Results 1 to 10 of 10

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.

Thread: jailbreak tut for windows

  1. #1
    Default jailbreak tut for windows
    via toc2rta and macrumors


    Hey all, I take NO CREDIT for this guide, i followed it on the #itouch irc channel from the amazing PlanetBeing!



    RESTORE IPOD FIRST then download iphuc
    1. Load on iPod

    2. Exit iTunes, and kill ituneshelper.exe process

    3. Extract iPhuc to directory on computer

    4. Copy iTunesMobileDevice.dll from CProgram Files\Common

    Files\Apple\Mobile Device Support\bin to the same folder as iPhuc.exe

    5. Copy readline5.dll from to the

    same folder as iPhuc.exe

    6. Run iPhuc.exe

    7. Plug in your iPod

    8. In iPhuc type "getfile /dev/rdisk0s1 rdisk0s1 314572800", this will

    take a while as it's a 300mb file

    9. Make a backup copy of rdisk0s1 that you just downloaded.

    10. You now need to do some hex editing. The tool I use for doing this

    is HxD ( Open rdisk0s1 with your hex


    11. Search for the ASCII string "noexec" in the file. The second hit

    should look like the /etc/fstab file: /dev/disk0s1 / hfs ro 0 1

    /dev/disk0s2 /private/var hfs rw,noexec 0 2

    Only, of course, hex editors will just display newlines as a '.'

    character or similar. This series of characters are often found at

    0xF8F9000-0xF8F9045. They will have the following character codes:

    2F 64 65 76 2F 64 69 73 6B 30 73 31 20 2F 20 68 66 73 20 72 6F 20 30 20

    31 0A 2F 64 65 76 2F 64 69 73 6B 30 73 32 20 2F 70 72 69 76 61 74 65 2F

    76 61 72 20 68 66 73 20 72 77 2C 6E 6F 65 78 65 63 20 30 20 32 0A

    (In "find" make sure it's set to find hex values)

    12. Change these to /dev/disk0s1 / hfs rw 0 1 /dev/disk0s2 /private/var

    hfs rw 0 2

    With newlines padding the end of the string so it ends up being exactly

    the same size as the old /etc/fstab. The new series of characters ought

    to be:

    2F 64 65 76 2F 64 69 73 6B 30 73 31 20 2F 20 68 66 73 20 72 77 20 30 20

    31 0A 2F 64 65 76 2F 64 69 73 6B 30 73 32 20 2F 70 72 69 76 61 74 65 2F

    76 61 72 20 68 66 73 20 72 77 20 30 20 32 0A 0A 0A 0A 0A 0A 0A 0A

    13. Save your changes. I'm assuming that you're replacing the old

    rdisk0s1 file on your hard drive with this modified version. As a final

    safety check, make sure the file sizes of your modified version and your

    backup versions are exactly the same, down to the last byte.

    14. Upload the modified rdisk0s1 image to your iPod. In iPhuc, type

    "putfile rdisk0s1 /dev/rdisk0s1".

    15. Exit iPhuc and reboot your iPod

    16. Open iPhuc again so it connects to your freshly rebooted iPod. As a

    check, type "getfile /etc/fstab". This will download fstab to iPhuc's

    directory. Open it up with your favorite text editor and confirm that

    the changes we have made are still there. If they are, congratulations.

    You have a jailbroken iPod. Sort of.

    17. We now need to install ssh and associated tools. This is all now old

    territory, but unfortunately, everything is either "one-click" or

    designed for Macs. Thus we need to do some sweating here. Download You will also need

    cygwin1.dll from

    18. Open CMD and do:

    dropbearkey -t rsa -f dropbear_rsa_host_key
    dropbearkey -t dss -f dropbear_dss_host_key

    You should now have two files in that directory, dropbear_rsa_host_key

    and dropbear_dss_host_key. Copy or move these into your iPhuc directory.

    19. Download and extract

    into your iPhuc directory.

    20. Download and extract into your iPhuc

    directory. Make sure dropbear, fd6, au.asn.ucc.matt.dropbear.plist,

    glob6, goto, osh and sh6 are in the same directory as iPhuc.exe. Move

    them there if you have to.

    21. Open up iPhuc and type in "mkdir /etc/dropbear",

    22. "cd /etc/dropbear".


    /etc/dropbear/dropbear_dss_host_key, /bin/chmod, /bin/sh and


    23. "putfile dropbear_rsa_host_key"

    24. "putfile dropbear_dss_host_key"

    25. "cd /bin"

    26. "putfile chmod"

    27. Rename sh6 in your iPhuc directory to sh, then "putfile sh" in


    28. "cd /usr/bin"

    29. "putfile dropbear"

    30. Make sure /etc/dropbear/dropbear_rsa_host_key,

    /etc/dropbear/dropbear_dss_host_key, /bin/chmod, /bin/sh and

    /usr/bin/dropbear now exist on your iPod with iPhuc.

    31. "cd /usr/sbin"

    32. "getfile update"

    33. In Windows Explorer, rename "update", which you just downloaded, to


    34. Rename "chmod" in the iPhuc folder to "update".

    35. In iPhuc, "putfile update", so you're replacing /usr/sbin/update

    with chmod.

    36. "cd /System/Library/LaunchDaemons/"

    37. "getfile"

    38. Open in a text editor

    Right after it says <string>/usr/sbin/update</string> add:


    39. Save the file. Upload the modified version with "putfile"

    40. Also, "putfile au.asn.ucc.matt.dropbear.plist"

    41. Reboot the iPod twice. The first reboot should set the required

    permissions. The second should start the ssh server (since proper

    permissions are now set). And close iPhuc.

    42. Theoretically, SSH should be working now. Find out the IP of your

    iPod in the iPod's wireless settings.

    43. Try to ssh to it with Putty


    Username root, password alpine.

    So, okay, now we need to get sftp running, do some clean-up and then I

    think we can install and be good.

    Download WinSCP (

    44. Download You will need

    /libexec/sftp-server, /usr/bin/scp and /usr/lib/libarmfp.dylib from that

    archive. Extract them all to your iPhuc folder.

    45. Using iPhuc's putfile capability, put sftp-server in /usr/libexec/,

    put scp in /usr/bin/, and put libarmfp.dylib in /usr/lib/.

    46. Remember that BSD_Base folder you extracted? We need to raid it for

    some commands. You will need /bin/ls, /bin/mv, /bin/pwd, and /bin/csh.

    Copy those to your iPhuc directory.

    47. In iPhuc:

    cd /bin
    putfile ls
    putfile mv
    putfile pwd
    putfile csh

    48. SSH into your iPod. What we now need to do is chmod them all


    49. In SSH, "/bin/chmod 555 /bin/ls"
    50. "/bin/chmod 555 /bin/mv"
    51. "/bin/chmod 555 /bin/pwd"
    52. "/bin/chmod 555 /bin/csh"
    53. "/bin/chmod 555 /usr/bin/scp"
    54. "/bin/chmod 555 /usr/libexec/sftp-server"

    Theoretically, sftp should work now, yes.

    55. Also upload glob6 to "/bin" with iPhuc and in SSH, "/bin/chmod 555


    56. Type "/bin/csh" to test out this shell (in SSH). This has advantages

    of not requiring you to type in the full path of every executable in the


    57. In SSH "cd /var/root".

    58. Type ls. You should have a Library, Mediaold, and Media directory.

    59. "mv Media Media_sym"

    60. "mv Mediaold Media"

    61. Reboot your iPod and check your iPod in iTunes.

    On to installing AppTap

    62. Download and install 7-zip ( We need it to

    crack open the dumb Nullsoft installer.

    63. Download the Windows installer for at

    64. Use 7-zip to open AppTappInstaller.exe and extract the

    folder from it.

    65. Use SFTP to upload Installer.App into /Applications on your iPod.

    66. In SSH, type "/bin/chmod -Rf +x /Applications/"

    67. Slide to unlock your iPod then in SSH type

    /Applications/ and hit return to launch


    68. After AppTapp opens, press control+c in SSH to close it

    69. Open Safari on the iPod and navigate to Please make sure while you're

    doing this that the hacked TIFF image isn't loaded again. So if starts

    loading, hit the X.

    70. Tap yes to add it to Installer

    71. Back in ssh, type "/Applications/" and hit

    return to launch Installer again.

    72. Install the Community Sources package.

    73. Install Trip1PogoStick located under the "System" category to

    enable scrolling and applications.

    74. Restart the iPod. You should be done.

  2. The Following 2 Users Say Thank You to RadicalxEdward For This Useful Post:

    MrD (2008-01-20), tasubame (2007-12-24)

  3. #2
    Former Owner / Founder of ModMyi Kyle Matthews's Avatar
    Join Date
    May 2007
    Tampa, Florida, United States
    Thanked 4,905 Times in 1,247 Posts

    Only 74 steps!


    ↑ ↑ ↓ ↓ ← → ← → B A [select] [start] Kyle Matthews

  4. #3
    Default Automatic Jailbreaks
    From TouchDev

    msbasher's utility Source

    Download this file:

    1. Visit on Safari - It WILL Crash
    2. Run jailbreak.bat - Follow Instructions When asked to restart the iPod, donít press enter until the Springboard is loaded after the restart.


    planetbeing's utility

    Instructions and download at:

    This version has the benefit of not using SSH, alleviating some connectivity problems.

  5. #4
    Livin the iPhone Life aziatiklover's Avatar
    Join Date
    Sep 2007
    Welcome to Jamrock
    Thanked 62 Times in 61 Posts

    Quote Originally Posted by poetic_folly View Post
    Only 74 steps!

    yea screen shots would be nice
     Think Different

  6. #5
    Why bother witl all those 74 steps???

    Use this instead!

  7. #6
    iPhone? More like MyPhone
    Join Date
    Oct 2007
    Dutchess County, NY
    Thanked 27 Times in 9 Posts

    this procedure is obselete. Why would anyone in their right mind do a 74 step procedure!

  8. #7
    after i jailbreak it can i update the firmware back to 1.1.2?

  9. #8
    aim: ryanalmightyy get at me

  10. #9
    don't pay anybody to unlock your iphone I have the steps to unlock iphone 1.1.1 and 1.1.2 see also 1.1.3
    I hope it helps

  11. #10
    download ziphone from to unlock your iPhone for free
    Works with windows and mac b carefull 1.1.4 is out there dont update yet

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts