How to fix a bricked iPhone

Posted by planetbeing on under level interface, extence, iphone, reas, dev team, new image, out of the blue, svn, parser, vulnerability, futzing, lt, ibss, stock |

So how did I manage to FIX the problem I mentioned earlier? The reason I was so vague on the details is that I used a confidential iBoot vulnerability that we didn't want Apple to know even existed! This allowed me to bootstrap openiboot directly from a stock iBSS that was loaded through DFU mode. I still can't tell you exactly what it is, but since geohot already leaked the existence of it, I figure I can tell you it exists and is what I used. :)

Then, it was a simple matter of using openiboot's NOR engine to restore everything. I even can use the new image list parser and AES engine to have a very nice high level interface to the image list, allowing me to "pwn" just with openiboot; no ramdisk futzing around!

The AES code has been in SVN for awhile, but to anyone following jailbreaking news, it's probably obvious why I suddenly, out of the blue, decided to reverse it and write it. Haha. So the night that I committed the AES code, is the night the Dev Team first decrypted the new img3 shit. :)
Tagi: level interface, extence, iphone, reas, dev team, new image, out of the blue, svn, parser, vulnerability, futzing, lt, ibss, stock

usbdump huh? how?

Posted by George Hotz on under digit hex number, iphe, phes, recovery mode, system profiler, good folks, phe, jailbreak, signatures, ecid, ibss, servers, linux |

Apple has added a new layer of security to the iPhone 3GS. I mentioned it several posts earlier; it's the ECID field. When iTunes starts the restore process, they contact Apple servers to generate signatures just for your device. It's important you get these signatures for your phone before a new version of the software comes out. I had previously suggested doing this by dumping usb while the iPhone restores. But this is complicated.

Fortunately, the good folks at purplera1n are here for you, the end user who wants a jailbreak. Follow these instructions to generate a unique certificate for your phones iBSS. And don't delay, Apple may change their minds. To clarify, this is instead of a usb dump. Do this, and you are good!

1. Put your phone into recovery mode and connect it to your computer.
2. Using usbview on Windows(enable Config Descriptors), System Profiler on Mac, or lsusb on Linux, read your phones ECID. It's the 16 digit hex number after "ECID:"
3. Go to purplera1n, type it, and hit enter
4. Save the generated file for a purplera1nyday...
Tagi: digit hex number, iphe, phes, recovery mode, system profiler, good folks, phe, jailbreak, signatures, ecid, ibss, servers, linux