Activation

From The iPhone Wiki
Revision as of 18:15, 31 July 2008 by Drg (talk | contribs)
Jump to: navigation, search

Lockdownd is always running on the iPhone and is in charge of monitoring the activation status of the device. When the iPhone is first purchased it is unactivated and only the "Emergency Call Screen" is available. The lockdownd patches here (which require a jailbreak) activate your phone and obviate the need to activate legitimately through iTunes with an official carrier.

Lockdownd Patches on Difference Versions

Lockdownd 1.1.2:

   Offset  Original  Patched  Reason
   0×4B3B  0×1A      0xEA     Changed  to ignore baseband version.
   0×79FC  0xD7      0xFF     0×00 00  Disallows enabling of Voided Warranty.
   0×79FE  0xFF      0×1A     0xA0 0xE1 Part of  patch at 0×79FC
   0×7E0B  0×0A      0xEA     Disallows enabling of Voided Warranty.
   0xAC73  0×0A      0xEA     Disallows enabling of Voided Warranty.
   0xBC40  0×01      0×00     Change enable brick mode to disable.
   0xC5CC  0×01      0×00     Change enable brick mode to disable.
   0xC5D4  0×88      0xEC     Change Unactivated to FactoryActivated
   0xC614  0×48      0xAC     Change Unactivated to FactoryActivated
   0xC640  0×1C      0×80     Change Unactivated to FactoryActivated
   0xC6F0  0×90      0xD0     Change MissingSIM to FactoryActivated
   0xC74C  0×44      0×74     Change MismatchedICCID to FactoryActivated
   0xC7DC  0xB4      0xE4     Change MismatchedICCID to FactoryActivated
   0xC8AC  0xB0      0×33     0×14 0×34 Change Unactivated to  FactoryActivated
   0xC904  0×01      0×00     Change enable brick mode to disable.


Lockdownd 1.1.1:

   Offset  Original  Patched  Reason
   0×482F  0×1A      0xEA     Changed  to ignore baseband version.
   0xAF5C  0×01      0×00     Change enable brick mode to disable.
   0xB814  0×24      0×54     Change Unactivated to FactoryActivated
   0xB818  0×01      0×00     Change enable brick mode to disable.
   0xB838  0×00      0×30     Change Unactivated to FactoryActivated
   0xB858  0xE0      0×14     0×10 0×15 Change Unactivated to  FactoryActivated
   0xB884  0xB4      0xE4     Change Unactivated to FactoryActivated
   0xB958  0×00      0×10     Change MismatchedICCID to FactoryActivated
   0xB970  0xEC      0xF8     Change MissingSIM to FactoryActivated
   0xB9E0  0×58      0×88     Change Unactivated to FactoryActivated
   0xBA58  0×01      0×00     Change enable brick mode to disable. 


Lockdownd 1.0.2:

   Offset  Original  Patched  Reason
   0×9184  0×01      0×00     Change enable brick mode to disable.
   0×94F0  0×01      0×00     Change enable brick mode to disable.
   0×94F4  0×3C      0×68     Change Unactivated to FactoryActivated
   0×95C4  0×84      0×98     Change MismatchedIMEI to FactoryActivated
   0×9604  0×01      0×00     Change enable brick mode to disable.
   0×9624  0×2C      0×38     Change MismatchedICCID to FactoryActivated
   0×962C  0×28      0×30     Change MissingSIM to FactoryActivated
   0×96A4  0×01      0×00     Change enable brick mode to disable. 


Lockdownd 1.0.1:

   Offset  Original  Patched  Reason
   0×9158  0×01      0×00     Change enable brick mode to disable.
   0×94C4  0×01      0×00     Change enable brick mode to disable.
   0×94C8  0×3C      0×68     Change Unactivated to FactoryActivated
   0×9598  0×84      0×98     Change MismatchedIMEI to FactoryActivated
   0×95D8  0×01      0×00     Change enable brick mode to disable.
   0×95F8  0×2C      0×38     Change MismatchedICCID to FactoryActivated
   0×9600  0×28      0×30     Change MissingSIM to FactoryActivated
   0×9678  0×01      0×00     Change enable brick mode to disable.

Lockdownd 1.0.0:

   Offset  Original  Patched  Reason
   0×8CF8  0×01      0×00     Change enable brick mode to disable
   0×90A4  0×01      0×00     Change enable brick mode to disable
   0×90A8  0×3C      0×68     Change Unactivated to FactoryActivated
   0×9178  0×84      0×98     Change MismatchedIMEI to FactoryActivated
   0×91B8  0×01      0×00     Change enable brick mode to disable
   0×91D8  0×2C      0×38     Change MismatchedICCID to FactoryActivated
   0×91E0  0×28      0×30     Change MissingSIM to FactoryActivate
   0×9258  0×01      0×00     Change enable brick mode to disable




All Lockdownd

1.1.4 original http://rapidshare.com/files/133067477/114_lockdownd_original.zip.html

1.1.4 patched http://rapidshare.com/files/133067620/114_lockdownd_patched.zip.html

Details: The lockdownd in firmware 1.1.4 is very similar to the version 1.1.3, so the same patch applied to 1.1.3 also works on 1.1.4. NOTE: You can’t use the old 1.1.3 patched lockdownd because the files are different, you need to apply the patch on the 1.1.4 lockdownd.

Patch details:

   Search for differences
   1. G:\iPhone Stuffs\Lockdownd\lockdownd_114_original\lockdownd: 1,107,780 bytes
   2. G:\iPhone Stuffs\Lockdownd\lockdownd_114_patched\lockdownd: 1,107,780 bytes
   Offsets: hexadec.
     83AF:	0A	EA
     AFA3:	0A	EA
     C4CF:	1A	EA
     CDB4:	80	04
     CDB5:	28	29
     CDC0:	01	00
     CE08:	2C	B0
     CE58:	DC	60
     CE59:	27	28
     CF24:	3C	94
     CF7C:	F4	3C
     CF7D:	26	27
     D000:	70	B8
     D1A8:	8C	10
     D1A9:	24	25
     D224:	4C	94
     D274:	01	00
   17 difference(s) found.


1.1.3 original http://rapidshare.com/files/133068021/113_lockdownd_original.zip.html

1.1.3 patched http://rapidshare.com/files/133068133/113_lockdownd_patched.zip.html

Patch details:

   Search for differences
   1. G:\iPhone Stuffs\Lockdownd\lockdownd_113_original\lockdownd: 1,107,780 bytes
   2. G:\iPhone Stuffs\Lockdownd\lockdownd_113_patched\lockdownd: 1,107,780 bytes
   Offsets: hexadec.
     83AF:	0A	EA
     AFA3:	0A	EA
     C4CF:	1A	EA
     CDB4:	80	04
     CDB5:	28	29
     CDC0:	01	00
     CE08:	2C	B0
     CE58:	DC	60
     CE59:	27	28
     CF24:	3C	94
     CF7C:	F4	3C
     CF7D:	26	27
     D000:	70	B8
     D1A8:	8C	10
     D1A9:	24	25
     D224:	4C	94
     D274:	01	00
   17 difference(s) found.


1.1.2 original http://rapidshare.com/files/133068455/112_lockdownd_original.zip.html

1.1.2 patched http://rapidshare.com/files/133068558/112_lockdownd_patched.zip.html

Details: This patch uses the same technique as introduced in 1.1.1 patch. With this patch, the 1.1.2 can be factory activated immediately.

The patch details:

   Search for differences
   1. G:\iPhone Stuffs\lockdownd\lockdownd_112_original\lockdownd: 996,440 bytes
   2. G:\iPhone Stuffs\lockdownd\lockdownd_112_patched\lockdownd: 996,440 bytes
   Offsets: hexadec.
   4B4C:    01    14
   4B4E:    A0    00
   4B4F:    E3    EA
   C5C1:    00    40
   C5C2:    54    A0
   C5C8:    04    00
   C5CA:    00    A0
   C5CB:    1A    E1
   C5CC:    01    00
   C5D4:    88    EC
   10 difference(s) found.

Note: the 1.1.2 has a firmware checking routine which will brick phone in case an unexpected version is found. The patch at 4B4C-4B4F fixes it. In case the firmware version causes any problem, the syslog will log the following info

   lookup_baseband_info: Not the expected firmware version. Enabling brick mode

but the actual bricking operations will not be run because the patch will force a jump once the syslog is done.


1.1.1 original http://rapidshare.com/files/133068876/111_lockdownd_original.zip.html

1.1.1 patched http://rapidshare.com/files/133068957/111_lockdownd_patched1.zip.html

Details: Patch detail:

   Search for differences
   1. C:\iPhone\lockdownd\lockdownd_111_original\lockdownd: 819,328 bytes
   2. C:\iPhone\lockdownd\lockdownd_111_patched\lockdownd: 819,328 bytes
   Offsets: hexadec.
   B810: 04 00
   B812: 00 A0
   B813: 1A E1
   B814: 24 54
   B818: 01 00
   5 difference(s) found.


source: George Zhu's Blog