Blacksn0w RC2 Final

What does it do?

Blacksn0w unlocks your iPhone 3G or 3GS so you can use it on a carrier other than the one the phone is locked to.

How do I get it?

Add the source http://cydia.pushfix.info/ to Cydia and install "blacksn0w RC2 Final". Click that link for instructions on adding the source.

Credits

Geohot for making blacksn0w and allowing me to redistribute this modified version. Consider donating to him at http://blackra1n.com/.
msft.guy for patching blacksn0w to work with 3.1.3
ronaldsb for suggesting the procedure of loading blacksn0w.
Purchasers of Pushfix 2.0 for making this release possible as iPhone hacking is my full-time job now. Because of their support, I will release as much as I can for free.

Requirements

3G or 3GS running 3.1.2 or 3.1.3 on 05.11.07 baseband

Fixes

WiFi bug is gone.
Risk of endless boot loops is gone.

Changes

To get around the WiFi issue, twitter user ronaldsb theorized that the phone should boot with regular system files and then have the unlock applied. Personally, I have only had WiFi loss on my 3GS one time, but I was willing to try it. So, RC2 Final loads up the phone in what I call happy mode where CommCenter boots exactly as it would on a locked phone. Right at the moment that SpringBoard launches, I unload CommCenter and load the version that is patched by blacksn0w. By doing it at this time, everything else on the phone is initialized and there are no glitches due to things not happening as intended.

First, this has shown to fix the WiFi issue as the WiFi chip was not initializing properly when it was reset by the unlock when other things on the phone were happening.

Second, this removes all risks of boot loops. If CommCenter did not start because of a glitch during boot, the SpringBoard would never come up. Because of that, the phone would "watchdog" reboot. Now, the SpringBoard is up before the unlock is even attempted, so we no longer trigger the watchdog reboot, even if CommCenter crashes. The SpringBoard can be used to run Cydia to reinstall or remove blacksn0w if any problem is encountered.

The only downside to this is that the SpringBoard shows up much quicker, but is still not usable at full speed and with cell/wifi available until the normal boot time, which is approx 45 seconds on a 3GS and 80 seconds on a 3G (from power on). For example, the SpringBoard comes up at 18 seconds on a 3GS, but it is very sluggish for about 5 seconds. Then it takes another 25 seconds for it to get a cell connection and establish WiFi because blacksn0w is unlocking your phone in the background.

Finally, the "Reset Network Settings" command used to frequently cause endless reboot loops for some users. This is now fixed and the command can be used without a problem. Since this was used to fix the WiFi problem and that doesn't exist any more, I doubt many people will be using it.

- Pushfix from pushfix.info

Does it also work, if Iphone (3GS new Bootrom @ 3.1.2 - 5.11.07) is already JBed by the original release blackra1n RC2 of geohot?
By the way:
My Iphone was in endless loop, but i got out of it and now im double adraid to get in it again!

This should work for you.
This RC version will prevent the bootloop and the wifi issue.


@pushfix,
How did do manage to get out the of the bootloop while you were testing with Ronaldsb ?

My boot loop was caused by resetting network settings. This isn't going to help on phones that are looping because of a missing or corrupt file for example.

Say you remove /usr/lib/blacksn0w.dylib and CommCenter still has that listed as an added library in it's plist. You will be stuck in a boot loop forever. I suggest in the future that all hacks of this type be done immediately after SpringBoard launch and that they don't modify any system files in /System/Library/LaunchDaemons. Once SpringBoard launches, you can crash major parts of the OS and the phone will still stay booted. If you crash them before SpringBoard launch, SpringBoard will not launch and eventually the phone will reboot.

So, here is my procedure as best as I remember:

=================
The boot loop caused by reset network settings appears to be caused by the WiFi chip not initializing. The driver usually never even shows that it loaded in the log.

Here is what I did to recover from my boot loop.

The phone rebooted once or twice. I turned it off. (I think I just held down power, can't remember).

Next, I held the home button and connected to the computer to make it boot into recovery mode.

After it booted into recovery and talked with the computer, I left it for a minute or so.

I then disconnected it and held power + home to force a hard reboot.

It started booting and again rebooted (if I remember correctly).

On the next boot, it booted up all the way, but was in safe mode with Settings reporting "No WiFi". The logs later showed that WiFi had finally started after many SDIO resets, but too late for it to be recognized by the SpringBoard. It gives up after 5 attempts. After this, I rebooted one more time and it has worked ever since.

I had syslog on the whole time so I looked at the logs. The first difference is that the WLAN driver doesn't initialize like it normally does at boot. You should normally see lines like the following in /var/log/syslog, but in this reboot loop, you get none of these.

Mar 25 00:05:27 localhost kernel[0]: BCMWLAN Firmware Version: wl0: Jul 21 2009 21:57:13 version 4.216.83.0
Mar 25 00:05:28 localhost com.apple.wifiFirmwareLoader[14]: Driver requested firmware variant "4325b0/sdio-g-cdc-reclaim-wme-nocis.bin"
Mar 25 00:05:28 localhost com.apple.wifiFirmwareLoader[14]: Loader retrieving firmware variant "4325b0/sdio-g-cdc-reclaim-idsup-wme-nocis", version 4.216.83.0, 264216 bytes
Mar 25 00:05:28 localhost kernel[0]: AppleBCMWLAN::initFirmware(): successful initialization

The iPhone has a couple watchdog systems whereby if things don't go properly after a certain amount of time, it reboots. I am also looking into whether these can be disabled because while it makes sense for unmodified firmware, it sucks for debugging.

Originally Posted by drhackstable

Does it also work, if Iphone (3GS new Bootrom @ 3.1.2 - 5.11.07) is already JBed by the original release blackra1n RC2 of geohot?
By the way:
My Iphone was in endless loop, but i got out of it and now im double adraid to get in it again!

Blacksn0w is an unlock. You only need it if you aren't on the official carrier for your iPhone. Don't confuse it with blackra1n which is a jailbreak.

Here is how I made the hack start on SpringBoard launch.

I made this an example instead of using the real blacksn0w RC2 values.

/System/Library/LaunchDaemons/com.example.hack.plist

Code:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Label</key>
        <string>com.example.hack</string>
        <key>Program</key>
        <string>/usr/libexec/hack/startup</string>
        <key>RunAtLoad</key>
        <true/>
</dict>
</plist>

/usr/libexec/hack/startup

Code:

#!/bin/bash
sleep 10
T=1
while [ "$T" -lt 120 ]; do
  if [ -e /var/mobile/Library/Caches/SBShutdownCookie ]; then
        ## Place hack that will run on SpringBoard launch here ##
        exit
  fi
  T=`expr $T + 1`
  sleep 1
done

Originally Posted by Pushfix

Blacksn0w is an unlock. You only need it if you aren't on the official carrier for your iPhone. Don't confuse it with blackra1n which is a jailbreak.

Thx, for the answer and the correction, i am not on the official carrier for my iphone, so I have installed blacksn0w (with the help of blackra1n).

After that i have resetted my network settings and got stuck in recovery boot loop! I managed to get out of it very hardly after about one month, by running blackra1n the whole night! So i am seatching for a solution to not getting in that boot loop again!

@pushfix,
This is a scenario that happens to a lot of people. They have original blacksn0w installed and the wifi disappear on them. The user then performed a reset network settings and after that the phone got into the bootloop issue.
They did not remove blacksn0w yet at this point.

Say they get the phone to boot in safe mode like you did. Wouldn't it make sense for them at this point to remove /usr/lib/blacksn0w.dylib and put back the original com.apple.CommCenter.plist ? I know they don't have wifi at this point but they can probably use something like ifunbox / iphoneview to manipulate those files.

After that, they can reboot the phone without any traces of blacksn0w. From there they can install blacksn0w RC2 Final.

Let me know of your thoughts on this.

I think the most difficult thing for users at this point is to get the phone to boot and out of that loop. A lot if these users have 3GS with new bootrom so kick starting the device with blackra1n also comes into play.

Originally Posted by dtube

@pushfix,
This is a scenario that happens to a lot of people. They have original blacksn0w installed and the wifi disappear on them. The user then performed a reset network settings and after that the phone got into the bootloop issue.
They did not remove blacksn0w yet at this point.

Say they get the phone to boot in safe mode like you did. Wouldn't it make sense for them at this point to remove /usr/lib/blacksn0w.dylib and put back the original com.apple.CommCenter.plist ? I know they don't have wifi at this point but they can probably use something like ifunbox / iphoneview to manipulate those files.

Yeah, usually they wouldn't have WiFi. They could remove blacksn0w at that point, but all it took for me was another reboot and it fixed itself. Having them replace the com.apple.CommCenter.plist file directly is even more risky because if they mess that up, there is no chance to recover from that. Although actually, if you gave them the original file, they wouldn't even need to remove blacksn0w.dylib.

Every 3GS user running blacksn0w should update to RC2 Final ASAP. The protection from boot loops alone is worth it.

Originally Posted by dtube

After that, they can reboot the phone without any traces of blacksn0w. From there they can install blacksn0w RC2 Final.

Let me know of your thoughts on this.

I think the most difficult thing for users at this point is to get the phone to boot and out of that loop. A lot if these users have 3GS with new bootrom so kick starting the device with blackra1n also comes into play.

Well, I think the iTunes recovery step might have helped the WiFi chip recover or something. It seemed like it was just going to keep rebooting and I have heard of others who left it rebooting for hours. Get it into iTunes recovery and let it stay there a little bit.. Then, hard reset it.

moved to separate thread http://www.hackint0sh.org/f203/117740.htm