iOS 1.1.1 Jailbreak

The only available jailbreaks for iOS 1.1.1 are Appsnapp (tiff exploit), Touchfree (another tiff exploit) and the Touchfree desktop client. The problem with this is that the server for the appsnapp is down and touchfree is just essentially appsnapp and vice versa. So lets make our own! :)))

If you are lazy just visit jbme.tk on your ipod with iOS 1.1.1

Exploiting

With the research I did i’ve found out that metasploit published some sort of writeup and source code of the tiff exploit and many people have made their own version of the tiff exploit like this tutorial here https://forums.macrumors.com/threads/ipod-touch-full-jailbreak-guide-for-windows.367115/

If you actually follow the link and see http://jailbreak.toc2rta.com/ you will find out that it doesn’t acutally exist anymore. In order to get it back all you have to go is plug in the link into the web archive at archive.org. When you do it will just lead to the main website.

Capture2.PNG

I’ve circled the link to follow just click on it and upload it to your “Developer” iPhone with clang or gcc.

Just compile the c++ file using clang or gcc, like this.

“clang tiff_exploit.cpp -o exploit”

Now we have to make it executable

“chmod +x exploit”

Now we generate that tiff we need.

./exploit 1.1.1 > exploit.tiff                   // This generates the exploit in a file called exploit.tiff

Upload this file somewhere like a local apache server or a vps. Load up the tiff on your iphone and then you can run the touchfree program. My good friend random_user_online has modded and updated this program to work on xp and vista with iTunes 7.5.

http://192.243.108.87/iarchive/Jailbreak%20program%20archive/Touchfree%201.0alpha%20Windows.zip

Now just unzip that and within it will be a another zip that says updated or something. Just run that program and you should be jailbroken.

Exploiting the second method

You should use metasploit. Head over to apt.saurik.com/debs and grab as follows

metasploit3_3.2-5450

Ruby 1.8.6

RubyGems 1.0.1-1

Now install them like this

dpkg -i <metasploit deb>

dpkg -i <ruby deb>

dpkg -i <rubygems deb>

After that you SHOULD be able to run msfconsole and get something like

=[ msf v3.2-release
+ — –=[ 274 exploits – 122 payloads
+ — –=[ 17 encoders – 6 nops
=[ 52 aux

msf >

You will now need to grab the files from here https://github.com/planetbeing/touchfree/

Navigate to the tiff and metasploit folder and copy all the files there to /var/stash/share*/msf3/

After your done with that you can follow the README provided by planetbeing.

If you don’t edit the query file, it won’t work. You going to have to have a web server and then upload root.zip and youtube.zip.

Process to the toolchain because your not done.

Iphone Dev Toolchain

Alright so to compile the payload you might have noticed that it won’t compile due to armv5t instruction errors. To fix this you will need to compile the iphone-dev toolchain.

Don’t try to compile on modern software, it won’t work. Trust me i’ve tried over and over.

Now lets get it working, get your favorite virtualization software and fire it up. Download your ubuntu 7.10 or 7.04 iso from here. Install it as usual and follow the guide over at https://code.google.com/archive/p/iphone-dev/. Getting heavenly is pretty easy, if you can’t get it just get a iphone1,1 1.1 ipsw and decrypt the rootfs and boom you got heavenly.

Since the subversion repos are gone just download the source archive from the source tab. You will get everything, including odcctools for x86.

With the toolchain you can compile the touchfree payload, in fact, you have too. Your going to have to edit PayloadApplication.m. Change the urls to reflect your server’s ip.

This toolchain is very useful, you can compile UIKit apps and even use LayerKit. Good luck though as there is no ide.

 

Saurik’s Toolchain

This dudes toolchain is broken, it compiles but I get CarbonCore framework errors. You can use it to compile basic UIKit and objc code.

Uploading.

It is time for the good stuff now, upload this tiff to your webserver and follow the guide mentioned earlier (if you can find the files) where we got the exploit and hopfully without modifications you will have successfully jailbroke your iPhone 2g or iPod touch 1g on iOS 1.1.1!

If you don’t want to do ALL this i’ve compiled it for you! at simplysmp.com/exploits/a.tiff    ; )

If you using the metasploit method, as you should. Just visit jbme.tk on your iPod and jailbreak.

End

Notice, this page will change as the guide is being tested (9/29/2018)

Add a Comment

Your email address will not be published. Required fields are marked *