Discuss [1.1.3 (1.1.2 OTB)] Repair needed , Ziphone/1.1.3 won't help at the iPhone "2G" (Rev. 1) - Hackint0sh.org; Again - people who don't have the error that is in the photo in the ...
Again - people who don't have the error that is in the photo in the first post of this thead, can you take your chatter to another thread - or start your own.
OK, I went back to iphone.unlock.no to try to work out exactly what happened when we tried a hardware unlock, unfortunately the original instructions are now gone, but there is a page with the original 1.0.2 HW unlock.
I think we need to try to find out some technical details.
1) What is the NOR file? The unlock process seems to be to replace the NOR with a patched version. We erased the NOR, but haven't replaced it.
2) I'm starting to think that the NOR is the code running on the radio card, in the HW unlock after the NOR is replaced, you use minicom to talk via serial to the radio card. BBupdater talks via serial to upload the firmware. The error we are getting, spamming AT is an attempt to talk to the radio card via serial. So if the NOR is the code on the radio card that should respond to the calls on the serial connection, our problem makes sense - there is no responce as we have a blank NOR
If that is correct then the geohot/ziphone solution won't help us as it needs a working NOR.
3) The gazillion $ question is will the next Apple upgrade write to the NOR or is that only possible with the trace connection made - which makes sense to me.
So if I am right, the only way to fix our phones is to take them to bits again and complete the hardware hack.
So, does anyone out there know exactly what the NOR is, and can it be only written to by the hardware hack?
I've been digging through Geohots blog from last year to see how the original unlock was done as I can't find a info repo.
It seems that on the radio card is a second arm based cpu, called an S-Gold2, so I guess that the area of memory, and the part of the firmware described as the NOR is for the 2nd cpu's applications - looking at the data sheet for the cpu it can control nand flashing.
So the Geohot unlock/ziphone talks to the second cpu and "tricks" it into flashing - but you need a happy 2nd cpu for that to work, and ours are decidedly unhappy with a blank NOR
It makes sense to me that updating via iTunes would also use the serial connection to reflash the firmware, so the only solution for our problem is to replace the NOR with iunlocker, and I think that can only be done connecting the test points...
[QUOTE=duduh;230535]= Same problem as I've described?
I am talking the same problem. I have 51 week set which can't restore to 102. For 111, 112 and 113 restoring all ended up with 1011 error.
Ziphone is the only tool to jailbreak our basebandless ibricks. However, you must only use ziphone -a -j to activate and jailbreak it(works in 111 and 112, not 113). If you tried unlock or downgrade bootloader, then you would trigger the bug which only affects basebandless iphones. Which means you can't jailbreak with ziphone again even you restore firmware. Because some env info has been saved in nvram, ziphone script pick it up again and redo unlock and bootloader downgrade, until it gets success, it release the env info.
If you are programmer, you can revise ziphone by yourself. Strip zibri.dat file from offset 0xCC2000 to the end, save it as a .dmg file. Open this dmg file by TransMac.
Open /etc/profile, you will understand what I mean. By changing this file you can fix the bug I presented before.
BSD-subsystem can not be installed within this /etc/profile script. Don't know why yet. Looks like once console shows a bit much information, the script execution will throw error before end. You know what, from ziphone's src code, Zibri tried to bring BSD-subsystem in, but at last he commented it, maybe he met the same problem as mine.
I can use iphuc to putfile to /media/iphone folder. I think I should try to change jailbreaked /etc/profile to unzip BSD by following restart. Once BSD-Subsystem get installed, I can remove the zip file and change profile to normal.
Wish you guy's have progress as well. BTW, the method here is no harm to the iphone. Because it only touchs firmware rather than bootloader or baseband. You can always restore it to square one (end with 1011 error).
NOR is the executable binary stream of bootloader, it's dumped by a program called NORDumper. Another word, it's copy of bootloader.
Originally Posted by gz2000
Testpoint allows us to reflash NOR, such as subsitute 4.6 with 3.9.
iphone.unlock.no is an irresponsible web site, never trust it. They released a bootloader downgrader package with a wrong NOR in Jan 18. Obviously they never test it before post to public. The second day Geohot found the NOR was wrong. Then they replace it with right 3.9 NOR silently. They didn't inform us to update it. Although it is obviously so critical. I downloaded the package the first day. And did the hw unlock 5 days later. Without notice, I iunewed the wrong NOR, which bricked by phone so far.
Another thing really makes me angery is they are not capable to guide. Their first guide didn't tell us using mobile terminal rather than ssh over wifi. If they even tried once their guide they would know it's gonna lose wifi for sure. Next, they simply let us to do recovery rather than manually reflash baseband after the iunew. If we did manual baseband reflash first, then we would know the bootloader was wrong. We still have a jailbreaked iphone with BSD-subsystem and mobil terminal, which means at least we can do something. Comparing their guide to Geohot's, although Geo's looks complex, it's much safer.
I'm not sure if we can redo testpoint again. With wrong NOR, we will never have a match secpack. I wish testpoint doesn't need that to work, otherwise our iphone is done. Currently I can jailbreak 111 and 112 without wifi. Working on installing BSD-subsystem, then I will try testpoint again.
Finally Good News Fellas!!!
After being highly disappointed because I could not get any furitful support from anybody, I decided that I would not resign without solving this and finally succeeded after 13 hours of no stop efforts.
This is what I did in short. The problem we have (I prefer to say had) is not just one its multiple.
The first symptom we all so far missed out is actually very easy. When your phone is on the "Slide to emergency" screen, press the circled i portion. The IMEI and ICCID is BLANK. But actually it should be Unknown for both of them. So, I
DFU Restored the phone to 1.1.1 with error 1011
Ran Ziphone -e with original zibri.dat
Everyone please notice the error which runs very quickly on the screen
Thats our first problem. The EEPROM is completely corrupt. So....
AppleMRVL868x: Reading EEPROM data
AppleMRVL868x: Invalid calibration data in device tree
I modifyed Ziphone 2.0's zibri.dat (as discussed in my earlier post) with bbupdater -e eeprom.eep
Well that fixed the error. But again restoring through iTunes would not work. Even restore to 1.1.3 gave me 1603 error in both recovery & DFU mode. I discovered that was my our next problem. So added iUnlock ICE03.14.08_G.fls eliteloader.bin (I didnt mind if it would zero out my seczone). That was the first time it ran successfully and ended with
Which is really a very very happy news. But still iTunes restore was not successful. So finally did
bbupdater -f ICE03.14.08_G.fls (dont use the .eep file at all)
But this particular command kept repeating itself to infinity even though it was supposed to be executed only once. I'm still trying to figure out why. But here is the MAJOR TRICK YOU SHOULD FOLLOW CAREFULLY IF YOU ARE TRYING WITH THIS. When bbupdater flashes .fls, it generally displays many lines of status. It would run like ProgressUpdated: 1, ProgressUpdated: 2.... All the way upto ProgressUpdated : 100
This would actually run twice for one single execution of the command (one for loading the fls and one for flashing it) But I let it ran twice (2 command executions) and before the 3rd flash could be executed, I switched off the phone by pressing the home and power button. YOU NEED TO START PRESSING THEM TOWARDS THE END OF THE SECOND EXECUTION ITSELF. Then only it will switch off before the 3 flash.
Then I rebooted the phone and it gave "BSD root: md0, major 2, minor 0" error. Restart again yielded in activate screen. But now, the information button showed IMEI: Unknown ICCID Unknown. Thats was it. I DFU restored to 1.1.1 and BOOM it went through without any error this time. Slide to emergency *3001#12345#* and version showed firmware 3.14.08. Then jailbroke with #301 method and oktoprep and 1.1.2 and unlocked with anysim1.2.1 and its working now.
I need some rest before going to 1.1.3. Note: After you successfully restore to 1.1.1, dont update to 1.1.3 and try to use ziphone it again takes us back to square one.
Really sorry if this sounds greek and latin. I will try to put up a decent step by step guide along with the zibri.dat I used after some rest.
Originally Posted by macchap
I can call now!!!
Good news from my side as well. My revised ziphone works too. I got Terminal running and redo testpoint. After that I can do a restore without any error. By then I know I did it. Next, you know. I run ziphone 2.4b and I can call now.
Did somebody upload needed modified ziphone.dat
Or should i modify only profile file?
Nice one macchap - I'll hold off a few days from stripping my phone again as I spent a chunk of time putting it back together and making it look pristine.
Look forward to your altered disk image, take your time as it is better to get it right than people get further into trouble
I wasn't too amused by iphone.unlock.no, but then on the other hand most of this stuff is experimental, and nobody forced me to follow their tutorial...
Guys, my revised tool has uploaded to **********. I temprary call it unbrick112.
Not sure if it is the dose for you iphone. But if you are about redo testpoint. This jailbreaks 112 plus puting into bl downgrader(in /bin folder) and Terminal.
I used it redo testpoint. So that my unknown bootloader has been replaced with 3.9. And everything goes normal now.
By sirzrx in forum Genius Bar - HowTos, Guides and Tutorials
Last Post: 05-04-2009, 10:36 PM
By Kovu17 in forum General
Last Post: 02-29-2008, 12:19 AM
By andycrack in forum iPhone "2G" (Rev. 1)
Last Post: 02-11-2008, 01:25 AM
By imjeeves in forum iPhone "2G" (Rev. 1)
Last Post: 02-10-2008, 02:39 AM
By duduh in forum iPhone "2G" (Rev. 1)
Last Post: 01-31-2008, 12:22 AM