Wednesday, November 10, 2010

Getting the Apple TV 2g into DFU for jailbreak

I've been having some fun the last couple of nights poking around inside the new Apple TV. Out of the box it doesn't really appeal to me at all, I am just not interested in having a locked in iTunes rental box. Once jailbroken though with access to all that lovely iOS framework underneath there are definitely a few uses I can find for a £100 HD N class wifi media streamer with a palm sized form factor.

Anyways I had a whole heap of trouble actually getting the bastard thing broken in the first place because no matter what I tried I just couldn't get it into DFU (Device Firmware Upgrade) mode to flash the modified firmware onto it. I tried using the Pwnage tool with just the USB plugged in as all the tutorials suggest, I tried the manual reboot method (holding menu+down then menu+play) but nothing worked.

From all the trawling on the internets trying to work out what was going on I saw that I was not the only one having trouble. In the end I didn't find the method that worked for me online so am posting this in case it helps any other poor sods out there in the same spot.

  1. Chances are that in trying to get it into DFU and failing the device is in restore mode. Plug the ATV into the TV and power and if the screen is showing the "connect to iTunes" graphic then it's in restore mode. If so then get it back into a fresh state and connect to your computer using only the USB cable and let iTunes restore it.
    - Note that this is still when the only official FW out is the original 4.1 so doing a restore and update is no big deal. You did of course save your SHSH blobs before you started all this right?
  2. Now that your ATV is back to factory settings unplug the USB and plug the power back in. No need to connect it to the TV. Fire up the Pwnage tool (I am assuming here that you have already built the custom .ipsw file but if not now is a good time to do so) select the ATV device and hit the DFU button.
  3. With the power cable plugged into the ATV now plug the USB into the computer as directed by the Pwnage tool.
  4. Pwnage tool now tells you to disconnect the power. Do as it says. 
  5. When instructed hold down the menu and play buttons together for 7 seconds and release when instructed.
  6. Hold your breath. (not sure this is mandatory but it worked for me).
  7. Now you should be in DFU and can go ahead with the option-restore in iTunes to load your custom firmware.

I think the key step here is the initial connection with the power cable attached. Unplugging the power cable lets the device reboot at just the right time for the timed DFU steps in the Pwnage tool to work "just so".

Once you have the new firmware installed plug the ATV back into the TV and power and go configure it for your network. It will not look any different to normal at this point. Once you have a network connection you can ssh into the box as root (default password "alpine" change it as soon as you are in) and get to the hacking proper.
Good luck to you, hope this helps.