免 JB iOS 7 取 Root 方法教學

時間 :08:17 取得文章短網址

文章分類 : Apple, Apps

如果你已經更新了 iOS 7 beta,那麼越獄將與你無緣。即使是在正式版已經發佈的情況下,要等待越獄來臨也需要一段時間。如果你有一部 iPhone 4,情況或許將有些改變。外站 AppAdvice 剛剛公佈了這款設備獲取完全的 root 讀寫權限的詳細步驟。

jailbreak6-ios7

如果你已經更新了 iOS 7 beta,那麼越獄將與你無緣。即使是在正式版已經發佈的情況下,要等待越獄來臨也需要一段時間。威鋒網 6 月 23 日消息,如果你有一部 iPhone 4,情況或許將有些改變。外站 AppAdvice 剛剛公佈了這款設備獲取完全的 root 讀寫權限的詳細步驟。

要做到這一點,首先你需要以下工具:

– MSFTGuy 的 SSH RAMDisk(Windows 或 Mac 皆可運行)
– CyberDuck 或 WinSCP
– 二進制 plist 編輯器 (OS X 上推薦 TextWrangler)
– TinyUmbrella(小雨傘)
– iFunBox

在觀看文字步驟之前,可以先看看下方的全過程視頻演示:

第一步

通過論壇中的附件下載 SSH RAMDisk(下載鏈接),注意這是個 JAR 文件(如果遇到報錯,請安裝 32 位 Java 6 update 35,而非 Java 7。64 位 PC 則需要 64 位 Java 7)。如果讓 iPhone 4 進入 DFU 模式,具體步驟如下:

jailbreak1-ios7

1、將手機與電腦連接
2、關閉手機
3、按住電源鍵 3 秒
4、繼續按住電源鍵不松開,同時按住 Home 鍵 10 秒
5、鬆開電源鍵,繼續按住 Home 鍵
6、一直按住 Home 鍵,直到 iTunes 提示說進入恢復模式

jailbreak2-ios7

 

第二步

打開 CyberDuck 或 WinSCP,連接 localhost,端口 2022,用家名為 root,密碼為 alpine。

第三步

在 SSH 連接的狀態下打開一個終端窗口,大部分 SSH 客戶端都有一個專門的按鈕打開終端。如果你並不是那麼確定,可以回頭看看視頻演示,或者查看 SSH 客戶端的說明。窗口打開之後,在終端中輸入「mount.sh」指令,按下回車。如果一切順利你將看到如下內容:

Mounting /dev/disk0s1s1 on /mnt1
Mounting /dev/disk0s1s2 on /mnt2

然後關閉終端窗口。

第四步

在 SSH 客戶端中,進入 /mnt1/etc 文件夾,找到「fstab」文件,將它複製一份到桌面上,然後把原文件名改為「fstab.old」。

jailbreak5-ios7

第五步

使用 notepad 打開桌面上的 fstab 文件,將第一行的「/dev/disk0s1s1 / hfs ro 0 1」更改為「/dev/disk0s1s1 / hfs rw 0 1」。之後保存,退出,並將該文件拷回原文件夾中。記得將它的權限設置為 0644。

 

第六步

進入 /mnt1/System/Library/Lockdown 文件夾中,找到「Services.plist」文件,將它複製一份到桌面上,然後把原文件名改為「Services.plist.old」。

第七步

使用你喜歡的二進制 plist 編輯器打開桌面上的 Services.plist 文件,在「com.apple.afc」段落的下方添加如下文字

<key>com.apple.afc2</key>
<dict>
<key>AllowUnactivatedService</key>
<true/>
<key>Label</key>
<string>com.apple.afc2</string>
<key>ProgramArguments</key>
<array>
<string>/usr/libexec/afcd</string>
<string>–lockdown</string>
<string>-d</string>
<string>/</string>
</array>
</dict>

正確的添加方法如上圖所示,然後保存該文件,將其拷回設備原文件夾中。記得將它的權限設置為 0644。

jailbreak3-ios7

 

第八步

在 SSH 客戶端中打開一個新的終端窗口,輸入「Halt」指令,按回車。設備將關機,並以恢復模式重啟。注意:你可能需要手動開機。

jailbreak7-ios7

第九步

啟動 TinyUmbrella,在左側的列表中選擇你的設備,然後點擊「Exit Recovery」,你的設備應該會重啟,然後進入 iOS 7 中。

jailbreak4-ios7

Source : appadvice

If you’re running iOS 7 beta, you’ve given up the right to a jailbreak if you don’t have any other eligable iOS devices. Unfortunately, there’s no jailbreak for iOS 7 beta, and even after its official release, it may be a while before we see one.

The good news is, if you happened to have an iPhone 4, there’s now a way to gain full r/w root access with iOS 7 beta installed. While this isn’t a jailbreak, it’s the next best thing to be able to explore all of the root files on your device and make changes as you see fit.

I’m not a developer or a hacker, but I’ll explain this process in a way that should be easy to understand. We’ve been provided instructions (original source via NmUn on iFans) on how to enable acf2 on an iPhone 4 running iOS 7 beta 1, and we’re sharing it with you today. Remember, this requires that you have an iPhone 4. Unfortunately, this method will not work on any A5+ devices. If you meet that requirement, and you’re running iOS 7 beta, continue on with this tutorial. This process will work on OS X or Windows and has been tested with iOS 7 beta 1.

You’ll need the following applications to get started:

We’ve put together a detailed video tutorial of this method in action. As shown in the video and explained below, this method will give you full read and write access to the iPhone’s root file system.

If you can’t see the above video, please click this link.

Below you’ll find written steps for this process:

Step 1: Download MSFTGuy’s SSH RAMDisk tool here and follow the instructions. You’ll need to put the iPhone 4 into DFU mode. Watch the video above for clarification or click here for instructions.

MSFTGuy’s SSH RAMDisk tool.
As our source notes:

If the RAMDisk tool has the init mux error, you need Java 6 update 35 for 32bit. So look it up and install it. You’ll also need to remove Java 7 for 32bit for it to use Java 6. If you’re on a 64bit PC just install Java 7 64bit and uninstall the Java 7 32bit.

RAMDisk tool successful.
Step 2: Launch CyberDuck or WinSCP and connect to localhost on port 2022 with the username “root” and the password “alpine.” (Both entered without the quotation marks.)

Step 3: Open a terminal window using the SSH connection. Most SSH clients will have a dedicated button for this. If you’re unsure of the process check the video or read through the help section for your SSH client. Within Terminal type in the command “mount.sh” and press enter.

If this is successful you should see the following:

Mounting /dev/disk0s1s1 on /mnt1
Mounting /dev/disk0s1s2 on /mnt2

Now you can close the terminal window.

Step 4: Within the SSH client, navigate to /mnt1/etc and look for a file named “fstab” in that folder. Make a copy of fstab on your desktop and change the name of the file on the device to “fstab.old” without the quotation marks.

Step 5: Open the fstab file on your desktop using TextEdit or NotePad depending on your operating system. Within this file, you’re going to need to change something in the first line. Change “/dev/disk0s1s1 / hfs ro 0 1″ to read “/dev/disk0s1s1 / hfs rw 0 1″ omitting the quotation marks. Once you’re finished, save the file and copy it back to the device. Make sure you set its permissions to 0644.

Step 6: Navigate to /mnt1/System/Library/Lockdown and copy the “Services.plist” file to your desktop. Next, change the name of the file on the device to “Services.plist.old” without the quotation marks.

Step 7: Open the Services.plist in your preferred binary plist editor and add the following (plain text via Pastie.org found here) entries below the “com.apple.afc” section:

<key>com.apple.afc2</key>
<dict>
<key>AllowUnactivatedService</key>
<true/>
<key>Label</key>
<string>com.apple.afc2</string>
<key>ProgramArguments</key>
<array>
<string>/usr/libexec/afcd</string>
<string>–lockdown</string>
<string>-d</string>
<string>/</string>
</array>
</dict>

Next, save the plist file and copy it back to your device. Make sure that you set its permissions to 0644.

When you’re done with step 7, it should look like this.

Step 8: Launch a new terminal window through the SSH client and type “halt” (without the quotation marks) and press enter. The device will turn off and start back up in Recovery Mode. Note: You may need to manually turn on the device.

Use TinyUmbrella to exit Recovery Mode.

Step 9: Launch TinyUmbrella, select your device from the list on the left side of the application, and click on “Exit Recovery.” Your device should restart and boot into iOS 7.

Full root access in iOS 7.

Launch iFunBox and check the status of your device on the left side. If you don’t see “Jailed” next to your device name and iOS version, the process is complete. You’ll know have full r/w access to root files on your iPhone 4. Keep in mind, you can really mess up a device by playing around with files in the root directory. If something goes wrong, you always have the option to restore the device with iTunes.

你可能會對以下文章有興趣:

Leave a Reply

Your email address will not be published.