Dev-Team Blog
To find yourself, think for yourself © Socrates 469 BC
March Mayhem 

As the whole tech world waits for today’s Apple Event, it seems like a good time to remind both veteran and amateur jailbreakers about the fundamental rule of jailbreaking:  Avoid firmware updates!

In all likelihood we’ll see the GM “gold master” version of 5.1 this week.  DO NOT UPDATE TO 5.1, because you may lose your jailbreak!  The rest of this post details the subtleties with this rule, but if there’s only one message to take home, it’s the overall “do not update” message!  Now for the nitty gritty exceptions:

  • Soon after 5.1 appears on Apple’s public servers (i.e. iTunes starts to offer it), Apple will stop signing 5.0.1 SHSH blobs.
  • If you have an iPhone4S, the basic rule above is really the only rule:  you cannot restore back to 5.0.1 once the 5.0.1 signing window is closed, no matter what (even if you saved your SHSH blobs).
  • If you have an iPad2 with saved 4.x hashes, you can in fact downgrade to that 4.x but you won’t be able to get to 5.0.1 once the 5.0.1 signing window is closed (even if you saved your 5.0.1 SHSH blobs).
  • If you have a device earlier than the iPad2, you can downgrade to whatever version you want, as long as you have saved SHSH blobs for that version.  You’ll need the assistance of geohot’s limera1n exploit with tools like redsn0w to get into “pwned DFU mode” and bypass the downgrade restriction.

As you can see, it really is a nuanced landscape so it’s sometimes hard to drive the message home to new jailbreakers.  But the basic rule is the simplest (and it’s better to be safe than sorry!):  If you update to 5.1 you’ll very likely lose your jailbreak, so don’t do it!  Exceptions are noted above.

Now let’s see what Apple unveils today!

Update #1:  First, please read and re-read the above warnings!  With all of that in mind, we realize that some of you non-A5 jailbreakers are itching to get to 5.1, even though there seems to be no compelling new feature there. Because of geohot’s limera1n exploit, those with devices earlier than the iPad2 can test the 5.1 jailbreak waters if they really want to, using redsn0w 0.9.10b6.  Here’s what you need to know:
  • This is a *tethered* 5.1 jailbreak for non-A5 devices.  You’ll need to use redsn0w to “Just Boot” your device every time it power cycles, otherwise jailbreak apps won’t work (neither will Safari).
  • If you use ultrasn0w for your carrier unlock, be sure to use a custom IPSW to get to 5.1 first!  Don’t ever restore to a stock Apple IPSW!  Use redsn0w’s “Custom IPSW” button to create a NO_BB_* version of the 5.1 IPSW and restore to that instead of the stock one.  (That option is available only to 3GS and iPhone4-GSM owners.)  ultrasn0w itself will be updated for 5.1 in the next few days (same baseband support, not 5.1’s baseband).
  • If you’re lucky enough to have an old-bootrom 3GS, this jailbreak is actually untethered (redsn0w will figure that part out automatically).
  • While we were at it, we added @pod2g’s steaks4uce exploit to support MC models of the iPod touch 2G (whose last firmware was 4.2.1).  So now redsn0w will auto-detect and jailbreak both MB and MC versions of that older device.
  • iBooks won’t work until a future update of redsn0w
Update #1b: The OS X version of redsn0w has been updated to fix an issue for those running OS X 10.5.x or earlier.
Update #2: Version 0.9.10b7 of redsn0w adds a collection of useful features:  It finally implements the corona-A5 jailbreak for iPhone4S and iPad2 devices still at 5.0.1.  It can also re-install that jailbreak for those who accidentally uninstalled the untether.  When stitching an IPSW, it can now grab your blobs directly from Cydia.   It now shows a lot more info about your device (for instance, whether your iPhone3G has the vulnerable baseband boot loader, or whether your iPhone3GS has the old exploitable bootrom.   (And the next new feature to be added will be built-in restore support, to provide an alternative to iTunes restores.)
Update #3: redsn0w 0.9.10b8 adds the ability to backup arbitrary directories or files from your device into a zip file on your Mac or PC.  The new button is Extras->Even More->Backup and it requires your device to be jailbroken with the afc2 service enabled (most jailbreaks include that).  By default it will backup your activation records from /var/root/Library/Lockdown, which is useful for everyone taking advantage of today’s SAM unlock using Loktar_Sun’s trick (more on that in a later post!).
Update #3b: The 0.9.10b8b update to redsn0w makes the zip files more compatible with the native Windows explorer (which doesn’t like leading slashes in the filenames).
Here are the redns0w download links: