Unlock the Possibilities

I had been getting a lot of complaints from the Windows users about the lack of an easy Jail break and Installer.app solution. I wrote a batch file that takes care of Jailbreak, installs Installer.app and patches the Springboard to enable scrolling. Download the file here and follow the on-screen instructions. You still have to visit http://jailbreak.toc2rta.com on Safari ont he iPod and it will crash Safari (silent close). When asked to restart the iPod, don’t press enter until the Springboard is loaded after the restart. If you have any problems, leave a comment and I will help you out.

Disclaimer: Whilst every effort has been made to ensure the high quality and accuracy of the information, I provide no warranty, express or implied concerning content, software or products or services available, which are provided “as is”.

I’m starting with a factory restore 16GB iPod touch using a machine running windows vista.

1. Setting up iPhuc win32 and dependencies: Download a modified version of iPhuc win32 binary here. Extract it to a folder on your computer. For the purpose of this tutorial, I am extracting it to C:\iPhuc-win32\
2. Setting up WiFi on the iPod: Set up WiFi on the iPod touch under Settings > Wi-Fi. Now, set the suto-Lock status to never under Settings > General > Auto-Lock to stop the iPod from turning off.
3. TIFF Exploit: Open Safari on your iPod and visit “http://jailbreak.toc2rta.com/”. This will cause Safari to crash and it will exit without any warnings. Exit iTunes and kill the iTunesHelper process from the Task Manager. Connect the iPod to the computer.
4. Download rdisk0s1: Go to the command prompt and navigate to \iPhuc-win32. Run iPhuc and you should get a (iPHUC) /: prompt. Type: getfile /dev/rdisk0s1 rdisk0s1.bak 314572800
C:\iPhuc-win32>iPhuc
iphuc 0.6.1 with tab completion.
>> By The iPhoneDev Team: nightwatch geohot ixtli warren nall mjc operator
notification: iPhone attached.
CFRunLoop: Waiting for iPhone.
AMDeviceStartService 'com.apple.afc': 0
(iPHUC) /: getfile /dev/rdisk0s1 rdisk0s1.bak 314572800
File size: 314572800
Reading 33554432 bytes, 281018368 bytes remain
Reading 33554432 bytes, 247463936 bytes remain
Reading 33554432 bytes, 213909504 bytes remain
Reading 33554432 bytes, 180355072 bytes remain
Reading 33554432 bytes, 146800640 bytes remain
Reading 33554432 bytes, 113246208 bytes remain
Reading 33554432 bytes, 79691776 bytes remain
Reading 33554432 bytes, 46137344 bytes remain
Reading 33554432 bytes, 12582912 bytes remain
Reading 12582912 bytes, 0 bytes remain
(iPHUC) /:
5. Patch fstab in a Hex Editor: Open rdisk0s1 in your favourite Hex Editor. I’m suing HxD which can be downloaded from here. Go to offset F8F9000, Search > Goto in HxD. You will see:
   2F 64 65 76 2F 64 69 73 6B 30 73 31 20 2F 20 68
66 73 20 72 6F 20 30 20 31 0A 2F 64 65 76 2F 64
69 73 6B 30 73 32 20 2F 70 72 69 76 61 74 65 2F
76 61 72 20 68 66 73 20 72 77 2C 6E 6F 65 78 65
63 20 30 20 32 0A 00 00 00 00 00 00 00 00 00 00
   Replace it with:
   2F 64 65 76 2F 64 69 73 6B 30 73 31 20 2F 20 68
66 73 20 72 77 20 30 20 31 0A 2F 64 65 76 2F 64
69 73 6B 30 73 32 20 2F 70 72 69 76 61 74 65 2F
76 61 72 20 68 66 73 20 72 77 20 30 20 32 0A 0A
0A 0A 0A 0A 0A 0A 00 00 00 00 00 00 00 00 00 00
   Now, save this file as rdisk0s1
6. Upload patched rdisk0s1: In iPhuc, type: putfile rdisk0s1 /dev/rdisk0s1
(iPHUC) /: putfile rdisk0s1 /dev/rdisk0s1
Writing 33554432 bytes, 281018368 bytes remain
Writing 33554432 bytes, 247463936 bytes remain
Writing 33554432 bytes, 213909504 bytes remain
Writing 33554432 bytes, 180355072 bytes remain
Writing 33554432 bytes, 146800640 bytes remain
Writing 33554432 bytes, 113246208 bytes remain
Writing 33554432 bytes, 79691776 bytes remain
Writing 33554432 bytes, 46137344 bytes remain
Writing 33554432 bytes, 12582912 bytes remain
Writing 12582912 bytes, 0 bytes remain
(iPHUC) /:
7. Exit iPhuc and restart iPod: Exit iPhuc by typing exit and then restart your iPod.
8. Install SSH:
   1. Download and extract dropbearkey. Execute the following commands from the command prompt:
      dropbearkey -t rsa -f dropbear_rsa_host_key
dropbearkey -t dss -f dropbear_dss_host_key
      This will create the keys for DropBear in dropbear_rsa_host_key and dropbear_dss_host_key
   2. Download and extract BSD base to your iPhuc-win32 folder.
   3. Download and extract the SSH Kit to your iPhuc-win32 folder. All the files extracted should be in the iPhuc-win32 folder. Rename sh6 to sh.
   4. Open iPhuc and run the following commands:
      mkdir /etc/dropbear
cd /etc/dropbear
putfile dropbear_rsa_host_key
putfile dropbear_dss_host_key
cd /bin
putfile chmod
putfile sh
cd /usr/bin
putfile dropbear
cd /usr/sbin
getfile update
      Now, rename update to update.bak in windows, then rename chmod to update. Return to iPhuc and run these commands:
      putfile update
cd /System/Library/LaunchDaemons/
getfile com.apple.update.plist
   5. Edit com.apple.update.plist: Open com.apple.update.plist in a text editor. Immediately after <string>/usr/sbin/update</string>, insert the following:
      555
/bin/chmod
/bin/sh
/usr/bin/dropbear
      Save the file and return to iPhuc and type:
      putfile com.apple.update.plist
putfile au.asn.ucc.matt.dropbear.plistExit iPhuc and reboot your iPod twice.

I will be live blogging the jailbreak method for the iPhone and the iTouch via the TIFF exploit as soon as it goes public. I will be doing this on a windows machine running Vista.
I was able to achieve complete Jailbreak on an iPod touch using windows. I will be live blogging it here.

bitches be crazy