Entering the stream
Admittedly, I haven't read as much as normally would, but I'm looking for some pointers to get me going.
I'm working with an iPhone 3G (Model MB048LL), running a completely stock iOS version 4.0 (8A293), and reporting a Modem Firmware of 05.13.04. This phone has never been jailbroken before.
I don't currently have a valid AT&T SIM to work with, and I've yet to sync it with iTunes.
My end goal is to experiment some with the different versions of iOS available, and to unlock the phone to use with a different carrier. A longer term goal is to poke around the internals some more, disassemble some of the key parts, and learn a bit more about what's going on under the hood, as well as how the various tools work.
Here's what I think I've gleaned thus far.
If I'm comfortable running iOS 4.2.1 on the phone (as opposed to 3.x for speed), then I need not worry about saving my SHSH (as 4.2.1 appears to be the last release for the 3G HW). It seems that the untethered jailbreak is far more convenient, but I'm unclear as to which tools support that. I'm also a bit unclear as to the baseband/modem versions and how those factor in (it appears that certain modern basebands have no hacks/vulnerabilities, and one may need to crate a custom iOS upgrade [ipsw] image to pair an older/vulnerable baseband with newer software?).
Understanding that I need to crawl before I walk, and walk before I run, any pointers would be appreciated.
Greepois0n, pwnagetool 4.2 (and the not recommended sn0wbreeze) all include the feedface untethered exploit for 4.2.1
You need to use 4.2.1 custom IPSW (via pwnagetool 4.2) to prevent baseband update, otherwise there is no way to downgrade the baseband again.
On iOS 4.0, you can use redsn0w or pwnagetool to jailbreak and hacktivate (you need to either hacktivate or find a way to legit activate)
Upgrading with a stock 4.2.1 includes a newer Baseband version, for which there is no way to rolled back (downgrade). Got it. Using pwnagetool, one can create a custom ipsw that includes the 4.2.1 iOS but an older version of baseband (or perhaps does not update the baseband at all).
I presume that the newest baseband does not have an unlock hack (yet)? Perhaps this is where one can upgrade to the 06.15.00 (from the iPad2), which is exploitable/unlockable?
First step it to do the simple redsn0w/pwnagetool JB on 4.0 and have a look around.
Is there anywhere that describes how the hacks work a bit further? i.e., descriptions of the different security checks and the order in which they work?
Pwnagetool custom IPSW doesn't update the baseband at all. This part of Apple's restore/upgrade script is skipped.
There are no unlocks for recent 3G or 3GS basebands (any version higher than 05.13.04)
The iPad baseband can be loaded onto the 3G or 3GS, and can then be unlocked, but this is not recommended. It can't be reversed and can cause other problems.
Safest option is to stay with 05.13.04 via custom IPSW
Thanks, that all makes sense and matches what else I've read.
The redsn0w jailbreak and subsequent cydia package installs and ultrasn0w unlock all worked without a hitch.
One additional point: the only way to upgrade iOS from 4.0 to 4.2.1 is through iTunes, is that correct?
I would have thought that with a jailbreak in place, that it might be possible to upgrade without iTunes, but evidently, that's not the case (which would lead me to believe that the upgrade process relies upon bootloader code that isn't completely broken)?
You have an incorrect understanding of the upgrade process. From iOS 1.1 onwards it is the iPhone that actually drives the upgrade, all iTunes really does is merge the SHSH with the IPSW and send this to the iPhone and then the iPhone takes over and actually runs the upgrade or restore.
While the iPhone is running the restore/upgrade, it is booted from a ramdisk that is included in the ipsw. So your existing jailbroken iOS isn't active at all.
There are at least two tools written by members of the jailbreak scene that can replace iTunes for restore/update. They aren't ready for the average user yet (maybe in a few months)
Thanks. Found this website with some of the details I was looking for: http://www.theiphonewiki.com/wiki/in...?title=S5L8900 Seems to have boot chain and exploits detailed.
Looks like I've more reading to do.