Results 1 to 6 of 6
Discuss Access shell on iPhone2G JB without screen,buttons,ssh at the General - Hackint0sh.org; I have a broken iPhone 2G... broken in the sense that it lacks screen, touch ...
  1. #1
    Newbie Array

    Join Date
    Oct 2010
    Posts
    6
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default Access shell on iPhone2G JB without screen,buttons,ssh

    I have a broken iPhone 2G... broken in the sense that it lacks screen, touch sensor, and power button. I do have usb and all buttons except power working.

    The board is working, it has iOS 3.1.2 jailbroken, and I can sync to it with iTunes and/or access the filesystem (even the root one) with ifuse+usbmuxd on linux.

    It does not have ssh installed, and my target is to get shell access. My plan:
    1) put openssh and deps on the phone via ifuse
    2) let it start sshd someway
    3) ssh on usb tunnel and find how to enable WiFi
    4) happily use it via standard tcp/ip over wifi

    Now in detail:
    - is it possible to use x86 dpkg and friends to install stuff on the iPhone fs mounted via ifuse? how?
    - if not, it should be enough for a starter to unpack needed debs and copy files on the phone's root directory. do you think that could work?
    - what are openssh dependencies?
    - how the hell do I let it start openssh? or how do I reboot it in order for it to autostart? (I'd prefer not to cut battery cables right now, and the only idea I have is to wait for a total discharge... I guess it'll take some days... then connect to usb to let it power up again)
    - if I cannot establish tcp connection and want to debug, are there logs where LaunchDaemon says if it tried to start openssh and what happened? does openssh itself log somewhere?

    I have access to linux and osx systems easily, and windows system a little less easily.

    thanks to all.



  2. #2
    Moderator Array vikram's Avatar

    Join Date
    Feb 2008
    Posts
    258
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    copy files (using iFunBox /Windows)
    openssh_5.2p1-8_iphoneos-arm.deb
    openssl_0.9.8h-5_iphoneos-arm.deb
    to folder
    /private/var/root/Media/Cydia/AutoInstall
    reboot twice (battery drain ?)

  3. #3
    Super Moderator Array Olethros's Avatar

    Join Date
    Sep 2007
    Location
    Norway
    Posts
    8,360
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    439

    Default

    Quote Originally Posted by vikram View Post
    copy files (using iFunBox /Windows)

    to folder


    reboot twice (battery drain ?)
    Pwnagetool/custom IPSW that includes SSH, this will also handle the restarting for you.
    Please read the stickies & search forum before posting!
    How to report an iTunes restore/update fail in a useful manner
    -

    iPad 3G 64GB (4.3.3, Redsn0w) oldest SHSH 3.2.2
    iPhone 4 32GB (4.2.1, Redsn0w JB-monte) oldest SHSH 4.1
    iPhone 3GS 32GB (4.3.3; Pwnagetool) factory unlocked oldest SHSH 3.1
    iPhone 8GB (3.1.3; Pwnagetool) AT&T Locked - Unlocked with bootneuter

    -
    Did we solve your problem? Got a dollar or two spare ? Donate!

  4. #4
    Newbie Array

    Join Date
    Oct 2010
    Posts
    6
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    thanks for the tips. The Cydia auto install feature is definitely a thing to remember

    I have Applications/Cydia.app so it should be installed, but no Media/Cydia. I'll try creating it with the /AutoInstall subfolder and see if it works.

    Re pwnagetool, I don't remember what older versions used to do, but the current one just lets me build the custom ipsw and doesn't put the phone in DFU by itself.

    I have no easy way to put the phone in DFU (since the power button is physically present but not working!) and I don't want to risk bricking it now. I always used DFU mode to restore custom ipsw, should it be possible even with the phone "normally turned on" without setting dfu? iTunes does show the "restore" button and I can alt-click it to choose a custom ipsw...
    Last edited by luke404; 10-08-2010 at 04:59 PM.

  5. #5
    Newbie Array

    Join Date
    Oct 2010
    Posts
    6
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    In some way or another it seems like I got ssh installed. Also, having an ubuntu system and mounting iPhone's root fs, you can use --root option of dpkg and work on the phone's packages:
    Code:
    root@ubuntu:~# dpkg --root /mnt/iphone -l | egrep '(cydia|open)'
    ii  cydia                  1.0.3044-65    graphical iPhone front-end for APT
    ii  cydia-sources          0-9            recommended third party repositories
    ii  openssh                5.2p1-8        secure remote access between machines
    ii  openssl                0.9.8k-9       SSL library and cryptographic tools
    It seems like ssh is started (don't ask me how, I don't even know if my phone rebooted!). I think so because if I try to connect to an obviously closed port on the phone I get a Connect failed error like this:
    Code:
    root@ubuntu:~# iproxy 1234 220
    waiting for connection
    accepted connection, fd = 4
    Number of available devices == 1
    Requesting connecion to device handle == 1 (serial: 233d59b05c1fb0b0ab93a5b58048cf7474308bbd), port 220
    usbmuxd_connect: Connect failed, Error code=3
    Error connecting to device!
    waiting for connection
    ^C
    ...but if I try to connect to the ssh port I get different stuff:
    Code:
    root@ubuntu:~# iproxy 1234 22
    waiting for connection
    accepted connection, fd = 4
    Number of available devices == 1
    Requesting connecion to device handle == 1 (serial: 233d59b05c1fb0b0ab93a5b58048cf7474308bbd), port 22
    run_ctos_loop: fd = 4
    run_stoc_loop: fd = 4
    recv failed: Success
    waiting for connection
    Of course my problem is that ssh still does not connect. I tried telnetting to the phone's ssh port, but it yelded no characters - usually you should get OpenSSH's header:
    Code:
    luca@ubuntu:~$ telnet localhost 1234
    Trying ::1...
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    Connection closed by foreign host.
    luca@ubuntu:~$ telnet localhost 22
    Trying ::1...
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu4
    My next steps are trying to install syslogd using dpkg --root from the ubuntu system (briefly tried today but it choke because ifuse does not implement chown and chmod, I'll have to bypass that somehow - at worst I'll copy the whole root fs on a local partition, install the deb, and copy rsync the differences on the iphone ). I'll also open the phone and see if/how I can install a power switch on the battery cables that would let me powercycle the damn thing.


  6. #6
    Super Moderator Array Olethros's Avatar

    Join Date
    Sep 2007
    Location
    Norway
    Posts
    8,360
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    439

    Default

    Quote Originally Posted by luke404 View Post
    thanks for the tips. The Cydia auto install feature is definitely a thing to remember

    I have Applications/Cydia.app so it should be installed, but no Media/Cydia. I'll try creating it with the /AutoInstall subfolder and see if it works.

    Re pwnagetool, I don't remember what older versions used to do, but the current one just lets me build the custom ipsw and doesn't put the phone in DFU by itself.

    I have no easy way to put the phone in DFU (since the power button is physically present but not working!) and I don't want to risk bricking it now. I always used DFU mode to restore custom ipsw, should it be possible even with the phone "normally turned on" without setting dfu? iTunes does show the "restore" button and I can alt-click it to choose a custom ipsw...
    Ok if we're talking low level jailbreak redsn0w, blackra1n etc - not jailbreakme.com or spirit. Once you are jailbroken then you can alt-click (on mac, shift-click on windows) on restore in iTunes and browse to a pwnagetool ipsw.

    This restore then works just like amy normal ipsw restore.

    You only need to be in dfu mode if the iPhone 2g or 3g is not currently jailbroken
    Please read the stickies & search forum before posting!
    How to report an iTunes restore/update fail in a useful manner
    -

    iPad 3G 64GB (4.3.3, Redsn0w) oldest SHSH 3.2.2
    iPhone 4 32GB (4.2.1, Redsn0w JB-monte) oldest SHSH 4.1
    iPhone 3GS 32GB (4.3.3; Pwnagetool) factory unlocked oldest SHSH 3.1
    iPhone 8GB (3.1.3; Pwnagetool) AT&T Locked - Unlocked with bootneuter

    -
    Did we solve your problem? Got a dollar or two spare ? Donate!

 

 

Similar Threads

  1. [shell] [c] Get current location from shell or program.c?
    By trasherz in forum iPhone Developer Exchange
    Replies: 1
    Last Post: 07-26-2011, 08:11 AM
  2. Iphone2G replaced touch screen unit now no touch
    By dustbyter in forum Hardware
    Replies: 2
    Last Post: 06-16-2010, 11:35 PM
  3. MacNN: Shell company gives Apple access to iGuide trademark
    By hackint0sh in forum Latest Headlines
    Replies: 0
    Last Post: 12-29-2009, 10:40 PM
  4. Replies: 1
    Last Post: 07-02-2009, 01:55 PM
  5. Replies: 0
    Last Post: 01-26-2008, 06:34 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 11:44 PM.
twitter, follow us!