[TUT] How To Hack Any iDevice [TUT] - GSM-Forum

boy1995 · 02-23-2012, 19:28

In this tutorial, I will explain to you how to hack an iDevice with no password required.

Necessary Materials
IDA 6.2 Demo Version from Hex-rays
Jailbroken iDevice
iPhoneFolders
0xED for Mac or Hex Workshop for Windows
A computer
A brain (size does not matter

.)

Directions
1. Use iPhoneFolders to navigate into System/Library/CoreServices/SpringBoard.app
2. Find the binary of SpringBoard (No extensions).
3. Take the binary, download it to your computer.
4. Open up IDA and load SpringBoard from the location that you put it in.
5. Open the binary as ARM processor.
7. Wait for the entire binary to be disassembled.
8. By pressing alt+t on your keyboard, the search function will pop up. Now you will want to search for 'isPasswordProtected' without the quotes.
9. SBAwayController::isPasswordProtected should appear. At the mid-bottom-left hand side of IDA, you should see a number. For me, this is 37018 on iOS 4.3.3. However, THIS WILL BE DIFFERENT ON ALL SEPERATE FIRMWARES.
10. Open up HexWorkshop, and load the Springboard binary.
11. Navigate to the file offset found in step 9.
12. Change the 2-bit number (4 digits) here to 0020. (back up original binary before making any changes in case you mess up.)
13. Save the Hex Workshop binary.
14. Open up iPhoneFolder and navigate to SpringBoard.app again if you are not already there.
15. Replace your new, edited binary with the one currently there. Do not Replace All.
16. iPhone now does not require a valid password. You now have full access to it!

If you ever want to prank friends, or want to steal a corporate iPhone with sensitive data in it and retrieve the info, or just want a new iDevice for yourself, this tut should get the job done. :victoire:

For whatever your needs are, good luck and have fun with this useful hack! :blackhat:

Please vouch on the thread, this method took me 2 hours to do.

bazde21 · 02-23-2012, 23:14

Thank u
But if the phone is protected by password How i can use iphonefolders to navigate to springboard.app

boy1995 · 02-24-2012, 04:21

Quote:

Originally Posted by bazde21

Thank u
But if the phone is protected by password How i can use iphonefolders to navigate to springboard.app

Not Sure But If You Have Plug-in Your iPhone To iTunes Then Maybe You don't Need A Password Else I Don't know About that

free1600 · 05-21-2012, 20:18

Have you tested this .If device is protected how you will be able to access the system files ?
Firstly it's not your tuto is not for what you mention and you have no idea what you advanced here .

SALUM · 05-21-2012, 20:22

Quote:

Originally Posted by boy1995

Not Sure But If You Have Plug-in Your iPhone To iTunes Then Maybe You don't Need A Password Else I Don't know About that

No way to access if protected by password

celumaster. · 05-21-2012, 22:02

This post is useless because ih the device is password protected is not possible to access it.

Regards !!

roben..hood · 05-22-2012, 00:35

yes ... useless .. any how thanks for ur effort..

GSMan · 05-22-2012, 01:00

If it's jailbroken you have allright access to file system
Thanks for infos
GabiRo

Rosa12 · 05-22-2012, 07:08

Quote:

Originally Posted by GSMan

If it's jailbroken you have allright access to file system
Thanks for infos
GabiRo

Thanks for your post.[IMG]http://www.****************.com[/IMG]

polina1930 · 05-22-2012, 12:43

hi
after do this , my iphone stay in apple logo . phone is up but show apple logo .

Gecko_UK · 05-22-2012, 13:55

Quote:

hi
after do this , my iphone stay in apple logo . phone is up but show apple logo .

if you have edited correctly, check permissions and do a 'just boot' with redsn0w..otherwise copy original (non edited) springboard binary back

02-23-2012, 19:28	#1 (permalink)
boy1995 Junior Member Join Date: Jun 2011 Location: Tell you Later Age: 31 Posts: 29 Member: 1607560 Status: Offline Thanks Meter: 4,294,967,295	[TUT] How To Hack Any iDevice [TUT] In this tutorial, I will explain to you how to hack an iDevice with no password required. Necessary Materials IDA 6.2 Demo Version from Hex-rays Jailbroken iDevice iPhoneFolders 0xED for Mac or Hex Workshop for Windows A computer A brain (size does not matter .) Directions 1. Use iPhoneFolders to navigate into System/Library/CoreServices/SpringBoard.app 2. Find the binary of SpringBoard (No extensions). 3. Take the binary, download it to your computer. 4. Open up IDA and load SpringBoard from the location that you put it in. 5. Open the binary as ARM processor. 7. Wait for the entire binary to be disassembled. 8. By pressing alt+t on your keyboard, the search function will pop up. Now you will want to search for 'isPasswordProtected' without the quotes. 9. SBAwayController::isPasswordProtected should appear. At the mid-bottom-left hand side of IDA, you should see a number. For me, this is 37018 on iOS 4.3.3. However, THIS WILL BE DIFFERENT ON ALL SEPERATE FIRMWARES. 10. Open up HexWorkshop, and load the Springboard binary. 11. Navigate to the file offset found in step 9. 12. Change the 2-bit number (4 digits) here to 0020. (back up original binary before making any changes in case you mess up.) 13. Save the Hex Workshop binary. 14. Open up iPhoneFolder and navigate to SpringBoard.app again if you are not already there. 15. Replace your new, edited binary with the one currently there. Do not Replace All. 16. iPhone now does not require a valid password. You now have full access to it! If you ever want to prank friends, or want to steal a corporate iPhone with sensitive data in it and retrieve the info, or just want a new iDevice for yourself, this tut should get the job done. :victoire: For whatever your needs are, good luck and have fun with this useful hack! :blackhat: Please vouch on the thread, this method took me 2 hours to do.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
news headlines to gsm phone	mos	Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L )	7	05-22-2016 11:42
How can I do a Welcome note for my 6110 a dosn't have any one ?	Viper	Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L )	8	06-27-2015 11:57
How to add a language in 51xx/61xx	tati	Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L )	8	05-21-2013 19:20
How to upload a new firmware...	Brand	Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L )	8	06-08-2012 18:29
Copy from one 6110 to another	Leif Nielsen	Nokia Legacy Phones ( DCT-1 ,2 ,3 ,L )	1	06-10-1999 22:36

02-23-2012, 23:14	#2 (permalink)
bazde21 Freak Poster Join Date: Jan 2006 Location: algerie Posts: 187 Member: 222092 Status: Offline Sonork: 1605557 Thanks Meter: 44	Thank u But if the phone is protected by password How i can use iphonefolders to navigate to springboard.app

05-21-2012, 20:18	#4 (permalink)
free1600 No Life Poster Join Date: Mar 2007 Location: /Fr/Ch\Ro\ Age: 39 Posts: 1,334 Member: 467911 Status: Offline Thanks Meter: 351	Have you tested this .If device is protected how you will be able to access the system files ? Firstly it's not your tuto is not for what you mention and you have no idea what you advanced here .

05-21-2012, 22:02	#6 (permalink)
celumaster. No Life Poster Join Date: Jan 2011 Location: Honduras Posts: 698 Member: 1488173 Status: Offline Thanks Meter: 194	This post is useless because ih the device is password protected is not possible to access it. Regards !!

05-22-2012, 00:35	#7 (permalink)
roben..hood Junior Member Join Date: May 2012 Posts: 21 Member: 1762160 Status: Offline Thanks Meter: 1	yes ... useless .. any how thanks for ur effort..

05-22-2012, 01:00	#8 (permalink)
GSMan Freak Poster Join Date: Jul 2000 Location: GabiRo Posts: 272 Member: 1675 Status: Offline Thanks Meter: 44	If it's jailbroken you have allright access to file system Thanks for infos GabiRo

05-22-2012, 12:43	#10 (permalink)
polina1930 Junior Member Join Date: Oct 2005 Location: iran Posts: 26 Member: 190361 Status: Offline Thanks Meter: 15	hi after do this , my iphone stay in apple logo . phone is up but show apple logo .