Nytro Posted January 9, 2017 Report Share Posted January 9, 2017 Jonathan Zdziarski @JZdziarski 1h1 hour ago In honor of the iPhone’s 10th Anniversary, here are the original jailbreak instructions for iOS 1.0 Opening the iPhone NerveGas has the spirit. It exploits Apple's 'generosity' in leaving things inside the (only) perimeter 'wide open'.NerveGas on #iphone figured out a clever way of enabling SSH on the iPhone. First he overwrites the update binary with chmod. Then he tricks the iPhone into calling update so he can reset the mode of the Dropbear server to make it eXecutable. Then he puts everything back where it was. Mission accomplished! Working SSH Instructions by NerveGas Previous instructions on the net have required the use of restore mode to set binary permissions. Unfortunately, restore mode doesn't work with all public versions of iPhoneInterface I've tried. The instructions below work by overwriting an existing binary on the system with chmod, and then calling it with the appropriate arguments to set permissions. The result is a fully functional SSH setup. You can then proceed to uploading your own world builds, or other programs to execute via commandline. Step 1: Key creation. On your Mac or PC download Dropbear from here: http://matt.ucc.asn.au/dropbear/dropbear.html Run: ./configure && make You don't need to install the software, just run: ./dropbearkey -t rsa -f dropbear_rsa_host_key ./dropbearkey -t dss -f dropbear_dss_host_key And copy the two new key files into your iPhoneInterface directory. Step 2: Uploading Dropbear and friends. Download the iphone-ssh kit and the iphone binaries kit: http://www.abigato.com/iphone-ssh-kit-vr1.tar.bz2 http://netkas.freeflux.net/blog/ Rename sh6 from the kit to sh. Use the jailbreak application to break out of jail and then open iPhoneInterface to connect. mkdir /etc/dropbear cd /etc/dropbear putfile dropbear_rsa_host_key putfile dropbear_dss_host_key cd /bin putfile chmod putfile sh cd /usr/bin putfile dropbear Step 3: Overwriting 'update' with 'chmod'. While still connected to iPhoneInterface make a backup copy of /usr/sbin/update: cd /usr/sbin getfile update Rename this to update.original on your local filesystem Now copy the 'chmod' binary to 'update' and upload it back to the iPhone: cd /usr/sbin putfile update Step 4: Overwriting the update configuration. Now the 'update' binary is really 'chmod' and has execute permissions! We just need to tell the iPhone to chmod next time it boots. To do this, we download /System/Library/LaunchDaemons/com.apple.update.plist and add our own arguments to ProgramArguments: 0 /usr/sbin/update 1 555 2 /bin/chmod 3 /bin/sh 4 /usr/bin/dropbear Save the new plist and upload it back to the iPhone: cd /System/Library/LaunchDaemons putfile com.apple.update.plist While we're here, lets also: putfile au.asn.ucc.matt.dropbear.plist Step 5: Reboot the iPhone twice. The first reboot should set the permissions on the dropbear and related binaries. The second reboot should start dropbear, so you can ssh to it: ssh -l root [IP ADDRESS] The root password is 'dottie'. Step 6: Replace the original update and com.apple.update.plist files. Don't forget to put the old update files back. Rename update.original back to update, and delete the extra ProgramArguments you added to com.apple.update.plist. Now put them back: cd /System/Library/LaunchDaemons putfile com.apple.update.plist cd /usr/sbin putfile update Step 7: Change the root password. If you don't like 'dottie', you can generate a new encrypted password by running: perl -e 'print crypt("MYPASSWORD", "XU");' Where MYPASSWORD is the new password you want, and XU is a random two-letter salt. Copy the encrypted output and replace the existing one in /etc/master.passwd on the phone. You're done! Enjoy! -NerveGas Sursa: http://rixstep.com/2/2/20070805,00.shtml Quote Link to comment Share on other sites More sharing options...
