Jailbreaking ATV2 Running 5.0.1 or Less, After Apple Stopped Signing Older Firmware Versions

This guide was originally posted at: http://www.jailbreakappletv.com/forums/general-discussion/525-jailbreak-apple-tv-2-running-5-0-1-less-after-apple-stopped-signing-older-versions.html please keep the acknowledgement out of respect for the hard work put into writing the guide.

I’m going to be putting this up on the front end of the site tomorrow. In the meantime, please share this with others across the internet, many people don’t know that this can even be done yet!

How to Jailbreak the Apple TV 2 Running 5.0.1 or Less, After Apple Stopped Signing Older Version Firmware after March 8th

YouTube Video by CYBERxNUKE: http://www.youtube.com/watch?v=MUQfJ6OYhlc

System Requirements:

  • Windows PC (this doesn’t yet work for Mac unfortunately)
  • Latest Version of Apple iTunes Installed
  • Apple TV 2 Running 5.0.1 (4.4.4) Version Firmware or Less

Before Starting, Download the Following Support Files and Save them to a New Folder on your Desktop:

Once the files have been download, Extract the compressed Seas0nPass and iFaith compressed folders, then Install Total Commander. Once that’s been done, continue following the instructions below carefully.

Part 1 - Saving SHSH Blobs (Deviced Plugged)

Step 1: Launch iFaith choose “Dump SHSH Blobs”
Step 2: Proceed by following the on screen prompts, don’t plug in device until prompted.
Step 3: Follow the process to Enter DFU Mode and retrieve the SHSH Blobs. Let the process complete before touching anything. Close iTunes if it starts automatically, although it won’t change anything if you leave it open.
Step 4: When prompted to choose a Save Location, save the new SHSH Blob to a designated folder on your Desktop, where you saved the rest of the support files to initially.
Step 5: Disconnect the Apple TV for the time being.

Part 2 - Building Signed Firmware Revision (Device Unplugged)

Step 1: Return to iFaith and Choose “Build signed IPSW w/ Blobs” and follow the on screen prompts.
Step 2: Select “Browe for SHSH Blobs cache” and open the SHSH Blob file we had saved in Part 1 of this guide.
Step 3: Choose “Browse for the iOS 4.4.4 (9A406a) IPSW” and open the Apple TV Firmware file that was saved initially.
Step 4: Wait, then click “Build IPSW” when prompted.
Step 5: Once it’s done Saving the File to your Desktop, it will say “Done building IPSW” in the header, DO NOT CLICK the “Proceed” button, close the program instead.

Part 3 - Build Custom Firmware with Seas0nPass (Device Unplugged)

Step 1: Launch Seas0nPass, and Click “Create IPSW”
Step 2: Wait for Seas0nPass to finish downloading and modifying the IPSW from Apple, this will take a few minutes at least.
Step 3: Once you see “Waiting for device to enter DFU mode…” it means that this part of the procedure is done, close Seas0nPass.

Part 4 - Modify Image Files with Total Commander (Device Unplugged)

Step 1: Create a New Folder within the Folder that was created at the beginning of this guide, name it “Finish”.
Step 2: Drag the Seas0nPass Firmware file (located within the My Documents -> Seas0nPass folder) that was created in Part 3 of the procedure into the Total Commander shortcut Icon located on your Desktop.
Step 3: On the Right Side of the Total Commander window, navigate to the “Finish” folder we created in Step 1 of this part of the procedure. The desktop can usually be found under the “Users -> [Login Name] -> Desktop” folder tree.
Step 4: Drag the two DMG files from the Left Side of the Total Commander window to the “Finish” folder on the right side, agree to any prompts.
Step 5: Close Total Commander, then drag the iFaith Signed IPSW located on your Desktop into the Total Commander shortcut icon, reopening the application.
Step 6: Drag the two DMG files that were previously moved to the right side of the window in Step 4, into the Firmware Archive on the left side of the window.
Step 7: Allow it to Overwrite, agree to any on screen prompts and wait for it to finish writing.
Step 8: Once complete, close Total Commander, you now have a signed Firmware File on your Desktop.

Part 5 - Flash Signed Jailbroken Firmware to Device (Device Plugged)

Step 1: Launch iFaith Once Again and plug Apple TV back into Micro USB.
Step 2: Choose “Use DFU Pwner (iREB)” and Follow on screen prompts.
Step 3: Your device has now been forced into DFU Recovery Mode, agree to proceed and then Close iFaith.
Step 4: Launch iTunes and wait for it to recognize Apple TV device.
Step 5: Hold the SHIFT key, Press the “Restore” button in iTunes.
Step 5: Open the Jailbroken Signed Firmware File that was previously saved to your Desktop named something like “00000XXXXXXXXXX_iFaith_Apple_TV_2-4.4.4 (9A406a)_signed.ipsw” and wait for iTunes to flash the device.

Congratulations! Your device has now been Jailbroken and is running 5.0.1 firmware. You can now use it as Apple definitely didn’t intend it be used. Remember, you read it first at Jailbreak Apple TV !

We’d like to give special thanks to the people that helped make this special DFU programming process possible, thanks goes out to CYBERxNUKE, ormanton, ih8sn0w, and Firecore for contributing to this guide.

Thirty Five views and not one reply? Thanks guys :stuck_out_tongue:

It might be a good idea to Sticky this thread as well.

Noob here.

 

Just got a used ATV2 and I had to do a fresh restore to use it the first time. And therefore forced to dump 5.0 on it.

Needless to say, no prior shsh blobs available.

I was thinking that the total commander process mentioned above it would let me use a current/valid 5.0 shsh blob and inject it into a 4.4.4 custom Seas0n Pass created ISPW (from the older Seas0n Pass). Is that not the case?
I tried using iFaith 1.4.2 to get the SHSH blob and it tells me that Unknown iOS Detected on this device! Aborting…

TinyUmbrella lets me pull of a SHSH, but it doesn’t seem to let me do anything with it in iFaith.

 

Anyone able to tell me what I can do, or do I need to wait for a new Seas0n Pass?

 

Win7 x64 is my OS - iTunes 10.6

 

(posted this in the other post, but I think this is the correct thread as I have 5.0.1 installed)

If your Apple TV is already updated to 5.1 then you’ll have to wait at least a couple more days until the 5.1 unthethered jailbreak is released. There’s nothing more you can do about it.

 

i was afraid of that…thanks for the reply.

I can verify that this works. I recently had trouble trying to JB my ATV with 4.3 firmware, the contents of this guide allowed me to successfully jailbreak the device.

For reference, I received an iTunes error 14 (Google indicated that it this meant corrupt firmware) when first trying to restore the custom firmware to the device, moving the USB cable from the front usb ports to the rear ports and trying again appeared to correct the problem. Instinct tells me that this should make any difference - it may have worked if I had just tried it again, however I’m just happy it’s broken finally :wink:

Very clever to copy&paste our tutorial :)))))))))))))))))) 

Having spent three+ days participating in the thread running on the Firecore forum, I find the claim that this technique “first” appeared on this other site to be very troubling.

Hi guys please really appreciate your help this is my little problem i have an atv2 with _iFaith_Apple_TV_2-4.1 (8M89)_signed i already trieded the seosOnPass file AppleTV2,1_4.2.1_8C154_SP_Restore, i changed the name for the damage file to the original file restore with itune everything went well but once connected to the tv i’m stucked at apple photo in the startup, and if i want to restart from the begin to try tese steps over here i have already saved my bloob what i need to do thanks

this is only news if it can JB 5.1

 

I tried to follow the guide from the first thread, it was impossible to understand, thank you for writing a much clearer version of it for us!!! G-d bless Firecore!

check original version http://forum.firecore.com/topic/7279

I read the original version first but it wasn’t very clear for us newbies, this one is much easier to follow. They gave you the credit in the text for discovery too.

Quick question…
When I drag the IPSW to total commander I see this:

[Firmware] -> this is a folder

038-3845-002

038-3845-002

kernaelcache.release

restore
Are I dragging the [firmware] file folder to the rightside??

 

Thanks,
Marshall

 

i follwed the initial guide that just involved extracting the dmg files from the sp firmware and overwriting the ifaith cust fw,

When is @Firecore going to embed this into Seas0nPass?

Just tried this, followed instructions exactly. Got to last step and iTunes says could not restore error 1600…

I have a new AppleTV2 with 4.4.4. iFaith keeps saying “unknown iOS version detected”. What to do?

Morning!

I just tried this and whilst it is a clearer guide for newbies, there is a conflict in the instructions.

 

Part 4 states Drag IPSW Firmware File from Left Side of Total Commander to the right.  In ormanton and CYBERxNUKE’s version, they state drag dmg files to right side.

By following the instructions on this post, you end up with an iFaith signed IPSW file with the SP IPSW File simply embedded into it.

Is this correct?

I tried flashing it for fun still got the same error 9 anyway!

i hava a new apple refurbished tv2. I lunched and check the FW. It says 4.4.4 (3330) if i try ifaith it says i hava a unknow ios device. Have some one the same problem?