UPDATE: The application related issues have been moved to a new article Fix Application Issues in 1.1.3
UPDATE: Since the dev team has released the 1.1.3-2, I have updated some of the contents, check the UPDATE in each section.
UPDATE: Here’s the log files from my 1.1.3-2 upgrade. There’re two files, /var/log/syslog generated by syslogd daemon as well as BearPhuc created by Upgrade process.
UPDATE: the 1.1.3-3 has been released, since 1.1.3-2 works fine for me (except the launchctl), I don’t wanna try this new release unless I found any severe problems (or if the launchctl will be fixed :). UPDATE: yes, it does fix the launchctl, but I still won’t try it because the launchctl issue can be fixed on a running system now.
UPDATE: as far as I can tell, the 1.1.3-3 is mainly released to fix the launchctl issue.
The dev team has officially released the iPhone firmware 1.1.3 jailbreak method, so now we have two 1.1.3 jailbreaks, the official one and the leaked one (published by natetrue, former dev team member, has been kicked out because of this leak). Technically, both methods work the same way:
1. Decrypt firmware to get compressed rootfs
2. Decompress rootfs
3. Patch decompressed rootfs
4. Patch user partition
5. Copy patched rootfs over system partition
The official way is slightly better though, the work is done totally on iPhone, some of the issues found in the leaked one have been fixed. But there’re other problems/drawbacks arising after the upgrade which make the upgrade way from perfect yet. Here are some of the issues found so far:
Issue: No Sound
After the 1.1.3-2 upgrade, no ringtones and no music in iPod, some of the error messages are:
Jan 31 20:59:50 localhost /usr/sbin/mediaserverd: MeccaCoreAudio.cpp: MeccaCoreAudioDevice::SetCustomProperty: FAIL: Assertion "kAudioHardwareNoError != result" failed, goto Exit Jan 31 20:59:50 localhost /usr/sbin/mediaserverd: MeCCAAudioDevice_CoreAudio.cpp: MeCCAAudioDevice_CoreAudio::setAudioRouteEnabledForHWDevice: FAIL: Assertion "kAudioHardwareNoError != CADevice->SetCustomProperty(propertyID, propertyScope, sizeof(UInt32), (const void*) &propertyData)" failed, goto Exit Jan 31 20:59:50 localhost /usr/sbin/mediaserverd: AudioRoutingManager.cpp: AudioRoutingManager::disableAllAudioRoutes: FAIL: Assertion "MediaEngine::OK != MeCCAAudioDevice::theInstance()->setAudioRouteEnabledForHWDevice(kMeCCAAudioRouteDownlinkToWolfson, kMeCCAAudioHWDeviceWolfson, false)" failed, goto Exit Jan 31 20:59:50 localhost /usr/sbin/mediaserverd: AudioRoutingManager.cpp: AudioRoutingManager::commitClearRouting: FAIL: Assertion "kReturnSuccess != result" failed, goto Exit Jan 31 20:59:50 localhost /usr/sbin/mediaserverd: AudioRoutingManager.cpp: AudioRoutingManager::commitRoutes: FAIL: Assertion "kReturnSuccess != result" failed, goto Exit Jan 31 20:59:50 localhost /usr/sbin/mediaserverd: AudioRoutingManager.cpp: AudioRoutingManager::applyRoutes: FAIL: Assertion "kReturnSuccess != result" failed, goto Exit Jan 31 20:59:50 localhost /usr/sbin/mediaserverd: AudioRoutingManager.cpp: AudioRoutingManager::applyRoutes: ERROR: Error applying new audio routing routes...restoring previous routing, if available Jan 31 20:59:50 localhost /usr/sbin/mediaserverd: AudioRoutingManager.cpp: AudioRoutingManager::commitRoutes: FAIL: Assertion "0 == inOrderedRouteDescriptionList.size()" failed, goto Exit Jan 31 20:59:50 localhost /usr/sbin/mediaserverd: AudioRoutingManager.cpp: AudioRoutingManager::activateRoutes: FAIL: Assertion "kReturnSuccess != result" failed, goto Exit Jan 31 20:59:50 localhost /usr/sbin/mediaserverd: AudioRoutingPolicy.cpp: AudioRoutingPolicy::activateRoutes: ERROR: Routing Not Supported: attempt to activate the routes failed. Jan 31 20:59:51 localhost /usr/sbin/mediaserverd: MeccaCoreAudio.cpp: MeccaCoreAudioDevice::StartIO: ERROR: AudioDeviceStart failed with error 560492391 Jan 31 20:59:51 localhost /usr/sbin/mediaserverd: MeCCAAudioDevice_CoreAudio.cpp: MeCCAAudioDevice_CoreAudio::startIO: FAIL: Assertion "kAudioHardwareNoError != mMeccaCoreAudioDevice->StartIO()" failed, goto Exit Jan 31 20:59:51 localhost /usr/sbin/mediaserverd: MeCCA_MediaPlayer.cpp: MeCCA_MediaPlayer::play: FAIL: Assertion "kMeCCA_Error_OK != result" failed, goto Exit Jan 31 20:59:51 localhost Preferences: -[AVController failPlayback:reason:notifyClient:]: item with path [omitted] failed to open with err 1
UPDATE: maybe only I had this problem, other people reported their ringtones working fine. Anyway, this relates to the permission, set the /usr/sbin/mediaserverd permission to 4555 (aka SUID root) fixes the issue:
chmod 4555 /usr/sbin/mediaserverd
Issue: Wrong System Partition Size
In 1.1.3-1, the partition size is wrong, the system partition is 266MB (279520256 bytes) after the upgrade, so you’ll lose 34MB after the upgrade, it’s a huge space loss considering the total size is only 300MB (314572800 bytes) and you’re gonna put some 3rd party applications on it. The leaked method doesn’t have this issue, it correctly expands the rootfs to 300MB.
This explains why the official jailbreak puts the terminfo into /var/root, and uses a symbolic link in /usr/share, because there’s not enough space to put them on the rootfs without that 34MB.
NOTE: my temporary workaround is to manually create the rootfs in the way introduced in the Leaked Jailbreak 1.1.3, then use the official script (need to patch) to do the rest, some post-upgrade fixes are required for this mixed method though.
UPDATE: the newly released Jailbreak 1.1.3-2 has fixed this issue, it fetches a copy of the 1.1.2 rootfs, removes all its contents, and copies 1.1.3 contents over it, thus has the correct partition size.
UPDATE: in 1.1.3-2 and 1.1.3-3, there’s a small bug :) The volume name is wrong, it’s Oktoberfest3B48b.UserBundle (1.1.2) while it should be LittleBear4A93.UserBundle (1.1.3).
UPDATE: the image manipulation is done in a binary Upgrade with the help of a shell script globscript.sh, once the image is done, the other script migrate.sh will do the rest to adjust the user partition directory structuret as well as fixing the issues.
Issue: Can’t Change Timezone
The timezone change in Settings->General will re-create the symbolic link:
Since the link owner is root, thus Preferences (running as mobile) cannot remove and re-create it. To fix it, change the folder permission to 777:
chmod 777 /var/db/timezone
UPDATE: this has not been fixed in the Jailbreak 1.1.3-2 and 1.1.3-3. If you change your time zone, the current time will not adjust according to the new time zone, you have to manually set the time/date. A chmod is still needed to let the system auto-adjust the time for you when changing the time zone.
UPDATE: if your timezone change works right after the upgrade, check if the symbolic link at /var/db/timezone/localtime, does it point to the right place if you change the timzone? It should.
Issue: iTunes Sync Not Working
In 1.1.3-1, the iTunes sync is not working correctly due to the wrong folders/permissions. iTunes syncs the contents to root account while the phone reads the contacts, bookmark, etc from mobile account.
UPDATE: The dev team has released a script (syncfix.sh) to fix the sync issue, shown below (I added some comments):
# Remove the old data in root account rm -rf /var/root/Library/AddressBook rm -rf /var/root/Library/Safari rm -rf /var/root/Library/Calendar rm -rf /var/root/Library/Mail rm -rf /var/root/Library/Preferences # Move mobile's data to root account mv /var/mobile/Library/AddressBook /var/root/Library mv /var/mobile/Library/Safari /var/root/Library mv /var/mobile/Library/Calendar /var/root/Library mv /var/mobile/Library/Mail /var/root/Mail mv /var/mobile/Library/Preferences /var/root/Library # Create the folders (in case they do not exist yet), this will give an error # if the folder has already existed, but it's safe to ignore the errors as the # purpose is to ensure the folders exist mkdir /var/root/Library/AddressBook mkdir /var/root/Library/Safari mkdir /var/root/Library/Calendar mkdir /var/root/Library/Mail mkdir /var/root/Library/Preferences # Let mobile account owns the data folders chown -R mobile:mobile /var/root/Library/AddressBook chown -R mobile:mobile /var/root/Library/Safari chown -R mobile:mobile /var/root/Library/Calendar chown -R mobile:mobile /var/root/Library/Mail chown -R mobile:mobile /var/root/Library/Preferences # Create symbolic links so that both mobile and user accounts use the same data ln -s /var/root/Library/AddressBook /var/mobile/Library/AddressBook ln -s /var/root/Library/Safari /var/mobile/Library/Safari ln -s /var/root/Library/Calendar /var/mobile/Library/Calendar ln -s /var/root/Library/Mail /var/mobile/Library/Mail ln -s /var/root/Library/Preferences /var/mobile/Library/Preferences
UPDATE: this syncfix has been embedded into the Jailbreak 1.1.1-2 and is auto applied during the upgrade.
Issue: Incomplete Cleanup
In 1.1.3-1, there’s an error in the com.devteam.rm.plist as shown below:
The file name missed the suffix .plist, change it to:
or manually remove com.devteam.rm.plist. Otherwise, the launchd will keep respawning it after each reboot, check the syslog, you’ll find it:
Jan 29 23:15:49 localhost launchd: 16/com.devteam.rm: Standard Out/Error: rm: /private/var/disk0s1.dd: No such file or directory Jan 29 23:15:49 localhost launchd: 16/com.devteam.rm: Standard Out/Error: rm: /System/Library/LaunchDaemons/com.devteam.rm: No such file or directory Jan 29 23:15:49 localhost launchd: 16/com.devteam.rm: exited with exit code: 1 Jan 29 23:15:49 localhost launchd: 16/com.devteam.rm: respawning too quickly! throttling Jan 29 23:15:49 localhost launchd: 16/com.devteam.rm: Throttling: Will restart in 10 seconds
UPDATE: this has been fixed in the 1.1.3-2.
Issue: Launchctl Not Working
In 1.1.3-1, the launchctl does not work after offcial upgrade, here’s the error message:
bash-3.2# launchctl list launch_msg(): Socket is not connected
The leaked one doesn’t have this problem..
UPDATE: I still can’t use launchctl to turn on/off services after the Jailbreak 1.1.3-2.
UPDATE: a temporary solution is to use UIctl developed by Erica Sadun.
UPDATE: actually the socket has been created, but in the wrong place. The following steps fix the launchctl issue for 1.1.3-2 (should work for 1.1.3-1 as well) and requires no re-jailbreak:
1. Make an image of the running system partition in /var/113-2.dmg:dd if=/dev/rdisk0s1 of=/var/113-2.dmg bs=1048576 count=300
2. Transfer the 113-2.dmg to your Mac, mount it, it’ll be mounted at /Volumes/Oktoberfest3B48b.UserBundle, erase all the contents in its var folder:rm -rf /Volumes/Oktoberfest3B48b.UserBundle/var/*
3. Unmount and upload it back to iPhone, put it into /var folder
4. Issue the following commands to overwrite the current system partition with the modified image, make sure your WiFi is alive during the process:mount -u -o ro / dd if=/var/113-2.dmg of=/dev/rdisk0s1 bs=1048576 count=300
When it’s done, turn iPhone off and on as usual (hold Sleep button for 3 seconds, then slide to turn off), don’t worry, it will not hang.
NOTE: the above steps will not corrupt your user data.
UPDATE: an easier way (thanks Nil to mention it) is to force a umount on /private/var and modify the system partition on the fly:
umount -f /private/var && rm -rf /private/var/* && mount -a && reboot
UPDATE: the 1.1.3-3 has fixed this issue.
Drawback: Unnecessary Download
In 1.1.3-1, the upgrade script downloads the firmware from Apple which is a bad idea, it makes the whole upgrade process a nightmare when you don’t have a fast and stable internet connection.
NOTE: a workaround is to rename the firmware to restore.zip, upload to /var folder through iPHUC or SSH, then comment out the download lines in installation script:
#if [ "$PLATFORM" = "iPod" ] #then #RESTORE_IPSW="http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPod/SBML/osx/061-4060.20080115.9Iuh5/iPod1,1_1.1.3_4A93_Restore.ipsw" #else #RESTORE_IPSW="http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-4061.20080115.4Fvn7/iPhone1,1_1.1.3_4A93_Restore.ipsw" #fi #wget "$RESTORE_IPSW" -O /private/var/restore.zip
UPDATE: this has been improved in the 1.1.3-2, now the upgrade auto detects the firmware in /var/root/Media, if a 022-3743-100.dmg or iPhone1,1_1.1.3_4A93_Restore.ipsw is found, it’ll use it instead of downloading from Apple, pretty nice feature. During my test, I uploaded the 022-3743-100.dmg, and the Upgrade successfully picked it up and used it.
Issue: Boot Into Recovery
In 1.1.3-1, a reboot/hard reboot will easily send your iPhone to recovery mode. This has been fixed in 1.1.3-2, which copies the partition structure from your working 1.1.2 system disk thus no longer causes any filesystem structure related problems.
UPDATE: tested several times on 1.1.3-2, with both normal reboot as well as hard reset, all fine, except the hard reset takes more time to boot because it needs to check the filesystem that was not cleanly shut down.
Issue: Operator May Not Detected
I know most of you guys don’t have this issue, but it does happen to me. To be honest, I really don’t know if this is because of the jailbreak or if it’s a bug in SpringBoard. Anyway, after the jailbreak, the SpringBoard can’t detect my operator, it successfully recognized my local carrier though (MCC/MNC 46000). This results in a weird thing:
The carrier settings are correct, there are two links created correctly:/var/mobile/Library/Carrier Bundle.bundle /var/mobile/Library/Preferences/com.apple.carrier.plist
But there’s NO operator links, the following two links are expected but not created:/var/mobile/Library/Operator Bundle.bundle /var/mobile/Library/Preferences/com.apple.operator.plist
So I simply can’t customize my carrier logo on 1.1.3 :(
UPDATE: I tried on 04.02.13_G as well as on 04.03.13_G, both no luck.
Issue: YouTube May Not Work
After jailbreak 1.1.3, YouTube may or may not work. From what I experienced, if you jailbreak through i.unlock.no then your YouTube may not work after jailbreak 1.1.3, if you go through jailbreakme.com it will work, this is likely because of the different cert files.
I tried 3 times, twice through jailbreakme.com and both had YouTube working, once through i.unlock.no and my YouTube didn’t work. Fortunately, I copied the cert files from jailbreakme to my computer, so I took the following steps to make it work:
1. Get the YouTube Cert Files (from Jailbreakme)
2. Extract and upload files to /var/root/Library/Lockdown, replacing old files
3. Remove pair_records folder if it exists
Reboot iPhone, your YouTube will work now.
There’re other issues in the script, if you installed the SSH through iNdependence, your SSH will not survive after the upgrade. Look at the following lines in the script:
cp /etc/ssh* /mnt/etc/ cp /Library/LaunchDaemons/* /mnt/Library/LaunchDaemons/
This is not suitable for SSH installed through iNdependence, because of different file/folder positions, change the above lines to:
cp -r /etc/ssh* /mnt/etc/ if [ -f /System/Library/LaunchDaemons/org.thebends.openssh.plist ]; then cp /System/Library/LaunchDaemons/org.thebends.openssh.plist /mnt/System/Library/LaunchDaemons/ fi cp /Library/LaunchDaemons/* /mnt/Library/LaunchDaemons/
This will satisfy both SSH installed through iNdependence and OpenSSH installed through Installer.
UPDATE: this has not been fixed as of 1.1.3-3, in order to have SSH access after the upgrade, you’ll have to use OpenSSH instead of SSH installed through iNdependece.
How to Upgrade (Official Jailbreak 1.1.3-2 and 1.1.3-3)
Make sure your iPhone is running 1.1.2, jailbroken and activated. Install the following packages:
Simply execute the Upgrade application from SpringBoard, give it some minutes to finish, there is a progress indicator so you won’t be too boring during the long wait, very user friendly. It’ll automatically reboot after the upgrade.
Status after the upgrade (tested on a 1.1.1, newly restored and updated to 1.1.2, jailbroken and activated of course, unlocked with anySIM 1.2.1u, NOTE: I used iNdependece to activate 1.1.1 & 1.1.2):
Call in/out – working
SMS in/out – working
EDGE – working
WiFi – working
YouTube – working
iTunes syncing – working
Customized ringtones – working
Google Map Location – not working
NOTE: the upgrade will wipe your current Installer data files, and installs a new Installer (bundled with the upgrade package), so after the upgrade, you’ll have a clean installer environment.
UPDATE: if you’ve already had a copy of the firmware and don’t want to download it again, please upload your copy of firmware to /var/root/Media folder on iPhone, then start Upgrade, it’ll pick it up. A better way is to extract the 022-3743-100.dmg from the firmware and upload it to /var/root/Media folder, Upgrade will happily pick it up and save you a lot of time waiting for the decompression (you know iPhone is much slower than your computer right?).
How to Upgrade (Official Jailbreak 1.1.3 v1 – Obsolete)
The official jailbreak package is here: Official Jailbreak 1.1.3
UPDATE: the new package with syncfix: Official Jailbreak 1.1.3 with Syncfix
You should run syncfix.sh on iPhone after the upgrade to fix the iTunes sync issue.
To use the package, make sure you meet the following requirements:
WiFi to Internet
iPhone on firmware 1.1.2, jailbroken and activated
OpenSSH (if you plan to use SSH to do the upgrade)
Expand and copy all files onto the iPhone, put them under the root (/) folder, then set the Auto-Lock to Never on your iPhone, better keep the iPhone connected with your computer to avoid possible power failure during the upgrade.
When everything’s ready, SSH login to your iPhone (or use Term-vt100), issue the command:
Then wait and pray. The upgrade takes quite some time because the firmware download will take a long time. When I upgrade, I modify the script slightly so it won’t download the firmware, I upload the firmware manually, the actual upgrade process took me about 20 minutes until the SSH connection was closed. A normal upgrade (with the firmware download process) will take much longer than that. If something’s wrong during the upgrade (e.g. some error messaegs), you can always stop it by pressing Ctrl-C, and restart from the beginning.
The iPhone may stuck (at the last cp command) when the upgrade is done, this is normal, just force a shutdown by press and hold both the Sleep and the Home button for some seconds, then turn the iPhone back on, you’ll have a fresh jailbroken 1.1.3.
The install.sh script can easily be modified to allow customized upgrade. I did some changes during my upgrade to ease my life and made it working faster:
Using local firmware (not downloading from Apple)
Pre-installing additional applications to rootfs, especially Term-vt100
With the above modifications, I have some applications to use right after the upgrade.
I did the upgrade on a non-OTB 1.1.2 (was upgrade from 1.0.2, jailbroken and unlocked), the status after the upgrade (with needed fix):
Call in/out – working
SMS in/out – working
EDGE – working
WiFi – working
YouTube – working
iTunes syncing – working
Google Map Location – not working
Customized ringtones – working
UPDATE: in 1.1.3-1, if you didn’t install BSD Subsystem before the upgrade, after the upgrade, you’ll have problem installing the BSD Subsystem because there’s a symbolic link which is not expected, just remove the following symblic link:
and you should be able to install the BSD Subsystem now.