I need help.

Here are my iPhone current Details:

iPhone 3GS 32GB
Made on 28th week of 2009
Running on 3.1.2 – 5.11.07

My 3GS was jailbroken and working perfectly, and two days ago it froze. I tried restarting it, and the apple never went away, I tried everything and it never turned fully turned on. So here is what I’ve done:

Restarted it in DFU mode
Tried to restore it to a normal 3.1.2 ipsw but iTunes wouldn’t let me
So, I used Pwnage tool and PWNED the ipsw
Restored by itunes to PWNED 3.1.2
It worked and started perfectly Jailbroked but not unlocked
I tried unlocking it with blacksn0w, blackra1n and ultrasn0w
the signal turns into searching and stays searching forever
If I try restarting, the apple never goes away.

I tried different ways of jail breaking and the same problem always happened, please help me, my iPhone is my life, my job depends on it.

Cheers,
Ramy

Originally Posted by ramy.romany

I need help.

Here are my iPhone current Details:

iPhone 3GS 32GB
Made on 28th week of 2009
Running on 3.1.2 – 5.11.07

My 3GS was jailbroken and working perfectly, and two days ago it froze. I tried restarting it, and the apple never went away, I tried everything and it never turned fully turned on. So here is what I’ve done:

Restarted it in DFU mode
Tried to restore it to a normal 3.1.2 ipsw but iTunes wouldn’t let me
So, I used Pwnage tool and PWNED the ipsw
Restored by itunes to PWNED 3.1.2
It worked and started perfectly Jailbroked but not unlocked
I tried unlocking it with blacksn0w, blackra1n and ultrasn0w
the signal turns into searching and stays searching forever
If I try restarting, the apple never goes away.

Blackra1n is not an unlock. If you have jailbroken with pwnagetool you have absolutely no reason to use blackra1n.

Before you had problems did you use blacksn0w or ultrasn0w? I suspect you used neither (just jailbroken), so you probably answered incorrectly when asked if you could activate your phone legitimately with iTunes. This is one of the questions pwnagetool asks you. You most likely should have said yes to this question.

Try pwnagetool again and answer yes to this question. You have to connect your iPhone to itunes and let it activate after you restore the custom firmware from pwnagetool.

3gs. 3.1.2. Baseband 5.11.07. Old bootrom.

Up until a few days ago everything was good - Had the phone built from vanilla 3.1.2, then had Blackra1n do the unlock + JB.

Had to rebuild.

3.1.2 no longer possible. (Cydia tells me I have 3.1.2 SHSH on Saurik's, but it don't work - pointed my resolver at saurik's server via hosts file, ensured the session is actually being opened there using netstat -na, and even tried it on both a mac and a PC... Saurik's SHSH's seem a dead end at this point).

So...

3.1.3 - NO WAY I'M GOING THERE.
3.1.2 vanilla - not authorized by apple or saurik.
3.1.2 custom ipsw - works.


Then I go to apply the unlock. Only unlock I know of for 3gs/5.11.07 is blacksn0w (can anyone disputethis? bootneutr or something?)

Installing it - exactly what my friend up above said.
Immediately after sn0w installation Comms gets a kick (WIFI drops dead, cellular goes "SEARCHING..." forever, and if you peek in the Settings panel you'll also notice Bluetooth gets grayed out.) This MAY be the way Geohot designed it.

What follows -is- a problem, and it would be nice if we could work around it as lots of people don't have access to vanilla 3.1.2 anymore, only custom-cooked IPSW's.

If you reboot, apple logo stays forever, until it reboots itself, a process it repeats forever (it actually writes to the NAND in there, so if you leave it running like that forever, your flash will die at some point :/)

I can take us one step further tho....

My nerdy IPSW dumps console onto the screen (go us linux geeks! ) , and the last console message in the boot sequence says this:


(am typing what I see on iphone screen into this post, so forgive any typos :/ )

<kernel>
<fsck of filesystems>
<lots of other unixy junk>
<multitouch drivers>
...
...
...
AppleBCMWLAN::setPOWER() [configd]: Setting power state to 1
AppleBCMWLAN88PlatformManager::handleBBNotificatio nGated(): Baseband Reset,wifi down
AppleBCMWLAN::halt()
AppleBCMWLAN::scanComplete(): Scan failure: operation was aborted
AirPort: EnabledAppleBCMWLAN (link 1, sys 0, user 1)
en0: Error configuring antenna diversity (index=-1).
en0: Error configuring transmit antenna (index=-1).

<2-3minute delay/timeout>
<reboot>

Looks like the baseband ain't all that happy when sn0w is applied via custom ipsw. Not that I'm a big iphone guru by any stretch of the imagination.

I've also shot Geohot an email about it. Hope he can spare a moment for this, being in a race against time to jack the iPad and all.

Ideas anyone?

Originally Posted by mikishapiro

3gs. 3.1.2. Baseband 5.11.07. Old bootrom.

Up until a few days ago everything was good - Had the phone built from vanilla 3.1.2, then had Blackra1n do the unlock + JB.

Had to rebuild.

3.1.2 no longer possible. (Cydia tells me I have 3.1.2 SHSH on Saurik's, but it don't work - pointed my resolver at saurik's server via hosts file, ensured the session is actually being opened there using netstat -na, and even tried it on both a mac and a PC... Saurik's SHSH's seem a dead end at this point).

So...

3.1.3 - NO WAY I'M GOING THERE.
3.1.2 vanilla - not authorized by apple or saurik.
3.1.2 custom ipsw - works.


Then I go to apply the unlock. Only unlock I know of for 3gs/5.11.07 is blacksn0w (can anyone disputethis? bootneutr or something?)

Installing it - exactly what my friend up above said.
Immediately after sn0w installation Comms gets a kick (WIFI drops dead, cellular goes "SEARCHING..." forever, and if you peek in the Settings panel you'll also notice Bluetooth gets grayed out.) This MAY be the way Geohot designed it.

What follows -is- a problem, and it would be nice if we could work around it as lots of people don't have access to vanilla 3.1.2 anymore, only custom-cooked IPSW's.

If you reboot, apple logo stays forever, until it reboots itself, a process it repeats forever (it actually writes to the NAND in there, so if you leave it running like that forever, your flash will die at some point :/)

Have you tried blacksn0w RC2? http://www.hackint0sh.org/f230/117709.htm It changes the timing of when blacksn0w is loaded to prevent problems with losing wifi.

You should be able to restore 3.1.2 on your 3GS via Cydia (have you also tried The Firmware Umbrella / Tiny TSS

New direction. Excellent

First off, forgot to mention, I had to rebuild *because* I hit "reset network settings" to try and fix an unrelated problem (dead SIM) (and oh what a regretful thing to do that was... :/ ).

Now, here is what I did right now:

1. Re-recovered from custom ipsw.
2. Got WiFi at this point, no unlock.
3. Installed blackra1n, then only cydia, then Blacksn0w RC2 Final from Cydia.pushfix.info.
4. Rebooted.
5. Loop is sorted, springboard is up.
6. As per Geohot's comments on the package, the unlock only tries to do its thing after springboard loads.
7. You can see the locked-on-foreign-carrier-1-cellular-bar turn into "SEARCHING...". Networking is completely dead. No Wifi. No bluetooth. and so it stays forever.
8. Can repeat by going back to step 1 at will.
...

I'm guessing as per the thread you linked to, this has to do with re-flashing on a system that already had sn0w...

This bit by dtube on the thread you linked might be key:

Say they get the phone to boot in safe mode like you did. Wouldn't it make sense for them at this point to remove /usr/lib/blacksn0w.dylib and put back the original com.apple.CommCenter.plist ? I know they don't have wifi at this point but they can probably use something like ifunbox / iphoneview to manipulate those files.

... tho it was followed with this comment from pushfix:

Yeah, usually they wouldn't have WiFi.

note: I do have wifi right after the custom-flash, and can pro'lly do it at the step I designated [2] up above.
Quote continues:

They could remove blacksn0w at that point, but all it took for me was another reboot and it fixed itself. Having them replace the com.apple.CommCenter.plist file directly is even more risky because if they mess that up, there is no chance to recover from that. Although actually, if you gave them the original file, they wouldn't even need to remove blacksn0w.dylib.

Thoughts?

Originally Posted by mikishapiro

New direction. Excellent

First off, forgot to mention, I had to rebuild *because* I hit "reset network settings" to try and fix an unrelated problem (dead SIM) (and oh what a regretful thing to do that was... :/ ).

Now, here is what I did right now:

1. Re-recovered from custom ipsw.
2. Got WiFi at this point, no unlock.
3. Installed blackra1n, then only cydia, then Blacksn0w RC2 Final from Cydia.pushfix.info.
4. Rebooted.
5. Loop is sorted, springboard is up.
6. As per Geohot's comments on the package, the unlock only tries to do its thing after springboard loads.
7. You can see the locked-on-foreign-carrier-1-cellular-bar turn into "SEARCHING...". Networking is completely dead. No Wifi. No bluetooth. and so it stays forever.
8. Can repeat by going back to step 1 at will.
...

I'm guessing as per the thread you linked to, this has to do with re-flashing on a system that already had sn0w...

So What can I do?, I have the same problem and I can actually go to cydia at any time, uninstall the pushfix or the ultrasn0w unlock and then I get wifi and my device works again on the jailbreak but not the unlock.

So what should I fix before installing the unlock again?

Originally Posted by ramy.romany

So What can I do?, I have the same problem and I can actually go to cydia at any time, uninstall the pushfix or the ultrasn0w unlock and then I get wifi and my device works again on the jailbreak but not the unlock.

So what should I fix before installing the unlock again?

You need either ultrasn0w or blacksn0w - depending on your baseband. You should not be trying both.

It is likely you need blacksn0w and if that is the case you should try blacksn0w RC2 as linked to earlier in this thread.

Originally Posted by Olethros

You need either ultrasn0w or blacksn0w - depending on your baseband. You should not be trying both.

It is likely you need blacksn0w and if that is the case you should try blacksn0w RC2 as linked to earlier in this thread.

I tried it and it doesn't work. I think it might have to do with flashing the bootrom, but I do not know how to do that.

My iPhone was working perfectly, I wish nothing happened.

Originally Posted by ramy.romany

I tried it and it doesn't work. I think it might have to do with flashing the bootrom, but I do not know how to do that.

My iPhone was working perfectly, I wish nothing happened.

You can't flash the bootrom it is hardwired in the factory and cannot be changed via software.

Keep on trying you will eventually get it working. There is another thread that might help a bit.

Originally Posted by Olethros

You can't flash the bootrom it is hardwired in the factory and cannot be changed via software.

Bootloader - no. Baseband - yes.
For all ye 3GS/3.1.2/5.11.07 people who have no SHSH's and have been holding out by the teeth not to go to 3.1.3.
If you had a blacksn0w unlock, then hit "reset network settings", your baseband is cactus (despite being of the right version).
It's been around for a couple of weeks, but nobody put together a decent howto (and I had to go through a LOT of trial, error and forums and google searches that fill in only occasional pieces of the puzzle), so for what it's worth, here's my walkthrough. CAVEAT: If I could offer you only one tip for the future, sunscreen would be it. The long term benefits of sunscreen have been proved by scientists whereas the rest of my advice has no basis more reliable than my own meandering experience.

This is just a bunch of stuff that worked for me. I take absolutely no responsibility for what you do with your
phone. First off, this applies SPECIFICALLY TO people who have 3.1.2 and baseband 05.11.07 on a 3GS for whom the snow unlock neither the old one nor the new RC2 one no longer works. Good news is, we can fix it.

Don't try this with other basebands!

Here goes: 1. Install a custom IPSW via itunes (you can do this even if you dont have 3.1.2 SHSH on Saurik's server). You can either use custom firmware (google "custom-firmware-ipsw 3.1.2" sometimes hksplit is needed to remerge chunks)
Or install PwnageTool on a mac and create your own from an apple-issued vanilla 3.1.2 IPSW.

Sidenote: If you're a linux geek like me, when rolling your own ipsw, unzip your resulting IPSW,
replace one file, then re-zip it back together and you get all the kernel console messages on the screen during bootup. Wish I knew about this earlier! But alas, I digress. Fixing our baseband. Onwards.

In itunes, use RECOVERY mode, not DFU. That's the one with the USB cable (or Steve-Jobs-in-Cyrillic) screen. With my busted baseband and no SHSH, that was the only way I could consistently re-install an OS on my iPhone.
At the end you should have an iPhone with 3.1.2 firmware, jailbroken with Cydia, that has not yet been unlocked (and presumably unlocking won't really work, hence you're here reading this). Wifi should (hopefully) work. If not, repeat step 1.

2. Configure your wifi.

3. Go into cydia. Let it update itself.
DO NOT INSTALL THE UNLOCK YET.

4. In cydia, Install SBSettings (and OpenSSH if it's not already installed) and ensure you have an SSH toggle. Once installed, you go
into SBSettings by swiping your finger on the top strip of the screen where the clock and wifi icons etc are. mess with it till you get SSH on your SBSettings panel, then ensure it's toggled to ON.

5. In Cydia, Install MobileTerminal (VERY IMPORTANT!!! DO NOT PROCEED UNLESS YOU HAVE THIS WORKING!).

6. On your PC/mac make sure you have an ssh client. (Macs come with one called 'ssh', for PC google "download putty.exe").

7. Write down your iphone's IP address so you can ssh/scp into it. SBSettings panel should have it.

8. Use your ssh client to ssh into your phone as user root. Your phone is jailbroken, your password (unless you changed it) is 'alpine'. Leave the session sitting there. you'll need it in a sec.

9. Install an scp client. For windows, google & download WinSCP. This is a tool to transfer files over SSH. Open a session to your
iphone. Same story - user root, password 'alpine' (unless you've changed it).

10. Go here and follow the instructions. I'll "annotate"/recap them here:

In a nutshell, you grab utility and two good 5.11.07 firmware files (we can't link to it here but look around the howto I linked to), extract the lot, use your SCP tool to copy them across to the /tmp directory on the iphone, then run chmod 755 the utility and execute the commands.

NOTE: The pre-last command (this one: launchctl unload /System/Library/LaunchDaemon/com.apple.CommCenter.plist) had the
unfortunate side-effect of killing my wi-fi link and my SSH shell.

This is why we installed MobileTerminal (you did, right?) So we can continue working locally on the iphone itself.
Luckily, we installed MobileTerminal, and can open it up, run "su -" (and enter our 'alpine' password) to get a local shell on the iphone.

11. Now you have to "cd /tmp", and then type in the last command, the one that actually does the flashing - (./BBUpdaterExtreme update -f ICE2_05.11.07.fls -e ICE2_05.11.07.eep)

This takes a few minutes. Unless it comes back with nasty errors (in which case, you're pretty much hosed... maybe an itunes restore to 3.1.3 will save you... and maybe not even that), CONGRATULATIONS, you have a clean working baseband.

12. Fully Reboot your iphone whichever way (via red slider or type "reboot" in console")
13. Time to unlock. Note that there is the OLD blacksn0w unlock and the new "RC2 Final" blacksnow unlock. The cydia package SHOULD ACTUALLY BE CALLED "Blacksn0w RC2 Final". This latter one is the one that fixes all the boot logo loop and wifi crap (Thanks Geohot!)

As of right now I know it is featured on the following cydia repository: Cydia.pushfix.info
Add it, browse it, install the package. Your networking will drop out. Don't fret. Reboot the device. The RC2 unlock only happens *after* springboard has booted. Wait for springboard to boot. It will go from locked, to "SEARCHING" (which means Geohot is tampering with stuff), to A WORKING PHONE
Cheers!

Miki Shapiro