Hackint0sh - View Single Post - Official, Consolidated iPhone Hack Unlock Thread

freudling · #1 (**permalink**) 07-01-2007, 11:30 PM

I have been bouncing around the internet, and here is some consolidated info about unlocking/hacking the iPhone. Someone should start a skypecast. You need skype and a windows box to host one.

Consolidated iPhone Hacking Info:

Removing the SIM card from http://www.howardforums.com/showthread.php?t=1191069:

Pictures won't show here.

"Insert the end of a small paper clip into the hole on the SIM tray. Press firmly and push it straight in until the tray pops out."

Alright, I did some swapping this morning, and below is what I have found out. In summary, the iPhone SIM, once activated seems to work fine in unlocked and newer and older AT&T/Cingular phones that are locked. Other AT&T/Cingular SIM cards will not work until activated with iPhone plans. They connect, can't dial. iTunes will let you activated it. Non AT&T/Cingular SIM cards will not work at all.*

So, this phone has almost a double-lock on it. You have your standard GSM subsidy lock, but you also have some sort of mechanism that is tying the SIM card to the phone. This latter one I'm sure someone will figure out how to work around soon.*

Phones:
iPhone (activated) 8gb Locked to AT&T/Cingular
Treo 680 GSM Unlocked & unbranded
SonyEricsson Z520 Locked to Cingular
SonyEricsson W600i Locked to Cingular

SIMs:
iPhone "AT&T 3g SIM" - Activated
Cingular 3g SIM - Prepaid (looks just like AT&T Sim minus logo)
Cingular 64k "Smartchip" Sim
Vondafone UK SIM
OldSkool AT&T SIM

Yes = Works*
No = Does Not Work

iPhone
YES - iPhone "AT&T 3g SIM"
NO - Cingular 3g SIM - Prepaid (looks just like AT&T Sim minus logo) - Same as below
NO - Cingular 64k "Smartchip" Sim - Gets a "Incorrect SIM please connect to iTunes to reactivate phone" It does let me use phone features, just fails when trying to dial. It does connect to AT&T.
NO - Vondafone UK SIM - "Incorrect SIM, The iPhone must be used with an approved SIM" This is a different message than using another CINGULAR/ATT Sim. This is the GSM "lock"
NO - OldSkool AT&T SIM - Same message as Vodafone SIM

Treo 680
YES - iPhone "AT&T 3g SIM"
YES - Cingular 3g SIM - Prepaid (looks just like AT&T Sim minus logo)
YES - Cingular 64k "Smartchip" Sim
YES - Vondafone UK SIM
YES - Oldskool AT&T SIM (won't connect to network though, it's deativated)

Sony Ericsson Z520
YES - iPhone "AT&T 3g SIM"
YES - Cingular 3g SIM - Prepaid (looks just like AT&T Sim minus logo)
YES - Cingular 64k "Smartchip" Sim
NO - Vondafone UK SIM
NO - Oldskool AT&T SIM

Sony Ericsson W600i
YES - iPhone "AT&T 3g SIM"
YES - Cingular 3g SIM - Prepaid (looks just like AT&T Sim minus logo)
YES - Cingular 64k "Smartchip" Sim
NO - Vondafone UK SIM
NO - Oldskool AT&T SIM

You can Still use other things without SIM (after it is activated)

You can still play music and use other features with invalid SIM

Gsm Cell Phone
Tons of cool gsm phones. Affordable plans. Get Rogers Wireless.
www.rogers.com

From Mac Rumors:

All current claims to people owning an unlocked iPhone are false. To this date no one I am aware of has successfully unlocked an iPhone. I purchased an iPhone at 6 yesterday with the sole purpose of unlocking it. I have T-Mobile and have zero intention of switching to AT&T. So, I'm looking for the community who is currently trying to unlock it. I was involved in the uncrippling the V710 project and was impressed by the people I met.

I'm hoping we could get a sticky thread going with all the current progress made. Maybe this thread :-)

Here is the progress I have made so far. My friend purchased an iPhone as well yesterday and let me run a USB sniffer while he was activating it. Here is that log. You can view it with SnoopyPro. Currently, I cannot even get my iPhone off the main screen saying I need to activate it. That is the first step towards an unlock. I'm surprised no one has really started hacking it yet; where are the firmware dumps, does it have seems, where is the unlocked status stored? Post whatever you can find out. My sn is "imgeohot". If this community is as good as the V710 community, we can have this thing unlocked in a week.

The iPhone is an amazing device, let's bring it to the AT&T free masses. I am looking for the "they" people claim will unlock the iPhone and actually will work on it.

This is a crosspost from HoFo

From hackint0sh:

I've got my iPhone, it's activated, and I've been doing some rudimentary analysis of what's going on with it. I doubt I'll be able to accomplish the Holy Grail myself - loading 3rd party apps to do whatever you want (portable gaming platform ahoy!) But I bought my iPhone in the hopes that it'll eventually happen, and I'd like to help the hacking community get to that point however I can.

Here's what I've found so far.

When you update iTunes to 7.3, a PrivateFramework called MobileDevice.framework gets installed in /System/Library/PrivateFrameworks. Four applications are inside it, aside from the library binary itself: AppleMobileDeviceHelper.app, AppleMobileSync.app, reenumerate, and usbmuxd. These applications, from a cursory analysis (i.e. strings

), seem to have tons of debugging info left in them.

When I sync my iPhone, iTunes throws this into the Console:

Created child with pid 788...
Starting child at /System/Library/PrivateFrameworks/MobileDevice.framework/Resources/ AppleMobileDeviceHelper.app/Contents/MacOS/AppleMobileDeviceHelper, setting input fd to 27, output fd to 33 and closing all other pipes
Created args array of size 5
Child /System/Library/PrivateFrameworks/MobileDevice.framework/Resources/ AppleMobileDeviceHelper.app/Contents/MacOS/AppleMobileDeviceHelper starting up, argc is 4...
arg[0] = /System/Library/PrivateFrameworks/MobileDevice.framework/Resources/ AppleMobileDeviceHelper.app/Contents/MacOS/AppleMobileDeviceHelper
arg[1] = --pipe
arg[2] = 27
arg[3] = 33
Created child to sync device with pid 789...
Waiter has started running...
Created unique process name from name AppleMobileSync, process name AppleMobileSync: AppleMobileSync.FD62FB24-08FA-4FD6-B7FC-6566D9F5229D

So in order to mess with the iPhone, iTunes calls "AppleMobileDeviceHelper --pipe [input pipe] [output pipe]", which I assume to just be plain old unix file descriptors. Someone should sniff the data running over those pipes to get started.

-Hi
I did a port scan and found something running on port 62078

Don't know what it is, and when ever you connect, it cuts the connection right away.

Any ideas?

-We managed to obtain and crack the hashs of the user passwords for the iPhone OS. More information could be found at our development Wiki here (link removed).

Edit: cause you digg people broke the poor wiki:

The password for root is "alpine"
The "mobile" user accounts password is "dottie"

Is it sick to have root pasword to all iPhones worldwide? Well not really, there is no terminal yet to login

-FWIW - I can also confirm that the iPhone is not an any way locked to the SIM it is shipped with prior to activation.

I was having activation issues, and after numerous phone calls and trips to ATT store, they finally swapped out the SIM (which fixed the problem).

iPhone Restore image download:

This ipsw file is actually a zip file. Rename it .zip and unarchive. You will get two disk images, a system software dmg and a user dmg (from what I can tell). The system software dmg is password protected

There are also a few files compressed using the compzlss thing as on AppleTV.

Happy Hacking!!!!

Just to note, I couldn't download it in Safari, but "curl -O http://..." worked for me.

http://appldnld.apple.com.edgesuite....a_Restore.ipsw

From this thread:

http://hackint0sh.org/forum/showthread.php?t=1316

-iPhone Dev Wiki:

http://hissomnia.com/wiki/index.php?title=Main_Page

SIM Card Answers:

http://www.howardforums.com/showthread.php?t=1191069

Site claiming to unlock iPhone soon:

http://unlockuriphone.blogspot.com/

I have an iPhone to dedicate to testing, so if anyone needs info from it (i.e. IMEI) I will forward it to you.