iPhone and iPod Touch v1.1.1 Jailbreak using the TIFF exploit by niacin One Click iPod Touch Jailbreak for windows by msbasher

iPod Touch v1.1.1 Jailbreak for Windows using the TIFF exploit by niacin and dre

Jailbreak Add comments

Disclaimer: Whilst every effort has been made to ensure the high quality and accuracy of the information, I provide no warranty, express or implied concerning content, software or products or services available, which are provided “as is”.

I’m starting with a factory restore 16GB iPod touch using a machine running windows vista.

  1. Setting up iPhuc win32 and dependencies: Download a modified version of iPhuc win32 binary here. Extract it to a folder on your computer. For the purpose of this tutorial, I am extracting it to C:\iPhuc-win32\
  2. Setting up WiFi on the iPod: Set up WiFi on the iPod touch under Settings > Wi-Fi. Now, set the suto-Lock status to never under Settings > General > Auto-Lock to stop the iPod from turning off.
  3. TIFF Exploit: Open Safari on your iPod and visit “http://jailbreak.toc2rta.com/”. This will cause Safari to crash and it will exit without any warnings. Exit iTunes and kill the iTunesHelper process from the Task Manager. Connect the iPod to the computer.
  4. Download rdisk0s1: Go to the command prompt and navigate to \iPhuc-win32. Run iPhuc and you should get a (iPHUC) /: prompt. Type: getfile /dev/rdisk0s1 rdisk0s1.bak 314572800
    C:\iPhuc-win32>iPhuc
    iphuc 0.6.1 with tab completion.
    >> By The iPhoneDev Team: nightwatch geohot ixtli warren nall mjc operator
    notification: iPhone attached.
    CFRunLoop: Waiting for iPhone.
    AMDeviceStartService 'com.apple.afc': 0
    (iPHUC) /: getfile /dev/rdisk0s1 rdisk0s1.bak 314572800
    File size: 314572800
    Reading 33554432 bytes, 281018368 bytes remain
    Reading 33554432 bytes, 247463936 bytes remain
    Reading 33554432 bytes, 213909504 bytes remain
    Reading 33554432 bytes, 180355072 bytes remain
    Reading 33554432 bytes, 146800640 bytes remain
    Reading 33554432 bytes, 113246208 bytes remain
    Reading 33554432 bytes, 79691776 bytes remain
    Reading 33554432 bytes, 46137344 bytes remain
    Reading 33554432 bytes, 12582912 bytes remain
    Reading 12582912 bytes, 0 bytes remain
    (iPHUC) /:
  5. Patch fstab in a Hex Editor: Open rdisk0s1 in your favourite Hex Editor. I’m suing HxD which can be downloaded from here. Go to offset F8F9000, Search > Goto in HxD. You will see:
    2F 64 65 76 2F 64 69 73 6B 30 73 31 20 2F 20 68
    66 73 20 72 6F 20 30 20 31 0A 2F 64 65 76 2F 64
    69 73 6B 30 73 32 20 2F 70 72 69 76 61 74 65 2F
    76 61 72 20 68 66 73 20 72 77 2C 6E 6F 65 78 65
    63 20 30 20 32 0A 00 00 00 00 00 00 00 00 00 00
    Replace it with:
    2F 64 65 76 2F 64 69 73 6B 30 73 31 20 2F 20 68
    66 73 20 72 77 20 30 20 31 0A 2F 64 65 76 2F 64
    69 73 6B 30 73 32 20 2F 70 72 69 76 61 74 65 2F
    76 61 72 20 68 66 73 20 72 77 20 30 20 32 0A 0A
    0A 0A 0A 0A 0A 0A 00 00 00 00 00 00 00 00 00 00
    Now, save this file as rdisk0s1
  6. Upload patched rdisk0s1: In iPhuc, type: putfile rdisk0s1 /dev/rdisk0s1
    (iPHUC) /: putfile rdisk0s1 /dev/rdisk0s1
    Writing 33554432 bytes, 281018368 bytes remain
    Writing 33554432 bytes, 247463936 bytes remain
    Writing 33554432 bytes, 213909504 bytes remain
    Writing 33554432 bytes, 180355072 bytes remain
    Writing 33554432 bytes, 146800640 bytes remain
    Writing 33554432 bytes, 113246208 bytes remain
    Writing 33554432 bytes, 79691776 bytes remain
    Writing 33554432 bytes, 46137344 bytes remain
    Writing 33554432 bytes, 12582912 bytes remain
    Writing 12582912 bytes, 0 bytes remain
    (iPHUC) /:
  7. Exit iPhuc and restart iPod: Exit iPhuc by typing exit and then restart your iPod.
  8. Install SSH:
    1. Download and extract dropbearkey. Execute the following commands from the command prompt:
      dropbearkey -t rsa -f dropbear_rsa_host_key
      dropbearkey -t dss -f dropbear_dss_host_key
      This will create the keys for DropBear in dropbear_rsa_host_key and dropbear_dss_host_key
    2. Download and extract BSD base to your iPhuc-win32 folder.
    3. Download and extract the SSH Kit to your iPhuc-win32 folder. All the files extracted should be in the iPhuc-win32 folder. Rename sh6 to sh.
    4. Open iPhuc and run the following commands:
      mkdir /etc/dropbear
      cd /etc/dropbear
      putfile dropbear_rsa_host_key
      putfile dropbear_dss_host_key
      cd /bin
      putfile chmod
      putfile sh
      cd /usr/bin
      putfile dropbear
      cd /usr/sbin
      getfile update
      Now, rename update to update.bak in windows, then rename chmod to update. Return to iPhuc and run these commands:
      putfile update
      cd /System/Library/LaunchDaemons/
      getfile com.apple.update.plist
    5. Edit com.apple.update.plist: Open com.apple.update.plist in a text editor. Immediately after <string>/usr/sbin/update</string>, insert the following:
      555
      /bin/chmod
      /bin/sh
      /usr/bin/dropbear
      Save the file and return to iPhuc and type:
      putfile com.apple.update.plist
      putfile au.asn.ucc.matt.dropbear.plist      Exit iPhuc and reboot your iPod twice.

One Response to “iPod Touch v1.1.1 Jailbreak for Windows using the TIFF exploit by niacin and dre”

  1. JS Says:
    October 11th, 2007 at 1:59 pm

    Thanks for the guide :)

Leave a Reply