Good Video Clears up the techincal side.

Discussion in 'iPod touch 2G Jailbreak: redsn0w, 24kpwn, etc.' started by Ryan, Jan 21, 2009.

  1. Ryan

    Ryan Well-Known Member

    Joined:
    Jan 19, 2008
    Messages:
    4,129
    Likes Received:
    28
    Device:
    Nexus 4
    This video was posted by a user on the dev teams blog.

    Its quite good in terms of explaining why the jailbreak is tethered, how the jailbreak works etc.

    This is for noobs who want to know the technical side of it or for more experienced people who just need a little clearing up.

    MuscleNerd posted this reply:



    Link here.
    Video created by Superrob


    It basicly goes through the booting process, explaining each step and what it does within the ipod and relating it to redsn0w.

    His accent is South African (i think), so a lil bit hard to understand, but overall i thought it was a good detailed video to help people.


    Script:

    Hey, welcome to this little video here. Int his video im going to tell basicly about the ipod touch jailbreak 2g and what the problem is and all that. This video is made by me ovcourse, superrob, im not part of the dev team, im not even affiliated with them. I only make this because im tired of noobs not knowing about the jailbreak and commenting about crazy stuff. This video is going to show you basics of what the problem is and im going to tell you a bit about how the ipod touch 2g works. This all made on my own by knowledge and information gained by chronic dev and the iphone dev team and various wikis and all that stuff. So if it isnt compeltly correct, dont feel ashamed to tell me. Just dont shout at me. Let get started.

    Basicly, the ipod touch 2g has a ROM. This ROM contains the BootROM and this is the lowest level booting, on the ipod touch 2g. This BootROM can either go to DFU mode if the correct buttons are pressed. These 2 [BootROM and DFU] are hard coded to the device. They cant be changed ever. So even if you were to wipe the whole ROM, the BootROM and DFU mode will still be there. The BootROM can also load the LLB (Low level bootloader) but before it loads the LLB its going to Sig check it. Its going to check its signature, which is basicly a hash key of the file. That means that if you change a single bit [is in byte] of the LBB then the hash will be incorrect and will turn your ipod into a shiny xmas tree [reference to the black and white flashing the ipod gives off when an invalid LLB is loaded]

    If it passes the LLB check, it will sig check the iBoot. iBoot contains a recovery interface [recovery mode] which is what itunes uses to recover. iBoot also checks the kernel and userland. DFU can be used to send a iBBS file to iBoot to spawn a shell. This is how they jailbroke it. They booted into DFU mode and in the 2.1.1 iBBS file there was an exploit which was called ARM7_GO. This command forgot to be removed. This command unlike other command has no signiture checks. which means they can upload a 2.1.1 iBBS file [in DFU] and spawn a shell which has the same check as ARM11. Which means they can execute commands to ARM7 which has all the privilages of ARM11 [the main processor] so it has full access. Which means they can easily make a new kernel which allows full access. That means the kernel is currently hacked. It boots to Bootrom, which checks the LBB, which checks the iBoot, then it gets to the kernel and sees that its not made by apple so goes into a white screen. Redsn0w then modifies the RAM in iBoot so it allows the jailbroken kernel.

    So you restart your device and it boots ok up to the kernel again, which iBoot sees as not made by apple and therefore wont boot because the exploit used before was stored in RAM which goes when the device is turned off. So therefore to boot into the kernel and userland [and load the ipod fully] the redsn0w patch is needed to be done again. The dev team is basicly trying to find a way of instead of having the patch stored in ram, and have the bootrom overstack and think the LBB is sig checked which would allow them to patch the LBB and make it load the redsn0w patch at every boot without being tethered.


    Hope that script helps. Took me ages to write out

    Please Register or Log in to view images

  2. Raggou

    Raggou Guest

    Thanks

    Please Register or Log in to view images

    lol u always seem to be on
  3. Ryan

    Ryan Well-Known Member

    Joined:
    Jan 19, 2008
    Messages:
    4,129
    Likes Received:
    28
    Device:
    Nexus 4
    ermm im on 7am till 8am then about 4pm to 11pm lol
  4. Raggou

    Raggou Guest

    Lol ok thats when im always on makes sense

    Please Register or Log in to view images

  5. seanG

    seanG Active Member

    Joined:
    Dec 28, 2008
    Messages:
    1,746
    Likes Received:
    14
    Device:
    iPhone 5 (Black)
    Good Video. Good Thread.
  6. stillercity

    stillercity New Member

    Joined:
    Jan 8, 2008
    Messages:
    614
    Likes Received:
    1
    Can someone upload to YouTube so people on their iPod's can see it?

    It sounds very interesting
  7. pCarson92

    pCarson92 New Member

    Joined:
    Jan 14, 2009
    Messages:
    25
    Likes Received:
    0
    Device:
    2G iPod touch
    Good video I guess, but the guy talking sounds retarded and can't say Low Level Bootloader. Sounds like Timmy from South Park. And says "Room" instead of "Rom". haha
  8. -tcq42-

    -tcq42- Active Member

    Joined:
    Dec 12, 2008
    Messages:
    1,882
    Likes Received:
    0
    Device:
    2G iPod touch
    I seriously have a hard time understanding the guy. Where is he from?
  9. Ryan

    Ryan Well-Known Member

    Joined:
    Jan 19, 2008
    Messages:
    4,129
    Likes Received:
    28
    Device:
    Nexus 4
    yeah sorry about the bad accent he has lol. Think is south african. Give me 15 minutes and ill write a script you can read.
  10. dashaman

    dashaman Member

    Joined:
    Jan 14, 2009
    Messages:
    143
    Likes Received:
    1
    Device:
    iPad 2 (White)
    He is hard to understand I gave up after 5 minutes lol.

Share This Page