A couple of days ago PJ Cabrera published a document through IBM DeveloperWorks on how to use Eclipse CDT to develop iPhone applications under Windows or Linux. The instructions included jailbreaking the iPhone and installing software through Cydia to be able to transfer applications over to the phone. It also required the user to decrypt parts of the iPhone firmware to compile the toolchain. Apparently it did not take long for IBM to realize what they had allow to be published, so at the time of this posting the link to the document as well as the PDF have been removed by them.
However, those who were able to get a copy of the document before it was pulled might have noticed that the instructions did not work as printed under Windows. It took me a while to figure out what needed to be changed, especially since the document was written for the original 2.0 firmware, so I thought it might help somebody else to get some hints on how to get it working with the current 2.1 firmware. The following updates to the instructions only apply to Windows, I have not tested the instructions under Linux yet:
- When installing CygWin, for autoconf pick autoconf2.1. For gcc, pick gcc-core and gcc-g++, which will automatically select gcc-mingw-core and gcc-mingw-g++.
- In addition to the CygWin packages listed in the instructions, you will also need to select openssl-devel from the Devel category, otherwise you won't be able to compile vfdecrypt.
- Download the iPhone firmware that matches the firmware currently installed on your iPhone. The instructions assume that you have 2.0, but since then newer versions have come out. Currently 2.1 is the latest version, and the firmware to download in that case is called iPhone1,1_2.1_5F136_Restore.ipsw.
- That also applies to the version of the operating system image, which for the 2.1 firmware is called 018-3946-43.dmg.
- The instructions for vfdecrypt are incorrect. The command line parameters in Windows have to be like this (using the operating system image for the 2.1 firmware):
vfdecrpyt 018-3946-43.dmg decrypted.dmg
- This also means that you cannot actually pass in the decryption key into vfdecrpyt, it has to be compiled into the executable. To make vfdecrpyt work you have to edit vfdecrypt.c in the iphone-2.0-toolchain\src directory and find the line in the code that says
--------INSERT KEY HERE--------------
- Undernath you will find two lines
convert_hex("--------------------------------", aes_key, 16);
convert_hex("---------------------------------------", hmacsha1_key, 20);
- The first 16 bytes of the key go into the first line, the remaining 20 bytes of the key go into the second line. Replace the dashes with the key parts and then compile vfdecrpypt.
- You need to use the key that matches your iPhone firmware. The key printed in the instructions only works for firmware 2.0. Because of the possible legal implications I am not going to publish the key for firmware 2.1 or link directly to a website that publishes it, but it should be okay to point out that keys for all firmwares (including the latest beta firmwares) can be found on the iPhone Wiki website.
That's as far as I got in the instructions so far. I will update this post as necessary to get all the way through it!