So.. iTunes 7.7 is now out. As is the app store on iTunes (http://phobos.apple.com/WebObjects/MZStore.woa/wa/viewSoftware?id=284602850&mt=8).

Downloaded apps are stored, at least in OS X by default, under ~/Music/iTunes/Mobile Applications/

They all end with a ".ipa" extension, which is just another .zip fle. After unzipping, they decompress to and iTunesArtwork file, a iTunesMetadata.plist file and a Payload folder with the app store app.

So if/when 2.0 is jailbroken.. anyone want to try installing an app non-sandboxed? (IE, in the /Applications folder). Are they signed? (They appear to be, see below) Will this work with non-free apps?

http://g.appleguru.org/ipaunzipped_sm.jpg (http://g.appleguru.org/ipaunzipped.png)

Also, the app packages appear to have two additional folders that "normal" app packages do not, a _CodeSignature folder, and a SC_Info folder... There is also a sim link in the app package to the "CodeResources" file, which is in the _CodeSignature folder.

The CodeResources file is an XML file that contains every file in the package, along with a signature for each (presumably so if anything is modified it wont run?). There is also a rules section... See screenshot here for an example:

http://g.appleguru.org/CodeResources.png

For Windows users: the applications (.ipa files) are in the user profile, in My documents\My music\iTunes\Mobile Applications.

You can view the contents of an application by renaming it: change the extension from .ipa to .zip; then double-click the file.

I doubt it will work until the dev team figures out how to crack the signature, if they do that is.

SOLUTION: Wait for Pwnage Tool 1.2 and then upgrade to 2.0 firmware :D

SOLUTION: Wait for Pwnage Tool 1.2 and then upgrade to 2.0 firmware :D

george,

fantastic. thanks for your technical advise. this helps the community a lot. ;)

now back to topic:

1. are these files encrypted or only signed?
2. you may put the binary into IDA to see which functions are getting used.

you may upload the binary to a place of your choice and drop me a PM, I'm gonna have a look :-)

kd rgds, nl2k

In the end it matters little whether they're signed and/or encrypted. If they're signed, it's only a matter of patching the OS to ignore signatures. If they're encrypted, the key to decrypt them must be available in the phone somewhere.

It's like any other DRM scheme. Always crackable with enough patience.

Somebody should try just removing the extra folders inside the .app folder and uploading to their phone, setting correct permissions and see what happens.

Somebody should try just removing the extra folders inside the .app folder and uploading to their phone, setting correct permissions and see what happens.
Already tried it, no luck, icon shows on springboard, and when you open the app it just exits again.... no permissions error

like i said in an other thread, itunes looks in your shopping list of your itunes account, and if it´s not listed in there, you can´t do anything with it. This prevents the people from transferring the app to the phone. So i think the *.ipa is just for packaging reasons, itunes extracts the *.app folder off it and loads them on your phone. The phone itself may not check if its legit... So when we have filesystem access / jailbreak, we can enjoy the games, not caring about any encryption :D (at least until the next sync, maybe iTunes checks the apps everytime you sync the phone...)

Having managed to get Apps I have no license for (free ones still) onto my iPod i can safetly say that I believe the apps check for legitness themselves, as they will not load.

This is true for both paid and free apps.

What you all don't seem to realize is that 2.0 contains TOTALLY different frameworks than 1.1.x. If you tried to run a 1.1.x app on 2.0, regardless of what extent you jailbroke the iPod/iPhone, it would do the exact same thing, as would running a 1.0.x app on 1.1.x. This was just the problem with jailbreaking. The code will have to be recompiled with the new APIs to run on 2.0, or the 2.0 app will have to be compiled with the 1.1.x APIs to run on 1.1.x. Simple as that. The apps very well may be entirely unencrypted for all we know; until we have Pwnage 1.2 we have no way of knowing anything.

What you all don't seem to realize is that 2.0 contains TOTALLY different frameworks than 1.1.x. If you tried to run a 1.1.x app on 2.0, regardless of what extent you jailbroke the iPod/iPhone, it would do the exact same thing, as would running a 1.0.x app on 1.1.x. This was just the problem with jailbreaking. The code will have to be recompiled with the new APIs to run on 2.0, or the 2.0 app will have to be compiled with the 1.1.x APIs to run on 1.1.x. Simple as that. The apps very well may be entirely unencrypted for all we know; until we have Pwnage 1.2 we have no way of knowing anything.This thread is not specifically for running App Store apps on 1.1.x. Once 2.0 is jailbroken, the question comes up for 2.0.

plus, dont forget you can load apps in 2.0 with xcode ;)

What I want to know: where do the AppStore-downloaded or synced apps go in the filesystem?

They don't seem to show up within /var/mobile/Media. There is a directory for ApplicationArchives, but that's the extent of what I could find using iphuc.

I have a feeling apps locations are located somewhere like /var/mobile/Applications (it seems to be in the 'Media' partition as iTunes shows them using up storage as 'other'). If that's true, we may have a new location to put Installer-downloaded apps into (w/ Springboard access) and get rid of that 'not enough space on OS partition' issue once and for all.

We can already put applications in media partition just by creating a symlink.