Page 10 of 11 FirstFirst 1234567891011 LastLast
Results 91 to 100 of 105
Discuss IPSF reversing started any help ;) at the iPhone "2G" (Rev. 1) - Hackint0sh.org; Originally Posted by nautical yeah, there was some talk last night about the packet dump ...
  1. #91
    mr_
    mr_ is offline
    Senior Professional Array

    Join Date
    Sep 2007
    Posts
    100
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    12

    Default

    Quote Originally Posted by nautical View Post
    yeah, there was some talk last night about the packet dump containing the nck... it's highly unlikely. it's more likely that those large packets are just zipped hlloader and seczone files - ipsf contained them on their servers so people couldn't just pass a faked "go" command.

    when geo patched the server check, he still had included the modded hlloader and seczone in the folder. thus, the ipsf binary didn't get the "go" command bc he patched it, but the bug in their program is that it still executes their code.
    I agree. All this is consistent with dev team/geohot statements that they could release a free hacked version of IPSF but wouldn't do it bc of ethical reasons. And personally I think they made the right decision, even though it cost me $50 .


  2. #92
    Senior Professional Array slimnickyy's Avatar

    Join Date
    Sep 2007
    Location
    London
    Posts
    418
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    30

    Default

    Quote Originally Posted by mr_ View Post
    I agree. All this is consistent with dev team/geohot statements that they could release a free hacked version of IPSF but wouldn't do it bc of ethical reasons. And personally I think they made the right decision, even though it cost me $50 .
    I don't. IPSF 'borrowed' ideas from the Dev's, so why not return the favor. my .02

  3. #93
    Senior Professional Array

    Join Date
    Sep 2007
    Location
    Cupertino
    Posts
    203
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    17

    Default

    There should be no honor amongst thieves. I say release it.

  4. #94
    Senior Professional Array

    Join Date
    Sep 2007
    Posts
    159
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    14

    Default

    The SimFree method from what I understand actually is a bit different than the dev team method. Reversing the simfree app wil probably not help because what the simfree app does is contact the simfree server and request a token of sorts, which is then uploaded to the phone and dropped in the baseband. This is why SimFree's unlock solution probably survives the 1.1.1 upgrade.

  5. #95
    mr_
    mr_ is offline
    Senior Professional Array

    Join Date
    Sep 2007
    Posts
    100
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    12

    Default

    I don't think that attacking iPhone security to give legitimate users expanded non-fraudulant functionality makes either dev team or ISPF thieves and I think that Apple has the right to pursue whatever business strategy it wants, but all this is my personal view. Please let's agree that reasonable people can have different views on this topic and let's keep the discussion on this thread technical!
    Last edited by mr_; 10-03-2007 at 08:33 PM.


  6. #96
    mr_
    mr_ is offline
    Senior Professional Array

    Join Date
    Sep 2007
    Posts
    100
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    12

    Default

    Quote Originally Posted by jmcallister View Post
    The SimFree method from what I understand actually is a bit different than the dev team method. Reversing the simfree app wil probably not help because what the simfree app does is contact the simfree server and request a token of sorts, which is then uploaded to the phone and dropped in the baseband. This is why SimFree's unlock solution probably survives the 1.1.1 upgrade.
    I started with the same assumptions, but I now don't think so any more, as generating phone-specific tokens would require access to sensitive confidential information. For a simpler explanation read posts 84, 85 and 89 above... Also, if phone-specific tokens were required, geohot couldn't have patched ipsf to work without accessing the server.
    Last edited by mr_; 10-03-2007 at 08:26 PM.

  7. #97
    Senior Professional Array

    Join Date
    Jul 2007
    Posts
    116
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    12

    Default

    Quote Originally Posted by 997TT View Post
    I think that the Dev Team and anybody involved in Unlock development should concentrate mainly on a process to allow a baseband fw 4.x downgrade to 3.x baseband fw. Such a solution would take a lot of "pressure" from FW 1.1.1 unlock solution development because people could enjoy their FW 1.0.2 unlocked phones, maybe even adding some of the FW 1.1.1 features sooner or later as soon as file system write access will be achieved after decrypting this FW version.
    Just my personal opinion.
    I agree with that first priority, 997TT. It would then logically follow that the second priority should be to "repair"/change the free unlocking procedures to weather firmware upgrades better than they currently do. If mr_'s excellent summary of how IPSF differs from the dev team's unlock holds up to scrutiny, there's hope that current free-unlocked 1.0.2 iPhones can eventually be updated (once a new jailbreak technique is discovered).

  8. #98
    Respected Professional Array

    Join Date
    Aug 2007
    Location
    Paris, France
    Posts
    533
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    34

    Default

    Quote Originally Posted by jmcallister View Post
    The SimFree method from what I understand actually is a bit different than the dev team method. Reversing the simfree app wil probably not help because what the simfree app does is contact the simfree server and request a token of sorts, which is then uploaded to the phone and dropped in the baseband. This is why SimFree's unlock solution probably survives the 1.1.1 upgrade.
    You're right. There is a major difference. The SimFree method employs means that are based upon inside information and the Dev Team's unlock is a best effort approach that involves cutting and pasting BB information from an unlocked telephone that possesses the same chipset as the iPhone. The SimFree unlock reprograms the EEPROM and then overlays the BB with a fresh copy that reflects an unlocked state, whereas the Dev Team's unlock patches an existing BB with information that generates an unlock.

    Re: the insider information. This is grounds for lots of speculation. I assume that the members of IPSF are either software/firmware engineers for a phone manufacturer that use the S-gold2 (there are a few), or who are software/firmware engineers that have former classmates that worked on the iPhone project. Or, they simply have access to the full Infineon technical manual. Either way, IPSF stated very clearly that their unlock is DISTINCT from any other unlock on the market, and I think that it's safe to say that they weren't lying.
    Last edited by Snowbird; 10-04-2007 at 07:43 AM.

  9. #99
    Professional Array

    Join Date
    Jul 2007
    Posts
    50
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    9

    Default

    Quote Originally Posted by Snowbird View Post
    You're right. There is a major difference. The SimFree method employs means that are based upon inside information and the Dev Team's unlock is a best effort approach that involves cutting and pasting BB information from an unlocked telephone that possesses the same chipset as the iPhone. The SimFree unlock reprograms the EEPROM and then overlays the BB with a fresh copy that reflects an unlocked state, whereas the Dev Team's unlock patches an existing BB with information that generates an unlock.

    Re: the insider information. This is grounds for lots of speculation. I assume that the members of IPSF are either software/firmware engineers for a phone manufacturer that use the S-gold2 (there are a few), or who are software/firmware engineers that have former classmates that worked on the iPhone project. Or, they simple have access to the full Infineon technical manual. Either way, IPSF stated very clearly that their unlock is DISTINCT from any other unlock on the market, and I think that it's safe to say that they weren't lying.
    Snowbird, let me say that first- I am not as experienced technically as you; however I do know my way around logic.

    Should it not be safe to assume at this juncture that all efforts should be placed upon either A) Finding a way to jailbreak the phone (hence solve all of the problems with the IPSF users). B) Flashing the baseband (which from what I am gathering is an enormous task in and of itself. Or C) Finding a solution that cleans the phone to a virgin state (fixing the IMEI issue) and letting the folks start from scratch. Oboviously all point to staying away from the 1.1.1 version all together, and mainly focusing efforts to a more obvious successful outcome.

    I myself have 2 iPhones, 1 was activated and singed on with AT&T (from t-mo) and the other remained with T-MO. I unlocked the first using the IPSF method for reasons I wanted to leave AT&T, and the other with Anysim. Now, my phone that is activated is updated to the new firmware (without a glitch btw) but I have left the other untouched with the 1.02 on it knowing it is going to brick.

    Your discovery, and examples are excellent. I admire your efforts, as well as those of the dev team (of course), and I am just wondering if the direction(s) are being directed accoringly; based of course on all of this information on the boards.

    Your thoughts?

  10. #100
    Respected Professional Array

    Join Date
    Aug 2007
    Location
    Paris, France
    Posts
    533
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    34

    Default

    I don't belong to the Dev Team, so I don't really know what their agenda is or how they determine what's a priority and what's not. What's obvious to me, however, is that if I were part of the Dev Team I'd be focusing my attention on a way to restore service to those of us that are without it. Whether this involves restoring the BB to a virgin 1.0.2 state or coming up with a way to patch a Firmware 1.0.2 iPhone with BB 1.1.1, it doesn't really matter so long as service is restored.

    Without access to the 1.1.1 BB files, the task of patching the new BB is all the more difficult. It's for that reason that I think they're probably focusing their efforts on the latter -- the virginizing of the BB. For reasons a bit complicated, I'm not really sure that you can do it, unless, of course, if there was a way to completely re-engineer the 1.0.2 restore procedure, such that everything was set to 0 again. The problem is that during the restore, if 1.1.1 is any indication of how it works during a BB upgrade, the installer analyses the BB and recovers the IMEI (not from EEPROM it would seem?) and then uses this information during the rewrite, whereby putting you right back into the same situation that you started in -- with the wrong IMEI. I don't know, I'm just guessing.

    I guess time will tell. Would sure be nice to have that S-Gold2 manual now or a complete explanation of how the IPSF unlock works (with the source if it isn't asking too much).
    Last edited by Snowbird; 10-05-2007 at 01:10 AM.


 

 

Similar Threads

  1. 3G unlock reversing
    By sabxine in forum Yellowsn0w (3G unlock)
    Replies: 8
    Last Post: 04-27-2009, 02:56 AM
  2. [Pwnagetool] Help with reversing pwnage
    By d0b33 in forum PwnageTool
    Replies: 2
    Last Post: 08-07-2008, 06:58 PM
  3. [1.1.3] Reversing Geohot's IPSF
    By Random in forum iPhone "2G" (Rev. 1)
    Replies: 25
    Last Post: 04-15-2008, 07:31 PM
  4. Reversing 1.11 New Theoretical Approach - Trying it right now
    By kevinsolx in forum iPhone "2G" (Rev. 1)
    Replies: 5
    Last Post: 10-01-2007, 11:08 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 12:16 PM.
twitter, follow us!