Pages

Subscribe:

Ads 468x60px

Friday, October 14, 2011

Jailbreak iOS 5 with Redsn0w 0.9.9b5

beta everything

WWDC 2011 is winding down to a close, and developers of jailbroken apps for Cydia are probably itching to get started on all the iOS 5 goodness. It seems like a good time to release the tethered redsn0w jailbreak for iOS 5. The following devices are supported:

  • iPod touch 3G
  • iPod touch 4G
  • iPad 1
  • iPhone3GS
  • iPhone4 (GSM)
  • iPhone4 (CDMA)

UNLOCKERS AND THOSE PRESERVING THEIR UNLOCKABLE BASEBANDS SHOULD STAY FAR AWAY FROM THIS! You will very likely lose your unlockable baseband if you try to install iOS 5.

THIS JAILBREAK IS INTENDED ONLY FOR DEVELOPERS OF JAILBROKEN APPS! There are just too many broken components (Apple’s official apps, 3rd-party App Store apps, Cydia apps, MobileSubstrate apps, etc) for this to be useful to anyone but those truly looking to fix bugs in their iOS 5 jailbroken apps. (Seriously!)

THIS REDSN0W WILL NOT HACTIVATE! You need to be an iOS developer with a registered UDID to get past all the new activation screens. PLEASE DON’T PIRATE APPLE SOFTWARE! Only registered devs with Macs can develop iOS applications, and only those people will have legitimate access to the beta IPSWs. See update #1 below.

THIS IS A TETHERED JAILBREAK ONLY! No new exploits are being exposed with this jailbreak (it uses geohot’s limera1n bootrom exploit), but that comes at a cost. You will need to use redsn0w to “Just boot tethered now” to be able to use many things, including Cydia and Safari. If you see a white icon for Cydia, or if Cydia or Safari crash when you open them, it’s because you didn’t boot tethered.

IF YOU HAVE THE 06.15 BASEBAND ON YOUR 3GS…this redsn0w will get you past the iTunes restore error you’ll get when using the stock IPSW (nobody other than those with the 06.15 baseband should be going anywhere near the stock IPSW!).

The way redsn0w works, you will very likely be able to use this on upcoming iOS5 betas, just by continuing to point redsn0w at the 5.0b1 5.0b4 IPSW. So keep that IPSW handy!

Although most people just launch redsn0w by double-clicking it, remember there are “advanced” options available to those who invoke it from the Terminal shell:


Update #1: Since Apple now provides Windows iTunes 10.5 for iOS5 and iCloud developers, it’s no longer the case that only Mac owners can legitimately activate their devices. We now provide a Windows version of redsn0w for those developers (only!).

Update #2: We’ve updated redsn0w to account for the sandbox changes that affected App Store apps in 5.0b3 (and it now recognizes the IPSWs for all three betas so far). If you already jailbroke 5.0b3 using the previous redsn0w, you don’t need to re-jailbreak…just use this updated version to boot tethered. Point redsn0w b3 at the b3 IPSW when jailbreaking iOS5b3.

Update #3: For the convenience of kernel hackers like @comex and @i0n1c, we have a new redsn0w 0.9.8b3 that supports a TETHERED jailbreak for iOS 4.3.4 on all devices that have 4.3.4 except the iPad2. The vast majority of people will want to stay back at 4.3.3 because that’s where the untethered jailbreak is! There are no new features in 4.3.4 — only fixes for jailbreak exploits.

Also, this is a good time to remind everyone (since we’re still seeing confusion about this): iPad2 owners with a baseband (3G or CDMA) cannot currently use saved blobs to go back to 4.3.3 once the signing window is closed. This is unlike every other device, so don’t be confused! iPad2 owners with basebands should stay away from all updates to maintain the jailbreak!

Update #4: In conjunction with iOS5 beta4 being released to iOS developers, redsn0w 0.9.8b4 is now available for jailbreak app developers (point the b4 redsn0w at the b4 IPSW). Remember, it’s a tethered jailbreak right now so you’ll need to use redsn0w to boot into a jailbroken state at each power cycle.

NOTE: It appears that by design, the OTA update that became available starting with iOS 5 beta4 will *not* be automatically applied to jailbroken devices. That’s a relief to those who don’t want to lose their jailbreak via OTA pushes. If you’re jailbroken, you’ll need to use the standard iTunes method to get to iOS 5 beta4.

Update #5: redsn0w has been updated to 0.9.8b5, adding support for Apple’s new iOS5 beta5 (point it directly at the beta5 IPSW). Please use this only if you’re a jailbreak app developer with a legit Apple dev account, and remember it’s a tethered jailbreak for now!

Update #6: We’ve released redsn0w 0.9.8b6 to jailbreak iOS5 beta6 (point it directly at the beta6 IPSW). Two important notes about this version: (1) Please let your device boot normally to IOS5b6 and do a clean shutdown (slide to power off) before jailbreaking. (2) Boot logos have intentionally been disabled for now, so you’ll see a black screen on tethered boots (you can re-enable logos or verbose boot with command-line options if you really want them back).

Due increased sensitivity to abrupt filesystem shutdowns in IOS5b6, it’s very important that you do a clean shutdown before running redsn0w.

Update #7: Apple updated the iPad1 iOS5b6 IPSW without changing its version number or filename, so we’re releasing redsn0w 0.9.8b7 to handle both the original and changed IPSW. We’ve also added explicit support for a tethered 4.3.5/4.2.10 jailbreak (instead of pointing at the 4.3.4/4.2.9 IPSWs) and fixed a 4.2.10 problem.

Update #7b: About 12 hours after we released redsn0w 0.9.8b7 with some improvements for iOS5b6, Apple went and released iOS5b7 (what are the odds of that?!?). Even though that redsn0w could still jailbreak iOS5b7, you needed to point it at the iOS5b6 IPSW to do so. Today’s redsn0w 0.9.8b7b lets you point redsn0w directly at the iOS5b7 IPSW instead.

We’ve also added some overall improvements for old-bootrom 3GS owners (where the 24kpwn exploit applies): on those devices, you can tell redsn0w to untether 4.3.5 and lower, or iOS5b7. Old-bootrom 3GS owners can once again choose custom logos, and/or verbose booting (for the really nerdy iPhone3GS fans out there!). And it allows 4.3.4 or 4.3.5 users to use ultrasn0w again (if they have a compatible baseband).

Last but not least, we fixed some lingering Verizon iPhone4 4.2.10 JB issues.

Have a great Labor Day weekend!

Update #7c: For those 3GS owners with the 06.15 baseband (and only those owners!), version 0.9.8b7c allows you to restore to the stock 4.3.5 IPSW, then simply run redsn0w to jailbreak. (redsn0w has a built-in fixrecovery that will get you past the Error 1015 you’ll see when you try to restore to the stock 4.3.5 IPSW with a 06.15 baseband)

Update #8: This space intentionally left blank.

Update #9: A bunch of new features!

  • uses DFU mode to try to automatically determine which device and FW you have
  • fetches pieces of public IPSWs from Apple (once). Non-public IPSWs must be provided manually (once). It then caches those pieces for future use.
  • “Just boot” is a tethered boot. Uses whatever “Preferences” you’ve set for boot logo and kernel boot-args
  • “Pwned DFU” puts your device in a pwned DFU state for some of the iTunes stuff detailed below
  • “Recovery fix” gets past 1015 types of errors (when baseband portion of restore fails). Should work on iOS5 beta too
  • “Select IPSW” is for picking non-public IPSWs, or overriding auto-detection
  • “SHSH blobs” has a bunch of options…
  • “Fetch” - fetch current PARTIAL blobs on device. Should complete in under 10 or 15 seconds. Puts the set of PARTIAL of blobs on your computer as a plist. Checks if Cydia already has a full set for this device and build. If not, it submits this PARTIAL set and returns Cydia’s acknowledgement or rejection
  • “Verify” - cryptographically verifies existing blob files from either redsn0w, TinyUmbrella, or Cydia server. You can select a whole bunch of blobs to verify at once if you want (like the TinyUmbrella directory)
  • “Submit” - both verifies and submits one or more blob files to Cydia. This lets you copy your entire TinyUmbrella cache of blobs up to the Cydia server
  • “Query” - queries the Cydia server for all available FULL or PARTIAL blobs for a given set of ECIDs
  • “Stitch” - stitches either FULL or PARTIAL blobs to a STOCK or CUSTOM IPSW
  1. Stitching is NOT yet supported on iPhones! Need to work out the baseband part of the restore process.
  2. FULL blobs stitched to a STOCK IPSW gives you a completely self-contained signed IPSW that iTunes will accept without any tricks (no need to go into pwned DFU mode, no need to start TinyUmbrella TSS server, no need to redirect to Cydia server for blobs)
  3. PARTIAL blobs stitched to any IPSW requires you to go into pwned DFU mode before running iTunes. No need to start TU or use Cydia though.
  4. Stitching either FULL or PARTIAL blobs to a CUSTOM IPSW also requires a pwned DFU start before iTunes restores. No need to start TU or use Cydia though.
  5. Will eventually support fetching the blobs directly from Cydia instead of a file on your computer

Update #10: Version 0.9.9b2 has been released with fixes and enhancements related to: Verizon iPhone4 firmware detection, Fix Recovery, Stitching, and blob processing. If you encountered a problem with any of these in the b1 version, please try b2 and leave any feedback below!

Update #11: redsn0w has been updated to 0.9.9b3 to auto-detect iOS5 GM firmware. Remember: it’s still tethered for all devices except for iPhone 3GS with old bootrom. If you don’t use redsn0w to “Just boot” at power up, all jailbreak apps (and even some native ones like MobileSafari) will fail to launch.

If you already jailbroke the GM by pointing an older redsn0w at the beta7 IPSW, there’s no need to re-run the full jailbreak step again…just use this newer one to make the tethered boot easier :)

Update #11a: We’ve replaced the Windows version of 0.9.9b3 with 0.9.9b3a. The new version fixes a caching bug that affected only Windows users — point it one more time at your iOS5GM IPSW, and from then on you won’t have to point at it again.

As a special bonus to Windows users, we’ve made it so that if you make a copy of redsn0w.exe and name it something like “justboot.exe” (anything with the word “boot” in it), it will start up in “Just Boot tethered” mode. That way you don’t have to click on any buttons at all to boot tethered! :)

Update #12: For those of you who experiment with your own custom ramdisks using the -r command-line option, version 0.9.9b4 adds auto-detection support for iOS5. This is needed because iOS4 and iOS5 treat the root partition differently (it’s encrypted in iOS5). redsn0w will now upload the correct iOS5 kernel by itself, but it’s up to your own launchd to determine if it needs to mount using the old or new partition scheme.

redsn0w now also accepts both native and img3-encapsulated versions of files you provide via the -r, -k, and -d command-line options (do redsn0w -h to show all the available options).

Update #13: With today’s official iOS5 release, redsn0w has been updated to 0.9.9b5 to include the public URLs for the IPSW files. This way, first-time iOS5 jailbreakers don’t need to supply the IPSW file manually. It’s still a tethered jailbreak on all except the old-bootrom iPhone3GS, and it doesn’t apply to iPad2 or the upcoming iPhone4S.

Because the jailbreak is currently only tethered for most devices, we’re not going to release a new PwnageTool yet. Instead, we’ve decided to build some of PwnageTool’s functionality into redsn0w (since you need redsn0w to “Just boot tethered” on every power cycle anyway). The new “Custom IPSW” button on the Extras screen will create a custom IPSW without the baseband update for 4.3.3 or 5.0gm (iPhone3GS and iPhone4 only, for now). Remember to NOT accidentally restore to the stock IPSW after you create the custom one! The custom one begins with NO_BB_ (for “no baseband”). On Mac iTunes, you select an IPSW by holding down the Option key while clicking “Restore”.

You must enter “Pwned DFU” mode before trying to use the NO_BB_ IPSW with iTunes (and your hosts file cannot be pointing to Cydia’s servers due to the new blob nonce mechanism they’re using in iOS5).

Version 0.9.9b5 is available only for Mac for now, until we can do more testing on the Windows version of “Custom IPSW”.

We’re currently working on a normal compatibility update for existing ultrasn0w unlockers. After that we’ll try to fix the iBooks issue on jailbroken iOS5.

Here are the download links:

No comments:

Post a Comment