Hybird PC + Mac Guide (uses both systems!)
Assumptions: You can operate Terminal, Putty, iBrickr; you have to cognitive capacity beyond simply reading these instructions (if I left something out, or if something is different on your end, you should be able to figure out what to do/not do) WHY: iNdependence is simply a godsend. But I didn’t feel like SCPing stuff to the phone, which is where iBrickr comes in. NOTE: This guide would ‘probably’ work on a single OS, assuming you know of tools which provide the same functionality.
State of the iPhone:
* Never upgraded to 1.1.1 (therefore never downgraded to 1.0.2)
* AnySim/iUnlock unlocked
* All your precious stuff on it
Beyond these parameters, I cannot guarantee these steps will work (maybe not even under these circumstances?).
1. Restore your iPhone to pristine 1.0.2. (pc+mac)
Yes, you’ll be losing all your stuff. This is a one way road, no looking back! After you have done this, prepare to spend 1-3 hours, depending on how lucky/good you are with these steps. The only reason I recommend doing this is to minimize problems, especially with SSH (which you don’t want failing on you, ever).
1.1 Force restoring 1.0.2 without accidentally updating to 1.1.1, for idiots. (pc+mac)
Involves Shift+Clicking on Restore in iTunes on Windows. Option+Click in OSX iTunes. You will need to point iTunes to extracted 1.0.2 firmware. If you’re lost by this point, you should probably quit while you’re ahead.
1.2 Grab ramdisk from 1.0.2 firmware. (OSX, maybe PC with TransMac)
While you’re at it, grab ramdisk.dmg from the 1.0.2 firmware. You will need ICE03.14.08_G.eep and ICE03.14.08_G.fls from the ramdisk.
1.2.1 Terminal into the firmware directory with 009-7698-4.dmg and type:
1.2.2 Mount ramdisk.dmg
dd if=009-7698-4.dmg of=ramdisk.dmg bs=512 skip=4 conv=sync
1.2.3 ICE03.14.08_G.eep and ICE03.14.08_G.fls and are located under /usr/local/standalone/firmware.
2. Activating, Jailbreaking, installing SSH. (iNdependence, OSX ONLY)
This is why I’m using OSX for this step. Download iNdependence 1.2.4 (http://code.google.com/p/independence/) and do as the title says. SSH (with Putty or Terminal) into your phone and test out commands such as cd, ls, etc. Oddly enough, my SSH bugged so that ls was not a recognized command and Fugu/WinSCP could not list directories. Luckily nothing during this procedure explicitly requires it.
3. Upload EVERYTHING to the iPhone now. (iBrickr, or SCP of your choice)
iBrickr into the phone and create the folder /usr/u. Do NOT upload everything to /usr/bin like the other guides say. If you mix-match guides, you will surely encounter problems. The list of files from the revirgin package, including ICE03.14.08_G.eep and ICE03.14.08_G.fls:
Notice SimFree.app is not included. This should be uploaded to /Applications.
314fls_correct, 314secpack, bbupdater, eeprom.eep, ICE03.14.08_G.eep, ICE03.14.08_G.fls, iUnlock
3.1 CHMOD your files. (Terminal or Putty)
Why did we upload to a special directory and not /usr/bin? Because that /usr/bin is crowded, and we’re lazy. Also so we can SSH into /usr/u and do this:
That will make ALL the files in the directory executable, even the ones that don’t need to be. Laziness prevails, and it doesn’t hurt. So who cares? Remember you must also CHMOD SimFree.app in /Applications to +x also.
4. Relocking. (Terminal or Putty)
One more thing before you head towards the point of no return. As of writing this, the entire hack is based off exploiting IPSF, who have clearly written superior code. IPSF does not run on unlocked phones, so you will need to relock the phone.
If you haven’t noticed, we do EVERYTHING from /usr/u, from now until the end of this guide. SSH into /usr/u and type:
/bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist
./bbupdater -e ICE03.14.08_G.eep -f ICE03.14.08_G.fls
DON’T BE STUPID. CHECK EVERY LINE YOU TYPE FROM THIS POINT ON, THE FILES ARE IN PLACE WITH THE RIGHT CHMODS AT EVERY STEP, AND THAT YOU ARE IN /USR/U. DON’T SCREW IT UP SON. THIS IS THE COGNITIVE CAPACITY I WAS TALKING ABOUT.
/bin/launchctl load com.apple.CommCenter.plist
5. Generating restored seczone from IPSF and Geohot server.
Make sure your internet connection is active (WiFi) and working. Make sure IPSF is installed with the right privileges. Delete whatever DNS servers are in your connection’s profile. Type in 126.96.36.199. Run IPSF. It should go through pretty much all the steps, but will revert and throw a ‘cannot update token’ error of some sorts. That’s GOOD. BAD would be another error. Check your WiFi settings if so. I cannot offer support here, as I haven’t received another error.
5.1 Grabbing your restored seczone from Geohot server. (pc+mac)
Using your web browser, connect to:
‘Your IMEI’ refers to the IMEI on the back of your phone. Don’t screw up the numbers. If all goes right, you will be able to download (your imei).bin from Geohot.
5.2 Generating a loader for your seczone. (geomaker, PC ONLY)
Open up command prompt, cd into the directory containing (your imei).bin. Type:
You will receive (your imei).bin_loader. Upload THIS, NOT (your imei).bin to /usr/u. Chmod +x * this directory for the sake of thoroughness.
geomaker (your imei).bin
6. Most important step right here, almost there! (Terminal or Putty)
Assuming you are still in /usr/u (if not, get there), disable CommCenter again:
/bin/launchctl unload /System/Library/LaunchDaemons/com.apple.CommCenter.plist
YOU WILL GET AN ERROR. THE BB WON’T RESPOND TO PINGS. THIS IS NORMAL AND GOOD. DO IT AGAIN TO MAKE SURE.
./iUnlock 314secpack (your imei).bin_loader
THIS TIME, THERE MUST BE A PING. THE BB MUST BE 3.14.08_G.
./iUnlock 314secpack 314fls_correct
./bbupdater -e eeprom.eep
Reboot the phone. You are now a virgin again (everyone only wants virgins these days ). You can update to 1.1.1 without worry using iNdependence 1.2.4 (quite painless), install SSH again, and run AnySim 1.1 without error. Yay!
/bin/launchctl load /System/Library/LaunchDaemons/com.apple.CommCenter.plist
If I missed anything, ESPECIALLY DURING THE CRUCIAL LAST STEP, do inform me and others.