George Hotz: 5.8 Exploit
I've been off the iPhone scene for a while. A couple days ago, I got an e-mail from Chronic asking for help with the new asr. I helped out with genpass, and started reading through theiphonewiki again. Thanks so much for all the information contributed so far; it prompted me to find this.
In bootloader 5.8 on the 3G, the loader signature validator is broken. Someone botched an if statement checking the location and length of the loader in the cert. Because of this, you can pass the run cert for the firmware you currently have on the phone instead of the loader cert, and send whatever you want as a loader.
Here is a bspatch file to be applied to ICE2_02.28.00.fls allowing downgrades from 2.30.03 using BBUpdaterExtreme. By replacing the patched cert with your current run cert, you can downgrade from any other version.
Unfortunately, most 3G's out there are bootloader 5.9 I was hoping, since RSA was added to the bootrom, that it would run the vulnerable ramstrapper, but I had no luck, although I didn't try that hard. I see no reason why it shouldn't work theoretically; the bootrom RSA is complicated, maybe when I finish EDA...
And dev, since you're into hashes
From gehotz blog
Nice to see gehotz posting on this blog again :)
Has anyone made this work? Meaning 2.30 downgrade to 2.28 baseband on a BootLoader 5.8 iPhone 3G?
Weird, I would think that this news is pretty big, but no one here in hackint0sh seems to mind it?
Anyone have additional instructions on how to apply the patch to the 2.28 BB files?
i want to find out my BL version. Right now iam stood at the mobile-terminal.
when i shut down the comcenter nothing happened...
PHaseBanDowngrader - The iPhone Wiki
Have not tried this, but it's based on geohot's exploit.
my phone is already on 2.28.0 i just want to check what bootloader do i have.
i have already downloaded bbupdaterextreme but where do i put it cuz i dont have var/root i have private/var/root.
will it work with 6.02 bootloader?
didnt hear anything about this one yet.
I tried but sad to say my baseband stays at 2.30.03 after reboot :( weird
Originally Posted by drg
He says if we replace the cert with the firmware we are on we can send anything for the loader does that mean we can also downgrade the baseband from 3.0 if we have its cert? This could help all early adoptors with bl 5.8 (including me) to unlock their phones.
Can anyone put the 3.0 beta cert here or a patch which we can use with the above exploit to downgrade the baseband to 2.28?
sorry guys i said before that there was no bootloader 6.02 but i was wrong since my iphone has 6.02.
here is a pic,