Results 1 to 7 of 7
Discuss IPSF Software unlock editing commcenter.plist? at the General - Hackint0sh.org; I noticed in the gizmodo video that the IPSF program was patching the commcenter.plist(it had ...
  1. #1
    Professional Array

    Join Date
    Sep 2007
    Posts
    57
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default IPSF Software unlock editing commcenter.plist?

    I noticed in the gizmodo video that the IPSF program was patching the commcenter.plist(it had to stop and restart it). Does this mean that the sw unlock is based on a commcenter patch? My question is, wouldn't a restore simply replace the edited commcenter then?

    If all it takes is a commcenter.plist patch for the software unlock, couldn't someone simply replace their commcenter.plist with one from an unlocked phone(unlocked via IPSF sw once it comes out), or at least trace the changes the IPSF program makes as it is "patching" the commcenter?



  2. #2
    Rookie Array

    Join Date
    Sep 2007
    Posts
    23
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Quote Originally Posted by midgetsanchez View Post
    I noticed in the gizmodo video that the IPSF program was patching the commcenter.plist(it had to stop and restart it). Does this mean that the sw unlock is based on a commcenter patch? My question is, wouldn't a restore simply replace the edited commcenter then?

    If all it takes is a commcenter.plist patch for the software unlock, couldn't someone simply replace their commcenter.plist with one from an unlocked phone(unlocked via IPSF sw once it comes out), or at least trace the changes the IPSF program makes as it is "patching" the commcenter?
    No. The CommCenter must be unloaded in order to access/modify the baseband.

  3. #3
    Professional Array

    Join Date
    Sep 2007
    Posts
    57
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Quote Originally Posted by caliban View Post
    No. The CommCenter must be unloaded in order to access/modify the baseband.
    So then if you were to unload the commcenter, you would have access to the baseband, correct? So then couldn't you just carry out the standard hardware unlock procedure(but without opening up the phone and actually doing the hardware steps). I don't understand what the point is of shorting out that trace on the HW unlock, could someone fill me in? Thanks.

  4. #4
    Rookie Array

    Join Date
    Sep 2007
    Posts
    23
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Quote Originally Posted by midgetsanchez View Post
    So then if you were to unload the commcenter, you would have access to the baseband, correct? So then couldn't you just carry out the standard hardware unlock procedure(but without opening up the phone and actually doing the hardware steps). I don't understand what the point is of shorting out that trace on the HW unlock, could someone fill me in? Thanks.
    Trust me, dude, you aren't going to offer any insight that the dev team hasn't tried a million times over already.

  5. #5
    Senior Professional Array tramuyo's Avatar

    Join Date
    Aug 2007
    Posts
    227
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    18

    Default

    yeah, whats the point with the trace and 1.8v testpoint and all that stuff??


  6. #6
    Senior Professional Array

    Join Date
    May 2006
    Posts
    205
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    18

    Default

    From Geohost blog: "Here how the bootrom check works; it reads from 0xA0000030 0xA000A5A0 0xA0015C58 0xA0017370 and all these addresses must read as blank, or 0xFFFFFFFF. When you erase flash, it becoms 0xFFFFFFFF. But you can't erase those locations, because they are in the bootloader. So thats where the testpoint comes in. Pulling A17 high hardware OR's the address bus with 0x00040000(offset one because data bus is 16 bit) So the bootrom instead checks locations 0xA0040030 0xA004A5A0 0xA0045C58 0xA0047370, which are in the main firmware and can be erased. Pretty genius "

  7. #7
    Respected Professional Array Frisky Dingo's Avatar

    Join Date
    Aug 2007
    Location
    The States
    Posts
    506
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    32

    Default

    Quote Originally Posted by jacoch View Post
    From Geohost blog: "Here how the bootrom check works; it reads from 0xA0000030 0xA000A5A0 0xA0015C58 0xA0017370 and all these addresses must read as blank, or 0xFFFFFFFF. When you erase flash, it becoms 0xFFFFFFFF. But you can't erase those locations, because they are in the bootloader. So thats where the testpoint comes in. Pulling A17 high hardware OR's the address bus with 0x00040000(offset one because data bus is 16 bit) So the bootrom instead checks locations 0xA0040030 0xA004A5A0 0xA0045C58 0xA0047370, which are in the main firmware and can be erased. Pretty genius "
    but of course!! it all makes sense! wooo!

 

 

Similar Threads

  1. Where download: com.apple.CommCenter.plist
    By cobo86 in forum iPhone "2G" (Rev. 1)
    Replies: 7
    Last Post: 11-19-2007, 06:26 AM
  2. com.apple.CommCenter.plist
    By Kmac1985 in forum iPhone "2G" (Rev. 1)
    Replies: 4
    Last Post: 10-01-2007, 08:01 PM
  3. com.apple.CommCenter.plist - Can someone post it?
    By itisonlyatest in forum General
    Replies: 4
    Last Post: 09-12-2007, 09:47 AM
  4. Replies: 1
    Last Post: 09-11-2007, 10:35 PM
  5. Replies: 1
    Last Post: 09-11-2007, 09:59 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 07:57 AM.
twitter, follow us!