Page 1 of 4 1234 LastLast
Results 1 to 10 of 37
Discuss Patching Activation at the General - Hackint0sh.org; Alternate activation method by patch The idea was to bypass activation forever. Because even on ...
  1. #1
    Professional Array Darkmen's Avatar

    Join Date
    Aug 2007
    Posts
    61
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    11

    Lightbulb Patching Activation

    Alternate activation method by patch


    The idea was to bypass activation forever. Because even on activated iphone in case of new SIM - it pushes activation algo. We will change lockdown service to:

    -Set ActivationState to FactoryActivated
    -Set brick_mode flag to brickmode_off

    So lets start

    We need to jailbrake the iphone first (see jailbrake manuals)

    Now we have AFC connection with all FS visible.
    All we need is to patch /usr/libexec/lockdownd binary and write it back.
    If you have no SF image unpacked you can download the binary directly from iphone.
    Start iPhoneInterface
    Code:
    Waiting for phone... established.
    iPhone state: Unctivated
    type "help" for help
    iPhone:/# cd /usr/libexec
    iPhone:/usr/libexec# getfile lockdownd
    Now we need to patch the binary. We will use V_KLay patcher for this.
    The structure is:
    ADDR: OLDDATA NEWDATA


    FW version 1.0
    Code:
    ; binary: /usr/libexec/lockdownd
    ; size: 747188
    ; patch format: vkp
    ; (c) Darkmen
    -0x1000
    //MOVEQ   R10, #1          ; 1=brickmode on/0=brickmode off
    0000A0A4: 01A0A003 00A0A0E3
    //LDREQ   R5, =Unactivated ; Changing default state to FactoryActivated
    0000A0A8: 3C539F05 68539FE5
    //BEQ     check_changed    ; force state change
    0000A0B0: 6900000A 690000EA
    0000A260: 0800000A 080000EA
    FW version 1.0.1

    Code:
    ; binary: /usr/libexec/lockdownd
    ; size: 751480
    ; patch format: vkp
    ; (c) Darkmen
    -0x1000
    //MOVEQ   R10, #1
    0000A4C4: 01A0A003 00A0A0E3
    //LDREQ   R5, =Unactivated
    0000A4C8: 3C539F05 68539FE5
    //BEQ     check_changed
    0000A4D0: 6900000A 690000EA
    //BEQ     changed
    0000A680: 0800000A 080000EA
    You can also get prepatched lockdownd for v1.0.1 from: http:///* removed due to copyright l...d to accept */

    Now all we need is to upload patched binary back to iphone.

    Start iPhoneInterface:

    Code:
    Waiting for phone... established.
    iPhone state: Unctivated
    type "help" for help
    iPhone:/# putfile /usr/libexec/lockdownd
    iPhone:/# exit
    Done! Now reboot iphone and enjoy FactoryActivated phone
    Last edited by sam; 08-05-2007 at 08:42 AM.



  2. #2
    Senior Professional Array

    Join Date
    Jul 2007
    Posts
    141
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    14

    Default

    Will YouTube work with this method?

  3. #3
    Professional Array Darkmen's Avatar

    Join Date
    Aug 2007
    Posts
    61
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    11

    Default

    Try it
    I have no AT&T carrier in my country

  4. #4
    Senior Professional Array ozbimmer's Avatar

    Join Date
    Jul 2007
    Posts
    308
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    22

    Default

    well done!! It works

    However, you tube doesn't work However I think the whole process of activation is much simpler than the current process which require copying and pasting lots of numbers.

    Hmm, it's strange... after I put in the patched preferences.plist (APN) and turned off and on the iphone, the preferences.plist revert back to ATT profile...
    Last edited by ozbimmer; 08-05-2007 at 09:14 AM.

  5. #5
    Newbie Array

    Join Date
    Jul 2007
    Posts
    8
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    well done!! It works and i can sync with iTunes, even with non-att SIM card in iPhone. But i still can't use phone services.. But activation method is great.. Huge thanks for your work


  6. #6
    Rookie Array

    Join Date
    Jul 2007
    Posts
    20
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Could anyone PM me the patched 1.0.1 lockdownd thanks

  7. #7
    Rookie Array

    Join Date
    Aug 2007
    Posts
    27
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    pls we need the lockdownd for v1.0.1

  8. #8
    Professional Array Darkmen's Avatar

    Join Date
    Aug 2007
    Posts
    61
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    11

    Default

    You got it

  9. #9
    Professional Array

    Join Date
    Apr 2007
    Posts
    52
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    10

    Default

    Marvelous!!

  10. #10
    Senior Professional Array the_gts's Avatar

    Join Date
    Jul 2007
    Posts
    294
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    21

    Default

    You need to eidt the libk to the lockdown file, rename the main site Ra***are.com and keep the rest as is. should work.


 

 
Page 1 of 4 1234 LastLast

Similar Threads

  1. [Request] Patching Mac OS X myself
    By joshthebetter in forum Archiv (Leopard)
    Replies: 1
    Last Post: 04-23-2008, 08:04 PM
  2. NOR Patching failed
    By slipknux in forum PwnageTool
    Replies: 2
    Last Post: 04-03-2008, 07:42 PM
  3. [2.0 Firmware] Zibri is Patching it.. look:
    By juato4 in forum General
    Replies: 7
    Last Post: 04-02-2008, 04:56 PM
  4. {HELP REQ} {Instructions Inside} Patching Zibri.dat
    By Twisty iphoney in forum General
    Replies: 6
    Last Post: 02-23-2008, 06:17 PM
  5. Patching activation - which method?
    By Eluzion in forum General
    Replies: 1
    Last Post: 09-10-2007, 11:44 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 02:47 AM.
twitter, follow us!