Before we start, there are a few things that you need to be aware of. First, you need to understand that performing this hack will void your warranty on any Apple products where you are successful in a hack attempt. Second, you need to understand that the hack software used here will install a program called OpenSSH, which gives backdoor access to the device. You also need to understand that unless you change the default password installed by this hack, your device is completely open to other hack attempts by anyone in the world who understands the shell command system. This leaves open access to any and ALL information placed on or used by the device or you. For example, your contacts, access to your email accounts, access to your itunes account, access to your music, videos, pictures, and basically anything on the device. Just use your imagination.

The goal of this guide is to instruct even the most un-computer savvy individual on how to properly and correctly hack your Apple mobile PC device. If you are not the owner or are not prepared to completely follow this guide then STOP here and come back when you have one of your own, or when you are ready to commit to this software modification.

Now, lets begin!

First things first. Connect your device to iTunes and sync it. Also you will want to make sure that you have upgraded your device to the 1.1.4 firmware. Once you have done this then we should be ready to venture to the next step.

Next Install and run ZiPhone. Zibri is quite knowledgeable on Apple's mobile PC devices. If you have the time, I recommend his blog.   Once you have ZiPhone running, click jailbreak. You can run through the entire unlock process, but if your already using your iPhone and its activated, then there is no need to run through the entire process. All you need to hack the phone is just jailbreak.

Once you have run the Jailbreak, you will notice two icons that are placed on your springboard. One is Installer.app and the other is a hotlink to Zibri's blog. Now the first thing you will want to do is obviously connect your device to a wifi network. In case you didn't know, go to settings and then select a wifi network to join. You may also want to look under General and for the time being, set the screen auto-lock option to never. Once you have gotten on a wifi network, open the installer.app. You will be prompted to donate. I recommend a modest donation, but if you are tight on cash, then just click later. The installer will "refresh its sources". This process may take up to 5 minutes. In most cases it will only take 40 seconds. Once the Installer.app has finished the refresh, you will be prompted that there is an update available. Go ahead and update the Installer. When it finishes, it will reboot the Installer.app program and you will want to restart the app and then tap on the Sources link at the bottom right of the screen. Once the sources list comes up, in the upper left corner there is a refresh button. Refresh the sources list at least 2 times before you attempt to install anything. Currently any sources from "Conceited Software" do not work. Their portal is down.

Now with Installer.app updated, and a current sources list, install the following applications.

• Term-vt100 (under the "System" folder)
• BSD Subsystem 2.0 Term patch (under the "Tweaks 1.1.4" folder)
• Services (under the Utilities folder)

Once you have those pieces of software installed onto the device, perform a power cycle. IE, power it off, count to 15 and turn it back on.

Now we get to the fun parts. First thing we want to do is ssh into our device. In order to do that we need to know what our device's IP address is. So in order to retrieve that info we will want to open terminal on the Apple device. Once term is running, type "ifconfig" (please omit the quotation marks). You will see some text that will display as a response. You will see 2 "inet" numbers that will appear. The first inet number will be 127.0.0.1. This is localhost or the device itself. The second inet number will be a 192.168.#.# number. This number is the IP address assigned to the device by the wireless router or gateway. You will probably see a number, something like 192.168.1.100 or 192.168.0.100. This number is what we need to remote into our device. Below is a term ifconfig output example. (the outputs will NOT be the same.)

Now you will want to open the program called "Putty", or if you have a Mac, just open term. With putty open you will see some fields. The first field is the address field. Type in the device address in the address field and click "connect". You will be prompted to accept a key, of course type "yes", then you will see "login as:" popup on the screen after a few seconds. You want to login as "root". Next you will see Putty ask you for a password. The password you will want to use is "alpine". When you have successfully logged into your device, you will see a "#" appear on an empty line. Leave this window session open, we'll come back to this in a minute.

Now we want to open FileZilla or your favorite FTP client. With FileZilla open, at the top there are 5 fields. The first field is the address field. Type in the Apple device's IP address here. The next field is the username field. Type in "root" in the username field. The next field is the password field. Type in "alpine" in the password field. The next field is the port field. Type "22" in the port field. Then click "connect".
Inside FileZilla there are 2 or 4 divisions. The left side of the program is the computer that you are using. The Right side of the program is the remote computer system. In this case the right side of the program is the device we are currently hacking. You will be brought to the /private/var/root/ folder of the device once you have successfully connected to it. On the left side, you will want to navigate to some place on you computer that you can find again, like your desktop.

On the upper right side of FileZilla you will see "/private/var/root/". Change this address to "/private/etc/". You will see a file called "master.passwd" in the file listing here. Download that file out of your device and onto your computer. Now we need to open Crimson Editor. Open the "master.passwd" file with Crimson. If you don't want to use crimson, notepad will work fine, you can also use notepad++ or Textmate. Just DO NOT USE MICROSOFT WORD!.
When you open the master.passwd file this is the code snippet you will see.

On line 10, "root:/smx7MYTQIi2M:0:0::0:0:System Administrator:/var/root:/bin/sh"
everything between "root:" and ":0:0::0:0:System Administrator" is the hash code for your current password which is alpine. We need to change this.
On your linux machine run this line of code at the terminal.

Replace myNewPasswd with the password you want. I highly recommend at least a 10 digit password with at least 2 numbers and 1 symbol. Be real sure you know what this password is and that you didn't mistype it, because when you upload this file, you will have to reload the device to undo this change.
You will get a hash output with the given salt. Copy the output and paste it over the old hash on the root line. Save the file. Now go back to Filezilla. Hit "F5" to refresh the window and upload the new file to your device. If you don't have any way to access a linux terminal or you are just lazy and you want a quick fix, I am providing you with 2 other options.

You can copy and paste this code snippet into your master.passwd file.

Or you can just download this copy of the master.passwd file that I have prepared for you to use. Do not fear. The password that I used to create this hash is very complex and is quite safe. You will want to use this option if you just want to hack your Apple device and do not care to use ssh with it. Because I haven't specified what the password is that I used to create this hash output, you wont be able to log into your device via ssh. Also I need to explain to you that this also is not much safer then having the default password. Because the hash used here is quite popular when "hacked iphone" is searched in google, anyone with some know how can reverse this hash I have provided and find the password. This is why I highly recommend you creating your own hash.

Once you have edited and uploaded your new master.passwd file, go back to your putty session you left open. You should still be logged into the device. Type "reboot" and hit enter. When you do this, the iphone or itouch will immediately power-down and start the reboot cycle. You will also be instantly disconnected from the device in putty. You can just close the program, it's no longer needed. You can also close Filezilla, it is also no longer needed.

Oh Snap!