To prevent being spammed and nagged by application updates that you do not want:
alpine
.cd /var/mobile/Applications && find . -name Cool*
where Cool
would be the first few letters of the application (the search is case-sensitive). Then, change to the application directory and move the iTunesMetadata.plist
out of the way. As an example:
cd /var/mobile/Applications/08392C1B-656F-46E1-9F7F-C685F9D001C0/ mv iTunesMetadata.plist iTunesMetadata.plist.null
Done. You will not receive any more updates from AppStore for that application. To start receiving update notifications, move the file back:
cd /var/mobile/Applications/08392C1B-656F-46E1-9F7F-C685F9D001C0/ mv iTunesMetadata.plist.null iTunesMetadata.plist
Confirmed working perfectly with iOS 4.2.1 but does not work with iOS 5.1.1. For the latest firmware versions, feel free to use a Cydia application that acheives the same effect.
If Apple trapped you on an iPad1, so that upgrading to their newest operating system 5.x makes you run out of RAM and you are also aware that you will be unable to update to iOS6, then you may want to consider turning off multitasking on iOS4 in order to speed it up to something useful. This will also get rid of crashes when switching applications on iOS 4.2.1.
Even if you leave the multitasking turned on, your applications are not running concurrently (perhaps for a few seconds before the scheduler considers them stale) and that is probably one of the reasons why applications such as Backgrounder were created in order to add multitasking. From that point of view, except the quick-switch on the bottom bar, which you could replace if you gather your applications tidily in folders, there is no reason for having the redundant switchboard. All applications that are meant to notify you of events are sending you push notifications regardless whether they are "on" or "suspended".
Multitasking in iOS is not really what you would expect. If you look at your switchboard (the one under the dock which you bring up by double pressing the home button, or with gestures in iO4.3), those applications are NOT really running. Apple introduced something called "Nitro" in iOS versions starting iOS4 (3?) which is really a loading time optimizer. When you press the home button (or use gestures) to "background" an application, the operating system set the application in a suspended state. If you ever owned a laptop, you may remember the "suspend" and "hibernate" features that set your laptop to sleep. Apple has implemented the same thing at the level of applications - for example, let us say that you could suspend a game. The game will not be running actively, but all the memory will be cached to a state-file so that when you resume the game it will start-up immediately. The same idea can be observed on Virtual Machines as snapshots.
In practice however, Nitro does not offer performance, contrary to the misleading name - it just decreases the loading time when you have started an application, switched to a different one and then you switch back to the previous application. In fact, given low memory, Nitro chokes the memory to bits by caching state in RAM - something that you can (and should) avoid altogether.
cd
to /System/Library/CoreServices/SpringBoard.app
and locate your device-specific file using:find . -regextype egrep -regex './[A-Z1-9]+\.plist'
it should show you a file that would look like:
./K59CP.plist
but with different letters. Open that file using nano
, by typing:
nano /System/Library/CoreServices/SpringBoard.app/K59CP.plist
and change the lines:
<key>multitasking</key> <true/>
to
<key>multitasking</key> <false/>
in order to disable multitasking. After that, restart your device and your switchboard will be gone.
You can access your iDevice using the OSX ScreenSharing client by:
Other settings are possible as well. The most important point is to set a password for Veency in order to be able to connect.
All camera photos are available at:
/private/var/mobile/Media/DCIM/100APPLE/
If you have Samba installed from Cydia, you can create a share that points directly to that folder. However they will not show up immediately in the Photos applications. You will need to wipe the cache using:
rm -rf /private/var/mobile/Media/PhotoData/{Photos.sqlite,PhotosAux.sqlite,MISC,Caches,Thumbnails}
after which Photos.app should reload all the photos stored in the camera roll.
Suppose we have the following start of a plist xml file called preferences.plist
:
<dict> <key>CurrentSet</key> <string>/Sets/045489D0-E273-11E1-9D1F-63E47A24B5DC</string> <key>NetworkServices</key> <dict> <key>0D1E9088-E273-11E1-91DB-7BC308E606D8</key> <dict> <key>DNS</key> <dict/> <key>IPSec</key> <dict> <key>AuthenticationMethod</key> <string>SharedSecret</string>
And we want to obtain the AuthenticationMethod
value:
plutil -key NetworkServices -key 0D1E9088-E273-11E1-91DB-7BC308E606D8 -key IPSec -key AuthenticationMethod preferences.plist
Output:
SharedSecret
We can also set the key value by adding the -value
keyword:
plutil -key NetworkServices -key 0D1E9088-E273-11E1-91DB-7BC308E606D8 -key IPSec -key AuthenticationMethod -value NoMethod preferences.plist
Status bar icons are composed of two images, a small and a large image. The @2x
must be appended to the file name indicating a larger icon:
Icon.png
:
PNG image, 14 x 20, 8-bit/color RGBA, non-interlaced
Icon@2x.png
:
PNG image, 27 x 40, 8-bit/color RGBA, non-interlaced
The usual way to install Samba on iOS is to get both the Samba Core
and the Samba
package. The latter offers a way to switch samba
on and off but this can be done using launchd
's inetd
features. The advantage is that the smbd
and nmbd
processes will not be loaded permanently into memory but rather on-demand whenever the TCP
139
respectively UDP 137
port is hit. For that, we create two plist
files in /Library/LaunchDaemons
for smbd
and nmbd
.
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>org.samba.smbd</string> <key>Program</key> <string>/usr/sbin/smbd</string> <key>Sockets</key> <dict> <key>Listeners</key> <dict> <key>SockProtocol</key> <string>TCP</string> <key>SockFamily</key> <string>IPv4</string> <key>SockType</key> <string>stream</string> <key>SockServiceName</key> <string>netbios-ssn</string> </dict> </dict> <key>inetdCompatibility</key> <dict> <key>Wait</key> <false/> </dict> </dict> </plist>
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>org.samba.nmbd</string> <key>Program</key> <string>/usr/sbin/nmbd</string> <key>Sockets</key> <dict> <key>Listeners</key> <dict> <key>SockProtocol</key> <string>UDP</string> <key>SockFamily</key> <string>IPv4</string> <key>SockType</key> <string>dgram</string> <key>SockServiceName</key> <string>netbios-ns</string> </dict> </dict> <key>inetdCompatibility</key> <dict> <key>Wait</key> <true/> </dict> </dict> </plist>
Services such as ssh
, http
, smb
can be registered so that they appear in local network browse lists. In order to do that the dns-sd
command can be used to register services.
For example, if we want to register samba so that the device shows up in the local browse lists, we add a plist
at /System/Library/LaunchDaemons/org.grimore.smb.dns-sd.plist
with the following contents:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>org.grimore.smb.dns-sd</string> <key>ProgramArguments</key> <array> <string>/usr/bin/dns-sd</string> <string>-R</string> <string></string> <string>_smb._tcp</string> <string>local.</string> <string>139</string> </array> <key>OnDemand</key> <false/> </dict> </plist>
Error 9 is a code-signing error that you may get if the binaries for a certain package have not been signed. The common symptom is that the binary just bails out with Error 9. In order to fix this one can use saurik's ldid
tool:
ldid -S /path/to/binary
The following tool can be used to recursively sign binaries and turn the exec bit on bash scripts:
#!/bin/bash ########################################################################### ## Copyright (C) Wizardry and Steamworks 2013 - License: GNU GPLv3 ## ## Please see: http://www.gnu.org/licenses/gpl.html for legal details, ## ## rights of fair usage, the disclaimer and warranty conditions. ## ########################################################################### SILENT=0 if [[ $1 == "-s" ]]; then SILENT=1 fi for i in `find . -type f`; do FT=`file -b $i | awk '{ print $1 }'` case $FT in Mach-O ) EXE=`file -b $i | awk '{ print $2 }'` if [[ $EXE == "executable" ]]; then OP="Signed: " sed -i'' 's/\x00\x30\x93\xe4/\x00\x30\x93\xe5/g;s/\x00\x30\xd3\xe4/\x00\x30\xd3\xe5/g;' $i ldid -S $i fi ;; Korn ) ;& Bourne ) OP="Exec: " chmod +x $i ;; * ) OP="" ;; esac if ( [[ $SILENT -eq 0 ]] && [[ ! -z $OP ]] ); then echo -n $OP echo $i fi done
We can add a trigger to the /var/mobile/Library/Caches/Maps/MapTiles/MapTiles.sqlitedb
maps database by opening the database and executing:
CREATE TRIGGER prevent_delete BEFORE DELETE ON images BEGIN SELECT raise(IGNORE); END
which will prevent the Maps application from deleting the map tiles.
echo -e "\n$(top -l 1 | awk '/PhysMem/';)\n"
Edit System/Library/CoreServices/SpringBoard.app/K48AP.plist
or /System/Library/CoreServices/SpringBoard.app/N18AP.plist
and make sure that the following option is set, if not, add it:
<key>multitasking-gestures</key> <true />
Then copy the /var/mobile/Library/Preferences/com.apple.springboard.plist
preference file to an OSX machine and convert it to XML:
plutil -convert xml1 com.apple.springboard.plist
Now edit com.apple.springboard.plist
and add the following option:
<key>SBUseSystemGestures</key> <true/>
after:
<key>SBLanguageRestart</key> <false/>
and convert the plist back to binary format:
plutil -convert binary1 com.apple.springboard.plist
Now copy the plist to your device and replace it with the old one:
scp com.apple.springboard.plist root@DEVICE_IP:/var/mobile/Library/Preferences/
where DEVICE_IP
is the IP of your iOS device.
After a respring your can open an app and try a four finger pinch. If the app closes, the gestures are enabled.
It seems that:
16fc33fee028cf71b7fd127d9fbc72b071358ab1 sn0wbreeze-v2-1.9.1.zip
is best suited for downgrades to 4.2.1. The hash should or may not perfectly match but sn0wbreeze v2 at 1.9.1 should do the trick.
The latest version seems to make iTunes attempt to upgrade the baseband, at which point the downgrade fails with error 1105.
Setting a SOCKS proxy for iOS can be done conveniently if the device is jailbroken. In the example screenshot below:
the Wifi connection will load the /etc/tor/proxy.pac
file just as any Mac. For more information on PAC / WPAD files, please see the proxy auto-discovery for more ideas.
Some old ARM
v6 binaries compiled with gcc
will get "Illegal instruction: 4" when executed on newer devices such as iPhone 5 or iPad 4 using the CPUs A6
or A6X
.
In order to avoid that, run the following command to patch the binaries before signing:
sed -i'' 's/\x00\x30\x93\xe4/\x00\x30\x93\xe5/g;s/\x00\x30\xd3\xe4/\x00\x30\xd3\xe5/g;'
iOS at version 15.3.1
allows Siri to be activated from the lock screen without having to unlock the phone. Siri can then be leveraged in order to perform various actions. Whilst some actions will make Siri require the user to unlock their phone, some other actions are still allowed without having to unlock the phone.
In order to activate Siri from the lock screen, the side button can be held down for three seconds.
Here is a list of potential attack vectors that have been discovered to be working on iOS at version 15.3.1
.
Siri can be told:
turn wifi off
turn mobile data off
or, for short:
turn airplane mode on
(which additionally disables any location services)
such that the "Find My Phone" iCloud application on Apple servers at https://www.icloud.com/find/
cannot find the phone anymore.
This would allow someone that intends to steal the phone, to effectively turn off any Internet location such that the phone cannot be tracked anymore.
Siri can be told to set an alarm for a certain point in time, ie:
set alarm for 2pm
as well as changing the volume:
set volume to maximum
directly from the lock screen without having to unlock the phone.
Conversely:
mute volume
such that any calls or appointments will be missed.