[TUT] Running Unsigned Code on the iPod Touch 2G
Posted: Sun Jan 25, 2009 8:36 pm
This method uses the 0wnboot payload by Chronic Dev to allow for running unsigned code. All credits go to him.
This is for windows.
You'll need the 0wnboot.bin payload for this, found here: You'll need the 0wnboot.bin payload for this, found here: http://chronicdev.googlecode.com/files/0wnboot.bin
You'll also need a copy of the 2.1.1 firmware for this, to extract the ibss.dfu and iboot.img3 Open the entire firmware file in winrar, and extract the firmware folder and you'll find those files.
Download the compiled version of irecovery for windows here: http://aux.dottru.net/~joseph/iRecoveryWin32.zip
(I couldn't get this irecovery to work in vista, maybe someone else can?)
If your screen doesn't go white after step 3 then you did something wrong.
I take NO liability if you mess up your ipod. If something does go wrong just try to restore it.
Hopefully someone can patch the ramdisk so we can have a "partial" jailbreak.
ALSO: If you don't know what you're doing, just wait until a real jailbreak comes out.
This is for windows.
You'll need the 0wnboot.bin payload for this, found here: You'll need the 0wnboot.bin payload for this, found here: http://chronicdev.googlecode.com/files/0wnboot.bin
You'll also need a copy of the 2.1.1 firmware for this, to extract the ibss.dfu and iboot.img3 Open the entire firmware file in winrar, and extract the firmware folder and you'll find those files.
Download the compiled version of irecovery for windows here: http://aux.dottru.net/~joseph/iRecoveryWin32.zip
(I couldn't get this irecovery to work in vista, maybe someone else can?)
Code: Select all
1. Put device into DFU
2. Upload ibss.dfu (2.1.1 ibss.dfu - command: irecovery -f ibss.dfu)
3. Unplug device/replug (screen goes white)
4. Spawn a shell (irecovery -s)
5. Upload iboot.img3 (2.1.1 iboot - command: /sendfile iboot.img3)
6. Type 'go'
7. Type '/exit' then spawn another shell (command: irecovery -s)
8. Upload payload (command: /sendfile 0wnboot.bin)
9. Type 'arm7_go'
10. Type 'image list'
11. If you do not get a 'permission denied', and get an image list, payload succeeded.
I take NO liability if you mess up your ipod. If something does go wrong just try to restore it.
Hopefully someone can patch the ramdisk so we can have a "partial" jailbreak.
ALSO: If you don't know what you're doing, just wait until a real jailbreak comes out.