-
so i fixed the last problem by uninstalling itunes 8 and installing itunes 7 available from filehippo.
but unfortunately xpwn just preps the iphone to write data, then it relies on itunes to actually write the data to the device.. my problem is that itunes will overwrite all of the data on the phone. This is why quickpwn is so unique and specific to this cause. quickpwn will just write the data which is required for the update, and leave the rest alone.
so back to square one. modifying quickpwn. i can decompile with reflector, but it seems like the bulk of the processes is in Pwnmetheus.dll and libpwnmetheus.dll which is all native..
can anyone recommend any other software recommendations? keep in mind that was is most essential is the writing process
-
ok, so i was finally able to get quickpwn to stop the checks.
When quickpwn first starts, it runs a number of different checks on the connected device. probably the most important is to identify why type of device it is. this is where it configures the additional information needed to flash later on.
the problem in my case was that i just want to use the quickpwn write functionality on a device that will not give information back to quickpwn. in this scenario, i wouldnt be able to do this because of the checks mentioned above.
the way to get around this is pretty easy, but uses an arguably complicated process. btw, all of this drama could be avoided if they would be good netizens and release the source..
these modifications will only work for flashing the iphone 3g. other devices can be flashed, but different settings need to be put in place
First thing you'll need to do is download .net reflector, a .net decompiler. and reflexil, which allows you to modify this code and produce patches with ease.
.net reflector:
.NET Reflector, class browser, analyzer and decompiler for .NET
reflexil:
Reflexil
next load up reflector and file -> open the upacked quickpwn.exe. (see above posts for how to unpack the standard distro).
in reflector, goto view -> add-ins
navigate and select the reflexil.dll
expand QuickPwn -> QuickPwn.exe -> { } QuickPwn -> frmStartup
and double click
"picNext_Click(Object, EventArgs): Void"
goto tools:Reflexil
in the reflexil pane on the bottom right go down to instruction 09 and change the opcode from "brfalse.s" to "brtrue.s"
next expand QuickPwn -> QuickPwn.exe -> { } QuickPwn -> frmFirmware
double click ".ctor()"
in the reflexil pane on the bottom right go down to instruction 28 and change the opcode from "brfalse" to "brtrue"
this test i also removed the splash screen by
expanding QuickPwn -> QuickPwn.exe -> { } QuickPwn -> frmStartup
double click "LaunchSplash(): Void"
in the reflexil pane on the bottom right highlight all instructions except the last (opcode: ret) and delete.
finally click QuickPwn.exe from the left pane tree, and save as from the reflexil pane on the bottom right. this will save the modified executable. Just place the executable into the same directory as the original quickpwn.exe
now launch your newly patched quickpwn.exe with no device connected. the next button will work, but just wont light up. next your way through quickpwn until you get the screen right before the flash one which asks you to be sure the device is connected. connect your device, press next and follow the onscreen instructions
Notes:
1. remember, these instructions will only let quickpwn support the iphone 3g
2. i really wish the iphone dev team and poorlad would release the source, which would have made my life easy
3. if you're looking for help, dont go on irc. the guys over on irc.osx86.hu, #iphone, #iphone-hax are mostly unhelpful, especially ctrl-freq and pater (some were, i.e zeano). save yourself time and stick to the forums.
-
http://www.milw0rm.com/papers/301 -- defeating the iphone passcode
