iPhone Hacking in a Nutshell --- [iLiberty 1.1.4] (PWNED: coming soon)
This post is mostly outdated by now, but I'll leave it here for reference. Anyone looking to JB/Unlock their phone should look into PWNAGEtool.
So, you're the new guy. Got that brand new shiny iPhone sitting on your desk, just begging to be hacked. Good, you found us at least, that's the hardest part. The second hardest part? Overcoming your "Post New Thread" compulsion. Hold on a sec...let me see if I can help you with that.
First, let's start off with some terminology.
The Dev Team -
What can we say about the Dev Team? Everything. They are the people who brought you the main stuff: Activate, Jailbreak and of course the one thing that everybody loves- Unlock, and a whole lot more. The Dev Team may be not the first to bring you an unlock (iphonefreesim was) but they are the first to bring you a free unlock, a good unlock. The staff of the team had changed a lot, and sure there was drama, but still they never disappointed us. Hackint0sh is proud to be the home of the Dev Team.
Here's their website http://iphone-dev.org/
The PWNAGE tool, released by the dev team, modifies an iPhone to accept hacked firmware restore images (or IPSW's for short). It is a combination of two tools: Pwner, which modifies the phone's firmware bootloader, and IPSW builder, which modifies, you guessed it, the IPSW's. This is set to become the new standard in iPhone modding, but because it is not yet released for Windows, I am not including it in the guide. Stay tuned :).
Firmware versions (1.0.0 through 1.1.4, or 2.0 if you got connections ;D ) -
If you just bought your phone, it is most likely running firmware version 1.1.4, which is the newest released firmware to date. To check what firmware version you are running, go to Settings > General > About and it's next to the "version" label. Just a little history, 1.1.1 was the first firmware with the iTunes WiFi Store, and 1.1.3 was the first one with the editable home screen and web clips. Your firmware revision makes all the difference when hacking as each separate version has a different method. The 1.2 firmware is a beta firmware that has not been released to the general public. It is used by developers to test SDK apps, and it will eventually mature into iPhone OS 2.0.0 come June of 2008.
Recovery/Restore Mode -
If you screw something up really badly, or you just want to cleanly restore, you'll become very acquainted with this screen. Hold the power (on the top) and home (only one on the front) buttons for a while. The phone will reboot, the Apple logo will display, then a screen will come up with an iTunes logo and a USB cable. You can then restore with iTunes, but you are going to be using DFU mode 99 times out of 100 anyway, so move on.
DFU Mode -
If you have 1.1.1 or later, you also have this hidden restore mode that can be used to downgrade to 1.0.2, and is also a good failsafe for the other recovery mode. (NOTE: I am not sure if 1.0.2 has this mode or not). The timing is critical if you want to get in. The procedure starts out the same as the other mode, only you really shouldn't have the usb/power cable connected. Hold the power and home buttons for exactly 10 seconds, then release the power button and hold the home button for another 10 seconds. At this point, connect the usb cable and iTunes should detect your phone in recovery mode. Your iPhone will not appear to be on, the screen will be dark throughout the whole process until the actual restore begins. If the screen comes back on while you're holding the power and home buttons, you're holding too long. It takes a while to get the hang of it, just keep trying.
Jailbreaking is the term we use to describe how we gain access to the root file system on the iPhone. Normally, we can only see a certain folder within this filesystem because of Apple's locking methods, called a chroot jail. This folder houses all the media stuff from iTunes, but not the juicy stuff, the iPhone's OS. Through several different methods which you needn't concern yourself with, we can "break" out of this little sandbox, allowing us to modify files and perform all these cool hacks.
This is the first app you're going to want to installed once your iPhone is jailbroken. It acts as a portal to a world of 3rd party goodness and fantasy, allowing you install everything from the blatantly functional PDFReader to an appropriately named app called iBrate.
The iphone is unique in the sense that it is completely reliant on this activation process to enable normal usage. If you hacktivate your iPhone, it becomes an iPod touch with camera and bluetooth, only unlocking it will turn it back into an iPhone ;P.
Yeah, you can do that. What? The Apple "Genius" told you unlocking makes baby jesus cry? Who cares, babies will always cry anyway. The process of unlocking allows your iPhone to use any GSM sim. Note the term "GSM", AKA, not verizon, sprint, alltel, nextel, etc. These carriers are CDMA or iDen, a different technology then the iPhone, they are never going to work, so don't even ask. Unlocking modifies the baseband (see below), and can be a tricky proposition when it comes to FW updates.
Abbreviated BB, the baseband is the section of the iPhone that handles all communications, which includes the GSM/EDGE radio and the interface with the sim card. We modify this to allow it to use non-official sim cards (and thus non-official carriers).
If you attempt to upgrade an unlocked 1.0.2 to 1.1.1, your phone gets damaged and the baseband becomes bricked. To upgrade, you need to restore the baseband to factory settings first, and we call this revirginizing.
Apple is keeping up the cat-and-mouse game just like they promised, so occasionally we need to take a step back in time to exploit Apple's previous mistakes. To do this, we can downgrade the iPhone to a firmware older than the one it has, but we need to initiate the restore process differently (DFU mode), and you will get an error, that's normal.
SDK (Software Development Kit) -
Apple finally got our hint and they came out with their own method of allowing 3rd party apps. Just one problem...it sucks. To make a long story short, they're the supreme overlords of the App Store, so good luck getting anything more complex than a tic-tac-toe game approved. Come June of 2008, firmware 2.0.0 will be released and we'll all have fun paying out the ass for every single little game. You really don't need to be greiving over the death of installer.app, though, 2.0.0 is already jailbroken. No, I am not kidding.
Dual Booting -
Dual booting is like running windows on a mac, you have two OS's that you can switch between. For example, you can run 1.1.4 and 1.1.1 on one iPhone. But to tell you the truth you don't really need it, because 1.1.4 has everything 1.1.1 has and more. Dual booting was made for hackers to jailbreak new firmware or debug programs. So if your not going to hack firmwares just forget about it :).
The iPhone's bootloader is like the gatekeeper of the baseband. BL3.9 fell asleep with the gate wide open, but BL4.6 is a little bit tougher. Your bootloader version depends on how new your phone is. If your phone came with FW 1.1.2 or newer, you have BL4.6. If you have a 1.1.1 or older OTB (out of the box) phone, you have BL3.9. You can freely switch between bootloaders using bootneuter, a component of PWNAGE.
...and just a few quick things you may or may not run into...
iTouch - Just another name for the iPod Touch
Repository - Server that hosts packages for installer.app
BSD Subsystem - A collection of tools that fill in the missing parts of the iPhone's core os, so we can do things like copy and move files.
SSH - Essentially a remote command line for unix, can be installed with installer.app
SCP/SFTP - Methods that are used to transfer files to and from the iPhone, integrated with SSH
WinSCP - A great SCP client for Windows
Springboard.app - Main launcher for the iPhone, it's what you see after you "slide to unlock", can be modified and replaced.
plist - A file that stores information for a program or iPhone preferences, short for property list
The seczone is not the secpack...
The corruption occurred to part of the seczone not the secpack. The secpack is the password to the bootloader that lets you write to the baseband.
Originally Posted by thecompkid