Originally Posted by brasuco

Hi Everybody,

I've been away from the scene for quite a while, but I'd like to give my 2 cents to this discussion.

From what I've learned from the iPhone 2G, when the iPhone is unlocked it should come in a state known as "Factory Activated".

That's verified by the lockdownd daemon by reading the tokens inside the lockdownd directory. These tokens are likely put inside the phone by iTunes during the activation process by checking the phone's serial number (or something equivalent). If lockdownd doesn't find the tokens, it will put the baseband in a locked state (semi locked, actually, because lockdownd itself can bring it back again without the need for the NCK, it must be some silly AT command).


The way I think the pwnageTool work for activation purposes is by Patching the lockdownd daemon so it always returns some activated state. Some techniques used to do the same also change some of the inner keys so tokens could be spoofed.

In order to simplify the patching of the lockdownd binary and get activation right away, some tokens used to be erased so they wouldn't get in conflict with the ones used for youtube, etc.

What I thing is going wrong is that officially unlocked iPhone might read the factory activated tokens via another program, and since they are not there, the whole thing will result in a locked state. Or maybe even the lockdownd binary is no patched properly (maybe in some cases the execution flow follows other paths that are not covered by the patch and will inevitably make the binary seek for the tokens anyway).

So, in my opinion, it has nothing to do with the NCK. The baseband remains unlocked, but the iPhone OS is putting it in the semi-locked stage (via lockdownd or another new binary) because of the activation issues I described.


So, I guess, in order to avoid any trouble with officially unlocked phones, your should choose "No Activation" in the pwnage tool.


Well, that's only my 2 cents...

Originally Posted by ta_mobile

hmm, seem you almost agree with my theory. Thank you for sharing your experiences.

Originally Posted by ta_mobile

thank you guys for your comments, it's great to know my 2 cents theory still has someone cares. Pls try your best with what you're pretending to do then give out here the result. That's will be very excited while the unlocking scene is getting hotter each day.
Br

Originally Posted by -FX-RIDER-

Hey nvidia2008,

I know what you mean... I'm freaking out, thinking perhaps an unlock is not possible... Imagine a Hack situation like xbox<-->xbox360. Not for playing copied games... No, for the real deal, unsigned code, homebrew SW, or in case of the iPhone, not just jailbreak, the unlock! The first one was hacked very fast, and a huge community was born, the second product is much more secure, simply not hackable... at least that fast! That's what i'm bothering about... I hope Dev Team will show me, that I'm totally wrong... PLEASE!

Originally Posted by JohnFa

I haven't heard of anything that's not hackable.
If you can hack into the Pentagon you can probably hack into a cellphone
Think it's just a matter of time, and I hope that time is coming very soon.

Originally Posted by SLIPLOCK

maybe nothing is not hackable, but some hack requier genius people and time.
BB5 was not unlocked until dejan come back, 2 years of long long wait......
But i hope infineon chip have wekness....
WBR