Tuesday, February 04, 2014

I'm usually in a very slow internet connection. How slow? well, using a 56k modem. When evad3rs released the jailbreak for iOS 7.x some weeks ago, I noticed something different to the previous version, the one used to jailbreak iOS 6.x: it requires internet connection. After a few minutes of seeing what was happening behind the scenes, I understood what it was doing and I was able to reproduce the same process locally.

What does evasi0n 1.0.x do when it says "Retrieving Remote Package"? Simple:

It asks evasi0n.com for a .plist file which contains two things: An url that points to a .ipa file ( WWDC )

) The cookies that need to be used when downloading the application, exactly like iTunes. Below is an example: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/ PropertyList-1.0.dtd"> <plist version="1.0"> <array> <dict> <key>URL</key> <string>http://a906.phobos.apple.com/us/r30/Purple/.../mzps6036043982514941651.D2.pd.ipa</string> <key>Headers</key> <array> <string>Cookie: downloadKey=expires=1388710803~access=/us/r1000/098/Purple/v4/c3/4e/98/c34e989a-8522-fde0-...</string> <string>User-Agent: iTunes/11.1.3 (Macintosh; OS X 10.9) AppleWebKit/537.71</string> </array> </dict> </array> </plist>

Then it performs a request to the given URL with those cookies, in order to download the application.

The idea would be to download that application and store it locally. You can do that using wget , curl or any other tool, like this:

wget -- header = ' User - Agent : iTunes / 11.1.3 ( Macintosh ; OS X 10.9 ) AppleWebKit / 537.71 ' -- header = ' Accept : */ * ' -- header = ' Cookie : downloadKey = expires = 1388710803 ~ access =/ us / r1000 / 098 / Purple / v4 / c3 / 4 e / 98 / c34e989a - 8522 - fde0 - ... ' ' http : //a906.phobos.apple.com/us/r30/Purple/.../mzps6036043982514941651.D2.pd.ipa'

and tell evasi0n that it must download the .ipa file from your computer instead of getting it from Apple servers.

To do that (using Windows), follow these steps:

Install an HTTP server in your computer. You can install WAMP, XAMP, etc. Once installed, create a file named apple-ipa-info.plist in C:\wamp\www\ . Modify your hosts file ( C:\Windows\System32\drivers\etc\hosts ) and add the following line: 127.0.0.1 evasi0n.com By doing that, when you computer needs to access evasi0n.com , it will ask 127.0.0.1 instead. Place the downloaded .ipa file in C:\wamp\www and name it however you want (e.g. WWDC.ipa ). If you are not able to follow the above steps to do it, just download it directly from here. Modify the apple-ipa-info.plist file and replace the Apple URL by http://localhost/WWDC.ipa

That's it. If you start the WAMP server and you try to jailbreak an iPhone using evasi0n, the remote file will be downloaded from your computer. It means you can jailbreak as many devices as you want without having access to internet.

In the next post: