PwnBoot
An Open-Source Work-In-Progress iOS 6 Jailbreak Using a Custom Ramdisk
What this Tool Can Do
This tool allows you to Verbose Boot a SSH Ramdisk, and hence get full RootFS access on your device. From here you can modify the RootFS in any way you please.
How To Use
- Set up a Window 7 Virtual Machine (this is a requirement)
- Download the latest release of PwnBoot (www.pwnboot.tk) to your Windows 7 VM
- Connect your iPhone2,1 to your VM in DFU mode
- Run
PwnBootCLIto see a list of uses of PwnBoot
Common Uses
- Booting a Custom SSH Ramdisk on your iPhone2,1 (
PwnBootCLI iPhone2,1 -b) - VERBOSE BOOTING a Custom SSH Ramdisk on your iPhone2,1 (
PwnBootCLI iPhone2,1 -vb) - Forwarding the resulting SSH connection over USB (
PwnBootCLI iPhone2,1 -j) (This must be run AFTER booting the SSH Ramdisk using one of the above commands)
How to Boot a Custom SSH Ramdisk and get full filesystem access on your iPhone2,1
PwnBootCLI iPhone2,1 -vbPwnBootCLI iPhone2,1 -jC:/PwnBoot/itunnel_mux --lport 2022- SSH into the device in a new CMD window (root@127.0.0.1 over port 2022 with password
alpine). Don't close itunnel_mux window until you're done. - Over SSH run
mount.shand you will now be able to access the full root filesystem of your device
Future Plans for this tool
- Support FULLY JAILBREAKING YOUR DEVICE (Cydia, etc.) (Just requires more kernel patches by me)
- Support more devices (iPhone 4 tethered, iPhone 3G untethered, etc.)
- Add custom bootlogos
- Utilize the
launchd.confuntether bug for some cool stuff :)