Jailbreaking an AT&T iPhone with firmware 1.1.3
Posted by: Atkins in Software, tags: 1.1.3, at&t, iphone, jailbreak** My method is now old news. Jailbreaking, activating and unlocking a 1.1.3 iPhone and iPod Touch can now be done quickly and easily using ZiPhone. Happy Hacking!
Since Nate True released the iPhone jailbreak for firmware 1.1.3 this week on his blog there have been a lot of people having a lot of problems getting everything working. There are a handful of tutorial available now but I had to piece together steps from many different sources before finally getting a fully functional 1.1.3 jailbroken.
I have an OTB (out of the box) 1.0.0 phone and yes, I paid the apple nerd tax. I have a contract with AT&T. This tutorial is only for people using an iPhone OTB version before 1.1.2 and are legitimately activated through AT&T. That being said, this method will produce a fully functional and jailbroken (not unlocked) 1.1.3 install. Some of the problems that people have with poor 1.1.3 upgrades are broken ring tones, broken location finder, missing edge icon, broken iTunes preview, broken youTube, input characters vanishing and settings not being saved. Most of these problems seem to come from the 1.1.3 soft upgrade using the 1.1.3 iPhone software and older, 1.1.1 or 1.1.2 iPhone firmware. The method below will result in a jailbroken 1.1.3 iPhone using 1.1.3 software and 1.1.3 firmware.
First of all you going to need to download the following things:
iBrickr Classic - That’s right, do NOT use Nate’s new 1.1.3 iBrickr
iPhone firmware 1.1.1 and 1.1.2 - Available from iphone.unlock.no
Touchfree 1.1.2 Jailbreak - Available from Conceited Software
iTunes 7.5 -This is important so uninstall a newer version if you need to.
a virgin 1.1.3 lockdownd file
Long story short this is what you need to do:
1. upgrade your iPhone to the real 1.1.3, which updates the software and firmware.
2. downgrade to 1.1.1 which downgrades the software to 1.1.1 but leaves 1.1.3 firmware
3. jailbreak 1.1.1 using the jailbreakme.com activation method
4. update the installer, community sources and install the BSD subsystem and OkToPrep
5. use iTunes to update to 1.1.2
6. use the 1.1.2 jailbreak
7. install the 1.1.3 Jailbreak DevTeam package
8. reactivate the phone through iTunes using a virgin lockdownd file
To start I reccomend that you backup you data so you can restore your 3rd party app settings later. Use winscp with opensshd on the iPhone to save the contents of your user folder to someplace safe.
Now, this will blow your mind. Use iTunes to update to the real, legit, non-jailbroken 1.1.3 firmware. This will update the software and more importantly the firmware on your iPhone. Once that is complete your ready for hack-tastic fun. Now you need to downgrade to the 1.1.1 firmware using recovery mode.
To enter recovery mode, connect the phone to the computer and press and hold the Power button (on top) and the Home button (on bottom front) simultaneously. After about 15 seconds phone will appear to turn off, release the Power button but keep holding the Home button. After about 15 seconds the computer and iTunes will detect the phone in recovery mode, and you can perform a restore. IMPORTANT: If you just click the restore button, it will restore it with the latest firmware. It’s much safer to manually select firmware instead. If you want to manually select a different firmware you can hold down SHIFT key (Windows) or Option/ALT-key (Mac) when clicking the Restore button, and it will let you choose firmware file. Choose the 1.1.1 firmware you downloaded earlier.
iTunes will now install the 1.1.1 software and error out after trying to install the 1.1.1 firmware giving you a 1050 error. This is fine. You now need to fire up the old iBrickr and it will find your phone in restore mode. Tell iBrickr to boot the phone and hope for a red screen. If you get a green screen try using iBrickr’s option to downgrade to 1.0.2, which will display a white screen and then restore the 1.1.1 firmware. Once the phone has booted you will have invalid sim errors and an unactivated phone.
You now need to do the old school 1.1.1 jailbreak using jailbreakme.com. An excellent tutorial can be found at iphone.unlock.no. Once you’ve jailbroken 1.1.1 you need to fire it up, update the installer and community sources, install the BSD subsystem (to be used later) and the OkToPrep package. Once this is all installed you clear to update (not restore) to firmware 1.1.2. This can easily be done by shift-clicking the update button in iTunes. 1.1.2 will do the same thing that 1.1.1 did. It will update the software but leave the 1.1.3 firmware in place and error out with a 1050 error. This is fine. You need to use iBrickr again to boot the phone. Like the first time you want a red screen followed by a reboot and sim errors. Now it is time to run the 1.1.2 jailbreak. After it completes, you will have an jailbroken and activated 1.1.2 phone with sim errors.
Now install the 1.1.3 Jailbreak DevTeam package and be sure to follow all the instructions. Turn on wireless, dock the phone, disable autolock and make sure you have installer updated and the BSD subsystem installed. This will run for about 20-30 mins and reboot the phone when it is done. The phone will boot up a jailbroken 1.1.3 firmware without sim errors but you will not be connecting to the at&t network.
The final step is to install openssh and use winscp to connect to your phone so we can replace the hacked lockdownd file with our virgin one. Put it in /usr/libexec, use term-vt100 or ssh to do “chmod 0555 /usr/libexec/lockdownd” then reboot your phone. Connect it to iTunes and it will activate it for you.
You should now have the fully functional jailbroken 1.1.3 software and firmware on your phone. I’ve tested it pretty extensivly and all the 1.1.3 features work perfectly. I no longer have trouble with ring tones, itunes previews, map location fuctionality and other oddities that I had using Nate True’s 1.1.3 iBrickr alone.
Lets hope someone comes out with an easier and cleaner way to jailbreak 1.1.3 but until then this method should work a large number of people. Good luck!
January 31st, 2008 at 11:33 am - Edit
So after this all over and done with I can still use my AT&T services? Or will I need a new sim?
January 31st, 2008 at 11:36 am - Edit
You can, and actually have to, use your at&t service. This method is only for people with at&t contracts using the at&t iphone plan.
January 31st, 2008 at 4:16 pm - Edit
Alright thanks. I dont need to get a new sim though do I?
January 31st, 2008 at 4:34 pm - Edit
no new sim required, just use the one that came with your iphone.
January 31st, 2008 at 5:44 pm - Edit
Last thing Ill need to know is how do you do the last step.
February 2nd, 2008 at 11:12 am - Edit
I thought I read closely but I didn’t pick up on this item. About how long does it take to go from
Nate True’s jailbreak 1.1.3
to
Other Jailbreak 1.1.3
In minutes? or Hours?
Thanks!
February 4th, 2008 at 3:30 pm - Edit
@Corey - To do the last step you need to use the Installer on your iphone to install openssh. Once you’ve done that, google winscp and download it. You will now need your iphones wireless IP address. Go to settings > Network > Wifi> Name of your Network. Note the IP address. Put that IP address in to winscp with the login name of root and password of alpine. Now use winscp to navigate to /usr/libexec on your iphone. Drag and drop the lockdownd file you downloaded in to this folder. Now go out and google putty and download it. use the same IP, username and password in putty and connect to your iphone. Type “cd /usr/libexec” and then type “chmod 0555 /usr/libexec/lockdownd”. Now type “exit”. Now restart your iphone by holding down the power button and sliding the slider when it appears. Start up iTunes and connect your iphone to it and it will activate with at&t and your all finished.
@John - It isn’t easy. If you’ve used things like winscp, putty and done some iTunes restores before you should be able to do the whole thing is around 30 mins. If your less familiar with all this stuff than I’d give yourself at least an hour to do it, especially if you mess something up and have to repeat a step or two.
February 11th, 2008 at 1:54 pm - Edit
So can someone tell me why this wouldn’t work with a OTB 1.1.2? After reading this I see there is a lot of bouncing around with different firmwares, so what makes having an OTB 1.1.2 different that you can’t use this method?
February 11th, 2008 at 2:28 pm - Edit
The short answer is that 1.1.2 and newer phones come with a updated boot loader, which is small bit of code that is accessed before the phone firmware is booted. From what I’ve read it’s possible to jailbreak a 1.1.3 phone. I’m not positive but I would guess that my method would work on new style phone but since I don’t have one, I can’t verify that. I saw some instructions on how to jailbreak a OTB 1.1.2+ phone over here. http://iphone.unlock.no/OTB112unlock.htm
February 11th, 2008 at 4:04 pm - Edit
But isn’t the bootloader updated by the upgrade to 1.1.3 anyway?
February 11th, 2008 at 4:22 pm - Edit
That’s a fine question. I would think the iTunes upgrade to 1.1.3 would upgrade the boot loader but I don’t have any solid evidence. The unlock method for 1.1.2+ OTB iPhones at iphone.unlock.no is fairly similar to my method except that it uses some installer packages to help the process along. I think their method uses a hack to bypass the at&t activation where as my method lets the phone authenticate itself, so their method is probably a better universal solution.
It can’t be all that much longer before someone comes out with a one-click update/jailbreak/unlock program.
February 11th, 2008 at 7:33 pm - Edit
Hey Atkins,
Man, Thanks so much for publishing this “how to guild”! I was having a lot of problems with Google maps and other things and was looking for a way to have all the apps and 1.1.3.
Much appreciated
J
February 15th, 2008 at 9:12 am - Edit
No problem, I’m glad some people got some use out of this guide over the last couple of weeks.
This method is now pretty much outdated, if you still haven’t jailbroken OR unlocked your 1.1.3 (or any version really) and you still want to, I’d highly reccomend that you go use ZiPhone, which you can find at http://www.ziphone.org/ It works wonders and I believe it runs on windows and mac. Happy Hacking.
February 19th, 2008 at 1:02 pm - Edit
I am having trouble with activation after downgrading to v 1.1.1 and jailbreaking. It is showing no reception signal from AT&T can anyone help me through this and back to making calls without restoring factory settings?
February 19th, 2008 at 4:31 pm - Edit
john,
Well, unfortunately, the method above uses the jailbroken 1.1.1 firmware as a stepping stone to move between a legit 1.1.3 install and a jailbroken 1.1.2 install. If you have followed the instruction that I posted above, you have the 1.1.3 cell modem (baseband) firmware running on the software version 1.1.1.
The best way to go forward is to use iTunes and restore the phone to 1.1.3. Then download and use ZiPhone, which is at http://www.ziphone.org/ to jailbreak it. It’s pretty easy and works great, it’s a lot better than doing the method I posted.
If your really against using doing a restore (and I don’t really understand why you would be) then you need to downgrade your baseband to the same version that came with the 1.1.1 software. This is tricky and also a little dangerous. If you really want to do it, check out how to “virginize” your baseband here http://iphone.unlock.no/#how-to-downgrade-1.1.2-or-1.1.3