1.1.2 OTB Unlocked (Hardware)

Some semi-good news for poor sods with 1.1.2 out of the box iPhones
reached my eyes & ears this morning - 1.1.2 iPhones with the v4.6
bootloader can now have their bootloader downgraded to 3.9 and then
unlocked. Unfortunately this remains a hardware testpoint method for the
time being. If you’re brave and fearless you can follow geohot’s guide
to doing this
here

A 1.1.3 jailbreak still seems to be a ways off, with the good old
symbolic link method seemingly neutered.

Dearest NVIDIA,

Please please please fire whoever is in charge of naming conventions. I
present to you, dear readers, the 8800 series in order of performance:

  • 8800 GS 384MB
  • 8800 GS 768MB
  • 8800 GTS 320MB
  • 8800 GTS 640MB
  • 8800 GT 256MB
  • 8800 GT 512MB
  • 8800 GTS 512MB
  • 8800 GTX 768MB
  • 8800 ULTRA 768MB

Remember the old days when explaining what graphics card you had went
something like this?

“So yeah, what kind of graphics card do you have?”

“Voodoo 2”

“Cool, 8MB or 12MB?”

iPhone bootloader changes

For anyone thinking of purchasing an iPhone in the near future, be aware
that Apple is now shipping iPhones with an updated bootloader
(4.6_M3S2) which has seen the a number of unlocking avenues closed.

All iPhone’s shipped after week 45 are very likely to have 1.1.2
pre-installed with this new bootloader - you can check to see the week
of manufacture by looking at the devices serial number (e.g.xxx45xxxxxx
means it was manufactured during week 45) or by issuing the following
command within a shell:

1
2
3
4
5
6
7
8
9
~~sh-3.2\# ./bbupdater~~v
Resetting target…
pinging the baseband…
issuing +xgendata…
firmware: DEV\_ICE\_MODEM\_04.02.13\_G
eep version: EEP\_VERSION:208
eep revision: EEP\_REVISION:1
bootloader: BOOTLOADER\_VERSION:4.6\_M3S2
Done

Thankfully (obviously) Apple has not seen fit to include a bootloader
update with their firmware releases, so iphonesimfree users with their
zero’d seczones should be okay for the foreseeable future. Updating the
bootloader would create all kinds of headaches for all end users -
upgrading a bootloader is always a risky proposition.

Turbo SIM working with downgraded 1.1.1

I was pretty sure this would be possible, but reports about this working
out there are sketchy at best so I wanted to put it to the test. Since I
now have a test iPhone to break before selling it on, I upgraded it to
1.1.1 to dump the filesystem over the past few days. I also got to test
to see if the upgraded modem baseband firmware would still work with a
TurboSIM. To test, I downgraded from 1.1.1 to 1.02 - the modem firmware
obviously remains intact from 1.1.1. Everything works as before with
baseband version 03.14.08_G. I was half expecting to maybe run into
some issues with Applesaft, as 04.01.13_G reads the AT&T IMSI three
times as opposed to one, but all seems fine.

Meteor GPRS/EDGE fix

I should probably stop posting about the iPhone, but hey, what can I say

  • this little device has captured my heart.

To get GPRS/EDGE working with Meteor and your iPhone is pretty simple,
all we need is a proxy auto-config file:

1
2
3
4
5
6
7
function FindProxyForURL(url, host) {
if (isInNet(myIpAddress(), "10.0.0.0", "255.0.0.0")) {
return "PROXY 10.85.85.85:8799";
} else {
return "DIRECT";
}
}

Save this as proxy.pac and pop this into /private/var/root. Next add
the following key to
private/var/root/Library/Preferences/SystemConfiguration/preferences.plist:

1
2
3
4
5
6
7
<key>Proxies</key>
<dict>
<key>ProxyAutoConfigEnable</key>
<integer>1</integer>
<key>ProxyAutoConfigURLString</key>
<string>file:///private/var/root/proxy.pac</string>
</dict>

And that should be it. I haven’t actually tested this yet, so if some
kind soul would be good enough to that would be great. Any HTTP traffic
should now get routed over Meteor’s proxy. Mail probably won’t work,
I’ll try to fix this when I get my hands on a Meteor SIM.

Turbo SIM / Hardware unlock remain working

As I sort of suspected, the IMSI read flaw in the iPhone’s baseband has
yet to be patched, so Turbo SIM’s should still work with 1.1.1. In
addition it should be noted that unlocking via hardware using geohot’s
method should always work, regardless of updates.

The problem, of course, is that in order to actually use your unlocked
phone you need to activate it. And this can’t be done without having
write access to the iPhone’s filesystem. iPhoneSimFree.com reported that
their software unlock remains working, but without a way of activating
1.1.1 iPhone’s this can’t really be confirmed.

iPhone relocked

We knew this would happen weeks ago. Most of us knew that the iPhone was
going to be locked down for third party applications as well as SIM
unlocks. It isn’t possible (currently) to jailbreak an iPod touch and
the same can now be said of any iPhone running 1.1.1. iTunes no longer
communicates with the iPhone, instead iTunes listens for commands
sent from the iPhone. This means listening for keys is no longer
possible, which means decrypting ramdisks is also no longer possible.
The whole thing is a tremendous pain in the ass but absolutely nobody
can say this wasn’t expected. Just deal with it and accept it; we all
knew what we were getting ourselves in for.

Incidentally, if you do need to restore your iPhone, download this:

iPhone1,1_1.0.2_1C28_Restore.ipsw

And alt-click the restore button in iTunes. You’ll be able to choose the
firmware you wish to restore using.

iPhone - Voicemail Notification

I’ve noticed some weird issues regarding certain kinds of SMS messages
not being delivered properly to my iPhone. Specifically, voicemail alert
alerts sent by SMS never land in my inbox at all. After doing a little
digging, it seems that the iPhone’s baseband has trouble interpreting
incoming SMS messages coming from short
codes
.

Since short codes are used quite a bit in Europe for promotions, banking
and the like I should think that the firmware shipping on European
iPhone’s will have fixed this. In the meantime we’ll have to keep
digging to try to find a workaround.