Hacking the iPod Touch - Part 1

my new (hacked) ipod touch
So now that I had a little time to play around with this cool gadget, I think its time that I shared some of fun in hacking the iPod Touch. But first a friendly government warning :

WARNING: Hacking gadgets is known to cause bricking and in some instances may even void your warranty. As a general rule assume you won't be able to upgrade your firmware in the future. If your doing this, do it AT YOUR OWN RISK!

Don't worry in reality its almost impossible to brick the device since you can restore it using iTunes. So if you're still with me then "welcome to a brave new world of hacking!". First let me explain how the iphone/ipod touch hack works in layman's terms.

TIFF Exploit

The key ingredient for performing the hack is around a bug discovered in libtiff, a library used widely to provide tiff image handling capabilities. This bug can be used to cause a buffer overflow, allowing arbitrary code to be executed. Such exploits can aid (in a good sense) to unlock a device which has been locked, limiting its functionality to what ever the device manufacturer wants it to do.

Before the iPhone, the PSP firmware 2.0 was also hacked using a similar TIFF exploit allowing third party home brew apps to be executed.

In the case of the iTouch, you would visit a site containing a specially crafted TIFF image vis the Safari mobile browser. This would crash the browser and execute the payload. What that code does is simply to remount the root file system with full read/write permission, enabling the browser to break out of the chrooted jail its running under - jailbreak. This is possible thanks to Apple running the browser as root (admin), something any one with a little sense of security would not do.

You can read more about the TIFF exploit here.

Jail breaking the Touch

Jail breaking the touch has been made so easy that even a 5 year old could do it. The easiest method which was released less than a week ago, requires you to just visit www.jailbreakme.com and click on a link. It will display a TIFF which will jailbreak the device, making it suitable for running third party apps, install a user friendly App installer app and finally patch the TIFF exploit so you won't be compromised in the future! If your a GNU/Linux user, this also means you no longer need to goto a Mac or Windows to Jail break.

There are also a GUI tools which can be run inside MacOSX (iJailbreak) and Windows (Touchfree).

But I used the almost manual method since I thought it would be more fun going through the steps. I used my Mac Mini (PPC) but there is also a how to for Windows (sorry not for GNU/Linux).

If everything went ok, you will now be able to install apps by launching the Installer.app ifrom the SpringBoard interface. All you need is to be connected to the net.

What ever you install, you'll definitely want to install OpenSSH server (and even client), BSD Subsystem, DNS tools, SummerBoard.

In part 2 I will talk about some of the productivity apps and some other interesting apps that you can run. I'll also try to touch up on getting the Touch to work on GNU/Linux so that you can transfer music, videos and may be even photos (still trying to figure this out) without using iTunes.

If you can't wait... subscribe to my twitter blog for a near real-time update of what I'm upto.