Tuesday, April 3, 2012


如果你想安装非AppleStore的程序,或想Telnet到你的iPhone,你需要Jailbreak。如果你从美国买了个AT&T的iPhone,拿到加拿大用,或你从eBay买了个Rogers的iPhone,可你的SIM卡是Fido的,你则需要unlock你的iPhone。不过,unlock iPhone通常需要你先越狱。
Jailbreak 5.0.1 Untethered On iPhone 4, 3GS, iPad 1, iPod Touch
How To Unlock iPhone 4, iPhone 3GS On iOS 5.0.1
Dev-Team Blog
如果你打算从北美带iPhone去中国或欧亚的其它地方,除解锁外,你还要考虑制式(GSM/CDMA/WCDMA)和频率问题(有的所谓全球通手机支持4个频率)。同是iPhone,也分:iPhone, iPhone 3G, iPhone 3GS,iPhone4和iPhone 4s。 有空再多介绍一些。
Update @ Jan 15, 2014
最新IOS version 7.x破解http://evasi0n.com/
Update @ Arp 24, 2013
最新IOS version 6.1.3破解还没有。据说专家们在等IOS7.0。破解IOS6.1.2可以用http://evasi0n.com/
How to jailbreak iOS 6.1.2
Be sure that your device’s passcode lock is disabled. The passcode lock can interfere with the jailbreak process. Also, make sure that when you upgraded to iOS 6.1.2, it was done, not via an OTA update, but via an iTunes update. While it’s possible that it will work, OTA updates have caused known problems in the past with regard to jailbreaks, it’s best to just play it safe. 
Step 1: Connect your iOS device to evasi0n, and ensure that evasi0n detects your device. Evasi0n should work with any iOS 6 firmware from iOS 6.0 to iOS 6.1.2. In this case, you will be using iOS 6.1.2.
Step 2: Click the jailbreak button, and the jailbreak process will begin. Be patient, as this takes a while. You will notice your device reboot several times throughout the entire process. The main thing is just to be patient.
Step 3: Eventually, evasi0n will ask you to unlock your device, and tap the Jailbreak icon on your Home screen once. Follow these instructions, ensuring that you tap the icon only one time, and then leave the device alone and let it continue.
Step 4: The evasi0n app will complete its course, and you will be able to click the Exit button. The iOS device, however, still needs to finish up a few additional steps, so again, be patient and don’t touch your device.
Step 5: Eventually, the jailbreak will finish, and you can unlock your iOS device, and open the Cydia app on your Home screen. Cydia will need to initialize, which takes about 1 to 2 minutes. After the initialization is complete, the device will respring again.
Step 6: Reopen Cydia, select Hacker, and begin enjoying your newly jailbroken iOS device running iOS 6.1.2.
Remember, this is an untethered jailbreak
Update @ Feb 4,2013
最新Jailbreak from http://evasi0n.com/ 适用IOS6.0~6.1,支持iPhone5
Update @ Jun 15,2012
Dev team已经更新redsn0w到版本0.9.12b1,ultrasn0w也更新到1.2.7,以下的step by step instruction并不都是必须的了。新版redsn0w增加了SAM(Subscriber Artificial Module) Ticket Activation的支持,功能更加全面。
Update @ Jun 11,2012
最新的IOS5.1.1也已经被越狱破解了。网上大多link是Absinthe 2.0。其实上面提到的RedSn0w可以同样破解。我更愿推荐RedSn0w,不仅因其是Dev Team的力作,而且其功能全面,稳定可靠。例如,如果你没有一个可激活iPhone的SIM卡,就无法用Absinthe破解。而RedSn0w就无此限制。RedSn0w还允许你定制没有baseband的Firmware(IPSW),避免了用iTune升级Firmware时,baseband被同时更新,以致不能unlock。RedSn0w还允许你backup你的iPhone的SHSH blobs(54k的密钥文件),使你随时可以downgrade你的Firmware,哪怕Apple不再sign旧的IOS。
RedSn0w的官方网页声明(Version 0.9.11b4)只支持Tethering Jailbreak,实际上Absinthe也只是Tethering越狱,之后需从Cydia安装“Rocky Racoon 5.1.1 Untether”,即可实现Untethering越狱。
需要注意的是如果你的Baseband已经更新到iPad Baseband 6.15.00,你最好用RedSn0w的Custom IPSW生成Preserve Baseband的IPSW;否则升级越狱后,你可能要重新刷6.15的Baseband,而且还不一定能成功。
用RedSn0w(官网:http://blog.iphone-dev.org)破解IOS5.1.1 step by step instruction:
1. 点击"Extras" => 点击"SHSH blobs" => 点击"Fetch",根据提示让iPhone重启动至DFU模式,RedSn0w会提取iPhone的SHSH blobs数据并存入以iPhone序列号+硬件版本号+IOS版本+Firmware版本的.plist文件;
2. 点击"Submit"将获得的blob文件上传到Cydia Server;
3. Optionally,你可以点击"Verify"和"Query"来确认有效的blob文件无误上传到Cydia服务器;
4. 从iTune下载最新的IOS5.1.1,并备份iPhone上的应用程序(apps);
5. 回到RedSn0w,点击"back"回到前一页面,点击"Custom IPSW",选择Apple的firmware文件(.ipsw,Win7通常存在: "%USERPROFILE%\AppData\Roaming\Apple Computer\iTunes\iPhone Software Updates"目录下),生成一个新的有"NO_BB"字样的ipsw文件;
6. 点击"Select IPSW",并选取shang一步生成的"NO_BB" ipsw文件;
7. 按指令让iPhone在一次进入DFU模式;
8. 用cable连接iPhone到运行iTune的计算机上,iTune会提示iPhone进入"Restore"模式,此时按住Shift键的同时,点击iTune的"Restore"钮,然后等着iPhone Firmware更新完毕;
9. iPhone reboot后,会让用户进行设置,最后会要求激活iphone,如果你没有iphone的SIM卡,不用担心;
10. 回到RedSn0w的第一个页面,点击"Jailbreak",按照提示让iphone再次进入DFU模式。一会RedSn0w就会提示余下任务将在iphone上完成;iphone上会看到console运行很多Linux script,最后会看到一个菠萝的Jailbreak画面;
11. iPhone reboot后,会停在Apple的图标上,这是因为我们仅进行了Tethering破解。现在回到RedSn0w上,点击"Just boot",你会再看到菠萝的Jailbreak画面,最终启动回iPhone的UI界面。
12. 此时,可以连iTune恢复所以安装过的软件;
13. 运行Cydia,search “Rocky Racoon 5.1.1 Untether”并安装,现在iphone已经是Untethering Jailbreak了;
14. 如果需要unlock iphone,需要在Cydia上加一个新的source: Manage > Sources > Edit > Add: http://repo.iparelhos.com/;
15. Search并安装"ultrasn0w fixer for iOS 5.1.1";
16. Search并安装"ultrasn0w (1.2.5)";
17. Reboot,大功告成!
前3步是确保若升级破解不成功,你的iPhone还可以恢复回到原来的状态。若破解成功后,你可以再做这三步,以后Apple更新IOS如IOS6,你还有机会downgrade回IOS5.1.1,the Last Known Good的状态;最后3步是unlock才需要做的;第5~6步是避免Modem Firmware升级。通常用户不需更新modem,特别是若你想unlock iphone,强烈推荐保留你的baseband(modem)。


