So many people have been asking about the specifics of iPod touch jailbreaks, that we decided to go ahead and do a jailbreak live for your reading pleasure. I have a fresh new iPod touch at my side and will step you through the entire jailbreak process along with my reactions, failures and possible complete public humiliation. Here then is my attempt to jailbreak my iPod touch.
4:45: Well, I'm all ready to go. I have my iPod touch connected to my Intel Mac. I'm going to be using the Niacin TIFF exploit and then setting up my iPod touch with all the standard good hacks including Installer.app.
4:50: I'm starting by opening mobile safari on my touch and navigating to http://jailbreak.toc2rta.com. I am not linking that because that is the address of the TIFF and I don't want to mess up any of your browsers by accident.
4:56: I have Safari up and after debating whether to restore my iPod touch first, I decide to just go ahead. I enter the URL and tap Go.
4:59: I am out of Safari and on the main screen. "kroo" tells me that this means it should have worked. I am now ready to try iPhuc. According to the jailbreak guide at touchdev.net, I need to use this version of iPhuc.
5:02: I have downloaded iPhuc and have run it at the command line. I'm ready for the next step. To make this happen, I launched Terminal (it's in /Applications/Utilities) and issued cd commands to get to the right folder and then ran iPhuc: ./iphuc.
5:04: In iPhuc, I issue an ls command. Sure enough, I can see my entire folder structure! I'm adding a picture to the gallery to show this.
5:11: Now I create a folder in my iphuc directory if it is not already there: mkdir iphonefs. This is where I'll store a copy of the file system.
5:14: Now it is time for me to dump my root partition. I issue the following command in iphuc: getfile /dev/rdisk0s1 iphonefs/rdisk0s1 314572800
A *lot* of text starts scrolling by and I wait for a while. I'm getting the contents of my filesystem.
5:16: Still scrolling. So I take a picture and add it to the gallery. Hopefully it will shortly show up.
5:21: STILL scrolling and dumping. Man this is slow.
5:22: DONE dumping!
5:23: I quit out of iphuc, cd into iphonefs and rename rdisk0s1 to rdisk0s1.dmg. I then issue the "open ." command and then double-click on the dmg using the finder. Happily, it mounts!
5:26: Time to update /etc/fstab. Using only my Mac, I need to copy the modified version onto the Snowbird image that just opened. I cd back to the Desktop Jailbreak folder. There I find the modified fstab. Just to be sure, I cat it. It shows two devices both rw.
% cp fstab /Volumes/Snowbird3A110a.N45Bundle/private/etc/
And to be extra sure, I cat it.
cat /Volumes/Snowbird3A110a.N45Bundle/private/etc/fstab
Looks good.
5:30. Now I'm copying in all the stuff I want to have on my iPod touch. I open Snowbird in Finder and copy over Installer.app--it's an old one but hopefully it will still work okay. I also copy over a lot of the shell stuff from the binary distribution.
5:40: I am copying in all the things I'll need to bootstrap. This will take a while to make sure I'm doing it right. I'll post details as they happen. prepare for a fairly long break.
Real life intruded. I am back.
So after weighing things back and forth, I decided to get the latest version of Installer.app from Null River. this meant I had to download the AppTapp app and get Installer.app from inside the bundle.
Also, I decided to keep just a few apps on the system to keep things clean until I had a chance to patch Springboard.
To make sure I can get into the system, I've put in the dropbear plist. This is the one that was floating around months ago. I know NerveGas has written better stuff but I have already left you guys waiting too long.
Now the big thing. Time to overwrite with my changes.
I'm about to launch iPhuc and issue: putfile iphonefs/rdisk0s1.dmg /dev/rdisk0s1. First I eject the Snowbird disk for safety. Okay, I've done it. This may take some time.
7:04: Still waiting.
7:06: Done. Ready to reboot physically.
I have powered down by pressing and holding Sleep/Wake and then sliding off. Now I have powerd up. It looks the same so far. Time too look at it with iphuc.
7:07: WiFi Settings tells me my iPod is at 192.168.0.106. Lets see if I was able to get ssh working or not. Nope. Connection refused. clearly I didn't do this right. Let's look at iPhuc.
iPhuc shows my proper and entire system. So that is a start!
7:10: I get a copy of /etc/fstab from the iPod touch. It reveals that the iPod is jailbroken and that I have readwrite access. I just must have messed up on the ssh stuff.
7:13: iTunes is showing that 256 meg of memory thing. So I am moving forward but I'm not there yet.
7:18: I decide to go back and reinspect my image. Back to Snowbird.
7:23: I am warned not to do that. Apparently without resetting first to r/o I can mess up my system. So I abandon that idea.
7:24: I come up with the bright idea of using INdependence--after all, my iPod is jailbroken, no?
7:25: INdependence recognizes my failed attempt to get ssh going so I have to uninstall that stuff first. Which I do. Two reboots later, the software tells me that I have successfully installed SSH. Time to check. (And iTunes is STILL giving me the 300MB thing.)
7:27: Although Independence thinks I have ssh, my ipod does not. No success on that front.
7:28: Rebooted a few times, still no ssh.
7:32: I check Snowbird.app to make sure all my permissions are okay for Installer.app and so forth. They appear to be.
7:39: Right now, I'm getting bailed out. Some hackers have handed me a modified version of SpringBoard. I install that, reboot and boom, Installer.app is on my screen.
7:41: I install community sources and am now installing Open SSH. It tells me I need the newer BSD system. I install that.
7:43: The BSD package is still downloading.
Just as an aside, it seems this touch jailbreak isn't very safe. It's not smooth or easy and I'm still in a precarious state due to the misplaced media symlink.
7:45: Man, this BSD thing is taking forever. And my iPod keeps locking up on me because I haven't set it to always on.
7:47: Installing Open SSH now.
7:47: Trying to ssh now. But I don't get the port 22 error. It's just sitting for a while, presumably to generate keys.
While I wait, I set the autolock to never.
I AM IN. Root password is Alpine and I am connected. W00t.
KROO KROO KROO KROO KROO!!!! Rock on Kroo!!! My iPod touch mentor.
7:50: I cd to /var/root. I rm Media and then mv Mediaold Media.
Rebooting.
Done. iTunes sees my entire capacity. The world is good. Ssh works. And Kroo rocks.
Summary
This is not ready for prime time, kids. Don't do this at home. I'll have a LOT more thoughts, roundup and tips when I come back on line tomorrow night. Until then, it is family time.
Thanks especially to KROO!, netkas, smileyDude and everyone who gave encouragement and advice.
1. Thanks for doing this, those of us with the Touch have been waiting with bated breath for more/better/clearer info on how to start messing with it.
Looking forward to reading the rest as you post it.
Posted at 4:58PM on Oct 12th 2007 by Paulpro