Page 5 of 8 FirstFirst 12345678 LastLast
Results 41 to 50 of 76
Discuss Confirmed up- and downgrade from 1.02 to 1.1.1 to 1.02 with IPSF unlocked phone at the iPhone "2G" (Rev. 1) - Hackint0sh.org; Originally Posted by MuscleNerd The IPSF method exploits the fact that nulling out the version ...
  1. #41
    mr_
    mr_ is offline
    Senior Professional Array

    Join Date
    Sep 2007
    Posts
    100
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    12

    Default

    Quote Originally Posted by MuscleNerd View Post
    The IPSF method exploits the fact that nulling out the version string in the firmware itself lets you do things you'd otherwise need the secpack for.

    Their method was reverse engineered within a day of its release. But the dev team (at least sam) has said on this forum that they wouldn't go off and copy the IPSF method...that they would stick to their own method (hacker ethics, etc).
    Thanks! A few more questions:

    1. Do we know why the dev team unlock leaves the phone in an invalid lock state, rather than an unsuccessful unlock state (like if the wrong unlock code was tried)?

    2. How likely is it that the dev team will be able to remove the invalid state (truly virginize the phone)? I know they are working on a tool.

    3. Why nulling the version string gives ISPF more access? Is this some bug in the baseband firmware, and if so I guess it could have been fixed in 4.x baseband?

    4. What IPSF can do by nulling the version string? Would that make it easy to fix the invalid lock state after a dev team unlock?

    Sorry for all these questions, but I've been trying to understand these issues forever and you are the first person to come up with a knowledgeable response!
    Last edited by mr_; 09-30-2007 at 08:53 PM.


  2. #42
    Professional Array

    Join Date
    Jul 2007
    Posts
    62
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    10

    Default

    You know what this might be start of something good!
    Right now if people can downgrade from 1.1.1 and use IPSF... It might just unlock there phones....
    Then when they want to upgrade to 1.1.1 the would have no problems, by that time some kind of jailbreak and activation program would be out!

    My 2 cents

  3. #43
    Advanced Array

    Join Date
    Sep 2007
    Location
    New York
    Posts
    49
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Quote Originally Posted by MuscleNerd View Post
    The IPSF unlock doesn't leave an invalid token in the secpack like the free unlock does. That's why the IPSF unlock still works after doing 1.1.1->1.0.2 with 4.01.13_G firmware still in place.

    Are you guys saying

    if i have a new 1.1.1 stock phone
    downgrade to 1.0.2
    Jailbreak using apptap
    Run IPSF

    should the above work?

    If so, where can i download IPSF?

    Edit: Never mind iphonesimfree.com
    Last edited by vijay; 09-30-2007 at 10:04 PM.

  4. #44
    iPhone DevTeam Array

    Join Date
    Aug 2007
    Location
    Always sunny Los Angeles, California
    Posts
    421
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    34

    Default

    Here is what guest184 discovered by looking at the IPSF executable. This is from the #iphone.unlock channel on undernet (not the dev team channel, but instead the channel that geohot formed when he left the dev team). This was during that 24hours after the IPSF unlock was available.

    11:36AM <guest184> so, there is some dword at ICE mode image at a0020410
    11:37AM <guest184> that is some kind of firmware version
    11:37AM <guest184> to prevent downgrade,etc
    11:37AM <guest184> bootloader checks that dword at end of flash (end secpack)
    11:38AM <guest184> and if there NOTHING in flash file at that position - i repeat - that is IMHO - it accepts flashfile is valid
    11:38AM <guest184> of course, flash must be erased too
    While playing around with this idea, the second exploit was found...the one where you can overwrite first few normally protected blocks at 0xa0020000 simply by starting the write one block earlier. The free unlock uses this second method.

  5. #45
    mr_
    mr_ is offline
    Senior Professional Array

    Join Date
    Sep 2007
    Posts
    100
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    12

    Default

    @hyperzine,

    last time I checked, if you had dev unlocked your phone, IPSF would not unlock it because it was already unlocked. If then you re-unlocked it or reflashed with stock baseband, it would not unlock it because the IMEI was messed up and didn't check with their servers.

    From IPSF website:
    [...] 004999010640000 is a special IMEI number reported back by a phone in "lockdown" mode. We have seen this a few times mostly in relation to other unlocking methods. We are currently updating our servers to accommodate new customers wishing to recover their phones from lockdown mode [...]

    So if they updated their servers, maybe now unlocking with IPSF will fix the invalid token issues so that people with ATT can upgrade to 1.1.1 and also the rest of us when an activation workaround is found.


  6. #46
    Senior Professional Array slimnickyy's Avatar

    Join Date
    Sep 2007
    Location
    London
    Posts
    418
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    30

    Default

    What I don't get is how the IPSF people can 'fix' a phone giving the IMEI error code to its original IMEI, essentially allowing for warranty service and downgrading w/o issue???

    Any clues for dummies like me?

  7. #47
    Respected Professional Array

    Join Date
    Aug 2007
    Location
    Paris, France
    Posts
    533
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    34

    Default

    Quote Originally Posted by glassman View Post
    I did the up an downgrade on IPSF unlocked phone and unlock survived, everything works and I have now the combo 1.02/ 4.01.13_G.

    Calls, SMS, GPRS is all go.
    glassman, that's really great news news. Glad to hear your back online. I am as well -- 4 days without my iPhone has been rough.

    Regarding voice quality as the result of the combo 1.02/1.1.1. radio, have a look at my post above and let me know whether or not you've noticed anything strange.

    http://www.hackint0sh.org/forum/showthread.php?t=9176

  8. #48
    Respected Professional Array

    Join Date
    Aug 2007
    Location
    Paris, France
    Posts
    533
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    34

    Default

    Quote Originally Posted by slimnickyy View Post
    What I don't get is how the IPSF people can 'fix' a phone giving the IMEI error code to its original IMEI, essentially allowing for warranty service and downgrading w/o issue???

    Any clues for dummies like me?
    Guys, it's actually kind of complex. IPSF's statement didn't refer to their unlock. Rather, it was a direct attack on the Dev Team's unlock. It was meant to be a slur.

    In short, both IPSF's unlock and the Dev Teams unlock have the same ends but attain it via different means. IPSF's approach is simple. Clearly they know something that only Apple knows and has insider information -- I can't imagine how they could have come up with this one their own. In short, IPFS reprograms the EEPROM and then rewrite the BB with a CLEAN version of the BB. This approach IS probably the same approach that Apple will use when an AT&T customer has fulfilled his contractual obligations.

    The Dev Team's approach is different. I'm not sure exactly how it works, but I can guess. It appears as though they MAY have taken the BB of a unlocked phone by a different manufacturer that has exactly the same chipset and have cut/paste details into the iPhone's BB, whereby generating the unlock. The IMEI that you see now - 0049.... - is no doubt the IMEI of the phone that they used for the cut/paste. The reason that it was not visible during the patching, is because the BB cut/paste was overlayed over your BB which was running at the time of the patching, whereas, during the upgrade, the upgrade program extracted this information of an inoperative BB and hardcoded it into the new BB that was being installed.

    Thus, what's the workaround here? Well I guess that it involves more cutting and pasting and overlaying (will take only a few days???) until such time as the Dev Team can find how to exploit the EEPROM approach. The problem is, IPSF is exploiting information that only Apple people have and I can't believe that they figured this out on their own without the help of someone from Apple
    Last edited by Snowbird; 09-30-2007 at 10:26 PM.

  9. #49
    Senior Professional Array slimnickyy's Avatar

    Join Date
    Sep 2007
    Location
    London
    Posts
    418
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    30

    Default

    This might be a bit naive, but I'm new around here, but is it likely the dev team will explain (not in detail, but in basic terms) the differences in approaches? Do they often reply to posts here?

  10. #50
    Zibri's part-time barrister Array

    Join Date
    Aug 2007
    Posts
    145
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    15

    Default

    snowbird, I agree with you about the "insider" infos.

    but about the IMEI: i've unlocked 31 iPhones, and all are showing the right IMEI printed on the box and on the read cover... i don't understand what are you referring to...


 

 
Page 5 of 8 FirstFirst 12345678 LastLast

Similar Threads

  1. Replies: 1
    Last Post: 07-28-2008, 02:53 PM
  2. 1.1.2 IPSF Unlocked Phone to 1.1.3? How to?
    By mongoose8p in forum iPhone "2G" (Rev. 1)
    Replies: 4
    Last Post: 02-12-2008, 04:54 AM
  3. IPSF with an HW-unlocked phone
    By fabiopigi in forum iPhone "2G" (Rev. 1)
    Replies: 5
    Last Post: 10-17-2007, 01:51 AM
  4. Replies: 10
    Last Post: 10-07-2007, 05:04 PM
  5. Replies: 11
    Last Post: 09-11-2007, 03:57 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 03:40 PM.
twitter, follow us!