Page 1 of 8 12345678 LastLast
Results 1 to 10 of 77
Discuss [Theory] Hacktivate and Unlock your Pwned and Neutered iPhone 2G at the PwnageTool - Hackint0sh.org; This is just a theory I have, so technical people please tell me if these ...
  1. #1
    Professional Array

    Join Date
    Jan 2008
    Location
    Miami, Fl
    Posts
    84
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    11

    Default [Theory] Hacktivate and Unlock your Pwned and Neutered iPhone 2G

    This is just a theory I have, so technical people please tell me if these is possible.
    We already have the unlock for the 2.0 baseband thanks to the Dev Team bootneuter look here:

    http://wikee.iphwn.org/sgold_bootrom:simple_unlock

    Quoted:
    “If you have a neutered bootloader, the following patches achieve the anySIM unlock. Just patch the .fls and feed both the .fls and .eep to the bbupdater that gets installed in /Applications/BootNeuter.app/bin by the Dev Team IPSW Builder.
    dd if=/dev/zero of=ICE04.03.13_G.fls bs=1 seek=2329332 count=4 conv=notrunc
    dd if=/dev/zero of=ICE04.04.05_G.fls bs=1 seek=2334576 count=4 conv=notrunc
    dd if=/dev/zero of=ICE04.05.00_G.fls bs=1 seek=2335272 count=4 conv=notrunc
    dd if=/dev/zero of=ICE04.05.01_G.fls bs=1 seek=2332892 count=4 conv=notrunc
    dd if=/dev/zero of=ICE04.05.02_G.fls bs=1 seek=2333496 count=4 conv=notrunc
    dd if=/dev/zero of=ICE04.05.03_G.fls bs=1 seek=2333696 count=4 conv=notrunc
    dd if=/dev/zero of=ICE04.05.04_G.fls bs=1 seek=2333696 count=4 conv=notrunc

    Until the new release of PwnageTool and BootNeuter for 2.0, one way to achieve this unlock is to edit the ramdisk (with the above patch) before creating a custom 2.0 ipsw via Pwnage and then just send your custom ipsw to a bootneutered iPhone 1G."

    Now to bypassing the activation screen I believe it is as simple as just changing the lockdown file inside the 2.0 firmware, and because our phones are Pwned, iTunes will accept the restore and bingo you have a Hacktivated and unlocked iPhone 1G with 2.0.

    This is just a theory and I would like to hear the opininons of technical people to see if this is possible. I fully support the Dev Team.
    Give me your opinions.
    Last edited by pbmaster93; 07-16-2008 at 08:14 PM.



  2. #2
    Rookie Array Desjek-T's Avatar

    Join Date
    Jul 2008
    Location
    Spain
    Posts
    21
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Ok! Thanks!
    Pwned 1.1.2 iPhone 8 Gb
    FW 2.0.2 Jailbroken, Neutered, Unlocked
    Mac OSX 10.5.4

  3. #3
    Professional Array

    Join Date
    Mar 2008
    Posts
    83
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    12

    Default

    I was thinking the same thing But to do that you will need to decrypt the 2.0 retail firmware. I don't think there are any published methods that show you how to do that.

  4. #4
    Professional Array

    Join Date
    Jan 2008
    Location
    Miami, Fl
    Posts
    84
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    11

    Default

    true, but someone must have the decription key

  5. #5
    Senior Professional Array

    Join Date
    Aug 2007
    Posts
    117
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    12

    Default

    I spend the last two days trying to get the decryption key. But all the old methods don't work anymore. My idea was in a first step to decrypt the 2.0-rootfs, convert it to a UDRW image. Then one would apply the changes to /etc/fstab und install a ssh server. Basically one would also need to patch lockdownd, but I am not yet experienced enough in reverse engineering to accomplish that. But perhaps a lockdownd of one of the betas would work. After that one would have to convert the image back to UDRO, run asr over it, and zip the whole package again. Will an already pwned iPhone one should be able to install the custom firmware.
    In a second step one would then have to try patch the baseband for an unlock. But I didn't get that far in my thinkings, since I didn't even get behind the step if decrypting the rootfs.


  6. #6
    Professional Array

    Join Date
    Jan 2008
    Location
    Miami, Fl
    Posts
    84
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    11

    Default

    Yeah that was kind of my idea but apple seems to have locked this thing real tight

    Thanks for all the replies and ideas (this makes a good discussion waiting for the dev team :p)

  7. #7
    Supporter Array Amet's Avatar

    Join Date
    Mar 2008
    Location
    Dubai
    Posts
    73
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    12

    Default

    here's what I have done....
    pwned 1.1.4 update basband to 04_05_04
    update to fw 2.0,baseband doesn't get updated since its the same
    now I have unlocked fw 2.0 but I can't get past the activation screen.

    we need to somehow decrypt the ipsw to patch the activation or wait for the dev team

    zeljko

  8. #8
    Senior Professional Array smirkis's Avatar

    Join Date
    Dec 2007
    Posts
    361
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    30

    Default

    if you pop in a at&t sim card to activate, then remove it to pop in ur different sim would it find that carrier n provide service?

    i was thinking if the phone was already 1.1.4 pwned n neutered, would updating to 2.0 fully reflash everything and overwrite the neutered baseband? or would it kinda remain unlocked with older baseband but jus require getting passed the activation?

    amet, how did you unlock the 2.0 baseband on 1.1.4 before you re-updated back to 2.0?
    originally OTB 1.1.2 iPhone 4.6BL
    hActivated/Jailbroken/gUnlocked
    Tzones hacked
    T-Mobile USA

    now blackra1n'd 3.1.2

  9. #9
    Supporter Array Amet's Avatar

    Join Date
    Mar 2008
    Location
    Dubai
    Posts
    73
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    12

    Default

    I patched the 04.05.04.fls on my mac with dd if=/dev/zero of=ICE04.05.04_G.fls bs=1 seek=2333696 count=4 conv=notrunc

    renamed the files to 04.04.05.fls/eep and copy them into bootnuter.app(not sure which folder) and replace the existing files...

    fire up bootneuter an leave everything as is but change baseband unlock to off(you have unlocked it already)
    that's it

  10. #10
    Supporter Array Amet's Avatar

    Join Date
    Mar 2008
    Location
    Dubai
    Posts
    73
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    12

    Default

    just a silly question,

    when iTunes is extracting the ipsw whera are the temp files located?

    could we take those and use them to create unlocked ipsw?


 

 
Page 1 of 8 12345678 LastLast

Similar Threads

  1. Hacktivate/Jailbreak/Unlock freshly restored 3g on 4.1?
    By bobbylight in forum Ultrasn0w (3G(S)/iPhone 4 unlock)
    Replies: 3
    Last Post: 11-05-2010, 04:34 AM
  2. jailbreak / hacktivate / unlock 2G iphone
    By sinanerdemir in forum Redsn0w
    Replies: 1
    Last Post: 10-21-2010, 10:17 AM
  3. True Unlock Theory
    By sezxzpqcfuy in forum iPhone "2G" (Rev. 1)
    Replies: 0
    Last Post: 03-30-2008, 05:05 AM
  4. Replies: 2
    Last Post: 09-06-2007, 08:20 PM
  5. Replies: 5
    Last Post: 08-31-2007, 06:21 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 09:07 PM.
twitter, follow us!