Chapter 3 : Know the name

Technical Terms and Jargon

ROM

• IPL: Initial program load - usually paired with Secondary Program Load (SPL), is the boot loader of your phone, much like the BIOS is the boot loader for your PC. Note: IPL/SPL are highly hardware dependent, flashing the wrong IPL/SPL is much more serious than a flashing the wrong ROM. It may be noted that, sometimes a ROM package also contains the IPL/SPL which will be flashed into your phone. Hence be extra careful what you are flashing. Note: although a ROM may also contains the IPL/SPL, `ROM` usually refers just to the OS (eg. the Windows Mobile 5, not the IPL/SPL) and the ExtRom.
• SPL: Refer to `IPL`
• ROM: Read Only Memory - commonly used in the form of `ROM upgrade`. The ROM is the firmware/software, which controls everything on your phone. ROM itself usually comes in a package, with IPL/SPL, OS, Radio, and ExtRom. However, in most cases, `upgrading a ROM` usually means just the OS and the ExtRom, as these are the obvious/visible part of an ROM upgrade.
• OS: Operating System - the platform software for your phone, much like the Windows Xp for your PC. Upgrading the OS is like, in PC terms upgrading from Windows 95 to Windows XP.
• ExtROM: Extended ROM - is the section of the ROM which the distributor of the phone (eg O2, T-Mobile, iMate, etc) store their customization (eg Today theme, ring tones, extra software) data. In WM5, the customization data will be automatically installed after the initial configuration (after every hardreset), just after the security section. In most cases, ExtROM can be unlocked to allow users to store/build their own customizations that will be automatically installed upon every hardreset.
• CID: Carrier Id - commonly used in the form `CID-Unlocking`. If you purchase your phone (example) from Qtek (Qtek is the 'carrier'), your phone will only accept Qtek ROMs (the carrier's ROMs). If you want to flash ROMs from other carrier, you'll need to CID-unlock your phone, so that your phone will accept other ROMs. Note: In general, the phrase 'unlock your phone' usually refers to SIM-unlock, not CID unlock.
• Radio: Also referred as GSM (see below) - commonly used in the form `upgrading the Radio/GSM` - in the field of ROM upgrading. The `Radio` is essentially a ROM that controls the phone function part (as oppose to PDA function part) of your phone. Upgrading this `Radio` software may have effect on your phone reception quality, battery life (optimized phone function), signal strength, etc.
• GSM: A system of mobile radio communications. Most common 2G standard. Often used on xda-developers somewhat confusingly to refer to the radio protocol stack or `Radio` in XDA devices. This is slightly misleading as 3G HTC phones use a W-CDMA stack for the 3G communications, and GSM for 2G.
• Protocol: Similar to `Radio`. Both terms refer to the radio protocol stack, which is the software which handles communications with the mobile network.
• SIM: Subscriber Identity Module - commonly used in the form `SIM unlock`. Some phones are locked to the specific telco from which you purchase your phone, eg you can't use a locked O2 phone using a Vodaphone SIM/smart card. To use SIM card from other telco, you need to SIM unlock your phone. Note: In general, the phrase 'unlock your phone' usually refers to SIM-unlock, not CID unlock.
• AKU: Adaptation Kit Update - Starting with Windows Mobile 5 Microsoft began a policy of updates similar to that of the desktop windows. Rather the replacing the whole OS some functionality may be added. For example AKU 2.0 introduced push mail. These updates are distributed through the OEMs and are given to the consumer in form of ROM updates. Note that OEM may choose not to create an update with the latest AKU for their devices. Getting an AKU for your phone is like getting the SP2 (Service Pack 2) for your Windows Xp.

Windows Mobile 5 (WM5)

• Storage memory: The persistent memory part of WM5, where all the files and documents are kept, much like the hard disk of your PC. Data in the storage memory is unaffected by soft-reset or a flat battery. You can't adjust the ratio of Storage memory and Program memory in WM5 like WinCE2003.
• Program memory: The non-persistent memory part of WM5, which is used for all the temporary memory requirements, much like the RAM of your PC. A soft-reset or flat battery will erase everything from the program memory. You can't adjust the ratio of Storage memory and Program memory in WM5 like WinCE2003.

Unlocking

• SIM Unlock: Use any carrier's SIM in the device.
• CID Unlock: Load any carrier ROM (in any language) on the device.
• Application Unlock: Most WM5 phones only allow you to load applications that have an acceptable digital signature. If you try to edit the registry or load an application it will give you an error. Application Unlocking removes this barrier and allows you to install any application or edit the registry to your liking.

Project : WM upgrade chapter 2
Get some Down. Load some guns

Files you need to Dump ROM (Windows only)

• Various Tools

  • If you have an Elf: (Download) (Alternate Link) (51MB)
  • If you have an Elfin: (Download) (Alternate Link) (58MB)
• Automatic device backup creator: (Download) (Alternate Link)

Project : WM upgrade
chapter 1 : Gettting Identity
This Chaper is all about, how to get the basic info about your device
Hey after long time again I m coming back with the Project which is basically to upgrade my HTC Touch ( also known as Elf)
from 6.0 to 6.1
This is again a new tech act, which will help me to learn something more in tachnical aspect.

You can't do any upgrade, any flash related task until you are having some very basic information about your device like as follows

HTC Touch device information

Touch version : Elf
Device ID : ELF010000
CID : DOPOD001
IPL : 1.11.0002
SPL : 1.11.0000
ROM Version : 1.11.720.1B
ExtROM Version : 1.11.720.101
Operator Version: None
AKU Version : 0.2.3
Page Pool : 8 MB
RAM Size : 64 MB
ROM Size : 128 MB
Model No. : ELF0101
Part Number : 99HDM035-00
SIM Unlock Code : 11918830

MCC+MNC:
00101F 40410F 40492F 40440F 40431F 40490F 40498F 40449F 40445F 40494F 40495F 40402F 40496F 40497F 40554F 40470F 40493F 40551F 40403F 40552F 40453F 40556F 40416F 40555F

IMEI (private) : XXXXXXXXXXXXXXXXXX*
Serial Number (private):HT XXXXXXXXXXX*
MAC Address (private) : XXXXXXXXXXX*
* is the mask of original values

1. download and unpack the file
2. connect the your Windows Mobile to the USB port
3. let Active Sync show the status connected.
4. go to the device_info folder
5. run the device_info.bat Batch file
6. follow the onscreen instruction.
7. when everything is done, open the device_info.txt file in the dir.
8. it is having all the info

I m still amazed, that how it happened..
Why earlier i was not able to jail break the 2.2.1(5h11).

What was different when I was jail Breaking it last time.

• I was on vista
• I had installed some of the free Apps from iTunes..

see what the best Pwnage tool can do for us

This was seems less tedious task, as it is

Here was a task to Jailbreak the iPod touch having FW 1.1.4
The very first attempt was failed
I need to restore the FW with the same version 1.1.4..
Right now downloading the FW 2.2.1
Pwnage tool was failed to jailbreak it although it was the latest version..
Now looking for QuickPwn's latest version.
Let see what happens..

After you have jailbroken your ipod touch 2.x what you wanna do is 

1.Log into WinSCP (windows) or Cyberduck (Mac) 
If you don't know how to do this -

Install cracked ipa's using iTunes. Change your Mobile Installation File without computer support.

1. Go to your pawned iPhone, open Cydia.



2. Go to Manage and choose Sources



3. Press the Edit Button and then the Add button



4. Add the following sources:

4.1. OpenSSH:
Code:
http://apt.saurik.com/
Don't need to add this one, it's already installed by default, just search for the app.



4.2. Erica Utilities: www.ModMyi.com



4.3. Mobile Instalation File: http://iphone.org.hk/apt/



The installation has to be made the way above, leave Mobile Installation file for last.

Restart the iPhone and install first a legit app, download a free app from the appstore [VERY IMPORTANT STEPS] and it's done! Now you can install any cracked ipa using iTunes.

SaladFork make Crackulous. People use Crackulous. Angel Take over. Crackulous good. We release Crackulous today.


CRACKULOUS v.9
We at Hackulous have decided to open up the beta version of Crackulous for the entire community. If you haven't already heard about Crackulous, it's an amazing application dedicated to the iPhone community to cracking apps. Crackulous was first started by SaladFork, and now the application is being developed by Angel. We've decided to release Crackulous v.9 as an Open Beta, so anyone can try it out!

Features:

* Full GUI version of xCrack! No Complications!
* Crack Applications from the App Store! Share them with the community!
* The ONLY Application of its kind!
* The most POWERFUL and EASIEST to use application!
* Crack multiple apps at one time!
* It's free! Why would we charge?

Read more at: What is Crackulous?


So where do we get it? From the Hackulous Cydia Repo of course!
http://cydia.hackulo.us


Known Bugs (Major):

* You must have at least one legitimate app from the App Store
* If any of your apps begin with a #, Crackulous will crash (Bug fix on the way)

If you have more bugs to share, tell us at: Crackulous Forum

Issues:

* If You cannot see Crackulous in the repo, restart your cydia (or your device) and have it update it's sources



Kyek's FAQ
We're getting a lot of common questions in this thread -- so I posted this on page 4, but it might be better served here in the original post smile.gif

Crackulous crashing on startup?
Many people are saying that it crashes when you have an app with a number in it. It's not necessarily numbers IN apps, it's apps that START WITH a number. This is a known bug, and it's mentioned in the original post. There should be a fix soon, so don't feel the need to delete your precious apps right away ;-). There's also a rare bug report about apps with 3 or more digits in the name causing a problem with Crackulous, but so far that's not been confirmed.

Make sure you address your crashing in the official Crackulous crashing topic.

But how do I crack apps without buying them?
You don't. Every single app that's ever been cracked has been legitimately purchased by the cracker. Part of the cracking method requires you to run the app on your iDevice before it's cracked, and the only way to do that is by buying it and downloading it legitimately. Makes you think twice before you start spamming the requests board, doesn't it? ;-)

I cracked an app but how do I get it?
Crackulous tells you exactly where to find the app once it's cracked -- all you need to do is log into your phone via SFTP (you need OpenSSH from Cydia for this). Don't know how to do that? This, my friends, is why we have a Tutorials section here at Hackulous ;-) Take some initiative and search for it!

Where do I upload the app?!?!?!?!?!1cos(0)1
If your goal is to get the app posted on Appulous (and it should be!) you'll need to upload it to a filehost. Actually, if you want your app to stick around for awhile, you'll want to upload to a few filehosts! The ones that work on Appulous are listed here. Then, if you don't already have one, register for an account at Appulo.us, verify your E-mail (see here if you have problems with that), log in, then use the "Submit an App" link at the top of Appulous.

This tutorial will show you how to install cracked .app applications on your iPhone. Although very easy and convenient, this is not the best way to add cracked apps. Given that most cracked iPhone apps are .ipa files, I recommend you have a look at guide on how to install .ipa files on your iPhone instead.

I assume that you’re on a jailbroken 2.X iPhone and that you have installed OpenSSH from Cydia.

1. Download cracked application.

2. Unzip the cracked application folder to your desktop.

3. SSH into iphone.

4. In WinSCP, navigate to /Applications.

5. Drag the cracked application folder over the /Applications folder and drop it in there.

6. Right click on the cracked application folder and change permissions to 0755 and select the box beside “set owner group and permissions recursively” (or go inside the folder, select everything, and set properties to 0755 as well), then hit ok.

7. In the /Applications folder, make a new folder called “Documents”, with a capital D. Change the permissions on the “Documents” folder you just created to 0777.

8. Navigate to /var/mobile/ and make a new folder called “Documents”, with a capital D. Change the permissions on the “Documents” folder you just created to 0777.

9. Reboot your device

Note: Some applications require you set permission to 0775. It seems to be kinda random so if 0755 doesn’t work, try 0775.

Hello to you, iPhone hacker! Hello to you too, iPod Touch hacker…

So it’s not a secret anymore… many iPhone games and applications have been cracked (and still are). Basically, you can get 2 types of files. The “normal” .app file, and the cracked ipa file. We already covered the method to install .app files on your iPhone. Now here is the other method, the most popular one, to install cracked .ipa files such as games and applications on your iPhone or iPod Touch.

As a reminder, this is illegal! I do not encourage anyone to hack or crack iPhone games. Some developpers spend quite some time working on them and they don’t want to see their work ripped off. If you see an iPhone game or application that you like, download it legally through the App Store.

This method works for all firmwares from 2.0 to the current firmware available. The only thing that changes is the MobileInstallation file that you have to install. Each device (iPhone/iPod Touch) has its own MobileInstallation file for each version of the firmware. I started tracking these MobileInstallation files from iPhone 2.1. I do not have them for older firmwares and I do not have them for iPod Touch, although they might be the same as the iPhone’s. I don’t own an iPod Touch, thus I never tried this before on one but some users reported to me it worked great.

By the way, you may want to check my list of cracked iPhone games and applications.

So, how to install ipa files on an iPhone or iPod Touch?

1. You need to be on jailbroken iPhone with Cydia installed. For this, you may use QuickPwn, PwnageTool, or WinPwn. See my tutorials for on how to jailbreak your iPhone or iPod Touch using any of these tools.

2. Install OpenSSH from Cydia on your iPhone. Click on Cydia and then click Install (Sections)>Networking>OpenSSH then click Install>Confirm (if you get a running out of disk space error click “ok”).

3. Log into WinSCP. The first time you try to login you may get a connection timeout error, click retry several times (up to 20 times!) and it should work. If you still get an error, reboot your iPod/iPhone and try again.

4. Navigate to /private/var/mobile/ folder

5. Set the permission of the Applications folder to 777 (make sure reclusive is checked).

6. Stay in the /private/var/mobile/ folder.

7. Create a folder called “Documents” in the /private/var/mobile/ folder. Make sure to spell “Documents” correctly, with a capital “D”.

8. Set the permission to 777.

9. Navigate to the root level and open the /Applications folder.

10. Create a folder called “Documents” inside the /Applications folder and set permission to 777.

———Note: You will only need to create these two Documents folders once———

11. Go to /System/Library/PrivateFrameworks/MobileInstallation.framework

12. Rename the file “MobileInstallation” to “MobileInstallation.bak”

13. Download this patched MobileInstallation file from HERE. Note that you have to download the patched file for the firmware you are running. ie. if you are running 2.1, you need the MobileInstallation 2.1 patched file.

14. Place the patched file into the /System/Library/PrivateFrameworks/MobileInstallation.framework folder and set the permissions 775 for the patched MobileInstallation file. If there is some type of extension (ie .dylib), then you need to remove that extension.

15. Reboot your iPhone/iPod Touch

16. Download cracked api Games and Apps from Here.

17. Download at least one App from Apple App Store (Free or Paid). What I do is I download one app from the App Store using iTunes, then I sync my iPhone and reboot it. Then I download one app from the App Store on the iPhone and reboot the phone. THIS IS VERY IMPORTANT: Otherwise you will get an error! [Only need to do this once]

18. Drag and drop the .ipa file you downloaded into the iTunes Application library.

19. Sync your iPhone/iPod Touch and enjoy!

Errors:

The application “XXXXXXX” cannot be opened
Fix: Reboot your iPhone or iPod

0xE800001 Error:

FIX: Change usb port and reboot your iphone/ipod Touch.
If this doesn’t work try going into: Control panel->System->Device Manager->Universal Serie Bus Controller->Right click Apple Mobile Device USB Driver and update driver.

0xE800013 Error:

You get this error when you already have the app
FIX: Simply delete the .app folder that u have ssh’d and reboot.

Baseband 101

The ‘baseband’ is the generic name given to the internal components of the iPhone that handle the phone calls and Internet access. This ‘baseband’ is a tiny and unique independent computer system that runs inside your iPhone, it is separate to the main system that handles the applications (such as email and google maps) and it talks to the main part of the phone over an internal communications network. Think of it like a cable modem or other peripheral that is attached to your home PC that needs occasional updates. When a software update is released and presented to you within iTunes the baseband is sometimes updated (to fix bugs or add new features). The 2.2.1 update for the iPhone 3G contains such an update, so running the vanilla updater straight away with iTunes will reprogram and update the baseband. This could be bad for certain people, depending on your ultimate aim.

SIM Free/SP Unlocked/Factory Unlocked iPhone 3G

This applies if you bought your iPhone 3G for $$$$$$$. This model of iPhone 3G doesn’t have an Service Provider lock (aka factory unlocked) and you are able to put any SIM card into the phone and get service. Your phone is already unlocked so you do not need to worry about baseband updates, simply upgrade to 2.2.1 using iTunes and then use QuickPwn to Pwn and Jailbreak. This will add Cydia and Installer too.

Locked iPhone 3G - Preserve Baseband

This applies if you have a locked iPhone 3G and you wish to update to 2.2.1 but preserve the iPhone’s current baseband software. Preserving the baseband will ensure that you can still use “yellowsn0w” the iPhone 3G unlock application. To upgrade your phone to 2.2.1 and preserve the state of the baseband you need to create a custom .ipsw with PwnageTool. This custom .ipsw will not contain the baseband update but of course will still give you any new stuff from 2.2.1

There are plenty of tutorials about this process on the web, but PwnageTool contains intuitive graphics and easy to follow prompts that should have you up and running in no time at all. Please note: PwnageTool is only available for Mac OS X.

Locked iPhone 3G

If you are using your iPhone with one carrier and have no interest in the possibility of an iPhone 3G unlock in the near future then just restore or upgrade to 2.2.1 using iTunes and use QuickPwn to Jailbreak and add Cydia and Installer.

iPhone 2G (1st Generation)

Update or Restore your iPhone 2G with iTunes then run QuickPwn to do the magic, ‘nuff said, you don’t need to worry about anything.

iPod Touch 1G (Original iPod Touch)

Update to 2.2.1 with iTunes and run QuickPwn.

iPod Touch 2G (New iPod Touch)

Sorry, no support at this time, but Redsn0w is being actively researched and developed.

Fixing DFU mode on 10.5.6

As noted previously OS X 10.5.6 introduced a bug that affected the use of DFU mode. with some Macs. There have been previously published hacks and techniques to fix this, but here is another method that can be used to temporarily restore DFU functionality in order to use QuickPwn or PwnageTool.

1. You will need an account with ADC (Apple Developer Connection) this is free and takes a few minutes to sign up, you should read the terms and conditions carefully and you should only sign up if you are thinking of developing applications in the future - http://developer.apple.com/mac/
2. Download the disk image “IOUSBFamily-315.4-log.dmg” for Mac OS X 10.5.5 Build 9F33” (yes, that is a “5” in 10.5.5 - this is a developer debug package of the USB kernel extension).
3. Unplug non-vital USB equipment, such as external DVD writers, USB scanners, USB mass storage devices, at the most leave a Keyboard and Mouse connected.
4. Install IOUSBFamily-315.4.1.pkg from within the disk image
5. Reboot your system!
6. Perform necessary DFU activity with QuickPwn or PwnageTool.
7. Download the disk image “IOUSBFamily-327.4.0-log.dmg” for Mac OS X 10.5.6 Build 9G55”
8. Intall IOUSBFamily-327.4.0.pkg from within the disk image
9. Reboot your system!
10. Reattach your USB peripherals.