The iPod Touch 2G is now another member of the “pwned for life” family. It has a fatal flaw in its bootrom that means you will always be able to pwn these devices no matter what firmware updates come along. This is the full, untethered jailbreak, something that iPod Touch 2G users have not had before today.
Those of you who hang out on IRC or were able to read between the lines in the various blogs, forums, wikis and twitters may realize that we — and importantly, that’s a that’s a collective, cross-team “we” :) — had been hoping to hold onto this full ipt2g jailbreak until the next version of the iPhone came out. That didn’t happen, but maybe it’s too late for Apple to fix the bootrom in the next iPhone.
The raw patch to the firmware that transforms the “tethered” jailbreak into an untethered one was released here but it’s not yet packaged up into the PwnageTool or QuickPwn flows. But other threads there are pulling together tutorials and other tips for those of you anxious to try this out now. For the curious, the hole itself is explained here. There’s also a “pen and paper” analysis that helped the hybrid team venture transform the hole into an exploit. Hopefully that will be up for viewing soon too, if only because of its geeky beauty :)
Anyway, to all those iPod Touch 2G users out there who waited so patiently through all the various incarnations of the jailbreak for Apple’s latest device — welcome to the family!
For the rest of us, the jailbreak “cat and mouse” game will continue in the summer with the next iPhone. And the carrier unlock “cat and mouse” game continues as ever. :)
前天看到墙外的哥儿们已经开始注意我朝的低廉的GiftCard，然后TaoBao上giftcard疯狂涨价，再然后DT宣布Touch 2G已经jailbreak prefect，再再然后就是发现今天TaoBao上卖giftcard的筒子们都消失了。。。。
Step1、把download到的2.2.1固件重命名为OriginalFW.ipsw, 放在IPSW文件夹下, 连接touch和iTunes运行IPSW.bat, 生成一个JB.ipsw; 接着用WinRAR打开那个JB.ipsw, 将LLB.n72ap.RELEASE.img3打包到Firmware\all_flash\all_flash.n72ap.production\替换原文件。
Step2、现在让Touch进入DFU模式, 建议打开Windows的设备管理器来查看是否真正进入DFU模式, 按住home和power键10秒, 然后松开power, home要一直按住直到iTunes提示有ipod处于恢复状态, 然后才可以松开home键; 接下来运行”RUNME.exe”; 结束后开始用iTunes来恢复iPod, 当然使用的是那个hack过的JB.ipsw。恢复结束后主屏上会出现”Cydia”!
Step3、连上WiFi, 在Cydia里面安装OpenSSH, 然后使用WinSCP或者Putty或者其他SSH工具连接iPod
替换/System/Library/PrivateFrameworks/MobileInstallation.framework/下的MobileInstallation, 顺便chmod成755. 最后reboot device。