blacksn0w is a free unlock for the latest iPhone 3G and 3GS
blackra1n is a super simple jailbreak used to install unlock
new visitors, go to blackra1n.com download and have fun
blackra1n RC3 is also live for both Windows and Mac!!! Clean firmware 3.1.2 and baseband 05.11.07 are recommended.
Updates:
Unlock!!!
Hacktivation
Keep legit activation if activated before running app
15 seconds faster, you'll feel it
Tiger + PPC support
Go to blackra1n.com to download
For support, blackra1n.support at gmail...but read this first
blacksn0w is also available on Cydia, add blackra1n.com as repo
requires firmware >= 3.1 and baseband 05.11.07
It appears some users are having wifi issues. Try a "Reset Network Settings". If you are still having wifi issues, see here. They don't appear to be caused by my software. Also, this just enables custom MobileConfig files. To fully enable tethering, go here on your iPhone and download a MobileConfig file for your carrier. Watch out for carrier fees for tethering.
If your ipt2/3GS/ipt3 is rebooting into recovery after running blackra1n, this isn't a bug. It's a feature. You need to run blackra1n every time to boot it. This 'feature', called tethered jailbreak, is enabled by upgrades Apple made to the bootrom and the fact ipt3 uses nand flash.
If you run blackra1n on an already jailbroken phone, it will do nothing but boot it.
Push and YouTube issues are caused by hacktivation. To fix YouTube, add http://cydia.pushfix.info/ as a source and install YouTube Fix.
iClarified has made some nice tutorials:
Windows
Mac
And if you appreciate:
Tuesday, November 3, 2009
Monday, November 2, 2009
sn0wday
Today 11/3/09 is a sn0w day. School is officially cancelled, and all your iPhones will be unlocked. Remember getting those calls?At Noon EST, 5 PM GMT, I will be making it sn0w, and I'm looking to see "#blacksn0w" trending. blacksn0w is the unlock for the latest 05.11.07 baseband, and will also enable official tethering. blackra1n, a jailbreak for 3.1.2, has been updated to RC3, with hacktivation support, 15 second speed improvement, Tiger+PPC support, and installation of the latest blackra1n.app. Here is how getting yourself some sn0w and ra1n will work.
Nothing is live until Noon
If you are a loyal blackra1n user who kept the blackra1n.app on your iPhone, run it. You will see Icy replaced by an option "ra1n". Install this to upgrade your app. After upgrading, run blackra1n.app again. You will see "sn0w". Install this, and enjoy your unlocked iPhone.
If you are new to the scene, just looking for an unlock, finally ready to upgrade to 3.1.2 and the accompanying baseband, willing to restore for the latest and greatest, or stuck on the "Connect to iTunes" screen, you are in luck. Jailbreaking and unlocking have never been easier. Go to blackra1n.com, click on the logo corresponding to your operating system, run the app, and click "make it ra1n". When your phone reboots, you'll see blackra1n.app. Run this, install blacksn0w, and enjoy your unlocked iPhone.
If you jailbroke using pwnage or deleted your blackra1n.app, you are in luck too. Sometime later in the sn0wday, blacksn0w will be added to Cydia, and instructions will be posted here.
If you are on a 2G iPhone, blacksn0w isn't an option for you. But BootNeuter is, a completely free permanent unlock for your 2G. Of course, blackra1n will work great, and even hacktivate for you.
If you have been getting 404 errors when downloading from blackra1n.com, first off, be sure you use the links at blackra1n.com If you are, something is blocking your http referrer.
Thanks to ih8sn0w for bringing the at+xemn command to my attention. This is the injection vector used to get code running on the baseband. One of these days I will write a technical post about how it works.
Also, a note. This may be the best iPhone users ever have it. Be sure, if you have a 3GS or iPod Touch 3, to use Cydia's "On File" or Firmware Umbrella in order to be able to restore to 3.1.2 in the future. And as always, the baseband cannot be downgraded, so be *super* careful with updates if you need the unlock.
Check back here at Noon EST for the official launch announcement
Sunday, November 1, 2009
An Information Campaign
I have an unlock for 05.11.07. I will be releasing on 11/04/09, for $0.00
First off, Jody Sanders, I am declining your $10,000. Why? Because you, and the rest of the iPhone unlock sites out there are scum. You make money selling freeware; that's not cool, and I am in no way going to legitimize it.
Seriously, the people who really lose here are the customers. These sites are full of blatant lies, claiming to have unlocks for 05.11.07 People buy them, and are told the unlock is in development, and the release date is unknown. Imagine you bought a cup of coffee and were told it's in development? Recently, many of these sites sent out e-mails saying they made major breakthroughs and the unlock will be ready 11/04/09. Coincidence that that's the release date of blacksn0w?
I'm not going to post all these scam sites here, as I don't want to give them the pagerank boost. Rather I'll give you a whitelist, two people make unlocks, me and the dev team. Every iPhone unlock site you see out there is selling our stuff, repackaged in some form or another. Same goes for jailbreaks, although ih8sn0w and chronicdev are legit. Notice what all the legit ones have in common? They are free.
Now despite rumors of the ferocity of my legal team, they actually are pretty poor lawyers. And the scum who run these websites are the type who get off on legal battles. So we have to fight them in another way, and I'm asking for everyones help on this. Our weapon is information. Get the truth out, that all iPhone unlocks and jailbreaks are free, and if you are buying something, you aren't getting anything a simple google search couldn't get you, and are probably funding someones crack habit.
This is the first time I have tried to make something simple for the end users, and it enrages me to see people selling it. Let's shut all these assholes down, and tell the iPhone owning world all they need is at blackra1n.com, including blacksn0w instructions on it's release date, 11/04/09(yes, will support hacktivation). You do your part, and I'll do mine making things as simple, reliable, and straightforward as possible.
You have 4 days.
First off, Jody Sanders, I am declining your $10,000. Why? Because you, and the rest of the iPhone unlock sites out there are scum. You make money selling freeware; that's not cool, and I am in no way going to legitimize it.
Seriously, the people who really lose here are the customers. These sites are full of blatant lies, claiming to have unlocks for 05.11.07 People buy them, and are told the unlock is in development, and the release date is unknown. Imagine you bought a cup of coffee and were told it's in development? Recently, many of these sites sent out e-mails saying they made major breakthroughs and the unlock will be ready 11/04/09. Coincidence that that's the release date of blacksn0w?
I'm not going to post all these scam sites here, as I don't want to give them the pagerank boost. Rather I'll give you a whitelist, two people make unlocks, me and the dev team. Every iPhone unlock site you see out there is selling our stuff, repackaged in some form or another. Same goes for jailbreaks, although ih8sn0w and chronicdev are legit. Notice what all the legit ones have in common? They are free.
Now despite rumors of the ferocity of my legal team, they actually are pretty poor lawyers. And the scum who run these websites are the type who get off on legal battles. So we have to fight them in another way, and I'm asking for everyones help on this. Our weapon is information. Get the truth out, that all iPhone unlocks and jailbreaks are free, and if you are buying something, you aren't getting anything a simple google search couldn't get you, and are probably funding someones crack habit.
This is the first time I have tried to make something simple for the end users, and it enrages me to see people selling it. Let's shut all these assholes down, and tell the iPhone owning world all they need is at blackra1n.com, including blacksn0w instructions on it's release date, 11/04/09(yes, will support hacktivation). You do your part, and I'll do mine making things as simple, reliable, and straightforward as possible.
You have 4 days.
Friday, October 30, 2009
Sunday, October 11, 2009
blackra1n is live
Go to blackra1n.com If you enjoy, please donate. If I catch anyone selling this, I'll sic my lawyers on you faster than it takes to jailbreak. Also please no hotlinking, link to blackra1n.com
** Update -- RC2 is out **
Fixed 3G issues
Tethered jailbreak for 3.1 OOTB ipt 8GB and new 3GSes
Fixed Icy issues
Both Windows and Mac
If you used RC1 with success, no need to rerun
Please donate, I had to go out and buy a new iPod, and you all know how much I abhor fixing bugs and incremental releases. A nice spike in the donations will let me know I did the right thing.
** Update -- RC2 is out **
Fixed 3G issues
Tethered jailbreak for 3.1 OOTB ipt 8GB and new 3GSes
Fixed Icy issues
Both Windows and Mac
If you used RC1 with success, no need to rerun
Please donate, I had to go out and buy a new iPod, and you all know how much I abhor fixing bugs and incremental releases. A nice spike in the donations will let me know I did the right thing.
Saturday, October 10, 2009
blackra1n
As many of you already know, I am releasing a jailbreak called blackra1n. What many of you don't know is that I'm releasing it tonight! At 4AM EST, I want to see the topic "#blackra1n" trending on twitter. Once I see it trending, I'll put the download link up on blackra1n.com ... Isn't viral "marketing" cool :-)
So, what is blackra1n? blackra1n is a 30 second ALL device 3.1.2 jailbreak. Even the ipt3, but the ipt3 is tethered. In order to boot it, just rerun blackra1n. As far as donations go, they are much appreciated, but not until after blackra1n works for you. I never ask for donations before the tool is released.
Warning 3g and 3gs unlockers, do not upgrade to 3.1.2 using iTunes if you want to keep your unlock. Baseband cannot be downgraded. Check out the dev team's offerings. Also blackra1n doesn't hacktivate.
blackra1n.com got a quarter million unique hits, and that's without any content. This jailbreak is going to be huge!!!
So, what is blackra1n? blackra1n is a 30 second ALL device 3.1.2 jailbreak. Even the ipt3, but the ipt3 is tethered. In order to boot it, just rerun blackra1n. As far as donations go, they are much appreciated, but not until after blackra1n works for you. I never ask for donations before the tool is released.
Warning 3g and 3gs unlockers, do not upgrade to 3.1.2 using iTunes if you want to keep your unlock. Baseband cannot be downgraded. Check out the dev team's offerings. Also blackra1n doesn't hacktivate.
blackra1n.com got a quarter million unique hits, and that's without any content. This jailbreak is going to be huge!!!
Wednesday, October 7, 2009
Monday, October 5, 2009
Meet the Family
And prepare to meet the program that will jailbreak them all.
Minor setback today, when Chronic revealed the exploit that this will use. For apparently no purpose except to save face in front of their donators. Future reference, never donate until you have a product in hand and working. Look, as much as I fight with the dev team, they always have the community's interests at heart, maybe even more so than me. But chronic just stomped all over what the community wants. Who can actually do something with the info they released? Well, you know, Apple.
Monday, August 3, 2009
purplera1n and 3.0.1
Currently, it doesn't work, and I don't plan to ever make it work. Apple changed the kernel from 3.0 to 3.0.1, and I patch the kernel in a very specific spot. I code to make things simple, hacky, and fast. Dev codes to make things proper, slow, and complicated; redsn0w works OOTB. I could imagine a tool that takes the best of both worlds. No reason you need to push buttons or give the jailbreak program an ipsw; you can still write something generic that'll work on every device and version. And be fast. But I'm too lazy to write it.
Someone enterprising out there could probably fix it, it's just the kernel patches that are in the wrong place. Exploit and 99% of payload will work fine. But otherwise, purplera1n RIP. It was really more proof of concept to show whats possible; same thing with purplesn0w.
If I do another tool release, it'll hit the ipt3 and ra1nydayless 3GS. Err, ipt3 is lame, Chronic release if you want, I was hoping it'd be a little bigger :-)
Someone enterprising out there could probably fix it, it's just the kernel patches that are in the wrong place. Exploit and 99% of payload will work fine. But otherwise, purplera1n RIP. It was really more proof of concept to show whats possible; same thing with purplesn0w.
If I do another tool release, it'll hit the ipt3 and ra1nydayless 3GS. Err, ipt3 is lame, Chronic release if you want, I was hoping it'd be a little bigger :-)
Wednesday, July 15, 2009
purplesn0w RC2
* 3G(the network speed) issues fixed
* Now only patches one file, CommCenter
* Leaves no traces on your baseband after it runs. 0 bytes of RAM
* Much more clean and reliable.
Be sure to have legit activated 3GS
Disable 3G if you don't have it(like T-Mobile).
Add apt.geohot.com to Cydia
Install(or Update) com.geohot.purplesn0w
Watch for success output in Cydia(actually do this step)
Wait for signal, and enjoy your unlocked iPhone(no reboot required)
Follow @geohot on twitter
* Now only patches one file, CommCenter
* Leaves no traces on your baseband after it runs. 0 bytes of RAM
* Much more clean and reliable.
Be sure to have legit activated 3GS
Disable 3G if you don't have it(like T-Mobile).
Add apt.geohot.com to Cydia
Install(or Update) com.geohot.purplesn0w
Watch for success output in Cydia(actually do this step)
Wait for signal, and enjoy your unlocked iPhone(no reboot required)
Follow @geohot on twitter
Monday, July 13, 2009
purplesn0w technicals
About a year ago today, I found the at+stkprof exploit. Back then, I struggled for 3 days to write a payload. No luck, I just wasn't a good enough reverser. So I stashed the exploit away until December, when I gave it to dev for use in yellowsn0w.
Now a year later, I wrote a payload and delivery system in a day. And it's an awesome payload. Ideally we'd like to patch the lock out of flash, but with the apparently proper sig checks, that isn't going to happen. So purplesn0w is the next best thing. I copy the page I want to patch to an unused region of memory. In memory I patch it. Then, using the MMU, I map the flash page out and remap the patched memory page in it's place.
No new iPhones are really unlocked, activation creates a ticket allowing the baseband to be used with that sim. The lockstate of the phone really lies on apples servers. Unlocked is auth all sims. Locked is auth AT&T sims only. Fortunately this ticket system provides an easy way to deliver the payload and reexecute the patched code all in one. And since the ticket is already delivered on baseband resets, theres no need to write another daemon to hog battery. I use the daemon already designed for this, lockdownd. A patch to commcenter gets it to run the payload on ticket delivery. And a patch to your activation record contains the payload. So using existing apple machinery, I unlock when needed.
In retrospect, I should've just patched commcenter to send the payload. Then hacktivation would work no problem. Oh well, tomorrow is another day. I'll add hacktivation support then.
Here is the source. And I mean all of it.
Now a year later, I wrote a payload and delivery system in a day. And it's an awesome payload. Ideally we'd like to patch the lock out of flash, but with the apparently proper sig checks, that isn't going to happen. So purplesn0w is the next best thing. I copy the page I want to patch to an unused region of memory. In memory I patch it. Then, using the MMU, I map the flash page out and remap the patched memory page in it's place.
No new iPhones are really unlocked, activation creates a ticket allowing the baseband to be used with that sim. The lockstate of the phone really lies on apples servers. Unlocked is auth all sims. Locked is auth AT&T sims only. Fortunately this ticket system provides an easy way to deliver the payload and reexecute the patched code all in one. And since the ticket is already delivered on baseband resets, theres no need to write another daemon to hog battery. I use the daemon already designed for this, lockdownd. A patch to commcenter gets it to run the payload on ticket delivery. And a patch to your activation record contains the payload. So using existing apple machinery, I unlock when needed.
In retrospect, I should've just patched commcenter to send the payload. Then hacktivation would work no problem. Oh well, tomorrow is another day. I'll add hacktivation support then.
Here is the source. And I mean all of it.
Make it ra1n, I'm makin' it sn0w
Wifi fails? Battery fails? Unlock fails? You need purplesn0w, the geohot 3GS unlock solution. Now I know you here a lot about different colors of sn0w, but I'm here to tell you why purplesn0w is the best. First off, what is purplesn0w? It's a soft unlock for your 3GS that I'd actually use day to day. It's not a daemon that takes any resources, and it doesn't add a task to your baseband. It's very close to a true unlock. All it does is patch three files, CommCenter, lockdownd, and your wildcard activation plist(which you need, activate w at&t sim first, no hacktivation support yet). That's it, no other files are installed. Props to Oranav for the at+xlog exploit!
A full explanation is coming soon, but I think you clever reversers out there will see what it does, and see why it's so pristine :-) The payload is radically different from other varieties of sn0w. beta as usual, back up first.
A full explanation is coming soon, but I think you clever reversers out there will see what it does, and see why it's so pristine :-) The payload is radically different from other varieties of sn0w. beta as usual, back up first.
Sunday, July 5, 2009
purplera1n...for mac
You asked for it, and we delivered. I'm not a mac coder, so AriX and westbaer stepped up to do it. Check out AriX's blog here. Download link on purplera1n.com, and thank AriX and westbaer next time you see them!
Also, some more payload stability improvements were made, and the windows version was updated to RC2a. There is no reason to run RC2a if you already have RC2 installed.
Also, some more payload stability improvements were made, and the windows version was updated to RC2a. There is no reason to run RC2a if you already have RC2 installed.
Saturday, July 4, 2009
purplera1n RC2
Vista, Windows 7, International, 64-bit support
Less flakiness in the payload
Cydia tar cleaned up
Improved logging with slightly more useful errors
New kernel patches, codesign errors gone. Props posixninja
Added vm_map +x, passed vm_check
No winterboard yet, but now that ball is in Saurik's court :-)
Still in beta, use caution
purplera1n
Happy 4th everyone!!!
Less flakiness in the payload
Cydia tar cleaned up
Improved logging with slightly more useful errors
New kernel patches, codesign errors gone. Props posixninja
Added vm_map +x, passed vm_check
No winterboard yet, but now that ball is in Saurik's court :-)
Still in beta, use caution
purplera1n
Happy 4th everyone!!!
Thursday, July 2, 2009
I make it ra1n
Yes, this is what you've all been waiting for. A jailbreak for the iPhone 3GS. And it's awesome. To get started right now, go to purplera1n.com. Download it. Make sure you have windows(but not 7), the latest iTunes installed, and an iPhone 3GS with 3.0 firmware. Connect your iPhone normally. Click "make it ra1n". Wait. On bootup, run Freeze, the purplera1n installer app. Hopefully you'll figure out what to do from there. Best tutorial gets linked to from purplera1n site. This tool is beta. Make sure to have everything backed up before running. Also if Cydia doesn't show up after running Freeze, reboot.
If you need help email purplera1n.support at gmail and attach your purplera1n.log file. Or call the purplera1n support hotline @ (650) 265-1210 Mac version is coming shortly.
Normally I don't make tools for the general public, and rather wait for the dev team to do it. But guys, whats up with waiting until 3.1? That isn't how the game is played. We release, Apple fixes, we find new holes. It isn't worth waiting because you might have the "last" hole in the iPhone. What last hole...this isn't golf. I'll find a new one next week. Also your purplera1nyday files ensure that you can always get back to a jailbroken state, so if you have it it's just a matter of tools.
Props to chronic dev for their help, and to kroo for writing v2 of Freeze. And props to Saurik for making an awesome package set. Note the binary size of purplera1n, it's smaller than C++ hello world. No 20MB thing that needs to be torrented. And no IPSW to download. This is how jailbreak should be!
Follow me on twitter @ geohot
If you need help email purplera1n.support at gmail and attach your purplera1n.log file. Or call the purplera1n support hotline @ (650) 265-1210 Mac version is coming shortly.
Normally I don't make tools for the general public, and rather wait for the dev team to do it. But guys, whats up with waiting until 3.1? That isn't how the game is played. We release, Apple fixes, we find new holes. It isn't worth waiting because you might have the "last" hole in the iPhone. What last hole...this isn't golf. I'll find a new one next week. Also your purplera1nyday files ensure that you can always get back to a jailbroken state, so if you have it it's just a matter of tools.
Props to chronic dev for their help, and to kroo for writing v2 of Freeze. And props to Saurik for making an awesome package set. Note the binary size of purplera1n, it's smaller than C++ hello world. No 20MB thing that needs to be torrented. And no IPSW to download. This is how jailbreak should be!
Follow me on twitter @ geohot
Sunday, June 28, 2009
Thursday, June 25, 2009
And so it shall be pwned for life
Earlier today, we got our hands on the bootrom. With the help of chronic, posixninja, and pod2g, I verified that it is still vulnerable to the 24kpwn exploit present in the iPod Touch 2G. This is great news for all of you. Basically, this means if someone makes a tethered jailbreak, it easily becomes untethered, because the boot chain is broken. Expect big things soon
On a personal note, I'm sad. Apple, it took me a week to break through your new defenses. And to let us reuse an exploit like that; 24kpwn was so 5 months ago. Although I imagine it must have been painful watching the devices roll by on the assembly line, knowing they all had a hole in them and you couldn't fix it.
On a personal note, I'm sad. Apple, it took me a week to break through your new defenses. And to let us reuse an exploit like that; 24kpwn was so 5 months ago. Although I imagine it must have been painful watching the devices roll by on the assembly line, knowing they all had a hole in them and you couldn't fix it.
usbdump huh? how?
Apple has added a new layer of security to the iPhone 3GS. I mentioned it several posts earlier; it's the ECID field. When iTunes starts the restore process, they contact Apple servers to generate signatures just for your device. It's important you get these signatures for your phone before a new version of the software comes out. I had previously suggested doing this by dumping usb while the iPhone restores. But this is complicated.
Fortunately, the good folks at purplera1n are here for you, the end user who wants a jailbreak. Follow these instructions to generate a unique certificate for your phones iBSS. And don't delay, Apple may change their minds. To clarify, this is instead of a usb dump. Do this, and you are good!
1. Put your phone into recovery mode and connect it to your computer.
2. Using usbview on Windows(enable Config Descriptors), System Profiler on Mac, or lsusb on Linux, read your phones ECID. It's the 16 digit hex number after "ECID:"
3. Go to purplera1n, type it, and hit enter
4. Save the generated file for a purplera1nyday...
Fortunately, the good folks at purplera1n are here for you, the end user who wants a jailbreak. Follow these instructions to generate a unique certificate for your phones iBSS. And don't delay, Apple may change their minds. To clarify, this is instead of a usb dump. Do this, and you are good!
1. Put your phone into recovery mode and connect it to your computer.
2. Using usbview on Windows(enable Config Descriptors), System Profiler on Mac, or lsusb on Linux, read your phones ECID. It's the 16 digit hex number after "ECID:"
3. Go to purplera1n, type it, and hit enter
4. Save the generated file for a purplera1nyday...
SecureROM for s5l8920xsi
522F448E276B09E7D3F90950BC1AC3B99602A3A9
Thanks planetbeing for help with the MIU. It was playing hard to get.
And Apple, you have bugs in "usb put". Want the patches?
Thanks planetbeing for help with the MIU. It was playing hard to get.
And Apple, you have bugs in "usb put". Want the patches?
Tuesday, June 23, 2009
Ramdisk Key
IV: E345E23BB266FCC2BA23A2E0BE77A3BF
KEY: 44514633CE2AEAD62BCFA8836CDA4A3C
and a little more...
7BDE483F8B1E9F19D22F9D8FDF753E02
Props to whoever gets the vfdecrypt one
KEY: 44514633CE2AEAD62BCFA8836CDA4A3C
and a little more...
7BDE483F8B1E9F19D22F9D8FDF753E02
Props to whoever gets the vfdecrypt one
Monday, June 22, 2009
Subscribe to:
Posts (Atom)