How to Escape Jail

From The iPhone Dev Wiki

Jump to: navigation, search

This tutorial is written for use with iPHUC, downloadable from the public SVN.

Please do not ask for support for iPhoneInterface, "jailbreak", or any other depreciated, closed-source, or otherwise half-assed programs.

The following assumes that you're actually able to run iPHUC.


Contents

Step One

Get the firmware package (links from Apple Firmware File), and decompress it to a directory, for this tutorial we will assume that you decompressed the firmware package to a directory at the root level of your harddrive called 'phonedmg'. Note: Even if you have software version 1.0.1, you still need the 1.0.0 firmware image. If you do not understand what this means, you should probably wait for someone to write a script or ask for help.

Step Two

Press the Power and Home buttons on your iPhone for 25s to reboot into Recovery Mode, and make sure you quit itunes, or else iPHUC might not be able to connect to the device.

To exit iTunes:

Quit the iTunes application with cmd + q
Open up terminal and type killall -9 iTunesHelper and press enter

Run iPHUC and after you see the Recovery prompt, execute the following commands:

grestore /phonedmg 
exit 

[wait for "FTL_Open" message to appear on the phone]

FileSystemCheck /dev/disk0s2
mount /dev/disk0s1 /mnt1
mount /dev/disk0s2 /mnt2
ditto /mnt1/etc/fstab /mnt2/root/Media/fstab
ditto /mnt1/System/Library/Lockdown/Services.plist /mnt2/root/Media/Services.plist
umount /mnt1
umount /mnt2
exit

Reboot your iPhone with the button command (top + home until it restarts.) Then, do the following:

getfile fstab fstab
getfile Services.plist Services.plist

Step Three

Open the fstab file that you downloaded to your computer (if you followed this tutorial exactly it should be in the root directory) and change 'ro' to 'rw' on the first line and save it. Now open Services.plist and AFTER the fourth line ( should be "<dict>" ) add the following:

	<key>com.apple.afc2</key>
	<dict>
		<key>Label</key>
		<string>com.apple.afc2</string>
		<key>ProgramArguments</key>
		<array>
			<string>/usr/libexec/afcd</string>
			<string>--lockdown</string>
			<string>-d</string>
			<string>/</string>
		</array>
	</dict>

Now execute the following commands in iPHUC to put them back on the iPhone:

putfile fstab
putfile Services.plist

Step Four

Press the Power and Home buttons on your iPhone for 25s to reboot into Recovery Mode. Run iPHUC and execute the following commands:

grestore /phonedmg
exit

[wait for "FTL_Open" message to appear on the phone]

FileSystemCheck /dev/disk0s2
mount /dev/disk0s1 /mnt1
mount /dev/disk0s2 /mnt2
ditto /mnt2/root/Media/fstab /mnt1/etc/fstab
ditto /mnt2/root/Media/Services.plist /mnt1/System/Library/Lockdown/Services.plist
umount /mnt1
umount /mnt2
exit

Reboot your iPhone with the button command. Now, whenever you want to access to the entire phone while in iPHUC, simply type:

setafc com.apple.afc2

Be advised that iTunes being connected to the phone when you execute 'setafc' may cause the command to fail