My Efforts on 1.1.1
I have started an effort of trying my luck at cracking 1.1.1. First let me start out by explianing what I KNOW about this process.
Fact: The new firmware is encrypted
Fact: The new firmware can only be accessed and managed by the new iTunes 7.4 (released along side the 1.1.1 firmware)
Fact: iTunes CAN sync with this new firmware so it must have a method for getting into the phone and managing files, contacts, book marks etc........ the only way it can do this theoretically is either through a sync server running on the phone AND/OR via root access to the file system
FACT: iTunes has to have the key in it, to manage the phone.......
Theory: Decompile iTunes, and figure out what its doing so we can utilize the same method to get in, and jailbreak it.
This is my initial thoughts on the idea anyone else interested can pm me or watch here for updates and what i learn along the way.
If iTune need not go online to activate iphone then the key should be inside iTune. Else, your assumption is wrong and the actual key can be computed from apple server.
you may be right, however a packet sniffer or monitor app should flush out the data needed. The we could figure out how that key is generated, and write our own. I still belive iTunes is the key to getting in.
So after going through itunesmobilesync.dlll i found some references to the Activation of 1.1.1, references to the NOR, and references to updating the baseband. This leads me to conclude that iTunes has root access to the file system, and dosent proxy in and run a sync tool.
keep up the good work dude! :D
Interesting. The question that i have, is since itunes has root access, and obviously has acess to updating the bb and modem firmware, then it would make sense that if we could write a hacked version of 1.1.1(and trick itunes into thinking its real?) then have itunes restore the hacked version onto the iphone, we could do whateveer we want.
Can you find the same references in the old (itunes 7.3...) versions of the dll? for other version firmware of course
Correct. A hacked version of the firmware would be awesome. This effort may also help the dev team in figuring out the encryption used on the DMG files, as iTunes I would bet also has to decrypt the firmware prior to sending it through the pipe.
Huh.... i am having PSP flashbacks again ;P
Another idea... Technically if you unlocked a 1.0.2 phone, then upgrade to 1.1.1 it is still unlocked, just really needs to be jailbroken right? I bet when someone decrypts either 1.1.1 or rev itunes 7.4.3, someone could compile a "fake itunes" to activate a upgraded iphone.
I hope to be wrong, but I think itunes just serves the phone with an encrypted package, the decrypt software, almost for sure embedded in hardware, decrypts it using the also stored in hardware secret key, and if it checksums OK aplies all the changes inside the phone, without itunes doing anything, maybe just an after process checkup.