Page 6 of 11 FirstFirst 1234567891011 LastLast
Results 51 to 60 of 105
Discuss IPSF reversing started any help ;) at the iPhone "2G" (Rev. 1) - Hackint0sh.org; Originally Posted by Snowbird This could be dangerous to do though, since 1) it could ...
  1. #51
    Senior Professional Array

    Join Date
    May 2006
    Posts
    205
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    18

    Default

    Quote Originally Posted by Snowbird View Post
    This could be dangerous to do though, since 1) it could result in IPSF's server thinking that you've already activated your iPhone and refuse to re-run the unlock or 2) that the phone would no longer work because the entire procedure did not complete and the end result being that of a unsuccessful HW unlock that went wrong.
    IPSF server won't allow a single activation in my point of view. As you need to repatch if you update from 1.0 to 1.0.2 and maybe with a future update. So I hope they will let keep IMEI in their DB and allow as many activation as the user want.


  2. #52
    Professional Array

    Join Date
    Sep 2007
    Posts
    58
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    9

    Default

    Quote Originally Posted by fgrep View Post
    A better IDA database if someone want.

    http://r****share.com/files/54930487/bbsimfree.rar.html
    BTW: legally bought IDA versions say:

    "Sorry, this database has been created by a pirate version of IDA Pro".

    And quit...

    Pay attention guys, Ilfak Guilfanov knows you

    x!

  3. #53
    Nincampoop Array

    Join Date
    Sep 2007
    Posts
    30
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Exclamation

    I also analyzed IPSF with IDA...

    As far as I understood the software gets the modified firmware from their site and then flashes it to the baseband.
    Then it deletes it using RM...
    The *easiest* way to have their version so we can compare it with AnySim patch, will be just to substitute rm with a 'do nothing' command (the equivalent of /bin/true in unix systems).

    In this way the downloaded firmware will not be deleted and ready to be analyzed.

  4. #54
    Advanced Array

    Join Date
    Jul 2007
    Posts
    45
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    guys - geo had already figured out how to patch the ipsf binary to work without having a license. he copied the hex values in iphone.unlock a couple weeks back. i suggest you follow up with him...
    long story short, his patch tricks the binary into thinking the auth server returned an affirmative license check. it procedes to unlock the phone (though, it gives an error, it still unlocks).
    he decided not to post it since the dev team had a legit hack that wouldn't steal ipsf's work

  5. #55
    Rookie Array

    Join Date
    Sep 2007
    Posts
    24
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Quote Originally Posted by nautical View Post
    guys - geo had already figured out how to patch the ipsf binary to work without having a license. he copied the hex values in iphone.unlock a couple weeks back. i suggest you follow up with him...
    long story short, his patch tricks the binary into thinking the auth server returned an affirmative license check. it procedes to unlock the phone (though, it gives an error, it still unlocks).
    he decided not to post it since the dev team had a legit hack that wouldn't steal ipsf's work
    and where can i contact this geo guy?


  6. #56
    Professional Array

    Join Date
    Jul 2007
    Posts
    98
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    11

    Default

    Quote Originally Posted by nautical View Post
    guys - geo had already figured out how to patch the ipsf binary to work without having a license. he copied the hex values in iphone.unlock a couple weeks back. i suggest you follow up with him...
    long story short, his patch tricks the binary into thinking the auth server returned an affirmative license check. it procedes to unlock the phone (though, it gives an error, it still unlocks).
    he decided not to post it since the dev team had a legit hack that wouldn't steal ipsf's work
    from a french site

    Pour le fun:
    [02:00] geohot: if anyone wants...heres the ipsf patch
    [02:00] geohot: 10350->NOP
    [02:00] geohot: 11424: 48 00 9D E5 --load ptr to mem into R0
    [02:00] geohot: 8 04 10 9F E5 --load patch offset in R1
    [02:00] geohot: C 04 20 9F E5 --load patch value in R2
    [02:00] geohot: 30 01 00 00 EA --jump over the values
    [02:00] geohot: 34 40 37 21 00 --patch location for 3.12
    [02:00] geohot: 38 00 00 a0 e3 --patch to apply
    [02:00] geohot: 3C 00 20 81 E7 --STR R2,[R1,R0]
    [02:00] geohot: 40 4C 10 9D E5 --load old R1
    [02:00] geohot: 44 1C 40 8D E2 --load old R4
    [02:01] geohot: 48 04 20 A0 E1 --also put it in R2
    [02:01] geohot: 4C 18 DC FF EB <--important branch(move it and change)
    [02:01] geohot: those are VA

    i m not sure if this will work..

  7. #57
    Newbie Array

    Join Date
    Sep 2007
    Posts
    6
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Quote Originally Posted by nutdhanai View Post
    from a french site

    Pour le fun:
    [02:00] geohot: if anyone wants...heres the ipsf patch
    [02:00] geohot: 10350->NOP
    [02:00] geohot: 11424: 48 00 9D E5 --load ptr to mem into R0
    [02:00] geohot: 8 04 10 9F E5 --load patch offset in R1
    [02:00] geohot: C 04 20 9F E5 --load patch value in R2
    [02:00] geohot: 30 01 00 00 EA --jump over the values
    [02:00] geohot: 34 40 37 21 00 --patch location for 3.12
    [02:00] geohot: 38 00 00 a0 e3 --patch to apply
    [02:00] geohot: 3C 00 20 81 E7 --STR R2,[R1,R0]
    [02:00] geohot: 40 4C 10 9D E5 --load old R1
    [02:00] geohot: 44 1C 40 8D E2 --load old R4
    [02:01] geohot: 48 04 20 A0 E1 --also put it in R2
    [02:01] geohot: 4C 18 DC FF EB <--important branch(move it and change)
    [02:01] geohot: those are VA

    i m not sure if this will work..

    has anyone tried this?

  8. #58
    Professional Array

    Join Date
    Jul 2007
    Posts
    98
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    11

    Default

    bump!

    someone got a cracked version of ipsf??

  9. #59
    Board Hero Array gaz919's Avatar

    Join Date
    Sep 2007
    Posts
    1,124
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    65

    Default

    if this was done a couple of weeks back somebody must have a copy of the cracked ipsf to try

  10. #60
    Nincampoop Array

    Join Date
    Sep 2007
    Posts
    30
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    I tried that. It's not a crack.. it just adds the geohot method inside the ipsf gui.
    So it wont do what IPSF usually does.. but the same that geohot did.


 

 

Similar Threads

  1. 3G unlock reversing
    By sabxine in forum Yellowsn0w (3G unlock)
    Replies: 8
    Last Post: 04-27-2009, 02:56 AM
  2. [Pwnagetool] Help with reversing pwnage
    By d0b33 in forum PwnageTool
    Replies: 2
    Last Post: 08-07-2008, 06:58 PM
  3. [1.1.3] Reversing Geohot's IPSF
    By Random in forum iPhone "2G" (Rev. 1)
    Replies: 25
    Last Post: 04-15-2008, 07:31 PM
  4. Reversing 1.11 New Theoretical Approach - Trying it right now
    By kevinsolx in forum iPhone "2G" (Rev. 1)
    Replies: 5
    Last Post: 10-01-2007, 11:08 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 01:06 AM.
twitter, follow us!