Guide to activate & jailbreak the iPhone 1.1.2 OTB on Windows - Downgrade (2/4)
This next step (STEP 2) requires to downgrade the iPhone from version 1.1.2 to 1.1.1. Why we need to follow this process? Because in STEP 3, we will take advantage of a vulnerability in the 1.1.1 version of the iPhone and run code inside the device.
From now onward, I'll start adding some security-related comments for the infosec readers, marked with [*].
NOTE: Internet connectivity is required on the computer running iTunes in order to start the activation process.
1- Connect your iPhone via USB to your computer. iTunes starts, connects to the Internet, and displays the default activation screen (the one this guide tries to bypass).
All iTunes screenshots are based on the Spanish version, the one used by Esteban
[*] During the activation process, iTunes resolves "phobos.apple.com" and establishes an HTTP session (asking for "/bag.xml?ix=2"). It is redirected to "http://ax.phobos.apple.com.edgesuite.net", and asks for "WebObjects/MZStore.woa/wa/initiateSession?ix=2" and multiple related resources. It is amazing to see the amount of Apple proprietary HTTP headers used in the exchanges. BTW, the iTunes 7.5 HTTP User-Agent on Windows is:
User-Agent: iTunes/7.5 (Windows; U; Microsoft Windows XP Professional Service Pack 2 (Build 2600)) DPI/96
Finally, iTunes resolves and establishes an HTTPS connection against "albert.apple.com", the real activation server; it also uses HTTP against the same server to retrieve multiple images. [*]
2- Click the Home button (the main and only button on the screen) and the Sleep/Wake button (on the top right corner of the device) on the iPhone simultaneously and keep pressing them until iTunes detects (and shows a message to indicate) that the iPhone is in recovery mode. You need to press both buttons around 10-30 seconds.
The iPhone restarts during the process, it gets disconnected from Windows (you can hear the typical Windows USB disconnect device sound) and is reconnected back again.
3- Dismiss the warning message in iTunes by pressing the "OK" button. You are presented with two options: "Check for Update" and "Restore". Press the Shift key in Windows and then click on the "Recover" button in iTunes. The Shift key is required because if it is not used, then the restore operation will restore the iPhone to the default factory setting and the latest firmware version (1.1.2), instead of allowing you to select a new firmware file.
A window to browse for files will open. Select the iPhone 1.1.1 firmware file you should have downloaded on STEP 1 and press the "Open" button. iTunes will downgrade your iPhone, a process that takes around 5 minutes. The downgrade process will end up with a 1013 or 1015 error message (see image).
4- Press the "OK" button to confirm the error message. You are returned back to the restore warning message. Press the "OK" button to confirm this message too.
5- In order to get out of the "after the downgrade/restore" state, you need the iBrickr tool for Windows you downloaded on STEP 1. Uncompress the ZIP file and run the tool (ibrickr.exe).
6- Chose the "Boot the phone" option to reboot the iPhone and get out of the recovery mode.
During the process the iPhone background turns red, that's the good color here :), as explained in the iBrick "Attempting to fix..." window.
Once the iPhone has restarted, it will run iPhone firmware version 1.1.1 and you will get the old "Activate iPhone" screen on the iPhone, that is, a globe image. iTunes will show the AT&T activation screen again, and you can close the iBrickr tool.
At this point, you have downgraded the iPhone from version 1.1.2 to 1.1.1, and you are ready to jump to STEP 3 in order to jailbreak the device.
From now onward, I'll start adding some security-related comments for the infosec readers, marked with [*].
NOTE: Internet connectivity is required on the computer running iTunes in order to start the activation process.
1- Connect your iPhone via USB to your computer. iTunes starts, connects to the Internet, and displays the default activation screen (the one this guide tries to bypass).
All iTunes screenshots are based on the Spanish version, the one used by Esteban[*] During the activation process, iTunes resolves "phobos.apple.com" and establishes an HTTP session (asking for "/bag.xml?ix=2"). It is redirected to "http://ax.phobos.apple.com.edgesuite.net", and asks for "WebObjects/MZStore.woa/wa/initiateSession?ix=2" and multiple related resources. It is amazing to see the amount of Apple proprietary HTTP headers used in the exchanges. BTW, the iTunes 7.5 HTTP User-Agent on Windows is:
User-Agent: iTunes/7.5 (Windows; U; Microsoft Windows XP Professional Service Pack 2 (Build 2600)) DPI/96
Finally, iTunes resolves and establishes an HTTPS connection against "albert.apple.com", the real activation server; it also uses HTTP against the same server to retrieve multiple images. [*]
2- Click the Home button (the main and only button on the screen) and the Sleep/Wake button (on the top right corner of the device) on the iPhone simultaneously and keep pressing them until iTunes detects (and shows a message to indicate) that the iPhone is in recovery mode. You need to press both buttons around 10-30 seconds.
The iPhone restarts during the process, it gets disconnected from Windows (you can hear the typical Windows USB disconnect device sound) and is reconnected back again.
3- Dismiss the warning message in iTunes by pressing the "OK" button. You are presented with two options: "Check for Update" and "Restore". Press the Shift key in Windows and then click on the "Recover" button in iTunes. The Shift key is required because if it is not used, then the restore operation will restore the iPhone to the default factory setting and the latest firmware version (1.1.2), instead of allowing you to select a new firmware file.
A window to browse for files will open. Select the iPhone 1.1.1 firmware file you should have downloaded on STEP 1 and press the "Open" button. iTunes will downgrade your iPhone, a process that takes around 5 minutes. The downgrade process will end up with a 1013 or 1015 error message (see image).
4- Press the "OK" button to confirm the error message. You are returned back to the restore warning message. Press the "OK" button to confirm this message too.
5- In order to get out of the "after the downgrade/restore" state, you need the iBrickr tool for Windows you downloaded on STEP 1. Uncompress the ZIP file and run the tool (ibrickr.exe).
6- Chose the "Boot the phone" option to reboot the iPhone and get out of the recovery mode.
During the process the iPhone background turns red, that's the good color here :), as explained in the iBrick "Attempting to fix..." window.
Once the iPhone has restarted, it will run iPhone firmware version 1.1.1 and you will get the old "Activate iPhone" screen on the iPhone, that is, a globe image. iTunes will show the AT&T activation screen again, and you can close the iBrickr tool.
At this point, you have downgraded the iPhone from version 1.1.2 to 1.1.1, and you are ready to jump to STEP 3 in order to jailbreak the device.
Labels: Apple
posted by Raul Siles at 1:34 PM
0 Comments:
Post a Comment
<< Home