iphonedev on Vimeo.

What you are seeing is the world's first jailbroken iPhone 3G running our own software. I think you'll agree that this was worth the wait.

http://www.ihazsupper.com/

For the 800 of you who wanted a video, here it is.

This is the command line to talk to your iPhone's "BIOS" of sorts. It decides what gets run (if it's signed correctly) or not. Normally it's very restrictive. Unless it's been pwned.

Pwnage breaks the chain of trust from the very earliest boot stage, and as the video shows, this chain has now been broken on the iPhone 3G. Given that the only thing lower than this is ROM, Apple will have to change the hardware to prevent us from getting in, and we don't expect them to ask for your phone back so they can "fix" it. 

Please note that this has been anything but trivial, and it wasn't as easy as porting our old code to the 3G iPhone. Many of our best hackers have been working in long shifts all weekend on this, and continue to do so as I write this post, we like to think of these guys as our very own master cobblers.

Note that this is indeed what geohot was talking about when we first talked to it almost a year ago, ironically we (that includes geohot at the time) were unable to do anything with it then. iBoot exists because iTunes needs something to interact with when restoring the phone, but as mentioned above, is normally heavily restricted, only allowing Apple-approved code to run, obviously this isn't the case anymore ;)

So we are still cranking away finalizing PwnageTool for release, and as we said it'll be soon. We've read some comments in our previous posts suggesting that the videos are a tease, so we've taken that on board and we are asking you guys the users and supporters.

Would like to see another video, it is a fairly technical video, with some stuff blurred out to protect some stuff we are working on, but assuming you guys are OK with that we can post it later.

It is your decision,  another  video?  Yes or No?

Let us know in the comments.

Over the last year we've discovered some interesting things about the software used in the iPhone. These "hacks" , "exploits"  and "techniques", or whatever you want to call them, are valuable - not only from a financial perspective (so scummy people can sell unlocking software) but also from a strategic point of view. Think of it like a game of poker, showing your hand too early would certainly make you lose "the game". 

The majority of iPhone users are not technical - they want an easy, one-stop, simple application that will allow them to quickly and painlessly unlock their phone. If we were to release a crummy command-line based tool that does the immediate job that everyone is screaming for, we'd only end up in the following situation:

1) The technique is released to the world and people use this technique to quickly create GUI apps that they charge cash-money for, or re-release something hacky and horrible that bricks lots of devices, or for example disables the WiFi that then causes more stress that ultimately comes back to us

2) The technique is exposed to the vendor, allowing them to locate and repair the security hole. Sometimes these security holes span product versions, for example: between the first generation and second generation iPhone. In such a case releasing the knowledge in the middle of the product development cycle is pointless and risks the "usefulness" of the technique - especially if there are existing hacks/techniques that work just fine.

The iPhone DevTeam is comprised of a group of people who work together over IRC from various parts of the world. This distributed method of working happens 24 hours a day with people performing tasks in the time that best suits their time-zones. It is a completely self-managing, self-regulating and member-funded organization. Most of us have never met face-to-face and we rarely know real names - in fact, we would more than likely not recognize each other if we walk past one another on the street. Despite this we follow a strict "hacker code": ground rules by which we all abide. 

So guys, below is a link to the video of the upcoming PwnageTool 2.0 

Many many hours have gone into this and now it should be as easy enough for your grandmother to use.

We've added lots of new features, including 2.0 support, spotlight file indexing of .ipsws, canned websearches, installer custom configuration, custom root partitions and various other things that you'll see on the release. Release date is soon  although not this weekend. So check out the video, hopefully it will hold you off until we release. High quality video is here (although the server is suffering a bit) YouTube link here Music by the Marx brothers :-)

UPDATE: Please don't pay close attention to the wording in the popups of PwnageTool as this is mainly placeholder text while we finalize everything for release. PwnageTool works with 2.0 upgraded 1st gen iPhones if they are activated or not.

So, some of the guys are still waiting in line, but the important test that we needed to do has been completed, so to recap on what we wrote in our last post :-

"UPDATE: So guys, the out of the box tests on retail hardware are great. Everything works as we anticipated. This is great news, seriously. No riddles or jokes or cryptic messages now, watch this space."

We'll be doing another post soon, with some more info and a video of an upcoming release, so please bear with us, it will be worth it :-)

Right, so three of our members are waiting to buy the lovely shiny Apple 3G iPhones. We need a couple of new out-of-the-box iPhones, for erm, some tests. Our guys are on the ground in various parts of the world, and we'll be bringing you updates on their progress (in this post) hopefully with photos. Keep an eye out for them, but be warned, they'll be in disguise as Apple geeks to blend in with the crowds.

UPDATE: bugout enters the store and says that the activation servers are fubar. They have given him a black 16GB as "<bugout_> white is f***ing ugly". He has been told to take it home and activate it. :-) course he will.

UPDATE: MuscleNerd and Pumpkin are suited and booted, they've left their houses and are on the way to the stores, we've heard it is 1 per customer, which is a shame because they each have a  pocket full of cash for phones for our Eastern European colleagues. 

UPDATE: We have a video of something you guys might be interested in, all will be revealed later. 

UPDATE: MuscleNerd says there are 200 people ahead of him, and about 500 units in stock. He doesn't want to get physical to get one, we told him to chill, he needs to act more like an Apple fanboy and they generally don't have muscles.

We've seen some comments about you lovely people wanting to donate money to us. We'd just like to say that we DO NOT accept donations. There is no paypal account associated to us, there is no way to donate to us, we do this as a hobby and don't want to be paid and we fund all of this ourselves and it works out just fine.

Anyone who says "donate to DevTeam" in our name is lying, so don't send them anything, you'll just fund their crack habit.

Keep your dough for the lovely shiny Apple products, we think you'll need it.

If you do want to send us something, please send a scan of a postcard from your city, handwrite a nice message scan it and sent it over to [email protected]

We prefer old fashioned courtesy over flashing animated location maps, we are simple like that. We'll post the best ones on a page on the wiki.

Appstore is live! And iTunes is working in Russia!

Oh, see if you can spot the difference between our screenshots and others you'll see later today....

Not an imposed web-link widget in sight, all optional and selectable, you make the choice.

We shall be free!

Violins at the ready!

Honk-Honk!

What do we have here then?

Our compilers are working overtime...

So, earlier today we were alerted to a scummy, scammy and not-at-all-nice operation at  http://www.iphoneunlockuk.com .

These guys are selling our PwnageTool application. The people at this 'company' have modified our application (in a rather amateurish way) and sell this to people for £29.99. This is unfortunate as we have all put in lots of time to bring you this application for FREE.

We didn't license this application to them, we don't license it to anyone. The application even contains the PwnageTool helpfile and original credits! 

Well, thanks to Jody Sanders of 118 Bromyard Road, Worcester, United Kingdom for bringing you this scam, he or she can be found drinking in the Garabaldi Pub in Bromyard Road, Worcester why not pop in and buy them a pint? 

You can read the Hacknt0sh forum thread here which makes very interesting reading.

It seems like the English and Russian Pwnage videos that we posted in March are HOT property. The Russian version has been downloaded a staggering 1,197,369 times and the English version 529,271 times!

The MP4 quickly made it onto Youtube and has had approximately 578,779 views there! With stats like those it is no surprise that the PwnageTool 1.0 and PwnageTool 1.1 applications have been downloaded over 1 million times and they are happily Pwning devices from all over the world. 

We sure get a kick out of thinking our little cartoon character Steved is waving away in all those pockets! We would like to give a special thank-you to our users in Russia, those video views have certainly put strain on our download infrastructure (which is built around of a cluster of 25 iPhones running apache2).

So the long-awaited 3G phone won't be released until July. Another long month ahead before the fun begins again...

P.S. We have plenty of 3G phones already, don't send more.

This feature will be available only for firmware 2.0

We found a way to set the root partition size on restore. We are going to add this ability to PwnageTool 1.2. Customized root partition size will give you as much space as you want for Installer.app packages :)

Click for larger picture  

Click for larger picture 

We are working on the upcoming release of PwnageTool 1.2.

One of new features will allow you to add Installer.app packages that are obtained from existing Installer repositories, you'll be able to just add these into PwnageTool and the packages will be automatically added to the custom created .ipsw.

We thank the RipDev team for the help with this, they are really helping us to bring this feature from the Installer.app side. 

Hello all.

We've decided to start a small blog for some thoughts and interesting links. The de-facto information source will still be the devteam wiki but here you'll be able to find less formal information from our team members. 

We've been busy with iPhone stuff but also cataloging our favorite foodstuffs