Posted by admin on Jul 18, 2009 in Uncategorized

As found on iPhonhacks.com

One of the limitations of VOiP iPhone apps such as Fring and Truphone that are available on the App Store is that you can make VOiP calls only over Wi-Fi and not over the your iPhone’s data connection. This is due to limitation of Apple’s iPhone SDK which was most likely enforced on Apple by carriers.

But there is good news, iPhone Hacker, crash-x, has developed a clever little hack aptly called VOiPover3G that tricks iPhone apps into thinking that they are on Wi-Fi even though they are on 3G/EDGE/GPRS. Thus allowing you to make VOiP calls over your iPhone’s data connection.

VOiPover3G developed by crash-x is a MobileSubstrate library that tricks iPhone apps into thinking that they are on Wi-Fi even though they are on 3G/EDGE/GPRS.

It allows users to make VOiP calls over your iPhone’s data connection. You can configure which iPhone apps get tricked by adding the app’s bundle identifier to “/Library/MobileSubstrate/DynamicLibraries/VoIPover3G.plist”. By default, VOiP apps such as Fring, Truphone and iPhone apps such as iTunes Store and App Store have been added (however the developer has mentioned that iTunes Store and App Store does not work).

If you want to trick all iPhone apps then you need to rename or delete VoIPover3G.plist file, however it is recommended that you selectively add the iPhone apps rather than tricking all apps.

I tested Fring after installing VOiPover3G over my iPhone’s 3G data connection and it worked quite well, the sound quality of the calls were good. I am not sure how well it would work over slower data connections such as EDGE and GPRS but iPhone users have reported that it works fine over EDGE.

You can install VOiPover3G on your jailbroken iPhone via Cydia. An important thing to note is that there is no iPhone app icon available on the iPhone’s home screen, however after installing the MobileSubstrate library, you should be able to use apps such as Fring and Truphone over your iPhone’s data connection which earlier would have given “You must be connected to WiFi” error.

However, please proceed with caution as making VOiP calls over your data connection could get you into trouble with your carrier.

VOiPover3G has been around for quite sometime, have you used it before? As always, let us know what you think about the hack and how it goes in the comments below.

Tags: , , , , ,


How to SSH into your iPhone in 5 Easy Steps

Posted by admin on Jul 12, 2009 in Uncategorized

Meebz Picture Guide to SSHing into Your iPhone
(A Mac and Windows Tutorial)

On Your Phone:

1. Download OpenSSH from Cydia



2. Get Your iPhone’s IP Address

Go to Settings on your iPhone

Click on Wi-Fi

Click on the Blue Arrow by your Network’s Name




On Your Comp:


1. Download Cyberduck
2. Click Open Connection


3. Change Protocol to SFTP (SSH File Transfer Protocol)


4. Type in your iPhone’s IP Address in the Server area.


5. Username: root
Password: alpine


1. Download FileZilla

2. Open File –> SiteManager –> Click New Site
3. Fill In the Fields

Host: Enter in the iPhone IP Address

ServerType: SFTP (SSH File Transfer Protocol)

LoginType: Normal

Username: root
Password: alpine


You can now access the iPhone file system.


If you need information on where to place or find files, leave a message.

Tags: , , , ,


QuickPwn: Jailbreak Your iPhone in 3 Easy Steps

Posted by admin on Jul 12, 2009 in Uncategorized

Video Tutorial of Firmware 2.2 Jailbreak in Action

QuickPwn 2.2 is Completely “Plug ‘n Play”


1. Upgrade your iPhone through iTunes to 2.2
2. Download QuickPwn 2.2 for Mac or Windows
3. Plug in your iPhone

Tags: , , , , ,


New Years Day Pwnade: iPhone 3G Unlock

Posted by admin on Jul 12, 2009 in Uncategorized

“Diving into yellowsn0w”

The DevTeam unlocks the iPhone 3G to work on any carrier.

Meanwhile, on an apple-shaped island in the remote recesses of an uncharted, waterfront villa, Steve Jobs takes time away from his multitude of disease-curing creations to plot his latest reprise in response.

Upon hearing the news over their invasive, overpriced and over-bundled satellite, internet, tv and phone monitoring services, AT&T executives unceremoniously drop a load of coal down their neatly-pressed, flat-front, business trousers.

The cat and mouse game ensues into the new year.

Excerpt from DevTeam:

3G Unlock

We have been working hard on a few other things. The main one being the 3G unlock codenamed “yellowsn0w”. This is now completed and is currently being packaged into a user-friendly application with the simplicity that you see in QuickPwn or BootNeuter.

* The target release date for the unlock is New Year’s Eve 2008.
* This unlock method is available to iPhone 3Gs that have 2.11.07 baseband or earlier, we did warn you.
* You can tell what version baseband you have by going to Settings->General->About->Modem Firmware
* The unlock requires a jailbroken 3G iPhone. It’ll be installable via Cydia and so it doesn’t matter if you have a Mac or PC.
* Please refrain from updating your baseband, regardless of what version you’re at. We’ll have complete directions on New Year’s Eve.
* We’ll stream a live demo of the unlock before Christmas (see the update at the end of this post)

Tags: , , , , ,


A New Year with yellowsn0w: Unlock your iPhone 3G

Posted by admin on Jul 12, 2009 in Uncategorized

The iPhone 3G Unlock has Arrived

Sitting in a freezing New York sublet still recovering from an even colder New Year’s Eve filled with long cab rides, empty promises and unattainable resolutions, I find myself reminiscing about the ball drop and people’s lips counting down to yellowsn0w, the first impactful statement of the New Year.

Your iPhone 3G is no longer locked to AT&T or it’s respective international counterparts, so ring in the new year with your carrier of choice. Details below.

As Always Thanks DevTeam!


Exerpt from the DevTeam:

Don’t eat yellowsn0w!

Hello all,

We wish you a very happy, healthy, and hopeful 2009!

We have released the 0.9.1 beta yellowsn0w 3G unlock application.


Cydia source: http://apt9.yellowsn0w.com/
Installer repo: http://i.yellowsn0w.com/

Tags: , , , , ,


Activate MMS on the iPhone 2G for Free

Posted by admin on Jul 12, 2009 in Uncategorized

Apple and AT&T, fueling their latest cash cow, say that the iPhone 2G is incapable of sending and receiving MMS. Seemingly, the only option left for first generation users was SwirlyMMS*.

Now that MMS is finally free on the iPhone, it seems rather nonsensical to pay for it.

Thanks go out to geniusan for providing another free MMS solution for first generation iPhone users.


mms Activate MMS on the iPhone 2G for Free


5 Steps to Unlocking MMS:

1. Install ActivateMMS2G from Cydia
2. Reboot your iPhone
3. Go to: Settings –> General –> Network –> Cellular Data Network
and enter in your carrier settings
4. Reboot your iPhone
5. Start MMSing




*SwirlyMMS charges $8 to enable MMS for just one iPhone; so that if you switch iPhone’s you need a new license

Tags: , ,


Some Nifty New Hacking Tricks for the iPhone!

Posted by admin on Jul 12, 2009 in Uncategorized

iPhone hackers have some new tools now, thanks to HD Moore, one of the developers of the Metasploit hacking software.

On Tuesday, Moore announced that he was supporting the iPhone within his Metasploit framework and released software that would allow hackers to run “shellcode” command prompts on Apple‘s mobile device.

By integrating the iPhone into Metasploit, it will now be a little easier for hackers to gain access to someone else’s iPhone, but they will also need a few other tools to succeed. First, they will need to create working exploit code, which takes advantage of bugs in Apple’s software, to trick the device into running the shellcode. They will also need to create more sophisticated “payload” applications that can do things like remotely connect with the hacker. “It’s a first step,” Moore said of his hack.

With iPhone prices dropping and noticeable improvements in the quality of iPhone hacking tools, Apple’s phone has become a more interesting target of late, Moore said.

And the iPhone has obviously hit a nerve in the security community. Moore said that about a quarter of the attendees at the recent Black Hat conference in Las Vegas had the devices. “It’s trendy,” he said. “It kind of creeped me out when I saw how many people had iPhones when I went to Vegas.”

In fact, hackers have already developed a number of exploits that they claim could be used on the iPhone’s Safari browser.

And security researchers have even demonstrated how the iPhone can be compromised. In July, a Baltimore, Maryland, company called Independent Security Evaluators showed how it could run unauthorized software on an iPhone by taking advantage of a Safari bug.

Moore believes that the iPhone’s browser and mail client will be the best sources of bugs and he said that because of the components and information stored on the phone, it may end up being a more attractive target than the PC.

For example, the phone could be used to track someone’s location based on information from cell phone towers. Throw in the iPhone’s microphone, camera and an Internet connection, and you suddenly have a device that could be used to secretly keep tabs on people, Moore said. “If you look at what you get by exploiting someone’s iPhone, you actually get a lot more than you do from someone’s PC a lot of the time,” he said.

Tags: , , , , , ,


Hack the iPhone

Posted by admin on Jul 12, 2009 in Uncategorized

Disable automatic sync in iTunes

First, plug your iPhone into your computer so that iTunes comes on. On the left-hand side of the screen under “Devices” click on your iPhone, and then on the page that comes up, click so that “Automatically sync when this iPhone is connected” is OFF. It looks like this:

Disable the synchronization in iTunes

(By the way, to grab a screenshot of a window on a Mac and save it to the desktop, you need to hit Command-Shift-4, then the space bar, then click a window. Sheesh.)

Download and run AppTapp

The combination of AppTapp and Installer.app lets you add applications to your iPhone with almost no effort:

- Make sure that iTunes isn’t running. Plug your iPhone into your Apple computer and make sure that iTunes didn’t start running.
- Download AppTapp to your Apple computer from http://iphone.nullriver.com/beta/
- Run it.

That’s pretty much it. iPhone Atlas has the best walkthrough I’ve seen if you want more details about AppTapp/Installer.app or what to do after you’ve run AppTapp. The short version is to update Installer.app first (touch the “Update” tab). Next you want to install the Launcher program (you can only see 16 icons on your iPhone, so installing Launcher ensures that one of those first 16 icons can access other applications).

After that, you’ve got a lot of options. The “Community Sources” package will give you even more choices for applications to install. Installing “OpenSSH” and “BSD Subsystem” is also recommended. Finally, if you install the MobileTerminal application, you can experience the joy of typing “ls” on your iPhone. Walking around with UNIX in your pocket is very nice. See the iPhone Atlas guide for screenshots and more info.

If you want to impress your fellow geeks, Lights Off was the first native game for the iPhone and it also looks great. My brother and I had a similar “turn the lights out” game when we were growing up, but it was called Merlin. Now you can play this game on much prettier handheld appliance.

More Resources

If you’re a Windows person and can’t beg/borrow a Mac from anyone, you might check out iBrickr. It lets you manage ringtones and applications on your iPhone.

If you don’t want to go the AppTapp/Installer.app way on a Mac, you might also check out iFuntastic. iFuntastic lets you tinker with all kinds of things, from ring tones to applications to multiple “home screens.” Each home screen can have a different set of icons. Version 3 was released just a few days ago and the new version adds PowerPC support.

As always, back up your data first, and any of this could (in theory) break your iPhone. I don’t think anything I’ve mentioned would get you in trouble with lawyerfolk, but if you’re worried, you can always play it safe and stick with the built-in applications on the iPhone. If you see errors above or know of another interesting way to install native third-party applications on an iPhone, please mention it in the comments.

Tags: , , , , , , ,


Why Should you hack your iPhone?

Posted by admin on Jul 11, 2009 in Uncategorized


Because it’s there.

For the most part, there’s not a huge reason to hack your iPhone yet. Adding custom ringtones is probably the best reason to do a little iPhone hacking. Capturing screenshots of your iPhone is another good excuse to hack it (you’ll see screenshot examples later).

But currently, there’s not a “killer app” for iPhone hacking. The Nintendo emulator is cool-looking, but is somewhat unplayable due to the iPhone’s lack of real buttons. At this point, the only real reasons to hack your iPhone are:

* It’s fun. You get to learn some stuff about the inside of your phone, and possibly learn some cool Unix stuff along the way.
* It will make your iPhone look different and unique. Once you have a couple of additional apps on there, other iPhone users will take pause when they see your phone.
* You’ll be prepared for future third-party releases. Once your iPhone is hacked, it’s very simple to add additional applications as they become available. Development is proceeding very quickly – the Nintendo emulator was available just a week after the iPhone hacker development tools were posted.

Hacking your iPhone requires an Intel Mac, a set of files and the iPhone Hacking Kit, which you can download here, and some time. Unzip the iPhone Hacking Kit folder and place it on your Desktop. It must be on the Desktop for these instructions to work as they are printed here. Finally, your Mac and iPhone need to be connected to the same Wi-Fi network.

Before we begin, though, we must issue the obligatory warnings: it is theoretically possible to screw up your phone. However, at any time, you can use iTunes to restore your phone to its original state, so you don’t have to worry about completely breaking your phone. The worst that will happen is that you’ll lose some time. That said, if taking things apart makes you nervous and uncomfortable, then what we’re going to do here probably isn’t for you.

We’ll be performing most of our hacks through the Terminal application on your Mac. Just type carefully and proceed slowly and you’ll be fine. And don’t worry, a single typo will not trash your whole phone.

What we’re going to do

Before we get started, let’s take a high-level look at exactly what we mean when we say we’re going to “hack the iPhone.” Our goal is to open up a communications channel that will let us add new, executable applications to the iPhone. The iPhone is a communications device, so one would think that it would be easy to communicate with it, but because Apple designed it to be unmodifiable, finding a way to talk directly to the phone is not simple.

Yes, the phone has a Wi-Fi connection, a cellular radio, and Bluetooth, but it doesn’t actually include any software that can use these features for file transfer, and there’s no way to hack into any of those particular connections.

However, it does include a serial port and a cable, and it knows how to talk to iTunes through this connection. This, then, will be the initial method for talking to the iPhone. Thanks to some clever software, we’ll begin by breaking the phone out of the “jail” that Apple has put it in.

Jailbreaking works by intercepting the communication that is supposed to happen between the iPhone and iTunes. Once intercepted, a channel is open to the computer’s OS, and we can use that channel to install software. However, this channel requires a direct connection to your Mac (through the iPhone’s USB cable) and while your phone is “jailbroken” you can’t sync. As such, it’s not a viable long-term solution for hacking the phone.

So, our first task after the phone has been broken open will be to install an SSH tool. SSH stands for “secure shell” and is a standard Unix tool for issuing commands to any computer that’s running Unix. And, since your iPhone is built on an OS X variant, it’s a Unix computer.

Next we’ll install some additional utilities, including some file transfer utilities, and then finally we’ll put the phone back in jail. That is, we’ll return it to its normal state that allows it to sync with iTunes through its serial cable. However, with the SSH and file transfer utilities installed on the phone, you’ll now be able to talk to the phone from any Mac terminal window via the phone’s Wifi connection – just as you can talk to any other Mac or Unix machine this way. We’ll use this channel to install a Terminal application and screen shot utility.

Let’s get started.

Get out of jail free

In the iPhone Hacking Kit that you downloaded, you should find an installer for iFuntastic. Double-click this installer to install iFuntastic in your Applications folder. This is the program we will use to jailbreak your phone.

Once it’s installed, do the following:

1. Reboot your Mac, just to be safe. You don’t want iFuntastic crashing during this process.

2. Make sure your iPhone is on, then plug it into your Mac using the usual cable.

3. After iTunes launches, quit it.

4. Double-click iFuntastic to launch it.

5. On the left side of the iFuntastic window there is a button called Prepare. Press it now.

6. Click the Jailbreak button at the bottom of the window.

7. On the next page are six steps. Follow them very closely.

8. If all goes well, you will see this page:

If the jailbreak fails, don’t panic, just try it again until it works.

9. Now hide iFuntastic by pressing Command-H. We’ll be returning to it later.

Your iPhone won’t look or function any differently once it’s out of jail. The only change is that when you plug it in it won’t sync with iTunes. Don’t worry, we’ll re-jail it when we’re finished to get it back to normal.

Now we’re ready to exploit our newfound connection to our phone.

Not your average bear

As mentioned earlier, our ultimate goal is to end up with an iPhone that has software on it that can communicate with our Mac via a normal Wifi connection. With the phone jailbroken and tethered to the Mac, we have a communications channel which we will now use to install an SSH application called Dropbear. From here on out we’ll be working extensively with the Terminal application, so open it now. By default, it’s located in Applications>Utilities.

Once Terminal is launched, you need to change to the iPhone Hacking Kit directory. In terminal type cd followed by a space, and then drag the iPhone Hacking Kit folder into the terminal window. Then press Return. Your terminal window should now say something like:

Your Mac:~/Desktop/iPhone Hacking Kit yourmac$

Located in the iPhone Hacking Kit folder is a copy of iPHUC, the iPhone Utility Client. Run it now by typing


and then pressing return.

You should see:

>> By The iPhoneDev Team: nightwatch geohot ixtli warren nall mjc operator
initPrivateFunctions: this is still not clean.
Architecture: i386
AMDeviceNotificationSubscribe: 0
CFRunLoop: Waiting for iPhone.
notification: iPhone attached.
AMDeviceConnect: 0
AMDeviceIsPaired: 1
AMDeviceValidatePairing: 0
AMDeviceStartSession: 0
AMDeviceStartService AFC: 0
AFCConnectionOpen: 0
AFCPlatformInit: (no retval)
notification: Entering shell in Normal Mode.
shell: Entering loop.
(iPHUC) /:

We are now in a shell that’s talking directly to the iPhone, just like any other type of shell that you might normally run in Terminal. This one, though, knows how to communicate through the jailbreak connection that we’ve established through the serial cable.

Now we need to make one little change to the phone. Do this by typing:

setafc com.apple.afc2

After pressing return, iPHUC might respond with this error:

AMDeviceStartService AFC: -402653165
AFCConnectionOpen: 0

If it does, then quit iPHUC by typing exit, then run iPHUC again by typing ./iPHUC.

Now enter setafc com.apple.afc2 again, and press return. You should now see:

AMDeviceStartService AFC: 0
AFCConnectionOpen: 0

If you see the Invalid Response message, quit iPHUC and try again. When things are working, you should see something to the effect of:

AMDeviceStartService AFC: 0
AFCConnectionOpen: 0

Don’t worry about the numbers. In some cases, you might have to actually quit Terminal completely and restart. Keep going until the command completes without the Invalid Response error generating.

To ensure that everything is working properly, type ls and press return. If you’re used to using Terminal, you’ll recognize ls as the List Directory Contents command, and sure enough, you should see a directory listing:


These are the contents of the iPhone’s root directory and as you can see, they look very much like a standard OS X root directory. If you don’t see this directory, quit iPHUC and try again.

Now we need to retrieve two files from the iPhone. Later, we’ll see what these are for.

In the Terminal, enter
getfile /System/Library/LaunchDaemons/com.apple.update.plist com.apple.update.plist.original
and press return. iPHUC should respond with:

remote: /System/Library/LaunchDaemons/com.apple.update.plist
local: com.apple.update.plist.original
AFCFileRefOpen: opening remote path ‘/System/Library/LaunchDaemons/com.apple.update.plist’
AFCFileRefRead: reading 489 bytes into buffer
getfile: Writing file to local path ‘com.apple.update.plist.original’
getfile: Transfer successful.

If you look in your iPhone Hacking Kit folder on your Mac, you should see a new file called com.apple.update.plist.original. This is a copy of a preference file that we just pulled off of the iPhone and renamed.

Now enter getfile /usr/sbin/update update.original and press return.

Again, you should see the Transfer successful message, and another file will appear in your iPhone Hacking Kit folder. This time, we grabbed the update daemon from the iPhone. This is a small application that gets executed when the phone boots. We renamed the daemon update.original when we saved it to the local drive. The reason for all this will become clear shortly.

Now it’s time to put Dropbear, our SSH tool onto the iPhone. Issue the following commands. After each one you should see “Transfer successful”. If you don’t, then double-check your typing and try again. You’ll need to replace [username] with your user name.

Next, enter mkdir /etc/dropbear

This creates a directory called dropbear in the /etc directory.

Using the Putfile command, you’ll need to move several files from your iPhone Hacking Kit onto the iPhone. You’ll do this by typing putfile and pressing space, then dragging and dropping the file from the finder onto a Terminal window, then typing a space, then typing the path of the destination directory.

For example, for the first entry the end result would be:

putfile /[path to hacking kit]/sh /bin/sh

File to Drop

Destination to type

















We’ve done several things here. First, we put a copy of a shell application called sh into the /bin directory on the phone. Ultimately, we will need a shell application to be able to communicate with the phone from the Mac terminal, so that’s why we’re installing it now.

Next, we placed a copy of a program called chmod in the /bin directory. All files in a Unix operating system have permissions attached to them, and chmod is a program that lets us alter permissions. We’ll use chmod to make the applications that we install executable.

Next we installed Dropbear in the /usr/bin directory. This is the SSH program that we want the phone to run. After that, we installed a plist with a long name in the /System/Library/LaunchDaemons directory.

We placed two host key files in the /etc/dropbear directory that we made earlier. SSH needs these files to perform its secure, encrypted transfers.

Finally, we placed another copy of chmod in the /usr/sbin directory, but this time we named the resulting file update. As you’ll recall, earlier we pulled a copy of update off of the iPhone. We’re now writing over the update app that’s on the iPhone with a chmod app. You’ll see why in a sec. We also installed a plist in the com.apple.update directory.

So, we’ve copied Dropbear onto the phone, as well as some utility files that it needs, but we’ve also done something else. Before an application can be run, its permissions must be set to executable, which we can do with the chmod application that we installed. The problem is, how do we get chmod to run on our Dropbear application because right now, we have no way to execute a program.

In the old days of iPhone hacking (that is, the morning of June 30, 2007 at roughly 10ish) you used special tools to pull off an image of the iPhone’s contents. Then you manipulated that image on your Mac, installing software and changing permissions, and put the whole thing back on. This was difficult and time-consuming, which is why an enterprising hacker named Nervegas came up with a new trick.

When your iPhone is booted, it automatically runs certain applications called daemons. The update daemon is one of those. As you’ll recall, we made a copy of update early on. You’ve now replaced the update daemon on the phone with a copy of chmod. When you reboot your phone, it will blithely execute update, just as it’s supposed to, with no idea that it’s actually running chmod. The com.apple.update.plist.hacked file that we installed (but named com.apple.update) contains the parameters necessary for chmod to alter the preferences of our Dropbear application to make it executable.

Once Dropbear has been made executable, it will run any time the phone is powered on. So:

Now turn your phone off, and then turn it back on. Because you’re still jailbroken, iTunes will launch and then quit. When the phone is back up and running, turn it off and on again. Again, iTunes will launch and quit. You have now rebooted your phone twice. The first time, our Trojan chmod application modified the permissions of Dropbear. The next time, the now-executable Dropbear should start running, and voila! You’ll have an ssh daemon running on your iPhone!

After the phone has rebooted the second time, we need to test to see if ssh is running. Any time you want to SSH into your iPhone, you must know the phone’s IP address. On the phone, press Home, then Settings, then Wi-Fi, then look at the details for the network that you’re connected to. You’ll find the IP address in there.

1. In the Terminal window, type exit, to quit iPHUC.
2. Type ssh root@[iPhone's IP address]. For example ssh root@

The iPhone should respond with something like:

The authenticity of host ’ (’ can’t be established.
RSA key fingerprint is 5a:e4:fa:de:62:f6:9b:96:7f:3b:57:b1:76:21:77:d6.
Are you sure you want to continue connecting (yes/no)?

Type yes and hit return. When it asks for a password, enter dottie. By default, all iPhones have a password of dottie.

You should see a prompt like this:


Congratulations! You’ve just installed an ssh client and ssh’d to your iPhone!

3. Enter ~. To exit ssh. If it continues to display the ssh prompt, try again.

Back to normal

Now we need to restore some things on the phone to normal. As you just learned, to get this all to work, we had to replace the update daemon with chmod. Now we need to put update back where it was.

Launch iPHUC by typing ./iPHUC in the Terminal and then enter these commands (each of them on a single line, despite the fact that on this web page the information breaks over multiple lines):

putfile /Users/[user name]/Desktop/iPhone\ Hacking\ Kit/com.apple.update.plist.original /System/Library/LaunchDaemons/com.apple.update.plist

putfile /Users/[user name]/Desktop/iPhone\ Hacking\ Kit/update.original /usr/sbin/update

Those two commands restore the update daemon.

Your phone now has an ssh client on it, and a password known by anyone who’s reading this article (as well as a bunch of really talented hackers). The odds of someone looking for an iPhone to hack in a public place are small, but if you really want to be secure, you can change your password.

To change the password of your phone:

1. In the Terminal, exit iPHUC by typing exit.
2. At the prompt, enter perl-e ‘print crypt(“mypassword”,”xx”);’

Substitute your desired password for mypassword, and enter any two characters in place of XX.

Terminal will display an encrypted version of your password.

3. In the iPhone Hacking Kit folder, you’ll find a file called master.passwd.original. Open this in TextEdit and replace both the mobile and root passwords with the encrypted text.

For example, if you generated the following password in step 2: XXVeA.Z.EZ6FA

Then, in the master.passwd.original file, you would change this:

root:XUU7aqfpey51o:0:0::0:0:System Administrator:/var/root:/bin/sh

to this:

root: XXVeA.Z.EZ6FA:0:0::0:0:System Administrator:/var/root:/bin/sh

and this:

mobile:/smx7MYTQIi2M:501:0::0:0:Mobile User:/var/mobile:/bin/sh

to this:

mobile: XXVeA.Z.EZ6FA:501:0::0:0:Mobile User:/var/mobile:/bin/sh

4. Choose File > Save As and save the document back into the iPhone Hacking Kit folder as master.passwd.

Because TextEdit tends to add .txt extensions, select the file, choose File > Get Info, and get rid of the extension.


In the Terminal, launch iPHUC again by typing ./iPHUC.


Put the new password file on your phone with this command: putfile /Users/[username]/Desktop/iPhone\ Hacking\ Kit/master.passwd /etc/master.passwd

Now your phone is almost back to normal. But, we still have some more things to install.

SCP – The racer’s edge

So far, we’ve been using iPHUC to manage all file transfers between the Mac and the iPhone. But we want something that doesn’t require a tethered connection, so we’re going to install a copy of a program called SCP. This will ensure that we can move files on and off after we’ve unplugged the iPhone.

Launch iPHUC and issue the following commands, once again using Putfile to move the following files into the following directories in the format

putfile [drop file here] [destination path]

File to drop

Destination to type







The SCP and SFTP servers are now installed, but they need to be made executable. As you’ve learned, we can make a file executable by using the chmod tool. Earlier, we had to trick the iPhone into executing chmod, but now that we have ssh on the phone, we can simply ask the phone to execute chmod.

Enter ssh root@[iPhone's IP address]

When prompted, enter your password, you will then be presented with an ssh prompt: -sh-3.2#

Now the Terminal window is acting as a terminal directly to the iPhone. In other words, any commands we enter will be executed by the phone. Tell the phone to execute chmod to change the permissions of the sftp-server and scp applications.

chmod +x /usr/libexec/sftp-server
chmod +x /usr/bin/scp

Now test SCP by entering scp. You should see something like this:

usage: scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]
[-l limit] [-o ssh_option] [-P port] [-S program]
[[user@]host1:]file1 [...] [[user@]host2:]file2

We’ll use SCP shortly to install some new applications on the iPhone. But first, we need to do some cleanup.

Go directly to jail

We’re just about ready to re-jail the iPhone. This will return it to its normal, sync-ready state, and will mean that you no longer have to tether it.

Before we rejail, though, we’re going to move over a few more files. In iPHUC, issue the following commands in the format putfile [drop a file here] [path]

File to drop

Path to type













We’ll fiddle with those files later. For now, on your Mac, return to iFuntastic. We’re ready to re-jail the phone.

Before we do, though, notice that iFuntastic allows you to add new ringtones, change the carrier logo, alter the order of icons on your home screen, and browse files. If you want to use any of these features, give them a try.

When you’re finished, click the Finish button, and then the Jail button. Then, follow the on-screen instructions. This will put your phone back in jail, closing the communications loophole that we’ve been exploiting. iPHUC will no longer be able to talk to your phone. But that’s okay, because we now have lots of other ways to do that.

After your phone has rebooted, click Done, and then give some thought to donating to the resourceful hackers who made iFuntastic possible. When you’ve finished, quit iFuntastic and unplug your iPhone from your Mac.

Do something useful

So far, our hacking has been limited to the “because it’s there” level of satisfaction. Let’s kick it up a notch and install some actual applications. We’ll start with a screenshot app written by Erica Sadun. We need to transfer the screenshot app to the phone, which we’ll do using the SCP application that we installed earlier.

scp [drop hacking kit screenshot here] root@[iPhone's IP]:/Applications

You’ll be prompted for your phone password, and then the transfer should occur. This command sends the file screenshot to the Applications directory of the phone. You can learn more about scp by opening a new Terminal window and entering man scp.

Now we need to make the screenshot app executable.

ssh into your phone (ssh root@[ipaddress]). Because you rebooted your phone, you may want to double-check what IP it ended up with. Enter these commands:

chmod +x /bin/bash

You should now see a bash prompt that looks like this:


Bash is a more versatile terminal that allows you to do a few more things.

Enter chmod +x /Applications/screenshot

Screenshot should now be executable. Let’s try it. Put your iPhone on a screen that you want to capture. In your Mac’s Terminal window, enter /Applications/screenshot. You should see:

About to snap screen.
Your screen shot is located at /tmp/foo_0.png

Your phone has captured a screen and stored it. Now we simply need to retrieve it, which we can do with the scp command. Open a new terminal window and enter:

Enter scp root@[iPhone's IP]:/tmp/foo_0.png /Users/username/Desktop

When prompted, enter your password. The screenshot will be captured to your desktop.


(We created a second terminal window to enter the SCP command so that we now have one terminal window that’s running SSH, and another that lets us issue SCP commands.)

If you’re spending a long time ssh-ing or scp-ing to and from your phone, you might find that the phone falls asleep and kills the Wifi connection. You can make it stay on longer – or indefinitely – by going to Settings > General and then changing the Auto-Lock time.

So far, we’ve been using the Mac’s terminal to control the phone. Let’s install a terminal app that we can use on the phone itself.

Enter scp -r [drop Terminal.app from Hacking Kit here] root@[ip address]:/Applications/Terminal.app to transfer the terminal application to the phone. We have to add -r to the scp command because, technically, the Terminal app is a directory.

Now we need to make the app executable. SSH to your phone and then enter:

chmod +x /Applications/Terminal.app

Now restart your phone. Once it’s up, you should see a new icon on your home screeen!


Press Terminal, and the terminal app will launch. Any commands that you’ve been issuing through ssh you can now do directly on the phone. For example, let’s launch the bash shell. In the iPhone Terminal, enter bash and press return.


Just before we put the phone back in jail, we copied some additional commands to the bin directory. Let’s make three of them executable. In the iPhone terminal, enter:

chmod +x /bin/rm
chmod +x /bin/rmdir
chmod +x /bin/ls

RM is a remove command that let’s us delete files, while rmdir lets us delete directories. LS is the list directory contents command that we used earlier. We’ll fiddle with these again later.

Bash is a much better shell than the default shell that the Terminal executes. So, if you find yourself unable to execute certain basic commands in Terminal, then try launching bash.

Let’s do a little iPhone customization. Personally, I don’t find the Stocks application to be very useful, so let’s remove it. Because we might later have some great windfall that would make the Stocks app more handy, we’ll back it up first, so that we can always put it back later.

In your Mac’s Terminal window, enter the following:

scp -r root@[iphone IP address]:/Applications/Stocks.app /Users/[your user name]/Desktop

This will copy the Stocks program to your Mac desktop. Now enter the following commands (you can do this either via ssh on your Mac, or directly into the Terminal on your phone). Be sure to enter the path exactly as it is shown here, as this command will remove an entire directory, and you don’t want to accidentally remove your entire Applications directory:

rmdir -rf /Applications/Stocks.app

Now reboot your phone. When it powers back up, you should find that the Stocks application is gone. If you ever want to put it back, just use SCP to transfer the copy that you saved to your desktop back to your /Applications directory. Then use chmod to make /Stocks.app/Stocks executable. Reboot the phone and it will be right back where it started.

All of this should be enough to get you started. You’ve got a good assortment of commands and an understanding of how to move things on and off your phone. As more apps are developed you can use SCP to transfer them to your phone, and CHMOD to make them executable.

Note that, with the next update, Apple could wipe out all of your changes. If this happens, you may have to re-hack the whole thing, and this may require an update to the Jailbreak application or to iPHUC. We’ll try to keep you posted as these things change, and as new hacks become available.

Tags: , , , , , , ,


8 New Tips and Tricks for Your iPhone!

Posted by admin on Jul 11, 2009 in Uncategorized

Found on ismashphone.com are 8 more excellent iPhone tricks:

1. Double tap space bar for a period -

When typing on your iPhone, double tapping the space bar at the end of a sentence automatically enters a period followed by a space. No need to press “123″ to get to the numbers and symbols page where the period typically resides. I use this trick daily and it heavily increases my typing speed (especially when texting).



2. Tap the bottom corner to navigate home screens

When on your home screen, try tapping the bottom right/left corner to switch between pages instead of swiping your finger accross the screen.


3. Take out your SIM card during backup and sync -

We’ve all experienced it. You’re backing up and syncing your iPhone, and the hour long back up is nearly complete. Then all of a sudden you get a phone call, and the whole back up/sync is null and void.

To avoid this happening, simply start the backup/sync, then pull out your SIM card. Do not worry, this does not damage your phone at all. Put it back in once everything is complete. This way, your backup won’t get interrupted.

This tip is also useful if you need to make a phone call while your iPhone is backing up/syncing. Since unlocking your phone cancels the process, just take out your SIM card, pop it in your old cell phone, and call away.

4. Move “dock” icons

You’d be surprised how often this tip is overlooked. The 4 icons located on the grey bar at the bottom of your iPhone – Phone, Mail, iPod, Safari – are movable, just like the rest of the icons. Just press and hold the icons, then drag them while they are shaking. Press the home button when you’re done. You can put any 4 icons on your dock.

In the screenshots, note the difference between pic 1 and 2.



5. Automatically capitalize and add apostrophes

The iPhone automatically capitalizes certain words (“I” when you type “i”). It also automatically adds apostrophes (“I’m” when you type “Im”).



6. Double tap a column on Safari to fit-to-page

When browsing the Internet on your iPhone’s Safari browser, double tap any column, word, or picture to fit it’s width to your iPhone’s screen. This is extremely useful for reading blogs.

The first screenshot is the page when it firsts load. The second screenshot is the page once the main text was double tapped.



7. Manually select the icon image for a bookmarked webpage

This one’s a little more confusing. When you are browsing a website on your iPhone’s Safari browser and want to add its icon to your home screen, press the plus sign and select “Add to Home Screen”.

The image in the icon, however, is a screenshot of the page you were on. So if you want the icon to look a specific way, zoom in on a particular item on the page. Whether you want the website’s logo, or some picture on the page, simply zoom in on that part of the page before you press “Add to Home Screen”.

Note: This doesn’t work with all websites. Popular sites like Google have special icons for the iPhone’s home screen.


Go to your website of choice.


Zoom in on your favorite part.


Press the + sign and choose Add to Home Screen.


Name the bookmark appropriately (Digg – Apple).


Now that exact part of the webpage is displayed in your icon.

8. Your iPhone’s headphones have a multi-function button!

You’d be surprised how many people don’t know that the iPhone’s native headphones have a button on the microphone.

Just squeeze the microphone together, and the button gets pressed.

The buttons functions:

In call…

o Press once to answer a call
o Press twice to send the call to voicemail
o Press once to hang up a call

In call while second call coming in… [thank you silver0fox]

o click once to hold current call and switch to new call
o hold for 2 secs and release to ignore new call

Out of call…

* Press once to activate iPod and play song
* Press once to pause song
* Press twice to skip to next song


Tags: , , ,

Copyright © 2014 Hack the iPhone! All rights reserved. Designed by Matt Prindle.