blackthund3r Search

Sunday, 17 July 2011

iOS5 beta 3 Activation. NO VoiceOver hack. NO UDID. Just PURE Awesomeness!!

Okay guys I'm really excited today because I have iOS5 beta 3, but not just that but:

  • My 3GS legit activated via iTunes
  • Safari & Mail work
  • iCloud, Multitasking, iMessage, push etc. all work
  • My iPhone is NOT registered on ANY dev account
  • I'm gonna share the knowledge :)
This method is nothing new. No exploits. Just pure awesomeness. And we call it UDIDead (n.b. this will hopefully be wrapped into a sexy tool in the future but we need kernel patches and other cr*p so my team are not gonna release anything like that any time soon). Please note that this guide is for educational purposes only and is intended to teach you about some of the inner workings of iOS betas

Step 1
First things first - get the prerequisites:
  1. The iOS5b3 IPSW. Get this from your Apple dev friend. I never condone piracy of any kind. Sure if you wanna torrent it I can't stop you but Apple employees work VERY hard on this stuff. For beta 3 the build number is 9A5259f
  2. Any iPhone 3GS, iPhone 4, iPod touch 3G (32 or 64 gig version), iPod touch 4, iPad (NOT iPad 2 because there is no public exploit for this above user land level and NOTHING for iOS5)
  3. Redsn0w 0.9.8b3 (latest public version) from http://blog.iphone-dev.org/redsn0w-iOS5
  4. Windows or Mac
  5. iTunes 10.5beta3 from Apple. Same rules about the IPSW in Step 1 apply
  6. My custom bundle that removes the dev check - http://cl.ly/8MEe (if Safari unzips it to a .tar from a .tar.gz this is okay)
  7. A FULL backup of your iDevice in iTunes. Restoring and general tinkering is involved. Please note that I take no responsibility for the consequences incurred by following this guide
Okay so you've got that stuff now? Fantastic. Time for Phase 2

Step 2
  • Restore your iPhone / iPod / iPad to iOS5 beta 3 in iTunes by holding shift (windows) or alt/option (mac) and kicking restore. Choose the beta 3 IPSW downloaded in Step 1. Please note this WILL update your baseband if you're on an iPhone / iPad so make sure you don't need an unlock (i.e. ultrasn0w before doing this)
  • Once it is restored and you get the 'Unable to complete your activation' message, close iTunes
Step 3
So you're on iOS5 and you can't activate? FUN TIME!
  • Fire up command prompt on Windows or Terminal on mac and type the following:
    • cd /path/to/extracted/zip/file
    • If you're on Mac type EXACTLY:
      • open ./redsn0w.app --args -S
    • If you're on Windows, however, type
      • redsn0w.exe -S
  • Now select the IPSW downloaded in Step 1 in redsn0w and press Next. Uncheck 'Install Cydia' and Check 'Install custom bundle'. Choose my bundle downloaded in Step 1
  • Now press 'Next' and follow the instructions to put your iDevice into DFU mode. Let the jailbreak run
  • If your iPhone comes up with lots of 'Please wait...'s on the screen THAT'S FINE. It did it for ~2 mins for me once. If it does it for more that 5 mins hold home+power for ten secs and do this step again
  • the jailbreak will be quick once the running pwnapple comes up because stashing is DISABLED :D
  • Once your iDevice reboots you have pwned the UDID check and installed AFC2 and the fstab patch (so enjoy iPhone explorer / iFunBox etc) :D:D:D
Step 4
  • Fire up iTunes again. You will then get 'iPhone', 'iPod' or 'iPad' on the screen for a few seconds. Once it asks you if you want to set up as a new device or restore from backup you have activated it!
  • Slide to set up on your iDevice and follow the steps until it asks what you want to do for data. Either set up as a new device, restore from iCloud (if you've backed up but the servers may have been purged since then) or tap restore from iTunes. Then go to iTunes and restore your backup, sync your stuff and enjoy iOS5!
  • REMEMBER!! This is BETA SOFTWARE! It may be buggy - HENCE BETA!
~Christopher (@blackthund3r)


EDIT / NOTE 1: Yesterday iOS5b4 was released to developers. Those who used this guide (or redsn0w generally), since the RootFS has been patched even a slight bit, will NOT be able to update OTA. Update to iOS5b4 in iTunes instead with an IPSW of 5.0b4 (build 9A5274d) from Apple (this works even if you've jailbroken. If you get issues just enter recovery mode yourself). Make sure you:
1) Sync / backup in iTunes b3 / iOS5b3
2) Update iTunes to 10.5b4 (b60 internally)
3) Restore to iOS5b4 (WARNING: THIS WILL UPDATE YOUR BASBEBAND HERE BE DRAGONSSS!!!). Your iDevice will not activate if you have not got your UDID registered
4) Download the new redsn0w beta (0.9.8b4) from http://blog.iphone-dev.org/redsn0w-iOS5
5) Download my b4 bundle from http://cl.ly/8gxc
6) Open redsn0w as described above (with the -S argument)
7) Check ONLY install custom bundle, choose iOS5b4redsn0wbundle.tar.gz from step 6
8) Jailbreak with the bundle
9) Restore data from backup and sync in iTunes (which will be on b4 from step 2)
~blackthund3r (Christopher)
P.S. I've noticed that iOS5b4 is far better performance-wise and I highly recommend you update to it from iOS5b3 if you can


EDIT / NOTE 2:
iOS5b5 was seeded to developers a few days ago. With this release I have done the honours and packaged up another redsn0w bundle for the firmware. iOS5b5 is predominantly bug fixes. The bundle is available at http://cl.ly/9GMf - just follow the standard procedure and let me know in the comments how it goes :) Oh, and a new beta of redsn0w was released for iOS5b5 too which is available at http://blog.iphone-dev.org/redn0w-iOS5 along with a new beta of iTunes (10.5b5) to support the new version of iOS5
My iPhone is restoring now - I'll edit once done to let y'all know how it goes :)
EDIT: UDIDead worked a treat for the fifth time in a row and my iPhone 3GS is now restoring from backup on iOS5 beta 5 :) so full routine is:

1) Sync / backup in iTunes b4 / iOS5b4
2) Update iTunes to 10.5b5
3) Restore to iOS5b5 (WARNING: THIS WILL UPDATE YOUR BASBEBAND SO IF YOU NEED AN UNLOCK DON'T BE FEARLESS ABOUT THIS iTUNES DOESN'T CARE IF YOU WERE THE HOLIDAY LIMBO WINNER / BUILT A BUSINESS FROM A LOAF OF BREAD / DRINK LEMONADE VIA YOUR NOSE IT JUST DOES IT K?!?!). Your iDevice will not activate if you have not got your UDID registered (which is why you are reading this)
4) Download the new redsn0w beta (0.9.8b5) from http://blog.iphone-dev.org/redsn0w-iOS5
5) Download my b5 bundle from http://cl.ly/9GMf
6) Open redsn0w as described above (with the -S argument)
7) Check ONLY install custom bundle, choose iOS5b5Redsn0wBundle.tar.gz from step 5
8) Jailbreak with the bundle WITHOUT installing Cydia (this means Safari / Mail will work but obv. if you want jailbreak features go ahead but the JB is tethered and UDIDead cannot fix this =/)
9) Restore data from backup and sync in iTunes (which will be on b5 from step 2)
10) Comment and tell me how b5 is and how you got on :)
~blackthund3r (Christopher)

EDIT / NOTE 3:
Apple seeded iOS5b6 to developers today. This update is available OTA to registered devs but for those of us on UDIDead, we must restore with iTunes again to this new IPSW :(
As of yet, the iPhone dev team have not released a build of redsn0w for beta 6 but if you point redsn0w at the beta 5 IPSW with the new beta 6 bundle you should have success. Let me know how it goes :) So procedure is:

1) Sync / backup in iTunes b5 / iOS5b5
2) Update iTunes to 10.5b6
3) Restore to iOS5b6 (WARNING: THIS WILL UPDATE YOUR BASBEBAND SO IF YOU NEED AN UNLOCK DON'T BE FEARLESS ABOUT THIS iTUNES DOESN'T CARE IF YOU WERE THE HOLIDAY LIMBO WINNER / BUILT A BUSINESS FROM A LOAF OF BREAD / DRINK LEMONADE VIA YOUR NOSE IT JUST DOES IT K?!?!). Your iDevice will not activate if you have not got your UDID registered (which is why you are reading this)
4) Download the redsn0w beta for iOS5b5 (0.9.8b5) from http://blog.iphone-dev.org/redsn0w-iOS5. If 0.9.8b6 is out by the time you read this use that instead
5) Download my b6 bundle from http://cl.ly/9RBa
6) Open redsn0w as described above (with the -S argument). If you are using the beta for iOS5b5 point redsn0w at the iOS5b5 IPSW. If a beta is out for b6 (probably 0.9.8b6) point it at the beta 6 IPSW.
7) Check ONLY install custom bundle, choose iOS5b6Redsn0wBundle.tar.gz from step 5
8) Jailbreak with the bundle WITHOUT installing Cydia (this means Safari / Mail will work but obv. if you want jailbreak features go ahead but the JB is tethered and UDIDead cannot fix this =/)
9) Restore data from backup and sync in iTunes (which will be on b6 from step 2)
10) Comment and tell me how b6 is and how you got on :)
~blackthund3r (Christopher)

EDIT / NOTE 4: Many websites have publicised this method of jailbreaking iOS5b6 though many people have caused their devices to enter a recovery mode loop requiring a fresh restore to exit. Even I will be waiting for an announcement from the iPhone Dev Team. This error is caused by, for the nerds, uploading an older (i.e. beta 5) iBSS / iBEC / kernel on a newer firmware (i.e. beta 6). I do not understand why this is but it caused the device (in my case an iPhone) to almost 'freak out' and a restore is needed. In this state communicating with the device is difficult via iRecovery and it's not possible to boot the device. This is new in iOS5. Although the patches in all the betas are the same (literally basic sig checks and in the kernel execution patches too) the device requires corresponding files to be uploaded (i.e. iOS5b5 MUST have only an iOS5b5 iBSS / iBEC / kernel or it will cause it to fail and need a restore). I discovered why the restores are needed the hard way. You're more than welcome to try the redsn0w 0.9.8b5 method but be prepared to re-restore. I take no responsibility for your equipment

EDIT / NOTE 5: redsn0w for iOS5b6 has been release by the dev team. New instructions:

1) Sync / backup in iTunes b5 / iOS5b5
2) Update iTunes to 10.5b6
3) Restore to iOS5b6 (WARNING: THIS WILL UPDATE YOUR BASBEBAND SO IF YOU NEED AN UNLOCK DON'T BE FEARLESS ABOUT THIS iTUNES DOESN'T CARE IF YOU WERE THE HOLIDAY LIMBO WINNER / BUILT A BUSINESS FROM A LOAF OF BREAD / DRINK LEMONADE VIA YOUR NOSE IT JUST DOES IT K?!?! EVEN IF YOU SAY 'DO YOU KNOW WHO I AM?!?!'). Your iDevice will not activate if you have not got your UDID registered (which is why you are reading this)
4) Download the redsn0w beta for iOS5b6 (0.9.8b6) from http://blog.iphone-dev.org/redsn0w-iOS5. 
5) Download my b6 bundle from http://cl.ly/9RBa
6) Switch your iDevice off using 'Slide to Power Off' with the cable connected (v. important
7) Open redsn0w as described above (with the -S argument). Select the b6 IPSW
7) Check ONLY install custom bundle, choose iOS5b6Redsn0wBundle.tar.gz from step 5
8) Jailbreak with the bundle WITHOUT installing Cydia (this means Safari / Mail will work but obv. if you want jailbreak features go ahead but the JB is tethered and UDIDead cannot fix this =/)
9) Restore data from backup and sync in iTunes (which will be on b6 from step 2)
10) Comment and tell me how b6 is and how you got on :)
~blackthund3r (Christopher)

EDIT 6:  iOS5b7 has been seeded to developers today. Jailbreaking this version of iOS is possible with redsn0w 0.9.8b7 (by pointing at the beta 6 IPSW). The OTA update, although is offered to UDIDead'd phones, will not install (and will just come up with an error after downloading). You will need (downloaded):
1) iTunes 10.5 beta 7 (from Apple)
2) iOS5b6 IPSW
3) iOS5b7 IPSW
4) redsn0w 0.9.8b7 (http://blog.iphone-dev.org/redsn0w)
5) My beta 7 bundle: http://cl.ly/9nl8
6) AN iDEVICE COMPATIBLE WITH iOS 5 :D



1) Sync / backup in iTunes b6 / iOS5b6
2) Update iTunes to 10.5b7
3) Restore to iOS5b7 (). Your iDevice will not activate if you have not got your UDID registered (which is why you are reading this)
4) Download the redsn0w beta for iOS5b5 (0.9.8b7) from http://blog.iphone-dev.org/redsn0w-iOS5. 
5) Download my b7 bundle from http://cl.ly/9nl8
6) Switch your iDevice off using 'Slide to Power Off' with the cable connected (v. important)
7) Open redsn0w with the -S command line argument (open Command Prompt and type redsn0w.exe -S or type (in terminal) open redsn0w.app --args -S
8) Check ONLY install custom bundle, choose iOS5b7Redsn0wBundle.tar.gz from step 5
9) Jailbreak with the bundle WITHOUT installing Cydia (this means Safari / Mail will work but obv. if you want jailbreak features go ahead but the JB is tethered and UDIDead cannot fix this =/)
10) Restore data from backup and sync in iTunes (which will be on b7 from step 2)
11) Comment and tell me how b7 is and how you got on :)
~blackthund3r (Christopher)


EDIT 7: The iPhone dev team released redsn0w 0.9.8b7b today. This 'half-release' brings an untethered jailbreak to iPhone 3GS owners with the old bootrom. It also allows jailbreaking b7 without pointing to the b6 IPSW. Should be easy enough for you guys to figure out what to do :)
~blackthund3r

30 comments:

  1. BEAUTIFUL! I LOVE IT!

    ReplyDelete
  2. nothing to say but " AWESOME " you should make a video once !

    ReplyDelete
  3. ps: instead of openning any command prompt on Windows you can just run the " redsn0w.exe "... it's the same

    ReplyDelete
  4. sounds great, but where can i download your custom bumdle?

    thanks

    ReplyDelete
  5. crossman: I include the -S to make sure stashing does not occur (though it shouldn't anyway if you only choose 'install custom bundle'

    ReplyDelete
  6. this works for iPad IOS 5 beta 4 as well, thank you.

    ReplyDelete
  7. i get unable to recognize ipsw

    ReplyDelete
  8. Now apple released beta 5 ..please update your blog :) thanks!

    ReplyDelete
  9. iOS 5 beta 5! you're amazing btw.

    ReplyDelete
  10. Hi, any chance to use iOS5 beta 5 using your tools ? thanks

    ReplyDelete
  11. Long Live Blackthnder !

    ReplyDelete
  12. K thanks for the comments iOS5b5 stuff is all up on blog :)

    ReplyDelete
  13. and DANG IT! I forgot to make a video again :S MEH all you need is on the blog. If something's unclear, read it again. Once you've done this comment ;)

    ReplyDelete
  14. Great job!! iOS5 beta 5 rulezz!! thanx

    ReplyDelete
  15. Working like a charm!! IOS5 Beta 5 !!

    ReplyDelete
  16. iOS5 beta 6 is out!! thanks for your great support!

    ReplyDelete
  17. Hi Friend

    Its not working out I restored to iPhone3,1_5.0_9A5302b_Restore .Its getting stuck on Installing Bundles.

    Did you succeed in restoring to ios5 beta6

    ReplyDelete
  18. andre mattos (brazil)20 August 2011 at 22:23

    Amazing work again! thanks , :)
    where i can download redsn0w beta 6 ???

    thanx!!!

    ReplyDelete
  19. Okay guys new redsn0w beta out use that :)

    ReplyDelete
  20. andre mattos (brazil)24 August 2011 at 00:00

    Thanx now working!!
    iOS5 Beta 6 , great support again!!
    thanx!!

    ReplyDelete
  21. IOS5 beta 7 is out
    :)

    ReplyDelete
  22. iOS5 beta7 working like a charm !!!
    Thanx
    Thanx
    Thanx!!!!

    Cheers from Brazil!

    ReplyDelete
  23. ios5b7 working great. thanks so much

    ReplyDelete
  24. Thanks for all your friendly words guys(: Can't wait for GM!

    ReplyDelete
  25. The bundle is for macs will it still work for windows

    ReplyDelete
  26. bleh
    i type the command on terminal and it says redsn0w app does not exist

    any ideas?

    ReplyDelete
  27. never mind, i got it.

    i didn't understand i was supposed to click jailbreak (newbie :P)

    ReplyDelete
  28. iOS5.0.1 BETA is out!!
    Any chance for us? to just try it out ??
    no-dev
    :)

    thanks!!!

    cheers from Brazil

    ReplyDelete
  29. Hola?
    iOS5.0.1 Beta 1 ?? NO UDID ? :)
    gracias!

    ReplyDelete