Move the iPhone3,1_5.0_9A334_Restore.ipsw into the iPhone Software Updates directory. On OS X this is located in ~/Library/iTunes/iPhone Software Updates.

Re-run redsn0w and the jailbreak will work as expected. Don't forget that it's still a tethered jailbreak.

If sudo isn't installed, install that with apt-get install sudo or

su mobile
uicache

And while you're on the command line, make sure to change the password for the root and mobile users.

1. SSH to your iPhone
2. su -
3. Enter the root password, alpine by default.
4. passwd
5. Enter your new root password
6. passwd mobile
7. Enter the new password for the mobile user

Recently the email address and ICCID (SIM serial number) of at least 140,000 iPad 3G owners were left unprotected by AT&T. AT&T chose to blame "hackers" for stealing this information, but that is just deflection. AT&T didn't adequately protect customer information, and as a result someone found it.

AT&T also claims that it was only the email address and ICCID that leaked, which is another partial truth. A 2008 paper titled SIMs and Salsa (quick view) demonstrates how the ICCID is directly linked to the IMSI.

AT&T SIM cards have a 20-digit ICCID, and the IMSI is 15 digits long.

The iPad ICCIDs all seem to begin with 8901410424 and followed by 9 important digits and then a single checksum digit. For example 89014104240123456781.

An AT&T IMSI is 15 digits, made up with the MCC (310), MNC (170) and the 9 underlined digits preceding the checksum in the ICCID. So if your ICCID was 89014104240123456781 as in the example above, your IMSI would be 310170012345678.

You can find your ICCID on your iPad by opening Settings, choosing General and then About.

Why is the IMSI Important?

Each device has a unique IMSI, and the IMSI is considered sensitive enough that it's rarely sent over the wireless network. Even the name – International Mobile Subscriber Identity – implies that it is something that shouldn't be shared freely.

The IMSI is also one of two pieces of information needed to clone a SIM card, the other being the Kⁱ, or subscriber authentication key. Fortunately the Kⁱ can only be retrieved with physical access to the SIM card.

But, knowing who a specific IMSI belongs to, for instance someone at the White House, allows an attacker target a specific user. Using technology like an IMSI catcher an attacker can insert their own device between a target and the carrier network and monitor data or voice conversations. There are a number of flaws in GSM that I assume could also be exploited relatively easily by someone – like a foreign government – with the proper resources and motivation.

AT&T is downplaying their own incompetence at securing customer information, and is putting customers at risk. Customers who are newsworthy in their own right. Even if the information on the iPad isn't sensitive, it can easily be compromised and used as an attack vector onto a previously inaccessible corporate wifi network.

Perhaps AT&T feels that is not a real risk? The latest jailbreak is a userland jailbreak and it's not inconceivable that it could be adapted to work in Mobile Safari. The first iPhone was able to be jailbroken simply by visiting a special website. And Dave Aitel has been selling Silica since 2006. One of the use cases Aitel would pitch for Silica was to mail it to a CEO and let it automatically hack anything it could find, beginning with wifi networks.

AT&T needs to immediately and proactively issue all iPad 3G subscribers new SIM cards.

iPhone 3GS, brightness set to ~55%. Wifi was enabled all day, 7:00 AM – 10:40 PM. 3G was enabled between 11:00 AM and 8:30 PM. A single two-minute phone call was placed. Roughly 11MB of data usage while on 3G (several web pages and Twitter using Tweetie).

Final result: At 10:40 PM there was 26% remaining on the battery.

BlackBerry Bold 9700, brightness set to auto. 3G and wifi enabled all day – 7:00 AM – 10:40 PM. Multiple background apps – SocialScope (Twitter) and Twitter for BlackBerry, multiple web pages and push email for 5 different accounts (4 BIS, 1 BES). 5 phone calls were placed, lasting a total of around 70 minutes.

Final result: At 10:40 PM there was 65% remaining on the battery.

Dear RIM,

Please shave 1-3mm off the thickness of my next device, I obviously don't need a replaceable battery¹.

xoxo,
Corey

Side note: I have replaceable batteries for the BlackBerry Tour/Storm/Storm2/8900, the BlackBerry Bold 9700, my Mifi, and the BlackBerry 8530. I do not have any spare batteries for any of my Android devices, which would feel like trying to color coordinate my car with vehicles the rest of the highway. The BlackBerry 9700 is the first device I've ever owned where it takes significant effort to drain the battery (<20% remaining). Enjoy the high caliber of writing I produce right before I fall asleep.

1. Thanks to Alex for planting this statement in my mind

Looks like I was right, and TechRadar has a how-to guide for the SIM to Micro-SIM conversion. BGR has a few images of AT&T's new combo-SIMs, and although the AT&T Micro-SIM is a one-way street, MicroSim Shop sells a Micro-SIM (Mini-UICC) to SIM adapter for €5.99.

AT&T SIM/Micro-SIM Combo Card

MicroSim Shop also has a guide for cutting a SIM down to size, and some shots of the final product being used in one of their adapters.

Micro-SIM Adapter and DIY Micro-SIM

It's useful for things like extracting the version number out of your Info.plist during a Run Script Build Phase.

PlistBuddy wasn't in my existing path, I found it at /usr/libexec/PlistBuddy

Example Usage

/usr/libexec/PlistBuddy -c "Print :CFBundleVersion" Info.plist

Outputs: 0.14, or whatever the value of the CFBundleVersion key in Info.plist is.

Android users complain that they can't install the newest OS on their device, that Exchange sync doesn't work, that third-party applications crash, that Android Market is horrible, that core applications crash, that settings are obtuse and scattered, that it's awkward to use and uncomfortable to hold, and even though the browser uses WebKit, it sucks.

Two generations of phones later, and all of the current iPhones are capable of running the latest OS from Apple. Third-party apps exist, and for the most part don't crash. Except for hardware differences (GPS, speakerphone, camera), most applications run on any of the 6 iPhone and iPod Touch devices. Even the screen doesn't get greasy any more, and Apple introduced the word "oleophobic" into the vernacular. The major failure is still AT&T, who apparently uses frame-relay and microwave links for their backhaul.

Meanwhile the problem with Android devices lies much deeper. SDKs aren't released until weeks out after an OS release, resulting in masses of applications that aren't compatible with the new OS release (and with the newest device, as long as Google continues their new device, new OS trend). The Android Market is a mess – applications are being published that steal personal information, easily half of the apps are filled with comments to the tune of "doesn't work on device XXXX" or "crashes immediately!" because of the massive API changes occurring between OS releases and developers that lose interest after a single application.

Notification controls are non-existent – I have yet to find a way to shut my Droid up. Even if I go into every application and turn off all the sounds (and boy is that fun) and shut the phone off, for some reason the Motorola demon spawn will power itself back on and chirp at me.

And the browser. Oh the browser. Sure, it renders pages fine, but it's slow, and doesn't support multi-touch. The screen itself is capable of supporting multi-touch, just not the browser. The free Dolphin Browser has tabs and multi-touch gestures, but shares another flaw with the bundled browser – animation speed. Animations take much too long. Aim for about 200ms from start to finish. Any more than that and users will become impatient. And after waiting 600ms for a pinch-to-zoom, impatient is accurate.

Apple has demonstrated that they listen to user complaints, or at least that they plan ahead well. Most of the iPhone complaints were addressable with newer hardware, but the problem with Android is that Google seemed to want to take the exact opposite tact of Apple, and go for complete openness. That's great, but it looks like they started by attacking standard UI controls and behavior. Maybe they consider it a feature? ANDROID – where every app is so different it's like having 15 phones in one!

Google needs to tighten up the operating system and address the sprawl of OS releases and devices quickly before they fall into the same trap that RIM is in – a nasty pit one where a developer has to build multiple versions of a single application to overcome massive feature disparity between OS releases¹.

1. Although in RIM's defense they're addressing this with OS 5.0 which has a unified codebase. If only the carriers would get off their asses and approve the 5.0 updates.

I'm not saying that Steve is verbose, but the post I've drafted a few hundred times in my head goes something like this: if you are going to sniff for mobile browsers, redirect me to the mobile version of the page I am loading, not your brokedick mobile homepage that doesn't provide me with any path to the story I actually want to read.

Steve's post clocks in at around 730 words (and 5 pictures), but it's worth the read.

One paragraph in particular jumped out at me, emphasis mine:

We worked closely with Apple to bring Latitude to the iPhone in a way Apple thought would be best for iPhone users. After we developed a Latitude application for the iPhone, Apple requested we release Latitude as a web application in order to avoid confusion with Maps on the iPhone, which uses Google to serve maps tiles.

So Google was working "closely" with Apple, built a native iPhone application¹ for Latitude, and then Apple essentially rejected it and told them to build a web application. Isn't building an entire application only to have it wholly rejected one of the leading complaints about the nightmarish App Store approval process?

1. I'd love to see a build of this leaked out so jailbreak users could run it

From Tapbots: Percentage of users running a given OS.  x-axis is days in the month of June.

Look at the abuse that BlackBerry users take at the hands of carriers, especially Verizon. It took Verizon 175 days to release an update for the Storm, and even then it came out 33 days after the OS was leaked and unofficially made available.
BlackBerry 9530 OS Releases

Just as Apple only has to worry about a relatively small number of drivers for their desktop OS, they only have 5 device models running their mobile OS.  RIM currently has 4-5 that number on GSM, CDMA and IDEN (more on that later), and they are dependent on the carriers to certify and and make an OS update available.

But why should the carriers bother to issue OS updates? Most users are under contract, so the only entity that has something to lose is RIM¹ – mostly in the form of negative publicity.

1. More on this later too

One method is to use the RSA Authentication Manager to generate CT-KIP URLs which can be sent to the end-users. You can read more about this from the RSA iPhone page after downloading the documentation and device definition file.

My preference is to use the Compressed Token Format (CTF) which will compress a .sdtid soft token file into an 81-digit string.

Clarification

I don't want there to be any confusion about the intent of this post – I'm demonstrating one possible way to install a token on your device without involving an administrator.  In most cases your ACE administrator will probably be willing to assist you with the installation of a token, and none of this will be necessary.

Preparing the Token

You can use the Token Converter application from RSA, or the web-based token converter on my projects page. Paste the contents of your .sdtid file into the form, supply your password if it requires one and create the CTF link.

Distributing the CTF SecurID Token

You can email links to the CTF token file or link to an HTML page containing the link. Both work, although the current version (1.0.5) of the RSA SecurID iPhone Application is overly sensitive to malformed links.  Sending an HTML email from Outlook will generate a malformed link, but as Phil noted in the comments composing a message in RTF format containing the link will work.

Malformed Links

Correct: com.rsa.securid.iphone://ctf?...
Malformed: com.rsa.securid.iphone://ctf/?....

If you are going to email the link make sure that it doesn't append the extra trailing slash after ctf. Do not use Outlook to send the email in HTML format as it always appends the extra slash – compose a RTF message instead.

You may need to change your Outlook options to retain RTF emails when sending to internet recipients.  In Outlook open Options > Mail Format > Internet Format. Under "When sending Outlook Rich Text messages to Internet recipients, use this format:" change the option to "Send using Outlook Rich Text format".

Emailing the CTF Link

For iPhone users running OS 2.x you can compose a plain text message with the CTF link (com.rsa.securid.iphone://ctf?ctfData=<token>) between angle brackets.

This will only work with OS 2.x, and not with the GM release of OS 3.0.

For all users running OS 2.x and OS 3.x you can send an HTML-formatted email with a hyperlink to the CTF URL, like Click here to install Token.  As mentioned above this will NOT work with Outlook, which adds an extra forward slash that the SecurID application cannot understand.

Linking to a page containing a CTF Link

The third option is to use Mobile Safari to open a web page containing a hyperlink to the CTF URL.  You can put this page somewhere on your own servers, or use my RSA CTF Hyperlink Generator to dynamically build these links. Opening http://coreygilmore.com/rsa/<CTF> will automatically  display an iPhone-ready hyperlink  to install the token.  View a sample page.

Resources

• RSA Token Converter – generate CTF links offline.
• Web-based token converter – generate CTF links from a webpage.
• RSA iPhone Resources page – Documentation and technical specs for the app and support utilities.
• RSA iPhone SecurID Application for the iPhone – iTunes link to the soft token application.
• CTF Hyperlink Generator – Dynamically generate a webpage with CTF links, viewable from Mobile Safari.
• Cisco VPN Connections from an iPhone – How to create an IPSEC VPN connection on the iPhone.

Updated 6/18/09: Added information about composing Outlook RTF emails to successfully send token installation links, brief clarification about the intent of this post.

On Monday RSA launched a soft-token application for the iPhone. Similar to the BlackBerry soft token application, this will store a single token and allow you to generate a one-time password.

You can download the RSA iPhone SecurID application from iTunes (ITMS link) and read more about it on the RSA site at http://rsa.com/iphone.

Screenshots

Installation

Read Deploying tokens to the RSA SecurID iPhone Application for a rundown of the various deployment and provisioning options.

Updated June 16, 2009: Misread documentation; the application will only store one token.

I suspect that no-one at Apple knows how genuinely torturous the app store approval process is for developers personally after a rejection. When they hold the key to the only distribution pipe for something you’ve spent a lot of your time on – in my case a year – something you’re hoping could provide you with a livelihood – and polite email enquiries are not replied to – not even with an autoresponder, it is extremely frustrating. I don’t think I’ve ever felt as powerless in my life (and I’ve had to deal with US immigration authorities…).

I suspect quite a few people at Apple know what a nightmare the App Store approval process is, but I doubt a single one of them is in a position to do anything about it. Apple Inc. is no more likely to publicly acknowledge a problem than the Catholic church, and the App Store approval process is Apple's abortion is sure to be a sensitive topic.

When the basis of approval is subjective, you need talented, intelligent and rational people making decisions and passing jdugement. Good luck finding that combination in someone who is willing to earn $30k/year to run iPhone apps all day searching for boob pictures or profanity.

Objectionable Content

For your enjoyment, here are a few of the titillating terms that Apple objected to. I've no doubt that by posting this text my site will be masturbation fodder for teens everywhere.

• Auparishtaka or mouth congress – Another way of saying fellatio, but I can see how the term mouth congress is totally hot.
• Lingam – Penis. It's about time someone came up with a non-scientific way to refer to the male genitalia.
• Yoni – Vaginia – definitely the most offensive 4-letter word you can use to describe one.

Fill in the Blanks

Sometimes it's what is left out that counts. See if you can guess what the missing words are.

Assets

I've removed three words from the following paragraph.

The qualities of good ______(1.1) are that they should be bright, well set, clean, entire, convex, soft, and ______(1.2) in appearance. ______(1.1) are of three kinds according to their size:

Small
Middling
Large

Large ______(1.1), which give grace to the ______(1.3), and attract the hearts of women from their appearance, are possessed by the Bengalees.

Good Qualities

5 words this time, have at it.

The qualities of good ______(2.1) are as follows: They should be equal, possessed of a pleasing brightness, capable of being ______(2.2), of proper proportions, ______(2.3), and with ______(2.4) ends.

The defects of ______(2.1) on the other hand are that they are blunt, protruding from the ______(2.5), rough, soft, large, and loosely set.

There you have it. Smut! Pornography! It's obvious that this needs to be kept out of the hands of young children, so they can safely peruse Google Images with their morality intact.
a

Answers

Fill in the blanks or use your imagination.
Assets
1.1: nails
1.2: glossy
1.3: hands

Good Qualities
2.1: teeth
2.2: coloured
2.3: unbroken
2.4: sharp
2.5: gums

From the article:

In an act affecting owners of 2G cell phones on AT&T Mobility’s network, including the highly visible, and originally highly expensive first generation iPhone, Open for Business has learned that AT&T has been quietly sacrificing 2G signal strength in an effort to speed up the build out of its next generation 3G network.

Consider my horn tooted.

UPDATE: BGR picked up the original story and Ronen over at BerryReview has noticed 3G coverage where he didn't have it previously.

Word to the wise: as of January 1, 2009 there is no software available that can update the iTunes database on an iPhone or iPod Touch running firmware 2.x.  Once the new hash for signing the database is reverse engineered this will be possible again, but until then be careful.  I discovered this the hard way while trying to add some movies to my iPhone while my MBP was out of commission.

When you connect your iPhone after using one of the crappier utilities (quality apps tell you it's not possible) you'll be greeted with the following message:

iTunes cannot read the contents of the iPhone "XXX". Go to the Summary tab in iPhone preferences and click Restore to restore.

Restoring on a customized jailbroken iPhone is a bit of a pain; you need to reinstall all of your jailbroken apps, set your Winterboard theme, arrange all of your icons "just so", etc.  It takes me about an hour to get everything just the way I like it, and I've got most of the process scripted out now.

Your iTunes database is stored in /private/var/mobile/Media/iTunes_Control/iTunes and mine has the following files in it:

Extras.itdb
IC-Info.sidb
IC-Info.sidv
PhotosFolderAlbums
PhotosFolderName
PhotosFolderPrefs
Rentals.plist
Ringtones.plist
iPhotoAlbumPrefs
iTunesApplicationIDs
iTunesControl
iTunesDB
iTunesMovies
iTunesPrefs

The suspect file was iTunesDB.  My first thought was just to remove (rename) the iTunes directory and see what happened.  Instead of an error I was prompted to configure a new iPhone or restore from backup.  No go.  When I refreshed the directory listing I saw that iTunes had re-created the iTunes directory.

I removed everything inside of the newly created /private/var/mobile/Media/iTunes_Control/iTunes directory except iTunesDB and copied all of the files (except iTunesDB) from my backup directory, /private/var/mobile/Media/iTunes_Control/iTunes-bad.  Everything inside of the iTunes directory should be owned by user/group mobile/mobile and permissions set to 644.

chmod -R 644 /private/var/mobile/Media/iTunes_Control/iTunes
chown -R mobile:mobile /private/var/mobile/Media/iTunes_Control/iTunes

I plugged my iPhone in and iTunes happily recoginzed it, sans music.  Since it's a horrific music player (I love my touch wheel) I didn't care about this, my jailbreak configurationwas much more important.

You can download the virgin iTunesDB file here.

Almost, but not quite. A typical ActiveSync deployment consists of a front-end Exchange server, an ISA server and a second Exchange server. I've only got a single VM (more for convenience than anything else), so I had to make a few changes.

Assumptions

I'm assuming that you've got Exchange and ISA working, either on a single box or two individual servers. You also have a valid SSL certificate and port 443 is open.

Exchange Configuration

Enable ActiveSync

Open the Exchange System Manager (ESM) and expand the Global Settings tree. Right click on Mobile Service, choose Properties and ensure that the ActiveSync options are all checked.

IIS Configuration

These steps are identical to the ones in Microsoft KB 817379 – Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003.

1. Start Internet Information Services (IIS) Manager.
2. Locate the Exchange virtual directory. The default location is as follows:

3. Web Sites\Default Web Site\Exchange

4. Right-click the Exchange virtual directory, click All Tasks, and then click Save Configuration to a File.
   
5. In the File name box, type a name. For example, type ExchangeVDir. Click OK.
6. Right-click the root of this Web site. Typically, this is Default Web Site. Click New, and then click Virtual Directory (from file).
   
7. In the Import Configuration dialog box, click Browse, locate the file that you created in step 4, click Open, and then click Read File.
8. Under Select a configuration to import, click Exchange, and then click OK.
9. A dialog box will appear that states that the "virtual directory already exists."
   
10. In the Alias box, type a name for the new virtual directory that you want Exchange ActiveSync and Outlook Mobile Access to use. For example, type ExchDAV. Click OK.
11. Right-click the new virtual directory. In this example, click ExchDAV. Click Properties.
12. Click the Directory Security tab.
13. Under Authentication and access control, click Edit.
14. Make sure that only the following authentication methods are enabled, and then click OK:
    
    • Integrated Windows authentication
    • Basic authentication
      
15. On the Directory Security tab, under IP address and domain name restrictions, click Edit.
16. Click the option for Denied access, click Add, click Single computer and type the IP address of the server that you are configuring, and then click OK.
    
17. Under Secure communications, click Edit. Make sure that Require secure channel (SSL) is not enabled, and then click OK.
    
18. Click OK, and then close the IIS Manager.
19. Click Start, click Run, type regedit, and then click OK.
20. Locate the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters

21. Right-click Parameters, click to New, and then click String Value.
22. Type ExchangeVDir, and then press ENTER. Right-click ExchangeVDir, and then click Modify.
23. Note ExchangeVDir is case-sensitive. If you do not type ExchangeVDir exactly as it appears in this article, ActiveSync does not find the key when it locates the ExchDAV folder.
24. In the Value data box, type the name of the new virtual directory that you created in step 8. For example, type /ExchDAV. Click OK.
25. Quit Registry Editor.
26. Restart the IIS Admin service. To do this, follow these steps:
    1. Click Start, click Run, type services.msc, and then click OK.
    2. In the list of services, right-click IIS Admin service, and then click Restart.

ISA Configuration

You'll want to increase the heartbeat to 30 minutes per Microsoft KB 905013 – Enterprise firewall configuration for Exchange ActiveSync Direct Push Technology. If you don't do this you'll receive Event ID 3033 in your Application event log with the message:

The average of the most recent [200] heartbeat intervals used by clients is less than or equal to [540]. Make sure that your firewall configuration is set to work correctly with Exchange ActiveSync and direct push technology. Specifically, make sure that your firewall is configured so that requests to Exchange ActiveSync do not expire before they have the opportunity to be processed.

1. Open ISA Server Management and click Firewall Policy.
2. On the Toolbox tab, click Network Objects.
3. Expand the Web Listeners node, and then view the advanced properties of the applicable Web Listener.
4. Click the Preferences tab, and then click Advanced.
5. Modify the Connection Timeout from the default 120 seconds (2 minutes) to 1800 seconds (30 minutes).
   
6. Click OK two times to accept these changes.
7. Click Apply.

The End

That's really all there is to it. If you've got RPC over HTTPS working then your ISA server should be ready to handle traffic on port 443, and you're only a few steps away from ActiveSync glory.

Getting Started

You'll need the following information:

• VPN Server
• User account name
• User password
• Group name
• Group password

You should know your user account name and password and you can obtain the VPN Server, Group name and Group password from your .pcf file. A PCF file typically contains an encrypted password which you can decrypt using my Cisco VPN Password Decryption page. You can also ask your VPN administrator for the plain text password.

Sample PCF File

The VPN server can be found after Host= in the pcf file. Group Name is after GroupName=, Group Password is after enc_GroupPwd= or GroupPwd=. Asterisks added below for emphasis.

[main]
Description=Connect to Company VPN
****Host=your-vpn-server.coreygilmore.com
AuthType=1
****GroupName=accounting
GroupPwd=
****enc_GroupPwd=9196FE0075E359E6A2486905A1EFAE9A11D652B2C588EF3FBA15574237302B74C194EC7D0DD16645CB534D94CE85FEC4
EnableISPConnect=0
ISPConnectType=0
ISPConnect=
ISPCommand=
Username=
SaveUserPassword=0
UserPassword=
enc_UserPassword=
NTDomain=CorpDomain
EnableBackup=0
BackupServer=
EnableMSLogon=1
MSLogonType=1
EnableNat=1
CertStore=0
CertName=
CertPath=
CertSubjectName=
CertSerialHash=00000000000000000000000000000000
DHGroup=2
ForceKeepAlives=0
PeerTimeout=90

Adding the Connection

From the Home screen on the iPhone open the Settings application. Navigate through General > Network > VPN. Tap Add VPN Configuration and choose IPSec.

Using the information provided to you by your VPN administrator or gleaned from the PCF file, fill out the fields. If you use a SecurID for authentication leave the Password field empty and you will be prompted for it each time you connect.

About the Fields

Description – This can be anything you want.
Server – The VPN server IP or domain name. Host from your PCF file.
Account – Your VPN (or SecurID) username.
Password – Your VPN password. Leave blank to be prompted (or if you use a SecurID or other token).
Group Name – Your VPN group name. GroupName in the PCF file.
Secret – The Group Password. GroupPwd or Enc_GroupPwd from the PCF file. If the password is encrypted (the PCF only contains Enc_GroupPwd) you will need to decrypt it using my Cisco VPN Password Decryption page.

Below is a sample VPN connection configuration:

Connecting

Once the fields are populated and the connection is saved you can connect to your VPN server by opening
Settings > VPN and sliding the toggle into the On position.

Updated Jan 30, 2009: Added a more detailed description of the account fields for clarity.