Donnerstag, 31. Oktober 2013

apt-paid command line tool for iPhone

Once again, my awesomeness created something cool.
Just kidding, but seriously, i wanted to leard Obj-c a long time ago and now i actually started doing so.
Since i have an iPhone 4 jailbroken on iOS 7 i want to somehow install tweaks.
Maybe you guys know that i managed to install Cydia, but the problem ist that Cydia is almost completely broken. So beside of the UI also the "install paid package" thing is broken. That means obviously i can not buy packages (because of incompatibility with iOS 7) and i also can't install packages i already bought. Of course i linked my device to my Cydia acc and that's actually enough to install all packages i buy. Linking a device to Cydia means actually linking the device's uuid with your acc.

And that was the first thing i realised after having Cydia installed, the uuid is not correct.
Cyida tells me my uuid would be something like FFFFFFFF************* , obviously my uuid does not start with lots of "F" so the problem was found real quick.
Ok i don't need Cydia to install packages, i can use apt-get, the problem is i can't install paid packages with apt-get either. But apt is actually quite usefull, so i thought why not create something to install paid packages via terminal?
So did i.
The first thing was to find out, how Cydia tells the server that the package is bought, so i MiTM my jailbroken iPhone 4s. I found out, that the Header is the important thing, Cydia send the uuid, model (iPhone4,1), iOS, custom useragent to saurik's server. If everything is vaild you get a 302 moved temporarily response redirecting you to a different server with the GET parameter "key" i don't know what that does exactly, as the only important thing is to send the uuid to saurk's server.
So i created a little Python script to test that.

Now knowing how everything works the next step was to create an iPhone command line tool.
As i already had iOSOpenDev installed i just made a new command line tool for iOS.
I decided to create a Foundation tool (Obj-c) and not a C tool, simply because i wanted to practise and learn the language.
After a very long evening i managed to get everything working, using "apt-get -q -y --print-uris install [pkgname]" to get the link for the package and "deviceinfo -u" to get the uuid and finally dpkg to install the package.
 For those who might still have the question, yes you need to purchase the tweak first to be able to install it using apt-paid, but if your device is linked to your acc you can purchase the tweak on antoher device too.

Finally having this tool is great, but that actually still didn't solve my problem with my uuid as "deviceinfo -u" also displays the wrong uuid starting with "FFFFFFFF". That's why i decided to build in one little hidden feauture: if you create the file "/var/mobile/Library/Caches/alteruuid" apt-paid will try to get your uuid from reading that file, so finally i connected my iPhone to iTunes, read my uuid and copied it to the alteruuid file.

I know what it means to be able to spoof the uuid with this trick, but i also know that tweaks are pirated anyway and this won't change anything, in fact if you have your friends uuid you can download his tweaks, but if it's your friend you can also simply ask him to link your device to his Cydia acc, as there is no limit for linked devices, so i don't thing apt-paid will change anything here.

apt-paid is made to be able to install paid packages (and free packages too) via terminal or ssh, but it's not limited to that. Propably i will use this tool in a future project, as i want to create remote installation of tweaks, like google play does it.

For everyone who sees benefits from apt-paid and want's to use it, feel free to do so ;)
it's available on my cydia repo ""
if you want to install it via terminal (like i love to do) the package is called org.tihmstar.apt-paid

Have fun and report bugs on twitter or irc ;D

Dienstag, 22. Oktober 2013

My Jailbreaktool for iOS 7

OK guys, i finally fixed the tool created by @stnvh and me for the time and it's finally working now (i hope).
Here's a quick tutorial on using it:

EDIT: I tested 7.0.3 and it works great (booting 7.0.2 kernel though).

First of all the prerequirements:
- you need to be on Mac OS
- Xcode & Command line tools installed
- internet connection on Mac and on iPhone

Note, that this tutorial on works with an
iPhone 4 running iOS 7, 7.0.2 and 7.0.3 and the only thing it does is installing openssh and apt-get. There will be NO CYDIA as it's not fixed officially by saurik yet.

Ok here we go :D
Download this tool: <- (edit) second link for people bugging me not to use a hoster requiering flash -.-

Unzip it and open a Terminal. Now cd into it and execute "./install"
Now simply connect your iPhone in DFU mode and let the tool do it's magic :D
If you get "No space left on device" then something went wrong :(
I suggest you to try it again,
If you see "No such file or directory" that means every thing went fine and your iPhone should have rebooted into recovery mode.

Now you need to install opensn0w with the fix for Mac OS.
"cd ./opensn0w_osx" and when you're in simply run "./build_opensn0w".
That will clone opensn0w from winocm's git, add the Macfix and install it.

After you installed opensn0w it's time to boot your device tethered.
Simply execute in a terminal "/usr/local/opensn0w/bin/opensn0w_cli -p  /usr/local/opensn0w/bundles/iPhone3,1_7.0.2_11A465.plist" if you're having an iPhone3,1 and iOS 7.0.2 if not, you need to adjust the parameter to match your iPhone model.

After your device booted up, you should unlock your device as soon as possible and make sure it's connected to wifi. Then just give it 2-4 minutes to set up dpkg and apt for you. If everything worked the way i want it to, your device should respring now. If that happened, that means everything went fine and you're happy now to have a jailbroken device with ssh and apt. :D
Now you can connect to it's ip and the login root:alpine

If your device did not respring after several minutes of waiting, that means something went wrong :(
But if you done the step before correctly you should be able to ssh into your device anyway.
If you can't ssh into the device you should gone back to the step with "./install" and redo the jailbreak.
make sure it doesn't show you "No space left on the device" because that meant there are problems with mounting the fs.

If your device did not respring, but you can ssh into it, that doesn't mean the jailbreak failed totally.
That just means that you might have some errors with apt-get. If so, sorry i can't help you with that :(
Either you try to rejailbreak again (simply rerun the tool) or go and fix apt and dpkg manually.
The debs you nees might be in /var/mobile/debs if the script did not finished correctly for some reason. But again you should give the phone a bit time before you mess up with that, it might be fine, but simply not finished ;)

So guys, happy jailbreaking ;)
Let me know if you have problems, if it's tool related i will publish a fix ;P

Sonntag, 20. Oktober 2013

Welcome to my Blog,
here i want to post thing which interest me.
That would be iOS and iOS hacking at the moment.
Have fun reading it ;)