Page 1 of 2 12 LastLast
Results 1 to 10 of 13
Discuss Quickpwn modifications at the Quickpwn 3G - Hackint0sh.org; I'm looking to overwrite some particular files on the iphone during jailbreak. I think the ...
  1. #1
    Newbie Array

    Join Date
    Feb 2009
    Posts
    8
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default Quickpwn modifications

    I'm looking to overwrite some particular files on the iphone during jailbreak. I think the quickpwn method is the best, as i'd like to keep all files already on the device that do not need to be modified. So i figured the easiest way was to modify one of the bundles already used in the installation process.

    I unpacked the quickpwn packer and modified Data/Cydia.tar.gz to contain a couple dummy files for a test. When i use quickpwn, the process completes fine, but then the device gets stuck in a continuous reboot. My only guess is that there is some checksum somewhere that is causing issues.

    so..any ideas on what might be causing this?

    also, is there another tool available that uses the quickpwn method to write data to the device?

    one more: can i download the quickpwn source somewhere?

    i was also considering making my own ipsw adding a bundle and info.plist, then feeding it into quickpwn, but not sure if thats going to work. any thoughts?
    Last edited by test; 02-04-2009 at 07:58 PM.



  2. #2
    iPhone Moderator Array

    Join Date
    Aug 2007
    Posts
    3,620
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    220

    Default

    Quote Originally Posted by test View Post
    I'm looking to overwrite some particular files on the iphone during jailbreak. I think the quickpwn method is the best, as i'd like to keep all files already on the device that do not need to be modified. So i figured the easiest way was to modify one of the bundles already used in the installation process.

    I unpacked the quickpwn packer and modified Data/Cydia.tar.gz to contain a couple dummy files for a test. When i use quickpwn, the process completes fine, but then the device gets stuck in a continuous reboot. My only guess is that there is some checksum somewhere that is causing issues.

    so..any ideas on what might be causing this?

    also, is there another tool available that uses the quickpwn method to write data to the device?

    one more: can i download the quickpwn source somewhere?

    i was also considering making my own ipsw adding a bundle and info.plist, then feeding it into quickpwn, but not sure if thats going to work. any thoughts? im trying to overwrite the /private/var/Keychains/keychain-2.db
    Use PwnageTool 2.2.5 this is much earier. You can create additional bundles that users may add.
    check the carrier bundle creator mentioned here. Create a bundle and check it out.
    Read the stickies and search the forum before posting!
    If you want to become a Hackint0sh supporter click here
    ----------
    iPhone 4 factory unlocked, iOS 4.3.1, jailbroken
    iPad Wi-Fi + 3G (1G), iOS 4.3.1, jailbroken
    iPad 2

  3. #3
    Newbie Array

    Join Date
    Feb 2009
    Posts
    8
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    thaks volks for the quick reply. unfortuantely i dont have a mac so i cant use pwnagetool.. i was reading many of your previous posts concerning bundle creation, however none seemed to have a full description on how to do it, so im a bit lost.

    ideally what i'd like to do is just be able to overwrite those files ONLY and this would have to happen in dfu mode. so i think the quickpwn/jailbreak method is what i should do.

    That being said, im guessing that the bundle method is the best way to do it. So i create a ipsw with my changes, create a "\Data\PwnmetheusBundles\iPhone1,2_2.2.1_5H11-TEST.bundle" with a info.plist that matches the ipsw that i created. (this has been super helpful http://www.hackint0sh.org/forum/f146/40063-4.htm).

    So am i approaching this correctly? is there an easier way? from what i read i think your carrier bundles are meant to be used either after jailbreak, or during jailbreak where all data is deleted. this method wont work right for me because 1. the data is inaccessible after jailbreak, and 2. the data is destroyed when using options other than quickpwn (remember, only on windows).

    i am trying to get a mac shipped to me tomorrow, but its kinda of up in the air as to when it will actually be delivered so i want to try not to rely on that.

  4. #4
    iPhone Moderator Array

    Join Date
    Aug 2007
    Posts
    3,620
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    220

    Default

    I have been playing with bundles for Windows versions a while ago for my carrier bundle creator. For Quickpwn (and Winpwn before) the packages need to be tar archives. Thats not a problem at all of cause. The problem is that owner:group and permissions for each containg file has to be set.
    I my case, that had to be done by the webserver, it is not that trivial, but I could manage it.
    If you're doing it on your Windows box, you have to make sure they are placed with root:wheel and the propper permissions (755 in most cases).
    You have to apply this while using the tar command (while packing). I know how to do this on Mac-OS X (cause it is Unix) and on Linux but I do fail on Windows.
    I am more or less a regular user on Windows, sorry.

    v.
    Read the stickies and search the forum before posting!
    If you want to become a Hackint0sh supporter click here
    ----------
    iPhone 4 factory unlocked, iOS 4.3.1, jailbroken
    iPad Wi-Fi + 3G (1G), iOS 4.3.1, jailbroken
    iPad 2

  5. #5
    iPhone Moderator Array

    Join Date
    Aug 2007
    Posts
    3,620
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    220

    Default

    one more to be added: I know that PwnageTool is made to accept custom bundles, I do know Winpwn was aswell. But I have never looked into Quickpwn how-to get this done.
    Read the stickies and search the forum before posting!
    If you want to become a Hackint0sh supporter click here
    ----------
    iPhone 4 factory unlocked, iOS 4.3.1, jailbroken
    iPad Wi-Fi + 3G (1G), iOS 4.3.1, jailbroken
    iPad 2


  6. #6
    iPhone Moderator Array

    Join Date
    Aug 2007
    Posts
    3,620
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    220

    Default

    As Steve would say: One more thing!

    to give you a jump-start on how-to get this working on a Mac, check these old threads:
    http://www.hackint0sh.org/forum/f146/38149.htm
    [Custom Packages][Solved] Info.plist Command for symlink available? - Hackint0sh
    Read the stickies and search the forum before posting!
    If you want to become a Hackint0sh supporter click here
    ----------
    iPhone 4 factory unlocked, iOS 4.3.1, jailbroken
    iPad Wi-Fi + 3G (1G), iOS 4.3.1, jailbroken
    iPad 2

  7. #7
    Newbie Array

    Join Date
    Feb 2009
    Posts
    8
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    so yup, permissions where the problem. i solved it by

    From iphone:
    Code:
    tar -pcvf Pack.tar /path/to/file/to/copy
    copy that from the system via scp

    extract quickpwn:

    Within Windows, double click the quickpwn.exe once it loads goto
    start:run type %TEMP%

    copy all data out of the RarSFX1 folder into another folder

    Then copy the Data/Cydia.tar.gz and the Pack.tar to a Linux system

    From a Linux system (as root):
    Code:
    mkdir iphone
    cd iphone
    tar -pzxvf Cydia.tar.gz
    tar -pxvf Pack.tar
    rm Cydia.tar.gz
    rm Pack.tar
    tar -pcvf Cydia.tar .
    gzip Cydia.tar
    Copy the new Cydia.tar.gz off the linux system into the Data/ directory

    Now my new problem is that quickpwn is too smart. because the phone i want to jailbreak is locked with a passcode, it wont register with quickpwn in the locked state. So i was able to fool quickpwn up to a certain extent by:

    1. Put target phone in DFU mode
    2. connecting another iphone
    3. clicking next in quickpwn up until the "ready to pwn" screen which gives you the DFU instructions
    4. when it reaches "Release the Power button and continue to hold Home for 30 seconds", quickly connect the target phone which is in DFU mode already.

    unfortunately, this only works up the "uploading exploit bootloader" step.

    So is there an app or a copy of quickpwn or any way to write when the device is already in dfu mode, rather then going through all of these semantics?


    also the reason i cant use pwnagetool is that it completely reflashes all data on the device. i need to update on the files the need to be updated, and leave the rest alone, as quickpwn does.
    Last edited by test; 02-04-2009 at 08:02 PM.

  8. #8
    Administrator Array

    Join Date
    Oct 2007
    Posts
    4,145
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    10

    Default

    Quote Originally Posted by test View Post
    unfortunately, this only works up the "uploading exploit bootloader" step.
    I was playing with this a while back (doing something else).

    At that point, try removing the cable and plug it back in.
    ** If you just want to support hackint0sh.org with a donation click here **

  9. #9
    Newbie Array

    Join Date
    Feb 2009
    Posts
    8
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    no luck with that, progress bar flashed, but still stuck on uploading exploit

  10. #10
    Newbie Array

    Join Date
    Feb 2009
    Posts
    8
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    also anyone know why idevice will crash after it says its preparing the phone for writing? it also says "Unsupported iTunesMobileDevice.dll Version Major b9000b Minor a " but i dont know if thats unrelated.. heres some more info:


    Code:
     
    C:\>itunespwn.exe "iPhone1,2_2.2.1_5H11_Restore-MOD.ipsw"
    loading: Firmware/dfu/WTF.s5l8900xall.RELEASE.dfu (58590)
    packing: Firmware/ (0)
    packing: Firmware/dfu/ (0)
    packing: Firmware/dfu/WTF.s5l8900xall.RELEASE.dfu (58590)
    packing: Restore.plist (636)
    
    C:\>idevice.exe "iPhone1,2_2.2.1_5H11_Restore-MOD.ipsw" n82ap
    ---------------------------PLEASE READ THIS---------------------------
    Please make certain that all iTunes related processes are not running
    at this time (use Task Manager, etc. to end them).
    ---------------------------PLEASE READ THIS---------------------------
    
    
    loading: Firmware/dfu/WTF.s5l8900xall.RELEASE.dfu (58590)
    loading: Firmware/dfu/iBSS.n82ap.RELEASE.dfu (118016)
    loading: Firmware/dfu/WTF.n82ap.RELEASE.dfu (119946)
    loading: Restore.plist (1717)
    
    Getting iPhone/iPod status...
    Unsupported iTunesMobileDevice.dll Version Major b9000b Minor a
    Is your iPhone/iPod connected to your computer via USB?
    Please answer (y/n): y
    Is your iPhone currently powering on?
    Please answer (y/n): y
    Waiting for iPhone/iPod to power on...
    Please turn off your iPhone/iPod without disconnecting the cable connecting it t
    o the computer
    Press enter when you have turned off your iPhone/iPod...
    Waiting for iPhone/iPod to power off...
    
    !!! Your device should now be off. If it is not, please make sure it is before p
    roceeding !!!
    
    Timing is crucial for the following tasks. I will ask you to do the following (D
    ON'T START YET):
            1. Press and hold down the power button for five seconds
            2. Without letting go of the power button, press and hold down the power
     AND home buttons for ten seconds
            3. Without letting go of the home button, release the power button
            4. Wait 30 seconds while holding down the home button
    
    Try to get the timing as correct as possible, but don't fret if you miss it by a
     few seconds. It might still work, and if it doesn't, you can always try again.
    If you fail, you can always just turn the phone completely off by holding power
    and home for ten seconds, then pushing power to turn it back on.
    
    Are you ready to begin?
    Please answer (y/n): y
    Beginning process in 5 seconds...
    Beginning process in 4 seconds...
    Beginning process in 3 seconds...
    Beginning process in 2 seconds...
    Beginning process in 1 seconds...
    
    Press and hold down the POWER button (you should now be just holding the power b
    utton)... 5... 4... 3... 2... 1...
    
    Press and hold down the HOME button, DO NOT LET GO OF THE POWER BUTTON (you shou
    ld now be just holding both the power and home buttons)... 10... 9... 8... 7...
    6... 5... 4... 3... 2... 1...
    
    Release the POWER button, DO NOT LET GO OF THE HOME BUTTON (you should now be ju
    st holding the home button)... 30... 29... 28... 27... 26... 25... 24... 23... 2
    2... 21... 20... 19... Congratulations! You have successfully entered DFU mode.
    Please wait while your iPhone/iPod is being prepared to accept custom IPSWs...
    
    
    <<THEN CRASH>>


 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 1
    Last Post: 01-15-2011, 06:38 AM
  2. Replies: 0
    Last Post: 06-04-2010, 07:10 PM
  3. Replies: 0
    Last Post: 06-04-2010, 05:00 PM
  4. Replies: 0
    Last Post: 11-17-2009, 07:31 AM
  5. app via cydia requires chmod modifications
    By buscape in forum iPhone Developer Exchange
    Replies: 1
    Last Post: 12-03-2008, 07:54 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 12:20 AM.
twitter, follow us!