How to jailbreak iOS 7.x completely offline

Tuesday, February 04, 2014

I'm usually in a very slow internet connection. How slow? well, using a 56k modem. When evad3rs released the jailbreak for iOS 7.x some weeks ago, I noticed something different to the previous version, the one used to jailbreak iOS 6.x: it requires internet connection. After a few minutes of seeing what was happening behind the scenes, I understood what it was doing and I was able to reproduce the same process locally.

What does evasi0n 1.0.x do when it says "Retrieving Remote Package"? Simple:

  1. It asks evasi0n.com for a .plist file which contains two things:

    • An url that points to a .ipa file (WWDC)
    • The cookies that need to be used when downloading the application, exactly like iTunes. Below is an example:

    
        <?xml version="1.0" encoding="UTF-8"?>
        <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/  PropertyList-1.0.dtd">
        <plist version="1.0">
        <array>
        <dict>
          <key>URL</key>
          <string>http://a906.phobos.apple.com/us/r30/Purple/.../mzps6036043982514941651.D2.pd.ipa</string>
          <key>Headers</key>
          <array>
            <string>Cookie: downloadKey=expires=1388710803~access=/us/r1000/098/Purple/v4/c3/4e/98/c34e989a-8522-fde0-...</string>
            <string>User-Agent: iTunes/11.1.3 (Macintosh; OS X 10.9) AppleWebKit/537.71</string>
          </array>
          </dict>
        </array>
        </plist>

  2. Then it performs a request to the given URL with those cookies, in order to download the application.

The idea would be to download that application and store it locally. You can do that using wget, curl or any other tool, like this:

wget --header='User-Agent: iTunes/11.1.3 (Macintosh; OS X 10.9) AppleWebKit/537.71' 
     --header='Accept: */*' --header='Cookie: downloadKey=expires=1388710803~access=/us/r1000/098/Purple/v4/c3/4e/98/c34e989a-8522-fde0-...' 
     'http://a906.phobos.apple.com/us/r30/Purple/.../mzps6036043982514941651.D2.pd.ipa'

and tell evasi0n that it must download the .ipa file from your computer instead of getting it from Apple servers.

To do that (using Windows), follow these steps:

  1. Install an HTTP server in your computer. You can install WAMP, XAMP, etc.
  2. Once installed, create a file named apple-ipa-info.plist in C:\wamp\www\.
  3. Modify your hosts file (C:\Windows\System32\drivers\etc\hosts) and add the following line:

    127.0.0.1         evasi0n.com

    By doing that, when you computer needs to access evasi0n.com, it will ask 127.0.0.1 instead.

  4. Place the downloaded .ipa file in C:\wamp\www and name it however you want (e.g. WWDC.ipa). If you are not able to follow the above steps to do it, just download it directly from here.

  5. Modify the apple-ipa-info.plist file and replace the Apple URL by http://localhost/WWDC.ipa

That's it. If you start the WAMP server and you try to jailbreak an iPhone using evasi0n, the remote file will be downloaded from your computer. It means you can jailbreak as many devices as you want without having access to internet.

In the next post:

When the jailbreak finishes and you open Cydia, as you might know, you won't be able to access your phone with tools like iTools or iFunBox. I mean, it won't be shown as jailbroken. The solution is to connect your iPhone to some WiFi and download afc2add using Cydia. In the next post I'll show you how to do that offline too without having to do that everytime you want to jailbreak an iPhone ;)

By Oscar Mederos, Category: hacks

Tags: ios / jailbreak / hacks /

Comments