iPad Jailbreaking/Downgrading
iPad 1: just use 3utools to update/restore and jailbreak
iPad2,3 or iPad3,2
We want to be on an untethered jailbreak, which seems to mean iOS 8.4.1. Some sources claim it is also noticably faster
steps:
- JB with Phoenix (via https://jailbreaks.app/legacy.html or 3uTools)
-
Follow instructions here to downgrade to 8.4.1: Untethered Downgrade iPhone 5/iPad 2,3,4/iPad mini to iOS 8.4.1 without SHSH
-
Use 3uTools v2.55, or it will hang! (as per https://twitter.com/3utools/status/1455107861172797449)
- specifically, 2.58 was bugged at time of testing
- can be downloaded from http://www.3u.com/update-log
-
for iPad3,2: Use iOS-OTA-Downgrader to enter kDFU instead of kDFUApp
- Ideally this would work for the whole downgrade, but it was a bit buggy :(
-
-
install jailbreak (preferably daibutsu):
- https://github.com/LukeZGD/iOS-OTA-Downgrader/wiki/Jailbreaking
- used Sideloadly on MacOS
- daibutsu did not support iPad2,3 so EtasonJB was used
Initial Setup
- install "openssh" and "apt 0.7 strict" via cydia
- ssh with
ssh -o PubkeyAuthentication=no mobile@iPad
, passwordalpine
su
to root (also passwordalpine
)- change passwords for mobile and root users
apt-get install sudo vim
- edit
/etc/sudoers
to allowwheel
- edit
/etc/group
to add mobile towheel
-
run
initial-setup.yml
playbook- sets up ssh pubkey auth
- installs Python 2.7, needed for most ansible commands (retrieved from https://github.com/linusyang/python-for-ios/releases)
-
run
ipads.yml
playbook- installs mikoto to disable OTA update notifications (and some other things)
- installs libactivator
- installs
Maximization
(be.rud0lf77.maximization
) for fullscreen/status bar hide - makes a webclip for https://reservations.claremontmakerspace.org, with tools defined in
hosts
file
Other notes
iPad lock/unlock via activator
activator send libactivator.system.sleepbutton # lock
activator send libactivator.lockscreen.dismiss # unlock
-
Use Activator to schedule
- might just be easier to config manually
- activator config is in
/private/var/mobile/Library/Caches/libactivator.plist
- can't do
LAScheduledEvents
events viaactivator set
Fullscreen/status bar hide
Maximization
(be.rud0lf77.maximization
) seems to work fine on iPad 1/2/3 and doesn't need to be applied manuallyMonocle
(com.rpetrich.monocle
) works on iPad 2/3, but not iPad 1
Editing preferences
- can use
plutil
fromcom.ericasadun.utilities
-
to restart the preferences daemon after editing a plist:
launchctl kickstart -k system/com.apple.cfprefsd.xpc.daemon
Making a webclip
- can place an Info.plist and icon into
~/Library/WebClips/<whatever>.webclip
then respring and it kind of just works -
can launch with
activator send com.apple.webapp
maybe?- only seems to work when it is already running (ie to switch to it, not launch it)
Kiosk mode
- in iOS >=6, just use guided access
-
in iOS <=7, maybe use IncarcerApp- doesn't seem work on ios 5 anymore, so no point
- tried older versions from Google Code Archive, but those don't work either. Maybe some incompatibility with another jailbreak library?
-
"Store Demo" mode (see StackOverflow answer)
- works on iPad 1
-
is kind of annoying, and doesn't disable touch screen
- can be escaped via
killall SpringBoard
or rebooting
- can be escaped via
- more notes: https://www.theiphonewiki.com/wiki/Smart_Sign
VNC via Veency
-
config in
/var/mobile/Library/Preferences/com.saurik.Veency.plist
- iPad must be restarted to apply
-
rotated and offset on ipad 2 and 3: clicks are about 1 app icon offset to the left, and maybe a bit up
- ex. to launch Tool Reservations webapp, click just to the top right of Safari (or whatever app is left of it)
Let's Encrypt certificates
-
Can install cert PEM via gui, probably too much of a pain to automate it
- profile installed as
/User/Library/ConfigurationProfiles/<something>.stub
- enabled in
/User/Library/ConfigurationProfiles/PayloadManifest.plist
- cert also enabled/trusted somewhere else?
- profile installed as
- seems like it will only install one cert per pem, so install ISRG root cert