Discuss Looking for an online explaination... at the iPhone "2G" (Rev. 1) - Hackint0sh.org; ...of the unlocking process. Not a tutorial, but something that explains what is happening. Like ...
Looking for an online explaination...
...of the unlocking process. Not a tutorial, but something that explains what is happening. Like what's the difference between unlocking and jailbreaking? What does the iUnlock code do? What does Apple do in the "activation"? Etc etc.
I tried hanging out on the Dev Teams IRC channel, but most of the conversation is about fixing 1.1.1 I wasn't about to start asking stupid questions there (so I'll do it here..LOL).
Jailbreak: This is the act of changing the read only permissions of the /etc/fstab to read write for the root partition of the iPhone (its Unix based). This allows you to add applications and other files.
Unlock: This is the process of removing the sim restriction see: http://en.wikipedia.org/wiki/Unlocking
iUnlock/Anysim: They replace the phones modem firmware with a version that has been altered to allow generic unlock codes.
You mean "pro" hacker talk? If you have to ask this, you're just wasting your time for nothing, seriously. There has been so much insight regarding jailbreaking, activation, etc. over the past few months, use GOOGLE to look for it or use the forum's search function. If you're a professional, it should be easy to find this information, if you're not, do something else with your precious time.
Originally Posted by partsmutt
997TT is right!
but if you still interesed! the unlock methods from now are all based on the geohot method of hardware unlock if you see how the anysim software way skripted...
it can help to understand a peace if you read geohots presentation of a hardware unlock and if you undersand all steps you can google for more.
if not just dont waist you time
I actually have to do this for school, so the wasting time argument won't fly with the teacher. I'm tasked with understanding exactly what was done (software wise) that unlocked the phone. We have to present a paper on this later this month (along with economic, industrial, and legal impacts, etc).
1) I'm new to this
2) I'm mostly a hardware guy
3) I know absolutely jack crap about cell phones.
Fortunately: I'm a Mac guy, I'm familiar with Unix, and I've studied a bit of cryptography.
My task is confined to the original 1.0.2 version of the unlock since the iphone will be a moving target as Apple counters all the good work done by others.
Since it's a moving target, most information and concerns online are geared towards 1.1.1 and info on the original 1.0.2 is getting tough to find (or I haven't found it yet).
Thanks for the replies. I've actually learned a lot since I posted this thread in the first place. Right now I'm going line by line through the iUnlock source code to see what they are doing.
Is this the appropriate place to ask specific questions about the code? Or should I do that in the Dev Team forum or the IRC channel?
For an idea of a structure of a general phone, read my post at http://www.hackint0sh.org/forum/showthread.php?p=64773
Here's the general scoop of what happened:
Apple released iPhone. It's a ARM handheld computer running OSX with a SGold2 cell modem embedded. No native SDK. No raw NAND Flash access. The SGold2 was programmed to have a service provider lock to AT&T.
As the cell modem is not directly addressable from outside the iPhone's physical unit, the sequence required to unlock it would be:
1) Get the ability to create an application that runs on the iPhone.
2) Get the ability to upload said application.
3) Get the ability to run said uploaded application
4) Get the ability to create an application that can talk to the modem.
5) Get the understanding to create an application to tell the modem to unlock.
#2 happened first. This is what they call "jailbreaking". It's the act of using the API set aside for uploading/downloading files to the iPhone. Normally used by iTunes to move music/movie files back and forth, it's typically limited to only allow you to access the media folder in order to prevent people from easily getting to the rest of the iPhone file system.
In UNIX-land, there's a term called "chroot jail." It's where you change your process' root directory. (it's literally short for "CHange ROOT") "chroot" wasn't originally designed as a security measure. Simply another OS feature. Nowadays, it's most often used to limit how much of the file system a process could see.
Because the upload/download APIs could not see beyond the media folder, it looks basically like a chroot jail. I'm not sure if it actually was a chroot jail (like, actually using chroot), but whatever the case (I think it probably wasn't), that's what the hackers who encountered it called it. Hence the process of breaking out of this limitation became known as "jailbreak."
#1 was satisfied by the creation of the GCC toolchain for ARM for OSX.
#3 was satisfied by the compilation of SSH servers and a basic terminal app.
#4 bbupdater was a utility already there to upload a flash file to the modem. It uses the serial port, so it requires the modem to be in a state where it's intelligent enough to talk. (aka, if you blow up the bootloader, you're not coming back without JTAG). The modem also is exposed as a serial port in /dev. So using traditional POSIX calls, we're able to talk to the modem.
#5: The "iphone dev team" came up with the NORDumper utility which allows the user to dump some part of the modem's firmware.
The first unlock came from Geohot, where after failing to use JTAG, he found that it's possible to skip a bunch of checks to write to the modem if the modem thinks it's got a certain area of the modem's memory empty. To fool it into thinking so, a jumper to tie an address line high is required.
He then follows it up by flashing a replacement firmware where a returncode is zeroed out. This causes the phone to allow any sim card.
iPhoneSimFree, a for-profit organization, releases the first software unlock. Their solution is not entirely understood.
anySIM is released as the second software unlock by "iPhone Dev Team". It accomplishes the same as the hardware unlock in terms of changes to the firmware. How it uploads is a bit mysterious as a quick scan over the source code looks like it picks a few opcodes and then sends data. Presumely these opcodes mean something important, but I don't know where they got the meaning from. Either anonymous contributor (more likely), or reading a lot of disassembled code (less likely.)
When Apple was about to release 1.1.1, they alerted everybody that it is dangerous to upgrade if you have an unlocked phone as they've discovered that many of them have irreparable damage to the contents of the modem. Many considered this a threat by Apple, and spurred up a bunch of hatred and virtual rioting. Many jumped to conclusions believing it to be some sort of war between the hackers and the creators of the iPhone.
Those who knew a bit better just saw it as a courtesy warning that hacking may be dangerous and there is a likelyhood of unintended consequences. Afterall, that's kinda obvious. I was one of those who didn't expect bricking to actually occur, and just saw it as a reminder that hacking isn't supported. A small few others, who were right, believed that there was something wrong with the unlock and Apple was just giving a heads up.
After release of 1.1.1, it turned out to be that the hardware unlock and anySim app wasn't safe. See here:
Angry users decide to complain, riot, and threaten to sue. Apple revokes warrenties on hacked phones. Bunches of people who didn't read the warning dialogs are left with phones that can't call.
That's the rough story of 1.0.2.
Now another, more detailed question. For the 1.0.2 jailbreak, how was that accomplished. I was looking at some code (iPhuc, I think?). It looked as if they are calling iTunes APIs and sending strings in there that would open the filesystem. Am I way off the mark on that?
The 1.0.2 jailbreak process calls iTunes APIs as a way of sending/recieving data to the iPhone. The MobileDevice.framework is how iTunes communicates with the iPhone normally. The AM-prefix classes are basically Apple Mobile framework communication calls. Think of them as a way of transferring files back and forth. They're using them to try to change the file system so that it will let you look around and upload files outside of the Media area.
What it's actually sending, I don't remember, but I'm guessing reading through the source code for a jailbreak utility will make it more apparent.
By besdong_sava in forum iPhone 3G
Last Post: 06-06-2009, 04:30 AM