iPHoneUtilityClient

By The iPhone Dev Team, updated by lex.

iPhoneInterface was originally created by nightwatch, without whom no iPhone de-jailing, or 3rd party code execution would be possible. Subsequent versions of iPhoneInterface were developed by geohot, ixtli and nall .The final version of iPhoneInterface was a backport of new functionality released by geohot in a tool called 'newgshell'. This application (iPHUC) represents all of the splintered development (jailbreak, iActivator, newgshell, ipi) brought into a package that is maintainable and opensource under the GPL. Warren, nall, mjc, and Operator were the initial contributors to iPHUC. Subsequently, patches and tinkering have been officially offered by uDecker.

When the iPhone first came out, the iPhone Dev Team created iphoneinterface. The first hack for the iPhone. Released under GNU GPL 2, many people contributed to it. Eventually, a rewrite turned iphoneinteface into iPHoneUtilityClient (iPHUC). The last official version of iPHUC was included in the realease of the 112 jailbreak, and was not open sourced.

System Requirements

• An original iPhone or iPod Touch on firmware 1.0-2.0 beta 3.
• Mac OS X 10.4.10-10.9.5.
• iTunes version 7.3-7.7.1.

Building From Source Requirements

• Xcode v2.4-v3.0 installed.
• Mac OS X 10.4-10.5.

Downloads

MD5: f70d399de837c83d3034348121bc77b4

Source - MD5: b74ba23870d9912fb98799dc2026681b

Usage

iPHUC can be used with or without jailbreaking/activating. if you do jailbreak with ZiPhone, you will be able to connect to the AFC2 service and have root filesystem acess over USB while in Normal Mode.

iPHUC accepts 6 command line options:

• -q Quiet. Repress most output.
• -v Verbose. Emit as much information as possible.
• -d Debug. Emits the maximum amount of information.
• -s "local path" Script. Run an iPHUC script at [path] and then exit.
• -o "command" Oneshot. Run an iPHUC command, and then exit.
• -a "name" Afcname. Connect to afc service [name] at startup, such as afc or afc2.

To display as little output as possible, set -q. To display all possible output, set -vd.

Once iPHUC has been executed, you have access to 3 modes:

Normal Mode has the following commands:

• help "current mode command" - Display help information on "current mode command". Using no args lists all commands available in the current mode connected.."
• cd "remote path" - Change directory to the "remote path" specified.
• lcd "local path" - Change local directory to local path specified on the host computer.
• ls "remote path" - List directory at current "local path" or a specified "remote path".
• mkdir "remote path" - Create directory at "remote path".
• rmdir "remote path" - Remove directory at remote path. Directory must be empty to be deleted..
• deactivate - Deactivate an iPhone.
• readvalue "value" - Read value. Using No args lists known values.
• enterrecovery - Enter Recovery Mode and start Recovery Mode shell.
• disconnect - disconnect from the current AFC connection and await reconnect.
• startservice "service" - Start a service. No args lists services.
• deviceinfo - Display information about the iPhone or iPod Touch.
• getfilesize "remote path" - Display size of file at remote path.
• getfile "remote path" "local path" - Get file at "remote path" and write it to "local path".
• putfile "local path" "remote path" - Put file at "local path" to "remote path".
• fileinfo "remote path" - Display info for a file at remote path.
• exit - Escape to shell. The other shell, the one who's child i am.
• lpwd - Display the current local working directory.
• pwd - Display the current remote working directory.
• setafc "name" - Set the name of the afc service to use. AFC is available on stock and jailbroken devices. AFC2 is available on jailbroken devices with the service installed.
• run "local path" - Run an iPHUC script at "local path". An iPHUC script is a plain text file, with one iPHUC command per line.

Recovery Mode has the following commands:

• restore "unzipped iPhone 1.0 firmware IPSW file directory" - Enter Restore Mode on 1.0-1.0.2 firmware.
• reboot - Reboot from Recovery Mode to Normal Mode.
• wtfboot - Upload a 1.0-1.1.5 firmware WTF file, then open iTunes to restore a lower or higher firmware version on 1.0-1.1.5 firmware.
• verbose - Enable verbose boot.
• disk0s3 - boot the older iTunes restored firmware partition in a dual boot.
• safe - Enable Safe Mode boot.
• exitrecovery - Reset boot-args to default and boot iPhone or iPod Touch into Normal Mode.
• zhack - Boot a custom ramdisk.
• singleuser - Boot in Singleuser Mode to run the profile in /etc/profile on disk0s1.
• grestore "unzipped iPhone 1.0 firmware IPSW file directory" - Enter Restore Mode interactively on 1.0-1.0.2 firmware.
• filecopytophone "local path" - Send a file to the iPhone or iPod Touch memory at "local path".
• serial - Enter serial mode.
• cmd "command" - Send a Recovery Mode command to iPhone or iPod Touch.
• exit - Escape to shell. The other shell, the one whos child i am.
• disconnect - Disconnect from shell and await reconnection.
• help "current mode command" - Display help information on "current mode command". Using No args lists all commands available in the current mode connected."
• run "local path" - Runs an iPHUC script at "local path". An iPHUC script is a plain text file, with one iPHUC command per line.

Restore Mode has the following commands:

• mount "remote device" "remote path" - Mount device at "remote path"."
• partition "remote device" - Partition "remote device."
• erase "remote device" - Erase "remote device."
• ditto "remote path 1" "remote path 2" - Copy file at "remote path 1" to "remote path 2"."
• umount "remote path"- Unmount "remote device" from "remote path."
• filesystemcheck "remote device" - Check "remote device" filesytem with fsck_hfs."
• mkdir "remote path" - Make a directory at "remote path".
• force "command" - send a command to the iPhone."
• help "current mode command" - Display help information on "current mode command". No args lists all commands available in the current mode connected.."
• exit - Disconnect from Restore Mode and wait for reconnection."
• run "local path" -Run an iPHUC script at "local path". An iPHUC script is a plain text file, with one iPHUC command per line."

DFU Mode has the following commands:

• exit - Escape to shell. The other shell, the one whos child i am.
• disconnect - Disconnect from shell and await reconnection.
• help "current mode command" - Display help information on "current mode command". No args lists all commands available in the current mode connected.."
• run "local path" - Runs an iPHUC script at local path. An iPHUC script is a plain text file, with one iPHUC command per line.

Booting A Custom Ramdisk On Firmware 1.0-2.0 beta 3

iPHUC can boot a custom ramdisk, which is easy to make with Lex Utils.

• Extract a 1.1.2 IPSW file, and an 1.1.5 IPSW file.
• The kernel cache file in the 1.1.2 IPSW file should be renamed "1.1.2_kernelcache.release.s5l8900xrb" and placed in the same directory as the iPHUC executable file.
• The kernel cache file in the 1.1.5 IPSW file should be renamed "1.1.5_kernelcache.release.s5l8900xrb" and placed in the same directory as the iPHUC executable file.
• You should have your custom ramdisk with Zibri offsets renamed as "ramdisk.bin" and placed in the same directory as the iPHUC executable file.
• Then connect iPhone or iPod Touch. Execute iPHUC from the current directory. Cd into the directory containing iPHUC with Terminal.app and then ./iphuc.
• Type the "enterrecovery" command if necessary to enter Recovery Mode. Once in Recovery Mode, type the "zhack" command. Wait 15ish seconds, and the ramdisk will boot.

Entering DFU Mode From Recovery Mode On Firmware 1.0-1.1.5

iPHUC can boot a 1.0-1.1.5 firmware WTF file for you, so you can enter DFU Mode from Recovery Mode and restore any firmware in iTunes. To use it:

• Extract a 1.0-1.1.5 IPSW file, within the unzipped IPSW will be a "Firmware" directory. Open it, then open the "dfu" directory. Here is your "WTF.s5l8900xall.RELEASE.dfu" file.
• Copy it into the same directory as the iPHUC executable.
• Cd into the directory containing iPHUC with Terminal.app and then ./iphuc. Then type the "enterrecovery" command if necessary to enter Recovery Mode.
• Once in Recovery Mode, type the "wtfboot" command and that WTF file will be executed on your iPhone or iPod Touch. Then you can close iPHUC and restore any firmware version to your device.

If you attempt to putfile a file with size of zero, it messes up the AFC connection. Restart iPHUC if this happens.

Known bugs: running iphuc -v may cause a crash (this is even a bug in the last iPhone Dev Team iPHUC version).

Building From Source

Cd into the extracted source available for download above and execute "make zip". iPHUC will be built in build/RELEASE as a PPC and Intel universal binary. The libMobileDevice742.dylib file must be kept in the same directory as iPHUC for it to run.