In part 1 of ‘jailbreaking the iPhone for UNIX geeks’: I touched on the jailbreak process and then covered installing the BSD Subsystem, SUID Lib Fix for the 1.1.3 firmware and fixing a small problem with the google maps ‘locate me’ application. I hope you enjoyed reading it, and now let’s jump right into part 2, and show off what the the jailbroken iPhone can really do.

To take advantage of the BSD Subsystem, you need to be able to access the it (duh). This is where OpenSSH comes in to play. Tap on the Installer.app, tap the Install bread crumb, and scroll down to the System Category, locate OpenSSH and install it. Yeap, thats what you think it is, after you reboot your iPhone, you will have full SSH access to it from a terminal. I was a little stumped as to what account to use to login to the iPhone, but after a little googling, I found it: There are two accounts created by default on the iPhone, the root user and a user called mobile. By default the root password is either alpine or dottie.

The first time that you SSH to your iPhone, you might notice that it seems to be hung or not working; DO NOT PANIC .. it can take between 30-35 seconds to get the password prompt. The delay is due to the iPhone/OpenSSH generating the host key pairs for a new host, unless you get a time out or some other error, just wait, eventually the password prompt will appear.

Now that we have gained root access to the iPhone, take some time and look around, the file system layout is a little different: i.e. /etc is actually /private/etc and so on.

*** Fun Tip: ***
SSH as root to the iPhone, and at the # prompt, type the following: nvram boot-args=”-v” and hit enter. Nothing should be returned to the terminal if the command was accepted correctly.

This enables verbose booting, just like it does on the full blown OSX. You can impress your friends and relatives when you power cycle your iPhone. They will all freak out when all those “crazy words and stuff” start scrolling by. By crazy words, I mean, the boot loader/kernel loader will be displayed instead of the Apple logo.

Also just for kicks output of uname -a

1phone ~ # uname -a
Darwin konichiwa 9.0.0d1 Darwin Kernel Version 9.0.0d1: Wed Dec 12 00:16:00 PST 2007; root:xnu-933.0.0.211.obj~2/RELEASE_ARM_S5L8900XRB iPhone1,1 unknown

Let’s jump right into the /private/etc/sshd_config, ssh as root to the iphone and use your favorite editor, both vi and nano are installed by default. You will need to leave PermiRootLogin set to yes (I know, I know) .. but trust me due to a problem with su being currently broken you will need root login enabled. The only thing I really changed in sshd_config on the iPhone is to set UseLogin to yes. This will allow you to login via SSH as the mobile user. Now that sshd is configured, reboot your iPhone and then ssh back into as root, and let’s get a usable terminal on the loaded up. There is a mobileterminal.app install located in the Installer.app repository, but it’s a bit out of date, so skip it. The version of mobileterminal.app that I recommend may be downloaded from Google Code - here. I am using the Terminal-207 release. Download it to your local machine, uncompress it. Then from your iPhone SSH session, cd over to /Applications and do a ls just for fun .. hey look there are all the apps on your home screen. You will need to scp the mobileterminal.app that you just uncompressed and put it in /Applications on the iPhone. Most operating systems see .apps as a folder instead of a single application file, so in order to SCP it to your iPhone, use -r (recursive) option.

as root on the iPhone: scp -r user@yourhost:/path/to/(mobile)terminal.app /Applications

You should be prompted for your password and then the file copy will begin, once completed you will need to reboot your iPhone for terminal.app to show up on the home screen. When you launch the terminal from your iPhone, you will be automatically logged as the mobile user. Refer back to my earlier statement about su not working. To get around this, I found that ssh root@localhost works until su is fixed. Another downside of the Mobile Terminal is that it isn’t 80 columns wide, so editing config files from the iPhone, is not exactly pleasant.

Now that OpenSSH is configured and running .. this would be a good time to worry about the fact that you have a device that is open to the world and that has a well documented default root password. It might be a good idea to change the passwords for both root and mobile users, unless you want some brazilian script kiddie using your iPhone as a spam cannon. So how do you change system passwords, if you ABSOLUTELY CAN NOT USE passwd (and why)?

The passwd utility in the BSD Subsystem is known to cause an inifite SpringBoard crash, but thankfully there is a simple workaround until it is fixed.

The workaround is to use a simple one line perl script to generate the password DES hash and then edit the /private/etc/master.passwd manually.

To generate the DES password hash:
perl -e ‘print crypt(”newpasswd”, “XY”).”\n”‘

If you do not trust this method - or just want to double check your work:
Go to - http://iphone.simbunch.com/crypt.php - they offer a simple webform to automagically generate the master.passwd (with the new hashes) file in it’s entirety.

In the above example: newpasswd is the password you would like to set and XY are two random characters. The hash that should be generated from this example is: XYTsms4HxgYXY. Now you can set whatever password you want for the root and mobile user accounts.

the default master.passwd entries for the root/mobile users should look similar to this:

mobile:/smx7MYTQIi2M:501:501::0:0:Mobile User:/var/mobile:/bin/sh
root:/smx7MYTQIi2M:0:0::0:0:System Administrator:/var/root:/bin/sh

Once you have the DES hash generated, simply edit the master.passwd and paste the new hash in. Your passwords should be changed and springboard should still be happy.

*** Useful Tip: ***
DES only applies to the first 8 charcters of your password, so setting a password (for root/mobile users) on the iPhone longer then 8 characters is pointless.

Now that you have a local terminal installed on the iPhone, and you have configured OpenSSH and changed the default passwords for the root and mobile users everything should be coming together nicely. However, I myself do not like the default shell (/bin/sh) and decided I would change it to my preferred shell (/bin/zsh).

It’s really quiet easy, since you are now familiar with editing the /private/etc/master.passwd file.

as root, edit the master.passwd file and change /bin/sh at the end of the root and mobile user account entries. In my case I changed it to /bin/zsh.

Then I created a simple zshrc file, a big thanks goes to my friend turtle for this portion of the post. he hooked me up with the sexy zshrc prompt.

as root, i edited /private/etc/zshrc and added the following:

setopt print_exit_value
export PS1=”$(print ‘%{\e[1;30m%}%B%iphone%b%{\e[0m%}’) $(print ‘%{\e[1;34m%}%B%1~ # %{\e[0m%}’)%b”

You may like the default /bin/sh, or maybe you don’t like either and want to use bash, there are a few decent how-to’s around on setting up bash with history support on the iPhone.

For now, this concludes my two part look into jailbreaking the iPhone and what you, the UNIX geek can do with it. Hope you learned something and everything went well, and if it didn’t please don’t sue me.

This entry was posted on Saturday, February 23rd, 2008 at 4:17 pm and is filed under geek stuff, iphone, jailbreaking. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.