Arsip Tag: unlock

‘Tis the Season to be Jolly! – yellowsn0w

Now that you guys have got used to the sunburn and blindness caused by the glare of our new blog template, we can get back to normal business. We’ll give you some updates and also tell you our schedule for the festive season.

Over the Christmas break some of our members will be talking at the Chaos Computer Club’s 25C3 Congress. This talk will be a juicy technical talk relating to iPhone platform and our previous exploits. You can see more information about the talk “Hacking the iPhone”. There is even a super-cool TeamPwnapple T-Shirt 😉

3G Unlock

We have been working hard on a few other things. The main one being the 3G unlock codenamed “yellowsn0w”. This is now completed and is currently being packaged into a user-friendly application with the simplicity that you see in QuickPwn or BootNeuter.

* The target release date for the unlock is New Year’s Eve 2008.
* This unlock method is available to iPhone 3Gs that have 2.11.07 baseband or earlier, we did warn you.
* You can tell what version baseband you have by going to Settings->General->About->Modem Firmware
* The unlock requires a jailbroken 3G iPhone. It’ll be installable via Cydia and so it doesn’t matter if you have a Mac or PC.
* Please refrain from updating your baseband, regardless of what version you’re at. We’ll have complete directions on New Year’s Eve.
* We’ll stream a live demo of the unlock before Christmas (see the update at the end of this post)

DFU Issues in OS X 10.5.6

Lots of users have been experiencing problems with the use of DFU mode after applying yesterday’s 10.5.6 system update.

We believe this behavior is due to a kernel bug not a specific countermeasure by Apple. Possible fixes are (try at your own risk!) –

1. Replace the following plugin kexts from within IOUSBFamily.kext with the ones from 10.5.5 and then rebuild kextcache (if you don’t understand this, then you shouldn’t attempt it!)

/System/Library/Extensions/IOUSBFamily.kext/Contents/PlugIns/AppleUSBHub.kext

/System/Library/Extensions/IOUSBFamily.kext/Contents/PlugIns/IOUSBCompositeDriver.kext

2. Use a USB hub in-between the DFU device and the Mac and insert/reinsert the iPhone’s USB cable.

3. Use a PwnageTool created .ipsw on Windows! Oh the irony!

iPod touch 2G

Currently we are not investigating the iPod touch 2G. Other people outside the Dev-Team are looking into this, but we are not at the moment. Please don’t hassle us with comments and requests about this, they’ll just be deleted and ignored. If we do look at this device it will be sometime in the New Year and we’ll inform you guys if and when we commence this work.

We would like to reiterate that this is not because –

1. We are mean
2. We are turning our back on the iPod touch community
3. We have been paid off by JFK, Princess Diana or Elvis

This is because –

1. It’s not an iPhone
2. We have been busy with the 3G unlock.
3. We have been busy with the CCC talk.
4. Only one of us has a iPod touch 2G (but we’ll see what Santa brings)
5. Our employers don’t get as excited as us about hacking expensive pretty devices
6. Unfortunately our partners, parents and pets need occasional attention too.

Update: Live Demo

Sometime before Christmas, MuscleNerd will show a live demo of the unlock (and some other random nucleus and pwnage stuff). It’ll be streamed live via the awesome Qik application, and announced via his Twitter account just as the broadcast begins.

blog@dev-team

PwnageTool 2.2.1 has been released

  1. GOLDEN RULE: If you have a 3G iPhone and want potential soft unlock in the near future do NOT use QuickPwn, and do not use the official ipsw or the iTunes update process without using PwnageTool.
  2. Read item 1 again and again.
  3. At the bottom of this post are the bittorrent files for the latest versions of PwnageTool and QuickPwn.
  4. These are suitable for the recent 2.2 release.
  5. Please read all parts of this post before downloading and using these tools.
  6. The ‘late 2008’ MacBook/air/pro line of computers have an issue with DFU mode.  While it’s possible to go from Pwned 2.1 -> Pwned 2.2 (using PwnageTool), you can’t yet go from stock to pwned.  If in any doubt use a different machine.
  7. Choosing the correct tool is crucial. Be warned!

One Step Closer to 3G Soft Unlock

This ability we now have to spawn background tasks means we are one step closer to the 3G soft unlock.  We have a clear path to follow, and “all” that remains is the implementation.

A quick summary of the key 3G-unlock-related achievements we’ve made so far:

  1. Unsigned code execution on 3G baseband
  2. Reverting 01.45 baseband to previous versions
  3. Patching of static text (the AT&V demo)
  4. Injection of AT routines (the task list demo)
  5. Injection of background tasks (this demo)

Now it’s on to overriding the baseband code that enforces the carrier lock.

A high-quality version of the video is available via bittorrent here.

P.S. That “One more thing!” text is being generated by the backgrounded “steve” task at 5-second intervals.  The “A0” is the task’s priority.

P.P.S. Remember…don’t update to official 2.2 when it comes out if you ultimately want a 3G soft unlock!

(14 January 2008) S2U2 v0.98 – beyond the basic

Just another bug fix release v0.98

– fixed the malfunction of ExceptionEXE4-9 again.
– fixed the Landscape blank screen issue on some devices.
– fixed some graphics displacements for VGA devices.
– in sync with S2V v0.20.
– some minor bugs fixed.

CAB files (Thanks Xenpain for hosting the file)
http://ac.xenpage.eu/S2U2-0.98-WM5.rar
http://www.mediafire.com/?fbmyy0jbms9

Language Pack (Afrikaans, Arabic, Chinese (Simplified & Traditional), Czech, Danish, Dutch, French, German, Greek, Hebrew, Hungarian, Indonesian, Italian, Korean, Macedonian, Norwegian, Polish, Portuguese, Portuguese BR, Romanian, Russian, Slovak, Slovenian, Spanish, Swedish & Turkish) Most of them are still not completed yet. Read the LangReadme.txt for the changes. Please let me know if you can complete them.
http://ac.xenpage.eu/S2U2LanguagePack.rar
http://www.mediafire.com/?6usszyezxnt

Clock Pack
http://ac.xenpage.eu/S2U2ClockPack.rar
http://www.mediafire.com/?7hltdx29ee3

For details, as usual, please read the Readme file or the next post.
Besides, please read the README FIRST, especially the Known limitations & FAQs before posting your questions here.

Finally, to show your appreciation, pls CLICK HERE to make a donation.

Cheers,
A_C