1. geeb's Avatar
    ==[XPWN Updated v0.4.2]==



    xpwn is a dev team cross platform version of Pwnage and is the core of winpwn.

    xpwn is 2 versions ahead of winpwn.

    It is command line but is still simple and bug fixes are implemented faster.

    Xpwn
    XPWN!




    Changelog ::
    0.4.2
    Reduced memory usage during ipsw creation
    Fixed root size error

    0.4.1
    Added –nowipe to firmware creation
    Added –memory to 3g fw creation
    No need for libusb any more
    Dfu-util replaced by iDevice



    V0.4.2

    xpwned.jpg



    Guide:: XPWN!

    News:: Xpwn

    File Downloads:: XPWN! - thanks Zifnab

    http://geeb.twt-team.com/xpwnpack-geeb.zip - thanks xyzo

    Options:: Pwnage 2.0.1 for Mac users

    Xpwn or Winpwn for PC users

    Support:: irc.osx86.hu #xpwn #iphone #winpwn (careful, cmw can be an *** sometimes)

    Changelog:: here





    Index::



    Intro

    Preparation

    Make your Custom Firmware

    Xpwn your Phone/iPod

    Restore the Custom Firmware







    Intro::





    The X is for "cross", because unlike PwnageTool, this utility has no dependencies on proprietary, closed-source software and can potentially be compiled and used on any platform.



    The source is released under the terms of the GNU General Public License version 3. The full text of the license can be found in the file LICENSE. The source code itself is available at: http://github.com/planetbeing/xpwnht...anetbeing/xpwn





    What XPwn is::



    A version of Pwnagetool allowing you to jailbreak (2g/3g) and unlock (2g) iPhones and iPods on Windows.





    What XPwn is NOT::



    It is not an easy-to-use tool suitable for beginners, although this guide should help. While it is possible easy to use user interfaces will be developed for it eventually, it's mostly meant to be a toy for geeks.

    Xpwn is also NOT winpwn. It is the core of Winpwn without the GUI. If you have errors with Winpwn, try xpwn.



    If you still want to use xpwn, then read on:







    STAGE 1: Preparation





    Gather your software::



    The Xpwn software is included in this package. If you just have this guide, download the package here: XPWN! - thanks Zifnab or from http://geeb.twt-team.com/xpwnpack-geeb.zip - Thanks xyzo



    Bootloaders::boot_loader.zip (not needed for 3g iPhones)





    Firmware::



    2g iPhone:: http://appldnld.apple.com.edgesuite....7_Restore.ipsw



    3g iPhone:: http://appldnld.apple.com.edgesuite....7_Restore.ipsw



    iPod Touch:: ß find a torrent















    Install the Software::



    Extract Xpwn files to cxpwn

    Put your firmware file into cxpwn\OrigFirm

    Put your boot logos into cxpwn\Logos and rename them boot.png and restore.png

    Put your bootloaders in: cxpwn\Bootloaders



    Open a cmd prompt. (Windows Key+ r then type cmd <return>)



    type:



    cd cxpwn <return>

    c: <return>



    You should now be in the Xpwn directory.









    STAGE 2:: Make your Custom Firmware





    OPTIONS::



    You can adapt the following lines below to customize your needs!

    –s 1000 resizes the OS partition to 1GB. You can play around with other sizes, but nothing else has been tested. E.g. for an 8gb OS partition change to –s 8000. Verifying will take a LOT longer.

    -memory uses more system memory when creating the IPSW so makes the process much faster. Delete –memory if you have less that 2GB RAM or you get errors running the command.

    -e "Phone Activation" DOES NOT ACTIVATE the phone; use it if you are with a legit carrier/contract.

    -nowipe is like a quick format instead of a full format. It speeds up the restore process a LOT.

    -b Logos/boot.png -r Logos/restore.png changes your boot logos to whatever are in the Logos folder named boot.png and restore.png





    For 2g iPhones::





    COPY AND PASTE ONE OF THE FOLLOWING: IF YOU HAVE LESS THAN 2GB RAM DELETE -memory





    For JAILBREAKING + NO ACTIVATION (i.e. you have a legit contract):



    ipsw OrigFirm/iPhone1,1_2.0_5A347_Restore.ipsw CustomFirm/custom.ipsw -nowipe –s 1000 -memory -e "Phone Activation" bundles/Cydia.tar







    For JAILBREAKING a 2g + NO ACTIVATION + Boot Logos (i.e. you have a legit contract):



    ipsw OrigFirm/iPhone1,1_2.0_5A347_Restore.ipsw CustomFirm/custom.ipsw –nowipe –s 1000 -memory -b Logos/boot.png -r Logos/restore.png -e "Phone Activation" bundles/Cydia.tar







    For JAILBREAKING + UNLOCKING + ACTIVATION + Boot Logos + YouTube Activation + BootNeuter + BootNeuter will be deleted after it is run:



    ipsw OrigFirm/iPhone1,1_2.0_5A347_Restore.ipsw CustomFirm/custom.ipsw -b Logos/boot.png -r Logos/restore.png –s 1000 -memory -unlock -cleanup -3 Bootloaders/bl39.bin -4 Bootloaders/bl46.bin bundles/Cydia.tar bundles/BootNeuter.tar bundles/YoutubeActivation.tar







    For 3g iPhones::



    COPY AND PASTE ONE OF THE FOLLOWING: IF YOU HAVE LESS THAN 2GB RAM DELETE -memory





    For JAILBREAKING + NO ACTIVATION:



    ipsw OrigFirm/iPhone1,2_2.0_5A347_Restore.ipsw CustomFirm/custom.ipsw –nowipe –s 1000 -memory -e "Phone Activation" bundles/Cydia.tar



    For JAILBREAKING + NO ACTIVATION + Boot Logos:



    ipsw OrigFirm/iPhone1,2_2.0_5A347_Restore.ipsw CustomFirm/custom.ipsw –nowipe –s 1000 -memory -b Logos/boot.png -r Logos/restore.png -e "Phone Activation" bundles/Cydia.tar







    For UNLOCKING:



    Not possible yet for 3g.









    For iPods::



    For JAILBREAKING: IF YOU HAVE LESS THAN 2GB RAM DELETE -memory



    ipsw OrigFirm/ iPod1,1_2.0_5A347_Restore.ipsw CustomFirm/custom.ipsw –nowipe –s 1000 -memory bundles/Cydia.tar



















    STAGE 3:: Xpwn your Phone







    Part 1:: itunespwn



    itunespwn will replace a file in your %APPDATA%\Apple Computer\Device Support folder. Subsequently, if you place your phone into DFU mode and iTunes recognizes it, Apple will automatically upload an exploit file onto your phone that will allow it to accept custom firmware (until it is turned off). This basically will allow you to restore any IPSW you want from that version of iTunes (provided you connect your phone in DFU mode).





    type:



    cxpwn> itunespwn CustomFirm/custom.ipsw







    Part 2:: iDevice





    iDevice is an utility that allows the execution of our unsigned code.

    Connect your phone and turn it off first then COMPLETELY DISABLE iTunes WITH TASK MANAGER OR EQUIVALENT BEFORE PROCEEDING.



    Start Task Manager (Press Ctrl-Alt-Delete) and right click on ANY task with Apple, Ipod, or iTunes in the name and end the process:

    AppleMobileDeviceHelper.exe

    AppleSyncNotifier.exe

    iPodService.exe

    iTunes.exe

    iTunesHelper.exe





    EXPERTS METHOD



    If you can put your iPhone into DFU mode manually so the screen is BLANK do so now.



    IF successful you will see



    Getting iPhone/iPod status...

    Congratulations! You have successfully entered DFU mode. Please wait while your iPhone/iPod is being prepared to accept custom IPSWs...

    Is your iPhone/iPod connected to your computer via USB?

    Please answer (y/n): Please use iTunes to restore your iPhone/iPod with a custom IPSW now. You may now let go of the home button.

    You can now restore the iPhone in iTunes with shift-restore and the custom firmware.





    Normal Method



    Shut down the device in the normal way if necessary (Slide to shutdown). If it will not shut down hold both buttons until it does.

    Now run idevice and follow the instructions:



    For 2g iphone:



    cxpwn> idevice CustomFirm/custom.ipsw m68ap



    For 3g iphone:



    cxpwn> idevice CustomFirm/custom.ipsw n82ap



    For iPod:



    cxpwn> idevice CustomFirm/custom.ipsw n45ap





    ------------------------------------------------------------------------------------------------

    Is your iPhone/iPod connected to your computer via USB?

    Please answer (y/n): answer y

    ------------------------------------------------------------------------------------------------



    Is your iPhone currently powering on?

    Please answer (y/n): answer n

    ------------------------------------------------------------------------------------------------



    !!! Your device should now be off. If it is not, please make sure it is before proceeding!

    Timing is crucial for the following tasks. I will ask you to do the following (DON'T START YET):

    1. Press and hold down the power button for five seconds

    2. Without letting go of the power button, press and hold down the power AND home buttons for ten seconds

    3. Without letting go of the home button, release the power button

    4. Wait 30 seconds while holding down the home button



    Try to get the timing as correct as possible, but don't fret if you miss it by a few seconds. It might still work, and if it doesn't, you can always try again.

    If you fail, you can always just turn the phone completely off by holding power and home for ten seconds, then pushing power to turn it back on.

    Are you ready to begin?

    Please answer (y/n): answer y

    Beginning process in 5 seconds...

    Beginning process in 4 seconds...

    Beginning process in 3 seconds...

    Beginning process in 2 seconds...

    Beginning process in 1 seconds...



    Press and hold down the POWER button (you should now be just holding the power button)

    ... 5... 4... 3... 2... 1...



    Press and hold down the HOME button, DO NOT LET GO OF THE POWER BUTTON (you should now be just holding both the power and home buttons)

    ... 10... 9... 8... 7...6... 5... 4... 3... 2... 1...



    Release the POWER button, DO NOT LET GO OF THE HOME BUTTON (you should now be just holding the home button)

    ... 30... 29... 28... 27... 26... 25... 24... 23... 22... 21... 20...

    Congratulations! You have successfully entered DFU mode. Please wait while your iPhone/iPod is being prepared to accept custom IPSWs...

    Please use iTunes to restore your iPhone/iPod with a custom IPSW now. You may now let go of the home button.

    cXPwn>



    STAGE 4: Restore the Custom Firmware



    Now open itunes if it isn’t already.



    Hold the SHIFT key and click the Restore button.



    Browse to cxpwn\CustomFirm in the iTunes window that opened.

    Click on the custom.ipsw you just made.



    Your phone/iPod will now restore and reboot...



    You are... pwned.

























    Thanks to::



    This utility is merely an implementation of Pwnage, which is the work of roxfan, Turbo, wizdaz, bgm, and pumpkin. Those guys are the real heroes.



    Also, the new super-awesome bootrom exploit is courtesy of wizdaz.



    MuscleNerd has put a lot of work into the 3G effort. The BootNeuter unlock for first-generation iPhones packaged within is primarily his effort.



    Thanks also go to gray and c1de0x for their RCE efforts. saurik is the author of Cydia, included within. bugout was the lucky guy who did our first 3G tests.



    Thanks to chris for his hardware wisdom, Zf for his French humor, and pytey for the support on the serial stuff.



    XPwn attempts to use all the same data files and patches as PwnageTool to avoid duplication of present and future labor. I believe that wizdaz probably put the most sweat into PwnageTool, and the pwnage ramdisk is the work of

    Turbo.



    XPwn on Linux would not have been possible without libibooter, which was written by cmw, based on the Linux iPhone recovery driver written by geohot.



    A special shout-out to cmw, who I have been helping with winpwn. He's put a lot of hard work into winpwn, and should also be credited with doing some of the initial exploratory work with the undocumented DMG format.





    --planetbeing





    Guide by geeb.

    Hosting by Zifnab – thanks!

    Testing by GeeKdLL

    Proofing by Eli-
    2008-07-30 10:21 PM
LINK TO POST COPIED TO CLIPBOARD