iPhone Hacks by David Jurick, Damien Stolarz, Adam Stolarz

Apple’s iPhone was originally released in the United States exclusively on the AT&T network. There are a number of different cellular phone standards, but the technology in widest use around the world and standard in Europe is called GSM (Global System for Mobile communications). GSM describes the technology for providing voice services, but the GSM system includes several levels of wireless data service as well. GPRS (General Packet Radio Service) is the slowest of these protocols, providing speeds up to 40Kbps’similar to a dial-up modem. EDGE (Enhanced Data rates for GSM Evolution) is a data transmission protocol capable of speeds up to 180Kbps, with a theoretical maximum of 230Kbps, like the now painfully slow broadband Internet from the late ’90s. Generally, this speed makes EDGE a 2.5G (between second- and third-generation) wireless protocol, as contrasted with the 3G phones, which use HSDPA (High-Speed Downlink Packet Access, the fastest current data standard used with GSM networks), which is comparable to a slow DSL connection. GSM phones are characterized by their use of a SIM (Subscriber Identity Module) card, and the ability for users to switch phones by simply moving a SIM card from one phone to another (Figure 1-1). Once Apple’s exclusive contract with AT&T has run out, they may create an iPhone that runs on other mobile standards such as the CDMA (Code Division Multiple Access) and EVDO (Evolution-Data Optimized) standards used by Verizon and Sprint in the United States.

Figure 1-1. The iPhone’s SIM card on its tray

The iPhone runs an embedded (for a device, not a computer) form of Mac OS X for its system software, a thinned-down version of the same code that runs on Macintosh computers. Native applications are programs that are installed on the iPhone, as opposed to web applications, or iPhone-optimized web pages, that run in the Mobile Safari web browser, using technologies such as AJAX (Asynchronous JavaScript and XML), and which require a working Internet connection to operate. The many built-in applications on the iPhone, such as Calendar, Photos, YouTube, and Safari, are native applications; there are also native third-party applications. The applications on the iPhone are all launched by SpringBoard, an application that controls the home screen. Figure 1-2 shows a jailbroken (hacked to be freed from restrictions) phone with some third-party apps.

Figure 1-2. A number of installed third-party native applications on a jailbroken phone

Unix is a cross-platform, multiuser, server operating system with a long history. It was first developed at AT&T in 1969. It was one of the first open source operating systems. It has heavily influenced every operating system since then. Over the last 40 years, it has split into a large family tree with dozens of competing versions and several prominent clones, such as Linux. It has long been a programmer’s operating system (OS) as well as the ancestral home of computer hackers. Unix and Unix-like servers such as Linux represent a substantial portion of the servers on the Internet. Mac OS X is a Unix operating system.

One of the interesting things about the iPhone—and an interesting full circle for AT&T—is that upwards of 10 million people are now running a Unix-based operating system on their iPhone.

As we just mentioned, Unix is a multiuser system. Different accounts (login names) can be given different privileges. For instance, the superuser administrator named root can change any file on the system. The iPhone normally runs applications as a user named mobile, who has more limited access.

The word “root” in Unix systems is also used to describe the top of a hard drive hierarchy, in which the uppermost folder is the “root” directory (like the root of a plant or tree). If you see the slash symbol (/), this signifies the root of the hard drive.

One method of enforcing security on Unix systems is called chroot(). Normally, any user on Unix can potentially see the whole hard drive. What chroot() does is change the root directory so that a user can access only his or her own home directory. For instance, if Joe’s home directory is /Users/joe, chroot makes it so that / points to /Users/joe on the hard drive. Now Joe can’t access parts of the system that he shouldn’t. This security measure puts Joe in what is called a chroot() jail.

The term jail has come to encompass any metaphorical padded cell or “jail” that restricts access to certain directories and limits which programs can be run.

On the iPhone, the flash drive has two partitions—about 300 megabytes (MB) for the OS (operating system) and Applications (partition /dev/disk0s1), and the rest of the phone’s total storage for user data such as pictures, music, and movies (partition /dev/disk0s2). As shipped, there are two major restrictions: the user can’t write to the OS partition, and the iPhone won’t run (execute) any programs stored on the data partition. If you install an App Store application, it can run because it is stored on the OS partition.

On the iPhone, the process of jailbreaking removes both of these restrictions. By changing the file /etc/fstab, you:

The iPhone ships with many software and hardware security features to ensure that it is not easily cracked by malicious interlopers, and to create a chain of accountability so that an insidious or destructive program can be traced to its creator if it does manage to get onto the phone. Because of this thick layer of security, it is necessary to jailbreak the iPhone Open Your iPhone or iPod touch to Customization by Jailbreaking to install programs and access features that aren’t available through the App Store.

Most software for jailbreaking adds package management for installing new applications directly to the device. Jailbreaking adds a wide variety of common Unix/Linux tools, including Secure Shell (SSH), so that you can connect to your iPhone with a terminal program and configure it.

Significantly, because a jailbroken iPhone is a full-featured Unix server, just about every major Internet service and development technology—MySQL, Apache web servers, PHP, Python, Perl, Ruby, and Java, to name just a few—are available for the iPhone. That means that porting existing code—especially open source code—to the iPhone is trivially easy. Thus, many of the hacks in this book depend on jailbreaking the phone.

In February 2008, Apple announced a Software Development Kit (SDK), allowing the creation of third-party applications that could be installed on the phone. For the eight months prior to that date, creating native iPhone applications required a reverse-engineered development environment commonly referred to as the toolchain (a set of software tools used to create new applications). This is because SDK applications run in a sandbox (another word for “jail”) that limits their ability to do harm, but also limits their ability to do good. Thus, there are SDK applications (developed with Apple’s Mac-based development tools, sold in Apple’s App Store, and complying with Apple’s restrictions and distribution policies), and toolchain applications, developed using these reverse-engineered software development kits. Toolchain apps can use any feature on the phone that is available. In contrast, the SDK is limited to the features that Apple has exposed in its SDK. For instance, an SDK application cannot take pictures without the user’s permission, and cannot dial a phone number or send a text message without the user being notified, and generally cannot keep running in the background when the user switches to another program. Toolchain applications have none of these restrictions. For extensive information on programming toolchain applications, see iPhone Open Application Development, 2nd Edition (O’Reilly, 2008) by Jonathan Zdziarski.

Understanding the various methods of hacking the iPhone depends on an understanding of its different parts. As mentioned earlier, the iPhone is very similar to a conventional desktop PC, with computing power easily comparable to systems from the late 1990s. Its main CPU runs around 400Mhz, and it has a screen, an onscreen virtual keyboard, a touch screen that functions as a mouse, and 4GB or more of flash storage for its filesystem (file storage). It runs an operating system—which is actually Mac OS X. Unlike most personal computers, however, the iPhone has two “brains”—one is the ARM processor (ARM11 specifically), the CPU that runs the Mac OS X system software and the GUI (graphical user interface), and the other is a chip that handles communication with the cellular network, called the baseband chip (an Infineon GSM processor).

Every mobile phone in the market has a baseband chip. On most phones (non-"smart” phones) this baseband chip is the only processor for the phone. This chip contains a simple central processing unit, as well as a wireless modem, and is responsible for all GSM/EDGE/HSDPA cellular communication. Jailbreaking an iPhone hacks only the Mac OS X that runs on the ARM processor. The iPhone’s baseband chip is a “second brain” that must be reprogrammed—often against its will—if you want to unlock the phone.

Some people wonder why the phone chip is called a “baseband.” The name is related to the more familiar term broadband, which describes a wired or wireless transmission carrying many different channels (bands or frequencies), such as a cable modem connection shared by everyone in a given neighborhood. By contrast, baseband is when a wired or wireless transmission has one base (low) band that transmits only one signal, such as a single wireless phone call.

One of the most popular terms that you will run into in hacking the iPhone is bricking, which means rendering your iPhone as useless as a brick because of hacking gone awry. Example: “Oh, no! I think I bricked my iPhone trying to unlock it.” To be precise, bricking should describe a state that is permanent and irreversible, but the iPhone community often uses this term loosely for a temporary state that is relatively easy to reverse. And some users have even had “hard” (seemingly permanently) bricked phones come back to life with later iPhone firmware—new versions of Apple’s firmware resurrected a lot of previously “bricked” phones. Typically, there are many options (such as forcing a full restore on your iPhone) that can fix the many seemingly incurable ills of carelessly hacked phones. (See Chapter 2, “Troubleshoot Your iPhone or iPod touch.”) Hardware hacking (that is, opening up the phone, as described in Chapter 12, “Hardware”) creates the highest risk of bricking phones. Next to that, trying to do a SIM unlock (modifying the phone to use a different mobile carrier than it was designed to use) is the most fruitful source of bricks (see Chapter 7, “Unlocking and Activation”). Easy-to-use one-click SIM unlocking applications Buy an Unlocked iPhone from Apple became popular because they ran a lower risk of bricking an iPhone for novice users.

Whereas PCs run software, the preferred term for embedded software—that is, software that runs on devices instead of computers—is firmware. When used in iPhone-speak, “firmware” is used loosely to describe each successive version (1.1.1, 1.1.2, 1.1.3, 1.1.4, 2.0, 2.1, 3.0, and so on) of new software for the iPhone. These files usually come in the form of an IPSW (iPhone software) file, such as iPhone1,1_2.0_5A347_Custom_Restore.ipsw. These files usually contain an update for Mac OS X as well as the baseband firmware, the software that runs the modem, which is independent of the version of system software on the phone. The baseband firmware is essential for the proper functioning of EDGE, HSDPA, Wi-Fi, Bluetooth, and phone calls. When you activate an iPhone for the first time in iTunes, or when you unlock the phone for use on any GSM service provider, you are modifying the baseband firmware.

Just like a conventional computer has a BIOS (which is in control of the computer before Windows, Linux, or Mac OS X is loaded, and is built into the hardware of the machine), the iPhone has a bootloader, or bit of software that runs before the operating system and determines which software to use during bootup. In fact, the iPhone has two of them. The main CPU has a bootloader called iBoot, also known as the recovery bootloader. This software tries to load the system software. If it cannot, or if the phone is in recovery mode Restore and Recover Your iPhone, then it asks to be connected to iTunes. The baseband bootloader is the software that runs on the baseband and loads the baseband firmware. Figure 1-3 shows the different operating software on the iPhone.

Figure 1-3. The various parts of the iPhone’s operating software

OOB or OOTB means out-of-box or out-of-the-box; it describes a phone that is brand new, not activated, jailbroken, unlocked, or otherwise molested. The term is used to describe models of phones that ship with particular software version. For instance, “OOB 1.1.2” phones shipped with a baseband bootloader (Version 4.6) that was more resistive to baseband firmware updates than earlier versions. Thus, some earlier phones were coveted because of their flexibility in downgrading and upgrading to different system versions and unlocking.

Apple’s iTunes program frequently prompts users to upgrade their phone to the latest software. Upgrading your iPhone upgrades the software to Apple’s current version but keeps the user data (leaving the user partition of the flash drive intact), whereas restoring Restore and Recover Your iPhone your iPhone’s software erases user data and reinstalls the system software. However, restoring does not reset any baseband (firmware) alterations. Virginizing your iPhone Enter DFU Mode puts it in the exact same software state that it was in when you bought it, including resetting your baseband firmware back to factory settings by relocking it. Virginizing is a prudent choice for those returning their phones under warranty, as phones that are serviced in a hacked state may be denied warranty service.

Here’s what you should know about your device:

Step 2: Identify your firmware and baseband version.

The firmware version can be found either using iTunes or directly on your iPhone. In iTunes (with your iPhone connected to your computer), go to your iPhone’s summary tab and locate “Version.” To right of it is the firmware version, listed as a version number such as 2.1, followed by a hexadecimal number in parentheses. On your iPhone, open the Settings menu and scroll down until you see General. Tap on General and select About from the top of the list. On the About screen, about halfway down the list, you will see your firmware version number, as well as your “Modem Firmware” (a.k.a. baseband version), as shown in Figure 1-4.

The easiest way to do this is by selecting Settings→General→About. The Version field will give the version of your software (i.e., Mobile OS X), and the baseband (labeled “Modem Firmware”).

A comprehensive list of firmware and baseband versions can be found at www.theiphonewiki.com/wiki/index.php?title=System. You can see some of these in the tables on the following pages.

Figure 1-4. The About screen

Resetting target...
pinging the baseband...
issuing +xgendata...
firmware: DEV_ICE_MODEM_04.02.13_G
eep version: EEP_VERSION:208
eep revision: EEP_REVISION:1
bootloader: BOOTLOADER_VERSION:4.6_M3S2

Step back to a previous firmware version.

If you’ve already updated your firmware and can’t get your favorite hacks to work, you can sometimes reverse the update. Read the documentation for your jailbreaking program.

Figure 1-5. iTunes offers frequent updates

Warning

The ramifications of a misapplied hack are rarely fatal, but some are irreversible and many of them can be difficult and time-consuming to repair. Thus, the method by which you can hack your iPhone is very specifically dictated by the software version currently installed. So, just say “No!” to unsolicited firmware upgrades until the iPhone hacking community says they’re ready. Caveat hax0r.

Jailbreaking a phone is like logging in as “Administrator” or “root” on a Windows or Unix machine. It gives the user complete control—and of course, complete responsibility if something goes wrong. A jailbroken phone can run any application developed for the iPhone—including badly written applications or even viruses. Your jailbroken iPhone is unprotected and it’s now your job—not Apple’s—to keep it from getting hurt or sick.

When we speak about “hacking an iPhone,” jailbreaking is the basis of most hacks. After jailbreaking, you’ve taken your first step into a larger world.

The benefits of jailbreaking are numerous. Just a few examples are:

Due to unprecedented, fervent passion for the iPhone platform, combined with the opportunity for tremendous profits from unlocking iPhones for use with alternate GSM carriers, there have been a number of competing unlocking applications. Because jailbreaking is the first step of running any third-party software to perform an unlock, most unlocking applications have jailbreak as their primary feature.

Numerous applications have come and gone in the fast-paced game of one-upmanship that is iPhone hacking. iBrickr, iFuntastic, iLiberty (shown in Figures Figure 1-6 and Figure 1-7), ZiPhone (Figure 1-8), and iPHUC are just a few examples. What may not be obvious to the end user is that each of these applications relied on the same basic code—and cracks—mostly discovered and developed by members of the iPhone Dev Team (http://wikee.iphwn.org) or GeoHot (http://iphonejtag.blogspot.com). Each time Apple released new firmware, they tended to patch all the publicly known cracks, rendering all existing hacking software useless for the new phones and software. Thus, there would be a period of days or weeks when the hacking community would pore over the new firmware, looking for new, unexploited cracks. As soon as they were found, a new version of complex command-line tools and dissertation-length step-by-step tutorials would be posted, showing how to manually jailbreak or unlock the new versions, followed by a slew of cute, end-user-oriented GUI applications to do the same thing.

These applications differed mostly in their fee model (most of the good ones being free), their ease of use, and how well they dealt with the numerous combinations of firmware and software. Also, because some versions of these apps implemented the hacks in an inconsistent or outright buggy way, and because Apple’s own updates would often scramble previously hacked phones into an unstable state, even more features had to be developed to repair these ravages.

Figure 1-6. iLiberty (Windows)

Figure 1-7. iLiberty (Mac OS X)

Figure 1-8. ZiPhone 3.0 (Mac OS X)

Through these applications, perhaps millions of people have had their 1.x.x firmware phones successfully hacked and their phones unlocked. However, there were still problems:

For a while, iLiberty and ZiPhone were all the rage, and these applications—though effective for the vast majority of users—left a few casualties in their wake. Specifically, ZiPhone downgraded the firmware on phones in such a way that it was difficult to “virginize” them Enter DFU Mode if they needed to be taken to an Apple store for hardware warranty service. And a major blow was dealt to the first-generation unlocking applications when Apple released its 2.0 firmware and its own App Store, replacing (and for a while, effectively disabling) the popular 1.x firmware Installer.app store. As usual, there was no immediately effective jailbreak for the new firmware.

However, a culmination of efforts by the iPhone dev team came up with an elegant, consistent, and very stable solution to both 2.x firmware jailbreaking and unlocking. By consolidating all the still-working exploits from the 1.x era, and adding a discovered exploit that could not be disabled by any Apple software patch, the Pwnage (expert) and QuickPwn (quick and easy) applications were created. Part of their elegance lies in how they do not directly jailbreak the phone. Rather, they patch Apple’s own firmware packages—adding jailbreaking and unlocking code as needed—and then the user simply patches their phone using iTunes.

Developed by or in coordination with the iPhone dev team, Pwnage can be downloaded from http://wikee.iphwn.org or http://blog.iphone-dev.org. Both Mac (Figure 1-9), and Windows (Figure 1-10) versions are available. Along with the Pwnage tool, you’ll need to download the correct restore image for your phone and the appropriate bootloader files—but Pwnage will assist you with this.

Figure 1-9. Pwnage for the Mac

Figure 1-10. Pwnage for the PC (winpwn)

Select your device, then select the firmware (.ipsw file) that you (or Pwnage) downloaded. For both platforms, select the appropriate bootloader files when prompted. For first-generation iPhones, these files will be called BL-39.bin and BL-46.bin, and can be found through a Google search on the iPhone. Once you have selected all the options you want, build your custom .ipsw. If you’re also unlocking, be sure to choose “NO” when Pwnage asks if you are a legit user, make sure that the options Activate Phone, Enable Baseband Update, Neuter Bootloader, Unlock Baseband, and Autodelete Bootneuter.app are all checked. If you’ve already unlocked your phone, you shouldn’t have to unlock it again, but it also won’t hurt anything if you do. Once your custom .ipsw file has been built, you’re almost done! If you’re running winpwn, go back to the main screen and click “iPwner,” then select the custom .ipsw file that you just built. On both systems, you will need to enter DFU mode at this point Enter DFU Mode to allow iTunes to install the .ipsw file on your phone. Once again, the application will guide you through this process.

Launch iTunes. If you’re on Mac OS X, hold down the Option key while you press the Restore button in iTunes. On Windows, hold down the Shift key as you click Restore. Select the custom .ipsw file that you made, and wait for the restore to finish. Congratulations—you’re done!

Pwnage has a number of conditional steps—and uses iTunes to do the deed. If you want an even simpler jailbreaking experience and you have a fresh iPhone with no complicated prehacking history, then QuickPwn (Figure 1-11) is a good choice (www.quickpwn.com).

Figure 1-11. QuickPwn

With your iPhone jailbroken, you are now free to manipulate it as you see fit. Or, as iFuntastic says, to make your iPhone your iPhone.

Apple’s intent to lock down its phone is strong. But an army of curious hackers seems to be able to keep finding exploits that give it control over the iPhone. Because any code made by man can be broken by man, and because software is very complex and always seems to have some bugs in it, it stands to reason that any new firmware will eventually be broken.

When no exploits could be easily found for later firmware versions, a clever approach was found—simply roll back the version. Apple then patched the firmware so that users couldn’t roll back the firmware—at least, not yet. So even if at some point in the future, it seems that all hope is lost for software jailbreaking methods, it’s probably just a matter of time before the hack is found. And if the iPhone ever gets really, really impenetrably secure, there’s always the hardware approach—such as the famous hardware hack by GeoHot (http://iphonejtag.blogspot.com/2007_08_01_archive.html) and methods derived from it.

The iPhone dev team has been the most consistent and reliable force for responsible iPhone hacking since the iPhone’s release, so before you download a payware application from some glossy site, seek out the iPhone dev team sites http://wikee.iphwn.org and http://blog.iphone-dev.org to see what they have to say.

Since its introduction shortly after the iPhone’s initial release, Installer.app has become the most popular way to install third-party apps and utilities. Thousands of third-party applications existed before Apple had even announced their App Store efforts. And for those original iPhone users still running a pre-2.0 firmware, Installer.app is still their only source of applications.

When Apple’s 2.0 firmware came out—in conjunction with the App Store and around the time of the iPhone 3G—most of the third-party “toolchain” applications would not work on the new firmware. This was not so much an intentional result from Apple, but simply the side effect of Apple completely revising its SDK. (The same thing happens with new versions of Mac OS X or Windows; the tools to develop software changes frequently.) But none of the applications on Installer.app had a polite “Sorry, I don’t support the 2.0 firmware” message and thus there was general confusion.

The Install tab takes lists of apps from various privately operated sources and sorts them into a list that you can choose from. From the Install screen, tap an app to get a basic description of the app. On this page there is also an Install button, which will download and install this package on your iPhone, and a More Info button, which sends you to a website with more information on the app.

After you install a package, if it’s an application, it will simply appear on your home screen, and if it’s something else, like a skin pack or theme or ringtone, it should appear in the appropriate place. If not, try restarting your iPhone.

The Update tab shows whether there are any newer versions of apps that you have already installed through Installer.app. If there are, you can read about them and install them through the same procedure for installing apps.

The Uninstall tab shows all of the packages that you’ve installed through Installer.app. Selecting one and tapping “Uninstall” will get rid of it.

The Sources tab shows where your list of packages is coming from. You can tap any of the sources to get more information about them, including contact information for the maintainer. You can get additional sources through packages in the Install tab.

Nonetheless, when the 2.0 firmware was released, and people started to port their 1.x toolchain applications to the 2.0 SDK, NullRiver came out with a new version of Installer and that version remains the de facto Installer solution for third-party application installation on jailbroken phones.

There were several major critiques of the NullRiver Installer application. First and foremost was that it was closed source and operated by a private company—thus, whenever it had trouble there was little recourse (of course Apple’s App Store is also closed source and proprietary, but they also happen to make the iPhone, so there’s some chance that they’ll be responsive to change requests). And one of the noted problems was the immature installer/uninstaller management provided in NullRiver’s Installer. Thus, Jay Freeman (known online as saurik) ported APT, the extremely well-supported open source package manager from Debian Linux. The project is here: www.telesphoreo.org. Cydia is a GUI front end for the Telesphoreo port of APT created by saurik.

To quote the author: “In order to provide some relief for these issues, I have decided to start a project called Telesphoreo with the goal of creating a distribution of GNU and BSD’s userspace for the iPhone as a collaborative, open source project. The name is an ancient Greek word meaning “to bring fruit to perfection or maturity,” which I feel is what needs to be done to Apple’s product: it’s passable as a phone, but as a portable workstation it is almost unmatched…with the right software.”

The Cydia application, shown in Figure 1-13, accesses these new, well-documented installation sources, and has become the alternative to Installer.app for application installation; many of the same applications are available from both Cydia and Installer.app (Figure 1-14).

Figure 1-13. Cydia

Figure 1-14. Cydia and Installer.app

Both Installer.app and Cydia share the concept of repositories, which are additional sources of programs. Apple’s App Store can be considered one large repository—there’s only the App Store, and only Apple can decide whether a program goes on the list. In contrast, Installer and Cydia allow you to add any sources you want. Some companies that provide a number of iPhone applications maintain their own sources. More often, developers submit their applications to another popular repository. If you develop your own iPhone applications, you may want to create your own source repository.

A repository is included by adding its URL, such as "http://installer.iclarified.com“, to the sources page, as shown in Figures Figure 1-15 and Figure 1-16.

Figure 1-15. Adding source repositories to Installer.app

Figure 1-16. Adding source repositories to Cydia

You can also install additional repositories by searching for them in the Sources category, which in turn will add them to the source list. For instance, to get a larger selection of applications to chose from, locate Community Sources in the Community section of the list and install it. With Community Sources installed, the list of applications becomes much longer, offering you more choices to customize your iPhone. Figure 1-17 shows the procedure.

Figure 1-17. Adding Community Sources

Two reasons Apple has carefully controlled the App Store—besides any financial, business, and brand protection reasons—are quality control and trust. By vetting applications and ensuring that they look good, work well, and have no viruses, spyware, or unrevealed side effects, Apple provides a meaningful service.

It’s important to note that by jailbreaking your phone and then running Installer or Cydia, you’re leaving the walled garden of the Apple App Store, and entering a large and potentially—but not usually—cruel world. However, people download and install applications all the time for Windows, Mac OS X, and Unix platforms, and intelligent users generally know how to detect bad software. So if an application—or app source—seems fishy, ask around before you install it on your phone.

You’re not on completely your own, as there is a lively community that may be able to help you. And the more you participate, the larger that community becomes Get Quality Support with iPhone Hacking.

As mentioned earlier, the ideal file-management software for both Mac and PC is DiskAid, available from www.digidna.net/diskaid. It’s free, and it can be used with or without jailbreaking. Once your file-management software has been installed, start it up while the iPhone is connected to your computer. Figure 1-18 shows the interface of DiskAid. Once the software is loaded, you’ll see the basic, “safe” media directory. The drop-down menu in the lower left will allow you to access the root directory, which has the guts of the device.

Figure 1-18. DiskAid

Try opening up each folder and taking a look around. However, be careful not to modify any of the files until you know what they are, as you could do unnecessary damage to your phone. Of the folders, the main ones to spend some time browsing through are Applications, System, and /var/mobile. Remember that your root directory, /, is the origin of the main folders.

An important lesson in iPhone file directory browsing is to understand folder path addresses. When you see the phrase /private/var/tmp, it will help you to know that this phrase actually means to look in your / (root) directory for the private folder. Once you find the private folder, open it to be greeted by another group of folders. Look down this list to find the var folder, and open it up to see even more folders. Look through this new list to find the tmp folder, and open it. You’ve now arrived at your destination, as in Figure 1-19. All the mysterious phrase /private/var/tmp was trying to say was to just look inside the tmp folder by following the path from /private, through var, and into tmp.

Figure 1-19. The /private/var/tmp folder

Also note that in Unix, there is a feature called “symbolic links,” which is similar to aliases on Mac OS X or shortcuts on Windows. On Unix filesystems you can refer to the folder by any of its symbolic links, so /private/var and /var are effectively synonymous. In DiskAid these are symbolized by the “curved arrow” icon for directories.

Here are some brief explanations for each of the main folders in the Home or (root) directory.

As you gain more experience navigating through your directory, you can begin using the other main ability offered by your browser software: modification of files and folders. DiskAid allows you to add, replace, or delete any file or folder in your directory. These abilities open your iPhone up to an all-new breed of customization options, from changing icons and backgrounds Skin Your iPhone and Change System Sounds to modifying the files that an application is based on.

Because your iPhone is probably with you far more than your personal computer, you will probably want to be able to access the filesystem on the go. There are a few utilities that make this easy as well.

You can find MobileFinder in Cydia. Once installed, you’ll see the icon for MobileFinder on your SpringBoard. Just tap it to start the application (Figure 1-20). Once the application starts, you’ll be greeted by a screen like that in Figure 1-21.

Figure 1-20. MobileFinder icon

Figure 1-21. Browsing the root file directory with MobileFinder

MobileFinder has started you at your root directory. To open a folder, just tap it. If you need to go back to the previous list of folders, just hit the Up button at the top left of the screen. MobileFinder displays the folder you’re currently in at the top of the screen to help prevent you from getting lost. These convenient features can be seen in Figure 1-22.

Figure 1-22. Pressing the Up button at the top left displays the previous directory; the current directory is shown at the top.

If you ever find yourself lost in a sea of folders, and wish to return to the root directory, just repeatedly press the Up button at the top left of the screen until you get back. Alternatively, you can press the folder icon with trailing dots at the top of the folder list, which serves the same function as the Up button.

To customize your MobileFinder experience, press the Settings button at the top of the screen. You’ll be able to change numerous attributes affecting the file directory and its appearance, as shown in Figures Figure 1-23 and Figure 1-24. When you are done with the Settings screen, press the Finder button to resume browsing.

Figure 1-23. The top half of the Settings screen

Figure 1-24. The bottom half of the Settings screen

The bottom five buttons on the MobileFinder screen help you with file operations: you can copy, move, and delete files with the three buttons on the left. The New button creates a new file, folder, or bookmark. The Info button provides any available information about a selected file. In addition to modifying files, MobileFinder can launch applications. Just tap an Application, and it will launch.

Although MobileFinder may not be as easy to use as DiskAid, it makes up for this by eliminating the need for a computer to do this type of work. For more information about MobileFinder, simply read the release notes for the app in Cydia. Note that there’s a version of MobileFinder on the App Store—but it lacks the features of the jailbroken version.

Did you know that most web browsers can also be used to browse your filesystem? For example, if you type File:///C:/ into Windows Explorer on a PC, you can browse your hard drive.

Unfortunately, this behavior is stripped out of Mobile Safari, but you can set up a web server on the device to solve the problem.

On a jailbroken device, install lighttpd Make Your iPhone or iPod touch a Web Server. Also, make sure that OpenSSH is installed (preferably with Cydia).

Once lighttpd is installed, you’ll need to create a configuration file before it will run. SSH to your phone Connect to Your iPhone with a Secure Shell (SSH) Terminal Program. Navigate to /etc and type nano lighttpd.conf, then press Enter. This step opens up a new file in the nano editor.

Enter the following lines:

dir-listing.activate = "enable"
server.document-root = "/"

The document root in the second line, inside the quotes, can be any directory you want. We’re using "/" or the root directory, so that everything on the phone can be viewed. There are plenty of other options that you can set for your web server as well. We’ll just add one more for security:

server.bind = "127.0.0.1"

This line makes sure that only the phone browser can view our files. You can also add your home network prefix to allow other computers on your network to see the files, or you can leave the line out altogether.

To start up your web server, type lighttpd -f /etc/lighttpd.conf and make sure that there are no error messages. Go to Safari, and navigate to localhost or 127.0.0.1 (Figure 1-25).

Now you can browse the files on your iPhone! This hack has the added benefit that any file that Mobile Safari can handle—such as audio/video files, PDFs, and so on—can be accessed and viewed.

Figure 1-25. Browsing your iPhone’s filesystem on your iPhone using Mobile Safari

There are thousands of files on your iPhone that might hold the key to the hack you wish to accomplish, so getting to know your filesystem is a good first step.

—Adam Stolarz, Christopher Kurpinski & David Jurick

The simplest solution for any phone, jailbroken or not, is to back it up with iTunes. The bacon-saving feature of iTunes allows you to protect all these files:

To back up your files, first start iTunes with your iPhone connected to your computer. From the Devices section, click on your iPhone so that it’s highlighted and its information is displayed in the main iTunes pane, as shown in Figure 1-26. Finally, click the sync button at the bottom right of the iTunes window. Your files will be backed up on your computer.

To verify that files have been backed up on your computer (or just to find the date on which it was last backed up), go to the iTunes Preferences menu. After the Preferences window appears, click on the Devices tab. You’ll see your iPhone’s preferences, as shown in Figure 1-27. On the Devices tab, locate your iPhone in the box that says “The following iPhones are backed up on this computer.” The date on the right is the last time it was backed up.

To set iTunes so that it will back up your iPhone every time you connect it to your computer, just check the box next to “Automatically sync when this iPhone is connected” in the Options section at the bottom of the iTunes window. Now, whenever you start iTunes with your iPhone connected to your computer, it will automatically sync and back up your files. (However, if your phone is jailbroken, make sure that you choose “No” when it offers you a firmware update.)

Backing up your important iPhone files on your computer will save you a great deal of frustration if you ever have to restore your iPhone Restore and Recover Your iPhone. With the simplicity of iTunes syncing function to back up your files, you’ll be up and running much more quickly with your global iPhone settings fundamentally intact.

Figure 1-26. The iTunes main iPhone screen

Figure 1-27. Device backups

On the Mac, these backups are actually stored in ~/Library/Application Support/MobileSync/Backup/ (where ~ is your home directory: /Users/you). Erica Sadun has created an extremely useful command-line program called mdhelper (available from http://ericasadun.com/ftp/Macintosh/mdhelper-universal.zip) that can be used to crack open these backups and get the goodies out of them. Sometimes, for a variety of reasons, iTunes doesn’t offer you to restore your iPhone to an earlier backup, or you want only part of the backup. With mdhelper, you can extract just the parts you need. To use it, run Applications→Utilities→Terminal and change to the directory where mdhelper resides. Run it using this command:

./mdhelper

and you’ll get these options:

Usage: mdhelper options
-h        Print this message and exit
-d        Show the backup directory
-l        List contents for each platform
-L        List the summary for each platform
-f        List all files and mdbackup names for each platform
-m        Extract all available manifests
-X phrase Extract all files where the device name starts with the match phrase
-C phrase Extract all files containing the phrase in the original filename
-M phrase Extract all mdbackups whose name contains the match phrase
-x files  Extract each mdbackup file listed by path

Here are some example usages. To extract databases for SMS (to be placed back in /var/mobile/Library/SMS/sms.db) and notes (/var/mobile/Library/Notes):

./mdhelper -C sms.db

The following commands extracts all the property lists, which contain bookmarks (/var/mobile/Library/Safari/Bookmarks.plist) and map bookmarks.

./mdhelper -C .plist

The following command extracts SQLite databases, which contain Address Book (/var/mobile/Library/AddressBook/AddressBook.sqlitedb) and Calendar (/var/mobile/Library/Calendar/Calendar.sqlitedb) data:

./mdhelper -C .sqlitedb

There are dozens of other settings; if you explore /var/mobile and /var/mobile/Library, you should be able to see what is what.

There are several core features—namely email, contacts, and calendars—that have been pushed into what is called “the cloud.” The cloud is a cute way of describing servers that are somewhere on the Internet. If you’re using Gmail or another IMAP-based email server, or Exchange, you’re already using the cloud. Thus, if you (gasp) had to get a new iPhone, your email would be intact—it’s not only on the iPhone—it’s also on a remote server.

Another feature with cloud data storage is the push feature. With push, changes made on the Web or on computers to calendars, contacts, and email are instantly pushed over the EDGE or 3G or Wi-Fi Internet connection to your iPhone. This feature ensures that there is a copy of all this data securely stored on Apple’s servers, as well as on your Phone, and probably on your computers that are syncing to MobileMe as well (Figure 1-28).

Figure 1-28. Apple’s MobileMe “cloud” syncing

Many of the iPhone applications that accessorize existing online services—eBay, Amazon, PayPal, WordPress, Jott—rely on accounts that you already have online. So saving data to the cloud is built into these applications, and all you need to do to get running on a new phone is reinstall the applications and reenter your login information.

Turn Command-Line Scripts into iPhone Apps and Create Periodic Tasks that Run in the Background show you how you can create scripts and applications to back up anything not covered here to the cloud.

Some files can be manually backed up with no jailbreaking funny business. For instance, the iPhone shows up in Windows and on the Mac as a digital camera, in addition to being a phone.

App Store applications

Even if you use App Store applications, you may not sync to iTunes that frequently. And if you’re concerned that iTunes isn’t backing up some really important data for you, or you want to make a backup on a different computer, then AppBackup (www.scott-wallace.net/iphone/appbackup) is for you. Ironically, AppBackup requires jailbreaking, even though its purpose is to back up App Store apps. Each App Store app has its own sandbox, a private file area where its data is stored. AppBackup can zip up these data files—on an app-by-app basis, or for all applications—and then store them in /var/mobile/Library/AppBackup/tarballs (Figure 1-29). You can find AppBackup on Cydia, under Utilities, in the “BigBoss” repository.

If you use MobileFinder Manipulate Your iPhone’s Filesystem, you can actually back up all the app data without using a computer. Navigate to the /var/mobile/Library/AppBackup/tarballs folder and click Send→E-Mail. Then send the file to yourself—you now have an online backup of that data. To restore it later, copy the file back into the same directory, run AppBackup, and restore.

Figure 1-29. Backing up an App Store file to email