How to install Android on your iPhone
Liberate your iPhone from Apple's clutches
By David Wang | PC World | Published: 12:08, 20 May 2010
Here's how to install Google's Android OS on your iPhone. Be forewarned, though: This hack isn't for the faint of heart.
Maybe you want to liberate your iPhone from Apple's clutches. Maybe you just want to tinker with something new. Either way, you've seen Android running on the iPhone, and you want to try it for yourself.
Still a Work in Progress
Although this port does everything that you expect your smartphone to be able to do, it isn't usable for day-to-day activities just yet - I haven't implemented any power-management functions, so a fully charged iPhone running Android will last only an hour or so.
A few bugs and performance issues remain, too, so while the phone will be usable, it won't be fast. If you do something unexpected (such as forcing the iPhone off), there is a small chance that you may end up restoring your device. However, it is impossible for any bugs to brick or disable your iPhone permanently.
Finally, media syncing is not working, so loading your media onto your phone is kind of a pain. I'm working as hard as I can, though, and I expect to fix these issues soon.
The iPhone is a well-engineered device, and it is virtually impossible to brick if you know these techniques. If all else fails, remember that you can always restore using DFU Mode.
You'll also need to be reasonably comfortable working in a command-line interface, and unless you're confident in trying to compile your own binaries, you'll need a PC running Linux (or a Linux virtual machine).
What You Need
1. A first-generation iPhone or an iPhone 3G with firmware versions between 2.0 and 3.1.2, jailbroken with Redsn0w, Blacksn0w, or PwnageTool. If you already updated your handset to 3.1.3 or to a 4.0 beta, you must use PwnageTool to create a jailbroken 3.1.2 .ipsw file to restore down to.
Note that I am explicitly excluding the iPhone 3GS, all iPod Touch models, and the iPad. This hack will not work with those devices (yet). I am also explicitly excluding iPhone OS 3.1.3 and all of the 4.0 betas. It will not work with the Spirit jailbreak, either.
If you haven't yet jailbroken your iPhone, don't worry - it's a simple process that consists mainly of pressing buttons on the device when prompted and clicking the next button in a wizard. I humbly recommend Redsn0w, since I wrote much of the code for that program.
Although much of the process can be conducted on any machine, one of the tools involved (called 'oibc') has not yet been ported to Windows. In addition, the binaries I provide are compiled on a 32-bit Ubuntu machine.
All of the utilities compile for Linux and Mac, however, so if you're feeling adventurous, compile the sources at github.com/planetbeing/iphonelinux and github.com/planetbeing/xpwn instead of using the binaries.
3. The prebuilt images and binaries; the exact files you use depend on whether you have a first-generation iPhone or an iPhone 3G.
4. The iPhone OS 3.1.2 .ipsw file for your device, namely either iPhone1,1_3.1.2_7D11_Restore.ipsw or iPhone1,2_3.1.2_7D11_Restore.ipsw. Chances are, you already have this file somewhere on your computer, but if you need it, you can download it.
5. The firmware for the Marvell WLAN chip inside the iPhone. Go to the URL, and on the right side of the page you should see a drop-down menu labeled 'Choose your platform'. Select Linux 2.6 - Fedora from the drop-down menu and click the Search button underneath. Download the file labeled SD-8686-LINUX26-SYSKT-9.70.3.p24-26409.P45-GPL. You'll get a file called SD-8686-LINUX26-SYSKT-9.70.3.p24-26409.P45-GPL.zip.
Android on iPhone, Step-by-Step
The first steps collect the multitouch and WLAN firmware for the iPhone. We cannot legally redistribute these binary blobs, so it is necessary for you to extract them from the .ipsw file and Marvell's Website.
1. On the Linux machine, create a folder named firmware in your home directory.
2. Extract SD-8686-FEDORA26FC6-SYSKT-GPL-9.70.3.p24-26409.P45.tar from SD-8686-LINUX26-SYSKT-9.70.3.p24-26409.P45-GPL.zip to a temporary folder.
3. Extract FwImage/helper_sd.bin and FwImage/sd8686.bin from SD-8686-FEDORA26FC6-SYSKT-GPL-9.70.3.p24-26409.P45.tar and put them inside your 'firmware' folder.
4. Rename helper_sd.bin to sd8686_helper.bin.
You have your WLAN firmware at this point. Now for the multitouch firmware.
5. On the Linux machine, create a folder named idroid in your home directory and extract utils/dripwn from the prebuilt tarball (.tar archive) you downloaded into it.
6. Copy or move the 3.1.2 .ipsw file you obtained from Apple's Website into the same 'idroid' folder as dripwn.
7. Start a command-line shell (Terminal under Ubuntu) and navigate to the 'idroid' folder you created. You can type cd ~/idroid to do this.
9. In the shell you started earlier, if you have a first-generation iPhone, type the following:
./dripwn iPhone1,1_3.1.2_7D11_Restore.ipsw [the VFDecrypt key you copied]
If you have a iPhone 3G, type the following:
./dripwn iPhone1,2_3.1.2_7D11_Restore.ipsw [the VFDecrypt key you copied]
10. After a while, the command will finish and you will have zephyr_main.bin, zephyr_aspeed.bin, and zephyr2.bin in your 'idroid' folder. Move these files into the 'firmware' folder.
You now have all the files needed for Android, and you can begin installing it.
11. If you haven't already, install the OpenSSH tool on your iPhone via Cydia.
12. If you just installed OpenSSH, connect to your iPhone via SSH, log in as root with the password alpine, and type passwd root to change the password for root. Then, enter passwd mobile to change the password for the mobile user.
Don't skip this step. All of the iPhone worms out there affect you only if you haven't changed the SSH password from the default.
13. Extract prebuilt/android.img.gz, prebuilt/cache.img, prebuilt/ramdisk.img, prebuilt/system.img, prebuilt/userdata.img, and zImage from the prebuilt tarball.
14. Use the 'scp' command or an SFTP client to upload all of these files into the /private/var folder on the iPhone.
You can use these commands on Linux, if you wish to use scp instead of an SFTP graphical-interface client. Assuming you're in the same folder as the files, enter:
scp android.img.gz root@[ip address of iPhone]:/private/var/scp cache.img root@[ip address of iPhone]:/private/var/scp ramdisk.img root@[ip address of iPhone]:/private/var/scp system.img root@[ip address of iPhone]:/private/var/scp userdata.img root@[ip address of iPhone]:/private/var/scp zImage root@[ip address of iPhone]:/private/var/
15. Using the SFTP client or scp, create a folder called firmware in the /private/var folder on the iPhone; afterward, upload all the files from the 'firmware' folder you created earlier to it.
If the 'firmware' folder you created earlier is inside your home directory, you can use the following command:
scp -r ~/firmware/ root@[ip address of iPhone]:/private/var/firmware