What's new
Apple iPad Forum 🍎

Welcome to the Apple iPad Forum, your one stop source for all things iPad. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

HOW TO - Use redsn0w 0.9.9x to its full potential

f4780y

Super Moderator
Staff member
Joined
Sep 11, 2010
Messages
7,113
Reaction score
652
Location
Troon, Scotland
Welcome to the iPadForums.net guide on using redsn0w 0.9.9x to its full potential!

Several months ago the iPhone Dev-Team released the 0.9.9 iteration of the redsn0w jailbreak tool. This release saw a significant changes in the interface, features, and functionality delivered by redsn0w. This guide will walk you through all of the new options made available to help you unlock the full potential of redsn0w!

What is redsn0w?
redsn0w is one the primary software tools for jailbreaking Apple devices. It was developed by the iPhone Dev-Team back in 2009, and has gone through many revisions over the years, adding support for different devices, exploits, and IOS versions. For more information on jailbreaking in general, see our thread here - http://www.ipadforums.net/ipad-hacking/2838-jailbreak-explained-new-updated-2011-a.html

In terms of iPad jailbreaking, redsn0w currently only supports the iPad1 as there are no public exploits for the iPad2 bootrom, which is a pre-requisite for jailbreaking tools which run from a PC, in order to gain privileged access to the device. A complete list of jailbreaking methods for the iPad can be found in our thread here - http://www.ipadforums.net/ipad-hacking/24377-jailbreaking-methods-ipad.html

You can download the latest beta version of redsn0w from this link - Dev-Team Blog. Always source redsn0w from this site to ensure its authenticity! ;)

1. Jailbreak - Jailbreak and Install Cydia
In order to jailbreak a device using redsn0w the only 2 pre-requisites are that 1) your device is supported by redsn0w, and 2) the version of IOS you have installed on your device is capable of being jailbroken by redns0w. You can easily check whether your device and IOS version are supported by checking our jailbreaking methods sticky, which we keep up to date for each new release - http://www.ipadforums.net/ipad-hacking/24377-jailbreaking-methods-ipad.html

Jailbreaking is as simple as starting the redsn0w tool, pressing the "Jailbreak" button, and following the instructions on screen.
RSFP_01.png

Since we have several tutorials on using redsn0w to jailbreak, I won't be covering the rest of the process in this guide. If you are completely new to redsn0w and want to see how it jailbreaks, follow our tutorial here - http://www.ipadforums.net/jailbreak...lbreak-ipad1-ios5-tethered-using-redsn0w.html

2. Select IPSW - Manually Specifying a firmware file for the jailbreak session
redsn0w now does a fantastic job of identifying what firmware you have installed on your device automagically by getting you to put the device into DFU mode before you start the jailbreak process and interrogating the device itself. Whilst this is really cool, it takes time, and experienced jailbreakers are likely to already know what version of IOS they are working with on their device and have it already downloaded onto their desktop somewhere. Also, if you a developer and working with beta versions of IOS, redsn0w CANNOT automatically retrieve some of the files it needs to work with from the Internet legally, therefore you must provide redsn0w with a copy of the firmware you are jailbreaking if it is a beta.

In order to specify an IPSW file for redsn0w to use for the remainder of its session (whilst you keep the application open), switch to the "Extras" menu…
RSFP_02_1.png

This is our primary interface for interacting with all the new features of redsn0w! Choose the "Select IPSW" option, which will open a finder or explorer window for you to select the firmware you are working with…
RSFP_02_2.png

redsn0w analyses the file to make sure it is recognised and supported by the tool, and displays a confirmation when done…
RSFP_02_3.png

In this case, we are now all set to go about jailbreaking an iPad1 on 5.0 firmware for the rest of this session!

3. Jailbreak Options - Choosing additional features for your jailbreak
Depending on the device you are jailbreaking, redsn0w will support various additional options, over and above simply jailbreaking the device. For example, it may be possible to activate multitasking gestures in a version of IOS in which they are not normally available. The easiest way to access the options before you actually jailbreak your device is to manually specify a IPSW file using the process outlined in section 2 above.

Once that is done, go back to the main redsn0w menu, and press "Jailbreak". redsn0w will process the manually specified firmware file…
RSFP_03_1.png

And once it has finished its processing, you will be presented with all the available options for the jailbreak associated with your device and the version of IOS you are trying to jailbreak.
RSFP_03_2.png

The "Install Cydia" option is the main jailbreaking operation. You MUST enable this option the first time you jailbreak the device, but you should NOT check the option again if you return to the device. It is perfectly acceptable to run the jailbreak option again to enable additional options, such as "Enable multitask gestures", but you should remember to uncheck the "Install Cydia" option. Do not run it more than once on a device.
Also please remember, not all options are available for all devices and firmwares. For example, it is possible to enable a verbose boot mode on some models of iPhone but not on the iPad. You will always be presented with the options which are relevant to your device and firmware.

4. Just Boot - Tethered booting for restricted jailbreaks
There are two types of jailbreaks in the world. Tethered and Untethered. Ideally, you always want to be running an untethered jailbreak, however these rely on having exploits in IOS which allow the device to reboot into a jailbroken state. As soon as Apple are made aware of such exploits they tend to patch them in IOS, thus rendering the exploits useless in later versions. As things stand it has not been possible to untether our devices since IOS 4.3.3 as the exploit, developed by i0n1c, was patched in 4.3.4.

So, if you are jailbreaking IOS5, it is likely that you are running a tethered jailbreak. This means you MUST use redsn0w EVERY TIME you reboot your device so that the jailbreak can be activated via a pwned boot process. Fortunately, redsn0w makes this quite simple by providing a "Just Boot" option in the "Extras" menu. Even better, the latest redsn0w automagically detects what device and IOS your are using and patches the kernel without you needing to provide the IPSW file, which was required under older versions.

So, all you need to do is go to "Extras", and "Just Boot", and follow the on-screen instructions… Simple!
RSFP_04_1.png


5. Recovery Fix - Fixing a DFU or recovery loop following a restore of an older firmware
When you are downgrading devices with 3G capabilities, such as iPhones and iPad1 3G models, you may end up in a recovery loop when the baseband component fails to install on your device. It is impossible to downgrade the baseband on a 3G device, even if you have saved SHSH Blobs for the version of IOS you are installing. The baseband install has nothing at all to do with these. Apple introduced countermeasures in IOS and iTunes so that if the baseband installation fails, then the whole IOS installation also fails, leaving the device in a recovery mode or DFU loop which cannot be exited under normal circumstances without restoring the latest version of iTunes.

Fortunately, if you find yourself in a recovery loop following an IOS downgrade or restore, redsn0w contains a nifty tool to fix this issue and return your device to its fully operational state!

Simply go to the "Extras" menu and select "Recovery Fix". Follow the instructions on screen and the rest of the process should be automatic, with redsn0w downloading the necessary patches for the kernel from the internet where necessary.

Note - You should use this tool in preference over older tools such as "FixRecovery" from ih8sn0w as the older tools were created before the latest countermeasures from Apple were developed and may not be effective in fixing your device.

6. SHSH blobs - redsn0w helps you manage your SHSH Blobs

COMING SOON - STAY TUNED!


7. Custom IPSW - Build your own firmware to preserve your baseband on the iPhone
Many iPhone owners rely on ultrasn0w as a software unlock solution for their iPhone so that they can use a SIM card other than the one which the phone is locked to. ultrasn0w relies on being able to exploit bugs in the iPhone baseband, just as the jailbreak exploits bugs in the operating system. Therefore, those that rely on the software unlock must be very careful NEVER to update the baseband of their phone, otherwise they lose their unlock (at least until such time as ultrasn0w is updated to work with the new baseband - and there has not been an update in a VERY long time!).

redsn0w provides the capability to create a custom firmware for iPhones which contains no baseband component, therefore preserving the baseband which is currently installed on the phone. This custom firmware can then be installed on the phone giving the owner the latest version of IOS whilst preserving their old baseband which can still be unlocked to their choice of carrier.

In order to create a custom firmware, choose "Custom IPSW" from the "Extras" menu and you will be presented with a finder / explorer window to select the firmware file you want to customise.
RSFP_02_4.png

redsn0w processes the firmware and removes the baseband from it. It will save the new custom firmware in the same folder as the original firmware with a prefix of "NO_BB_".
RSFP_07_1.png

In order to install this firmware, you must use Pwned DFU mode which is explained in the next section.

8. Pwned DFU - Force your device to accept a custom firmware through iTunes
redsn0w allows you to put the device into a special hacked DFU mode which will fool the device into installing the custom firmware created by using the features of the last section.

Simply select "Pwned DFU" from the "Extras" menu and follow the instructions on screen.
RSFP_08_1.png

Once complete, your device will be ready to accept the custom firmware...
RSFP_08_2.png

Simply fire up iTunes and shift-restore (Windows) or option-restore (OSX) and select the custom firmware file from your desktop. Remember, if you are using this to preserve your baseband, you MUST select a firmware which starts with the "NO_BB_" prefix!

That's it! I hope you enjoyed our guide to releasing the full potential of redsn0w!
 
Last edited:
OP
f4780y

f4780y

Super Moderator
Staff member
Joined
Sep 11, 2010
Messages
7,113
Reaction score
652
Location
Troon, Scotland
is there any way to change a locked stock baseband to an unlockable one?

No. redsn0w is a jailbreaking tool, not an unlocking tool. Also, unlocking an iPad is not normally a consideration as they are, in general, sold unlocked in the vast majority of cases.
 

hafatih_27

iPF Noob
Joined
May 14, 2011
Messages
14
Reaction score
0
Location
indonesia
thanks. i'll keep praying then for hackers to find the way to unlock iphone at any baseband...
 

Most reactions

Latest posts

Top