Howto: Run custom apps on iPhone (Part #2)
Category: Blog

In the first post of this howto, I talked you through getting full access to your iPhone and a basic SSH server running. If you haven’t read Part #1 yet, please do so before continuing here. In this post, we will actually get our toolchain setup as well as install a few more useful pieces of software.

The first thing I will talk you through is replacing DropBear. We will install OpenSSH2 onto the phone which will provide us with the full suite of SSH functionality. Follow these simple steps to upgrade:

  1. Download the openssh iPhone package and extract it into ~/phonedmg/openssh
  2. Download the iPhone binkit and extract it into ~/phonedmg/binkit
  3. Fire up iPHUC and run the following commands (you will get an error about the rmdir, ignore it as it did it’s job):
    mkdir /etc/ssh2
    putfile /Users/(your username)/phonedmg/openssh/etc/ssh2/ssh2_config /etc/ssh2/ssh2_config
    putfile /Users/(your username)/phonedmg/openssh/etc/ssh2/sshd2_config /etc/ssh2/sshd2_config
    putfile /Users/(your username)/phonedmg/openssh/usr/bin/scp2 /usr/bin/scp2
    putfile /Users/(your username)/phonedmg/openssh/usr/bin/sftp-server2 /usr/bin/sftp-server2
    putfile /Users/(your username)/phonedmg/openssh/usr/bin/sftp2 /usr/bin/sftp2
    putfile /Users/(your username)/phonedmg/openssh/usr/bin/ssh-add2 /usr/bin/ssh-add2
    putfile /Users/(your username)/phonedmg/openssh/usr/bin/ssh-agent2 /usr/bin/ssh-agent2
    putfile /Users/(your username)/phonedmg/openssh/usr/bin/ssh-keygen2 /usr/bin/ssh-keygen2
    putfile /Users/(your username)/phonedmg/openssh/usr/bin/ssh-probe2 /usr/bin/ssh-probe2
    putfile /Users/(your username)/phonedmg/openssh/usr/bin/ssh-signer2 /usr/bin/ssh-signer2
    putfile /Users/(your username)/phonedmg/openssh/usr/bin/ssh2 /usr/bin/ssh2
    putfile /Users/(your username)/phonedmg/openssh/usr/bin/sshd2 /usr/bin/sshd2
    putfile /Users/(your username)/phonedmg/openssh/System/Library/LaunchDaemons/com.sshd.plist /System/Library/LaunchDaemons/com.sshd.plist
    putfile /Users/(your username)/phonedmg/binkit/usr/bin/scp /usr/bin/scp
    putfile /Users/(your username)/phonedmg/binkit/bin/ls /usr/bin/ls
    putfile /Users/(your username)/phonedmg/binkit/usr/lib/libarmfp.dylib  /usr/lib/libarmfp.dylib
    rmdir /System/Library/LaunchDaemons/au.asn.ucc.matt.dropbear.plist
  4. Now, ssh into your phone (you will be connecting to the dropbear server still) and do the following:
    -sh-3.2# chmod 555 /bin/ls /usr/bin/*
    -sh-3.2# ssh-keygen2 -P -t dsa -c "DSA hostkey" /etc/ssh2/hostkey
    -sh-3.2# launchctl load /System/Library/LaunchDaemons/com.sshd.plist
  5. Now reboot your phone and make sure you still have ssh access.

Now that you have a good SSH server on your phone, it’s time to add in a bunch of standard Unix commands. You do this by running the following commands on your Mac:

$ cd ~/phonedmg/binkit
$ scp -R bin sbin usr libexec root@(iphone IP):/

After doing this, you should have things like grep, uname, ps, etc on your iPhone. Try them out to be sure. As a quick exercise, now that you have a full blown SSH server on your iPhone and basic apps like vim, you should consider disabling password based authentication and put your SSH key on it. Much more secure, IMHO. If you need help with this, ping me.

The next thing we will do is get our toolchain working. My preference is to build the toolchain from source (easier to keep up to date). This can be time consuming though, so if you are the impatient type, do a Yahoo! search for “iphonetoolchain dmg”. I haven’t tested this approach, so I won’t provide any direct links (as they may rapidly change). To build the toolchain, do the following:

  1. Create a home for the toolchain source, my suggestion is ~/phonedmg/toolchain and the examples will follow as such.
  2. Install libstreams onto your box by running:
    sudo port install libstreams
  3. We now need to decrypt the firmware. Due to the fact I am uncertain the legality of posting the firmware encryption key, I am linking you to the instructions here. After decrypting, you should have a file named decrypted.dmg. Mount this disk image.
  4. Now copy the files inside the mounted disk image into your toolchain directory by doing the following:
    mkdir ~/phonedmg/toolchain/heavenly
    sudo cp -R /Volumes/Heavenly1A543a.UserBundle/* ~/phonedmg/toolchain/heavenly/
  5. Now checkout the toolchain code from the public subversion repo
    cd ~/phonedmg/toolchain
    svn checkout svn://
  6. Now we need to actually build the toolchain itself. First we:
    cd ~/phonedmg/toolchain/trunk
    ./configure --with-heavenly=/Users/(your username)/phonedmg/toolchain/heavenly/

    Then we need to fix a problem in the generated makefile by editing line 34 and making it read:

    cd llvm-2.0 && $(MAKE) ENABLE_OPTIMIZED=1 install

    and then following that we run _sudo make_ (note the sudo is apparently required).

Now that we have our toolchain setup, let’s build the most useful app I have found so far. This application is a like application for the iPhone. It provides a GUI interface to running shell commands on the phone and is immensely useful for things like SSH (outbound from the phone). The app also has good polish for such an early edition and thus is a good example of what can be done. Follow these steps for getting it running on your iPhone:

  1. First things first, we need to download the source code to the app. We do this by:
    mkdir ~/phonedmg/apps
    cd ~/phonedmg/apps
    svn checkout mobileterminal
  2. Now we need to download a header file, UITextTraitsClientProtocol.h, missing from the toolchain and put it in /Developer/SDKs/iPhone/include/UIKit/
  3. Next we fake a couple files to make things happy by doing the following:
    sudo touch /Developer/SDKs/iPhone/include/UIKit/NSObject.h
    sudo touch /Developer/SDKs/iPhone/include/LayerKit/NSObject.h
  4. Now run _make_ and _make package_
  5. Assuming all goes well (I got some warnings, but it compiled), copy the resulting bundle to your phone:
    scp -r root@(iPhone IP):/Applications/
  6. Now reboot your iPhone and now you should see the new app available to use. Here’s a screenshot of what it looks like:

That completes our howto and I would love to thank the numerous devs around the world who have made all this possible. Now that you have a toolchain and an extremely useful sample app, let’s see what apps you can create! If you make something, please be sure and let me know.

P.S. – A helpful tip in regards to the terminal app, to do a control key sequence use the “bullet” key which can be found by pressing the 123 key, then the #+= key (center far right of that last keyboard). Also, to hide the keyboard, simply tap the screen (and again to bring it back up).


4 Responses to “Howto: Run custom apps on iPhone (Part #2)”

  1. [...] 1) A jail-broken iPhone, ideally activated. 2) A Wifi connection 3) Knowledge about how to installed 3rd-party native iPhone applications. 4) A friend with (1)-(3) [...]

  2. [...] Howto: Run custom apps on iPhone (Part #1) Howto: Run custom apps on iPhone (Part #2) [...]

  3. dash says:

    can i use ssh to make a full disk image (backup) of the iphone 3gs and use this image to “restore” ??? instead of using itunes and apples purity regulations?

  4. [...] the required files for OpenSSH to the iPhone and install this manually. This is an OLD guide – Howto: Run custom apps on iPhone (Part #2) | Ramblings of a Geek – Jeremy Johnstone however the principle is the same. You should use a newer build of OpenSSH of course. [...]

Leave a Comment

Spam Protection by WP-SpamFree