UPDATE 4/2/12 – If you have updated to AppleTV 5.0, there is now a jailbreak method and XBMC available. Check this post for updated info and downloads for version 5.0 (9B179b iOS 5.1).
Today, I successfully jailbroke and installed XBMC tonight on a Apple TV 2 I purchased 3 hours ago. Finding an Apple TV 2 in-stock was a chore in itself as the Apple TV 3 was just released. I’m watching my network shares on XBMC as I write this.
Most methods written in the last few weeks and days didn’t work for me and tons of other commenters all over the web because of Apple no longer signing firmwares from their website. This means that iTunes no longer recognizes 4.4.4 as official. When it checks legitimacy of firmwares, it will reject ones created without the signed unit unique SHSH blobs embedded.
NOTE 1: From everything I’ve read, you need to make sure you have firmware 4.4.4 and not 5.0. If you let iTunes upgrade you to 5.0, there is no current jailbreak or downgrade to 4.4.4 without SHSH blobs. You need the SHSH Blobs to sign custom firmwares (like the jailbreak hack below); otherwise, iTunes will not restore this custom firmware. SHSH Blobs are specific to only your device.
NOTE 2: You must use Windows for this method to work!
NOTE 3: You need a micro USB to standard USB cable. Almost all Android devices have these as part of their chargers and this is what I used.
How to Jailbreak Apple TV 2nd Gen as of 3/17/12
I will rewrite the original instructions because they were a little vague to me. Credit goes to user CYBERxNUKE on support.firecore.com. I highly recommend reading the original instructions and watching the video multiple times before you try this method.
Watch this video and pause frequently as you go through the steps:
Step 1 – Download Software
I recommend putting all the following downloads into a new folder on the desktop to stay organized. Download the following software as you’ll need it later (remember, this is Windows only!):
– seas0npass – newer versions won’t work. You need version 0.3.52.4509! (I believe CYBERxNUKE accidentally wrote 0.3.52.4905).
– iFaith – from http://blog.ih8sn0w.com/
– Total Commander – this is used to open and edit container files (you’ll see later)
– iTunes 10.5+ – you need at least iTunes 10.5. I didn’t have it, so I downloaded a fresh copy of 10.6
Step 2 – Get Your SHSH Blobs with iFaith
If you found this page, you’ve probably come across TinyUmbrella. This does not work for this tutorial! You need to open iFaith and press OK a few times. When you get to the iFaith homescreen, choose “Dump SHSH Blobs”. This will a “.ifaith” file up to your Documents folder.
After you press the “Dump SHSH Blobs”, keep advancing: “Proceed > Let’s Go > Yes”
At this point, you should see an animation showing you to ONLY plug in your micro USB cable. Once Windows recognizes and installs drivers if necessary, press “Start”. When the FIRST counter gets to “2” press and hold the “Play” + “Menu” until the second counter counts down from “5” (that’s a total of 7 seconds). This trick puts you into DFU mode. When you release, iFaith will go through a series of steps and download the SHSH Blobs. If it doesn’t work the first time, keep trying to get your timing down.
After this step finishes, unplug your Apple TV from the computer!
Step 3 – Build *signed* IPSW w/ Blobs
This step will integrate the necessary authentication files inside a standard Apple TV restore file (.IPSW) so that iTunes will later accept your final jailbreak .ISPW file.
Go back to the homepage of iFaith and choose “Build *signed* IPSW w/ Blobs”. Click “Browse for SHSH Blobs cache” and navigate to your Documents folder. Open the file that ends with .ifaith that was just created. It will have a really long name starting with numbers. You should keep a copy of this file in a secure location forever. It is specific to just your Apple TV.
After you’ve selected your .ifaith file, you will be asked to browse for the 4.4.4 (9A406a) IPSW file. Choose “Download it for me”. (If for whatever reason that fails, you can try to get it from apple or iClarified). After it downloads, iFaith will sign your standard IPSW file with your SHSH Blobs.
Once you iFaith has created your signed 4.4.4 IPSW file, move it to your new folder on the desktop so its easier to find. This file will be about 395MB and have a really long name that ends in “…signed.ipsw”.
Step 4 – Seas0nPass IPSW Restore Creation
This step will create the necessary files in a IPSW to jailbreak your Apple TV. We will extract these later and merge them with our signed IPSW we created in Step 3. Starting to see how this comes together?
Start Seas0nPass. Remember: this must be version 0.3.52.4509 since newer versions won’t work. If you’re unsure if you have the right file (its linked above in the download section), hover your mouse over the program icon and you’ll see the version info.
When Seas0nPass is started, just press “Create IPSW”. This is going to take about 10 minutes, so go play Solitaire. Seas0nPass is going to download the firmware 4.4.4 IPSW and then inject the jailbroken payloads.
After the process completes you should move the folder “Seas0nPass” from “Documents” to your new folder you created on the desktop.
Step 5 – Extract Jailbreak Payload from Seas0nPass IPSW
These next few steps can be confusing, so pay close attention to file names!
Drag the file “AppleTV2.1_4.4.4_9A406a_SP_Restore.ipsw” over the Total Commander shortcut on the desktop. This will cause Total Commander to open the .ipsw file and you can see its contents in the left panel.
If this is your first time running Total Commander, there will be the occasional window that pops up asking you confirm settings. The defaults are ok.
After you have “AppleTV2.1_4.4.4_9A406a_SP_Restore.ipsw” open in Total Commander, select the 2 files in the left panel called using your SHIFT key:
Drag these 2 files over to the right panel so they extract to the hard drive. You may have to give admin rights if prompted.
Step 6 – Inject and Overwrite With Jailbroken Files in *signed* ISPW
This next step involved taking the extracted .dmg files from Step 5 and overwriting those in the *signed* IPSW file created by iFaith.
Drag your IPSW file created in Step 3 that ends in “…signed.ipsw” over the Total Commander shortcut so that it opens in Total Commander. Select your 2 .dmg files you extracted in Step 5 and replace those in “…signed.ipsw”. Make sure to choose “Overwrite all” when prompted.
Step 7 – Put Apple TV in DFU Mode to Receive Jailbroken Signed IPSW
You are now ready to put the Apple TV 2 in DFU mode to accept the jailbroken and signed IPSW restore file.
Go to the homescreen of iFaith again. Select “Use DFU Pwner (iREB)” and follow the onscreen instructions. Connect the Apple TV 2 to your computer with just the USB cable. Don’t forget to hold Play+Menu for 7 seconds.
Step 8 – Restore the Jailbroken Signed IPSW Through iTunes
Start iTunes. It may ask you to connect to Apple to check the version of your Apple TV. This is ok as long as you don’t try to get updates from Apple (the dreaded 5.0).
IMPORTANT: Press and hold the SHIFT key while clicking “Restore” in iTunes on your Apple TV. If you don’t press and hold SHIFT while left-clicking, you could accidentally upgrade! Browse for your IPSW file ending in “…signed.ipsw”. If you don’t pick the signed IPSW file that iFaith first created you’ll get a 3194 error (“This device is not eligible for the requested build”).
Almost Done – Just Install XBMC
The hard part is over. If iTunes told you the restore was successful, you just need to follow the steps in the following video. To SSH in and install XBMC, Mac users need to go to Applications > Utilities > Terminal, and Windows users will need Putty.
The video starts half-way through because the 1st half is a broken method for jailbreaking Apple TV 2, but the XBMC bit is still valid (thanks ifibashir):
Credits: CYBERxNUKE, firecore, ih8sn0w, and ifibashir