Ultrasn0w

From The iPhone Wiki
Revision as of 16:40, 3 January 2009 by Planetbeing (talk | contribs) (Current Injection Vector)
Jump to: navigation, search

The first iPhone 3G unlock. Released on 01/01/09. [1]

Credit

MuscleNerd, and The dev team

Exploit

Relies on an unsigned code injection vulnerability.

The actual unlock works by a daemon patching the baseband's RAM on-the-fly, overriding the carrier lock code. It is not permanent because of the signature checks - the bootloader has to pass the sigchecks and the baseband has to pass them too, so any change to the baseband/bootloader cannot be made.

Current Injection Vector

yellowsn0w refers to the reuseable payload, but it requires an injection vector in order to be inserted into the baseband. yellowsn0w was originally to be released with an injection vector that works on pre-2.28.00 baseband versions. However, geohot had an injection vector for 2.28.00 and the decision was made to release yellowsn0w with this injection vector to benefit the most people.

The vulnerability is a stack buffer overflow in the at+stkprof command.

Source Code

The source code for yellowsn0w is now live [2]

Compatibility

Country Provider yellowsn0w Version SIM/USIM Ingoing Calls? Outgoing Calls? SMS? GPRS/EDGE? UMTS/HSDPA? Comments
Bermuda Mobility ? SIM No No No No No Works for about ten minutes then "Sim Failure" occurs and yellowsn0w stops working.
Germany O2 ? SIM Yes Yes Yes Icon shown but not tested Icon shown but not tested
Israel IL Orange 0.9.4 USIM Yes No Yes Yes Yes Requires some tricks to get signal. While trying to place a call, signal is lost and call failed.

Additional information: http://report.yellowsn0w.com/

See Also

External links