Page 1 of 2 12 LastLast
Results 1 to 10 of 16
Discuss [iPhone 3G] Infineon, we have a problem at the iPhone 3G - Hackint0sh.org; This is off geohotz blog " The 3G bootloader is sig checked by the bootrom. ...
  1. #1
    Professional Array

    Join Date
    Apr 2008
    Posts
    59
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    9

    Default [iPhone 3G] Infineon, we have a problem

    This is off geohotz blog
    "
    The 3G bootloader is sig checked by the bootrom. So even removing the NOR and patching the bootloader(to remove main fw sig checks) and main firmware doesn't work for an unlock.

    The X-Gold 608 is the chip used. The lame "datasheet" infineon gives us shows the hardware RSA and the secure bootrom. So we have a real problem. Even if we find an unsigned code exploit, which wasn't done for the previous two bootloaders in software(we found tricks to play with the nor), we still can't unlock.

    Even though the bootloader isn't available for download, theres really nothing there. This bootloader doesn't contain any of the interactive mode functions, just a stub which is very similar to the old bootrom(but with sig checking). The interactive loader is tacked on to the end of every fls and eep file, and is loaded at 0x86000. BBUpdaterExtreme contains several ramloaders as well, but I believe the one used is from the update file itself. You do not need the bootloader to work on the baseband, you just need the files off the ramdisk. Also interesting to note, the 2 rsa keys the bootloaders use haven't changed since 3.9 or 4.6 So you have these too.

    Killing CommCenter on 2.0 kills the wi-fi, which will make working with the baseband a bit harder. Entering interactive mode is now done with a call to the kernel to raise an I/O pin before resetting.

    The first step to tackling this is dumping the bootrom. We need some exploit, I don't care where, to dump arbitrary memory. Then we can dump 0x400000, which is the new "secure" bootrom. "



  2. #2
    Professional Array

    Join Date
    Apr 2008
    Posts
    59
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    9

    Default

    So is this going to be like 1.1.2 OTB all over again? I really need to unlock my 3g iPhone..... Lets all share knowledge like it happened pre-nov 2007..
    I guess geohot does not have the bb dump which ta_mobile has already given to dev team ?

    Hope to get some meaning full discussion going on here....

  3. #3
    Rookie Array

    Join Date
    Jul 2008
    Posts
    22
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Quote Originally Posted by kkankeshwar View Post
    So is this going to be like 1.1.2 OTB all over again?
    Worse. The only thing that changed with BL 4.6 was the bootloader. This time there is a completely new chip. I agree though, we should all share info and try to tackle this together.

  4. #4
    Professional Array

    Join Date
    Aug 2007
    Posts
    59
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    24

    Default

    dev, i've heard rumors that you already have the bootrom? is this true. or did noobs get it confused with the bootloader?

  5. #5
    Professional Array

    Join Date
    Apr 2008
    Posts
    59
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    9

    Default

    Ta_mobile quote

    "The file has come to hands of Dev team. I'll not give it to anyone else who not be known to involve to the hacking process. And all are researching about this.

    And 1 bad news as Geohot posted on his blog, bootloader 5.8 do not have any exploit until now. And Apple change all the way of bootrom sig check to the bootloader. We are hitting to the wall !!!

    Thank you very much for interested in our bloody job "


    Link here


  6. #6
    drg
    drg is offline
    Senior Professional Array

    Join Date
    Oct 2007
    Location
    Canada
    Posts
    479
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    34

    Default

    geohot/dev,

    Would it be retarded to suggest a distributed attack on the RSA keys?

  7. #7
    iPhone Moderator Array

    Join Date
    Dec 2007
    Posts
    153
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    14

    Default

    Very unlikely to suceed.

  8. #8
    Professional Array

    Join Date
    Aug 2007
    Posts
    59
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    24

    Default

    drg: yes, unless you know someone with a quantum computer.

  9. #9
    Senior Professional Array

    Join Date
    Oct 2007
    Posts
    473
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    30

    Default

    Man this doesnt sound promising however I have faith that Geohot or the Dev team will find a way!!

  10. #10
    Professional Array

    Join Date
    Jul 2008
    Posts
    71
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    9

    Default

    I read this in the comments section on that blog... "FYI: Apple Official Unlock is done via iTunes during the first unbricked (after firmware update or first iTunes tethering).

    An unlocked iPhone from HK is pwnaged and restore with custom firmware (with phone activation option). Guess what has happened? It is relocked! Restore with an official firmware and then it gets unlock again. (Custom firmware without activation isn't tested.)

    PS. I didn't do an experiment myself. Somebody with 3G from HK tested it and posted this in my his website (with my local language)."

    Anybody know how or why this would be? Doesn't make sense to me..


 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. MacNN: Qualcomm may replace Infineon in iPhone 5 design
    By hackint0sh in forum Latest Headlines
    Replies: 0
    Last Post: 09-10-2010, 09:40 PM
  2. MacNN: Infineon one-chip 4G radio may see iPhone
    By hackint0sh in forum Latest Headlines
    Replies: 0
    Last Post: 01-16-2009, 05:20 AM
  3. Slashdot: Infineon Chipset May Be Cause of IPhone 3G Issues
    By hackint0sh in forum Latest Headlines
    Replies: 0
    Last Post: 09-03-2008, 06:00 PM
  4. Slashdot: Infineon Chipset May Be Cause of IPhone 3G Issues
    By hackint0sh in forum Latest Headlines
    Replies: 0
    Last Post: 08-29-2008, 12:50 PM
  5. Slashdot: Infineon Chipset May Be Cause of IPhone 3G Issues
    By hackint0sh in forum Latest Headlines
    Replies: 0
    Last Post: 08-12-2008, 11:40 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 06:51 PM.
twitter, follow us!