I have to say, my new iPhone has completely changed the way I communicate and organize my daily life.  Its the coolest gadget I've bought since my Atari 800 in the 8th grade!  With that being said, this paper is mean to be a quick start guide to get you up and running and ready to start hacking using the iPhone.



John Skinner and myself gave this presentation at Phreaknic 12

We would like to thank SkyDog, SomeNinjaMaster, NightCarnage and our old friend Iron Geek for helping us out.



Video of presentation.



Table of Contents


Why Jailbreak your iPhone?

How to Jailbreak your iPhone

Backup all your App Store and Jailbreak apps & their settings

Restore all your App Store and Jailbreak apps & their settings

Hardening your iPhone

Installing tools

Using custom apps and scripts

Setting up your environment

Links

Thanks





  1. Bullet  Why Jailbreak your iPhone?


Record movies (with sound) for free!


Use your iPhone’s 3G Internet connection with your laptop!


Customize  the look of your iPhone & Play more free games!

     (like Quake, NES & GameBoy titles)


Stream video with audio live to the Internet with Qik!

  1. Bullet  http://qik.com/


Use your iPhone as a penetration testing tool!


And more…

  1. Bullethttp://www.hackthatphone.com/


  1. Bullet  How to Jailbreak your iPhone

*FIRST!!!!!* Backup your iPhone to iTunes.


Get QuickPWN for your platform from the iPhone Dev Team’s site.

  1. Bullet  http://blog.iphone-dev.org/


Then follow one of these guides (making sure there is a jailbreak for your version of the iPhone firmware):

  1. Bullet  http://thebigboss.org/guides/      Windows


  1. Bullet  Backup all your App Store and Jailbreak apps & their settings.

Use backup/restore to save all your apps and settings and restore them before/after you run an Apple update, reset your iPhone, or take your iPhone in for service.


What you’ll need on your computer (all free):

          SSH client (Terminal or Putty on Windows)

          SFTP client (Cyberduck or WinSCP on Windows)


Use Cydia to install the following apps on your iPhone (all free):

          AppBackup

          AptBackup

          BossPrefs

          OpenSSH


Connect your computer and iPhone to the same network.

Use BossPrefs to enable SSH & get your iPhone’s WiFi IP address.

SSH into your iPhone.


Run this command, save the output as a text file named applist on your computer.

          A=`dpkg -l | awk '{print $2}'`; echo $A


Edit the applist text file, erase everything from the beginning up to & including “Name”.

Also take out the word “Firmware”.

Save file.


Use SFTP to connect to your iPhone and backup the following:

Info about Cydia installed apps:  /private/etc/apt

All Cydia installed apps & settings:  /private/var/stash/ApplicationsXXXXXX

Cycorder movies:  /private/var/mobile/media/Videos

NES ROMs:  /private/var/mobile/media/ROMs


Run AptBackup and tell it to backup.

Run AppBackup and tell it to backup all.

Let iTunes do a complete backup of your iPhone.


Optional

Run iPhoneNotes.app program on a Mac and export notes from iPhone.


Once iTunes has backed everything up you can use MobileSyncBrowser on a Mac to browse through the

information in all the previous backups iTunes has made of your iPhone.


  1. Bullet  Restore all your App Store and Jailbreak apps & their settings.

Use iTunes to restore or upgrade your iPhone. Then close iTunes and quit the “iTunes Helper” background program.


Jailbreak your iPhone.


What you’ll need on your computer (all free):

          SSH client (Terminal or Putty on Windows)

          SFTP client (Cyberduck or WinSCP on Windows)


Use Cydia to install the following apps on your iPhone (all free):

          AppBackup

          AptBackup

          BossPrefs

          OpenSSH


Connect your computer and iPhone to the same network.

Use BossPrefs to enable SSH & get your iPhone’s WiFi IP address.

SFTP into your iPhone.


Copy the apt directory from your computer, back to this folder on your iPhone

          /private/etc/apt


Copy all your Jailbreak apps from your computer, back to this folder on your iPhone

          /private/var/stash/ApplicationsXXXXXX


To backup Cycorder movies, copy the Videos dir to your computer

          /private/var/mobile/media/Videos


Copy your ROMs folder from your computer, back to this folder on your iPhone

        /private/var/mobile/media/


Open the applist text file you created and copy everything in it.

SSH into your iPhone.


Type in this command:  apt-get install x

          where x text copied from the applist text file.


Open BossPrefs on your iPhone > More > Fix User Dir Permissions

Reboot your iPhone and start iTunes and let it restore your regular iPhone stuff.

Wait for iTunes to restore the iPhone, let it reboot and sync all your content back on the iPhone.

Run AptBackup and Restore.

Run AppBackup and Restore.


  1. Bullet  Hardening your iPhone

Change default passwords for root and mobile accounts.


Settings > Wi-Fi > Ask to Join Networks > Off

Settings > General > Auto-Lock > 3 Minutes

Settings > General > Passcode Lock > On


BossPrefs

          Turn off unused services:  Wifi, Bluetooth, SSH

          Disable Apple App Killswitch


  1. Bullet  Installing Tools

App Store

          Mocha VNC Lite

          Remote Desktop Lite

          Snap


Cydia

          BossPrefs

          MobileTerminal

          OpenSSH


Selections > All Packages

          iPhone 2.0 Toolchain

          Metasploit - takes about 3-4 minutes to load.

          netcat

          Nmap

          StumblerPlus

          tcpdump

          wget

          whois


Search

          diskdev-cmds

          libxml2

          Make

          SQLite v3


Command Line

          apt-get

          apt-get update

          apt-cache search nmap

          apt-get install nmap


  1. Bullet  Using Custom Apps and Scripts

    Before using SSH, SFTP or the Terminal make the following change:

Settings > General > Auto-Lock > Never


Propecia is an extremely fast Class C port scanner.

  1. Bullet  http://packetstormsecurity.org/UNIX/scanners/propecia.c


Compile

          gcc -o propecia propecia.c

          ldid -S propecia

          ./propecia


My custom script using Propecia and nmap.

  1. Bullet  discover.sh

Setting up your environment

env will show your environment variables including the path.

   

Move your app to one of the folders listed in the path.

          mv propecia /usr/bin/


Or add the location of your app to the path.

          nano /private/etc/profile


Terminal Menu

          pwn           cd /•! ./discover.sh•!

          rm txt         rm *.txt•!

          clear          •L

          kill             killall Terminal•!


Terminal preferences

          Change font size

          Arguments

                    su root


  1. Bullet  Links

ModMyi user forums

  1. Bullet  www.modmyi.com/forums/iphone-modding/


iPhone App review site

  1. Bullet  www.readwriteweb.com/archives/4_great_iphone_app_review_sites.php


Social website to list and vote up/down on apps

  1. Bullet  http://iphone.lockergnome.com/


IRC for Cydia

irc.saurik.com

#iphone


  1. Bullet  Thanks

Jay Freeman (saurik) for everything! (Cydia, cycorder, Veency, WinterBoard etc..)

  1. Bullet  www.saurik.com/


Kouichi ABE for StumblerPlus

  1. Bullet  www.mysticwall.com


Scott Wallace for help with compiling custom apps


Wijman on the ModMyi forums for the exporting list of installed packages command

  1. Bullet  www.modmyi.com/forums/general/286121-how-restore-cydia-apps-my-guide.html

    Erica Sadun for all her iPhone work (recAudio)

  2. Bullet http://ericasadun.com/


SkyDog for giving us a place to ‘Give it up, Turn it loose’!

  1. Bullet  http://hackerconsortium.com/