Posted by George Hotz on under iphe, linux drivers, recovery mode, bootloader, baseband, ipsf, padding, cmd, token, hack, patches, elite, linux | 
The IPSF exploit still works in the 1.1.3 baseband, and now that we know Apple doesn't update the bootloader it appears to be safe to use. IPSF works using the RSA padding hack in bootloader 3.9, so as long as the bootloader is 3.9, I can't see it breaking.
Here is reference code I wrote to do the IPSF unlock a while ago. With a few mods, elite can turn their virginizer into an IPSF unlocker. I wouldn't bother with the AnySim patches anymore, they are lost after every restore, and need to be modified for each version of the baseband. Be warned though, back up your seczone before IPSF unlocking. IPSF erases your NCK token.
Also I was playing around with writing linux drivers, and I figured I'd start one for the iPhone.
Here is what I have so far, it only works in recovery mode. You can echo iBoot commands to /proc/iphone/cmd
Tagi: iphe, linux drivers, recovery mode, bootloader, baseband, ipsf, padding, cmd, token, hack, patches, elite, linux
Posted by George Hotz on under software hack, bootrom, gunlock, comex, dmg, bbupdater, tokens, hacks, crap, patches, checks, open source |
Ok, here is where we stand right now.
ZiPhone seems to be the tool a lot of people are using. What it does is boot an unsigned ramdisk with a script to jailbreak, activate, and unlock. If you would like to view the ramdisk yourself, cut the first 0xCC2000 from the dat file and mount it as a dmg. The script is in /etc/profile. Also, Zibri, patch out the bootloader check from gunlock, it'll work with 3.9
ZiPhone is a wrapper for gunlock, which means with 4.6, it currently only unlocks 4.02.13 In order to unlock 4.03.13, right now you need bootloader 3.9
gbootloader will erase and downgrade your bootloader from software. I have checks in the program to prevent a bootloader without the bootrom locations blank from being uploaded, but if used properly, it will downgrade to 3.9, allowing 4.03.13 to be used.
4.6_GEOMOD is a modified bootloader I have with all secpack stuff patched out, hard coded IPSF style unlock(tokens always validate), full anywhere write access, no startup sig checks, and the bootrom locations blank. But the only 4.6 phone I have got bricked while I was trying to restore the seczone, and my bootloader software hack doesn't seem to work in 3.9 I guess I'll have to hw upgrade. Laziness...
Another problem comes with the release of the modified bootloader. It is copyrighted, and the patches are decently complex. What I'd really like to see is an open source, very well coded(the current compiler is crap), bootloader. Say written in assembly. I believe a full bootloader with all the functionality(minus the security) can fit in under 0x1000 bytes. It should continue to work with bbupdater, but have the crypto state machine fixed to validate everything possible. Maybe I'll get around to writing it. This is the ultimate in baseband hacks, and will put every other hack to rest, once you get the new bootloader on there. I'm sick of patching and trying to understand other peoples(badly written) code, when I can just write my own.
Tagi: software hack, bootrom, gunlock, comex, dmg, bbupdater, tokens, hacks, crap, patches, checks, open source
Posted by on under decis, nice thing, mobiledevice, countermeasures, itunes, technical aspects, screenshot, patches, blog |
If youâ??ve been following the technical aspects of our blog since July, you may have noticed that weâ??ve asserted multiple times that Apple canâ??t fix the bug weâ??ve exploited in PwnageTool unless they fix their hardware.
That hardware fact is still true. But one way they can try to combat Pwnage for existing hardware is to program iTunes to detect and prevent the Pwnage exploit. In fact, theyâ??ve already done that in iTunes 8. The screenshot below from iTunes 8 using a Pwned ipsw (with an unPwned device attached) is one example.
The nice thing about iTunes decisions is that we can provide you with patches to counter them. We have one such patch already for Mac iTunes 8 for iPod touch. Weâ??ll be working out the full suite of patches for all the combinations over the next week.
Here are 2 screenshots that Apple doesnâ??t want you to see. Notice the Terminal icon at the end of:
Then once weâ??ve launched it, despite mobiledeviceâ??s best intentions:
Tagi: decis, nice thing, mobiledevice, countermeasures, itunes, technical aspects, screenshot, patches, blog
Posted by George Hotz on under miu, patches, bugs |
522F448E276B09E7D3F90950BC1AC3B99602A3A9
Thanks planetbeing for help with the MIU. It was playing hard to get.
And Apple, you have bugs in "usb put". Want the patches?
Tagi: miu, patches, bugs
Posted by George Hotz on under th step, iphe, commcenter, network speed, twitter, baseband, t mobile, reboot, e file, traces, patches |
* 3G(the network speed) issues fixed
* Now only patches one file, CommCenter
* Leaves no traces on your baseband after it runs. 0 bytes of RAM
* Much more clean and reliable.
Be sure to have legit activated 3GS
Disable 3G if you don't have it(like T-Mobile).
Add
apt.geohot.com to Cydia
Install(or Update)
com.geohot.purplesn0wWatch for success output in Cydia(actually do this step)
Wait for signal, and enjoy your unlocked iPhone(no reboot required)
Follow @geohot on twitter
Tagi: th step, iphe, commcenter, network speed, twitter, baseband, t mobile, reboot, e file, traces, patches
