The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Activation
Lockdownd is always running on the iPhone and is in charge of monitoring the activation status of the device. When the iPhone is first purchased it is unactivated and only the "Emergency Call Screen" is available. The lockdownd patches here (which require a jailbreak) activate your phone and obviate the need to activate legitimately through iTunes with an official carrier.
Lockdownd Patches on Difference Versions
Lockdownd 1.1.2:
Offset Original Patched Reason 0×4B3B 0×1A 0xEA Changed to ignore baseband version. 0×79FC 0xD7 0xFF 0×00 00 Disallows enabling of Voided Warranty. 0×79FE 0xFF 0×1A 0xA0 0xE1 Part of patch at 0×79FC 0×7E0B 0×0A 0xEA Disallows enabling of Voided Warranty. 0xAC73 0×0A 0xEA Disallows enabling of Voided Warranty. 0xBC40 0×01 0×00 Change enable brick mode to disable. 0xC5CC 0×01 0×00 Change enable brick mode to disable. 0xC5D4 0×88 0xEC Change Unactivated to FactoryActivated 0xC614 0×48 0xAC Change Unactivated to FactoryActivated 0xC640 0×1C 0×80 Change Unactivated to FactoryActivated 0xC6F0 0×90 0xD0 Change MissingSIM to FactoryActivated 0xC74C 0×44 0×74 Change MismatchedICCID to FactoryActivated 0xC7DC 0xB4 0xE4 Change MismatchedICCID to FactoryActivated 0xC8AC 0xB0 0×33 0×14 0×34 Change Unactivated to FactoryActivated 0xC904 0×01 0×00 Change enable brick mode to disable.
Lockdownd 1.1.1:
Offset Original Patched Reason 0×482F 0×1A 0xEA Changed to ignore baseband version. 0xAF5C 0×01 0×00 Change enable brick mode to disable. 0xB814 0×24 0×54 Change Unactivated to FactoryActivated 0xB818 0×01 0×00 Change enable brick mode to disable. 0xB838 0×00 0×30 Change Unactivated to FactoryActivated 0xB858 0xE0 0×14 0×10 0×15 Change Unactivated to FactoryActivated 0xB884 0xB4 0xE4 Change Unactivated to FactoryActivated 0xB958 0×00 0×10 Change MismatchedICCID to FactoryActivated 0xB970 0xEC 0xF8 Change MissingSIM to FactoryActivated 0xB9E0 0×58 0×88 Change Unactivated to FactoryActivated 0xBA58 0×01 0×00 Change enable brick mode to disable.
Lockdownd 1.0.2:
Offset Original Patched Reason 0×9184 0×01 0×00 Change enable brick mode to disable. 0×94F0 0×01 0×00 Change enable brick mode to disable. 0×94F4 0×3C 0×68 Change Unactivated to FactoryActivated 0×95C4 0×84 0×98 Change MismatchedIMEI to FactoryActivated 0×9604 0×01 0×00 Change enable brick mode to disable. 0×9624 0×2C 0×38 Change MismatchedICCID to FactoryActivated 0×962C 0×28 0×30 Change MissingSIM to FactoryActivated 0×96A4 0×01 0×00 Change enable brick mode to disable.
Lockdownd 1.0.1:
Offset Original Patched Reason 0×9158 0×01 0×00 Change enable brick mode to disable. 0×94C4 0×01 0×00 Change enable brick mode to disable. 0×94C8 0×3C 0×68 Change Unactivated to FactoryActivated 0×9598 0×84 0×98 Change MismatchedIMEI to FactoryActivated 0×95D8 0×01 0×00 Change enable brick mode to disable. 0×95F8 0×2C 0×38 Change MismatchedICCID to FactoryActivated 0×9600 0×28 0×30 Change MissingSIM to FactoryActivated 0×9678 0×01 0×00 Change enable brick mode to disable.
Lockdownd 1.0.0:
Offset Original Patched Reason 0×8CF8 0×01 0×00 Change enable brick mode to disable 0×90A4 0×01 0×00 Change enable brick mode to disable 0×90A8 0×3C 0×68 Change Unactivated to FactoryActivated 0×9178 0×84 0×98 Change MismatchedIMEI to FactoryActivated 0×91B8 0×01 0×00 Change enable brick mode to disable 0×91D8 0×2C 0×38 Change MismatchedICCID to FactoryActivated 0×91E0 0×28 0×30 Change MissingSIM to FactoryActivate 0×9258 0×01 0×00 Change enable brick mode to disable
All Lockdownd
1.1.4 original http://rapidshare.com/files/133067477/114_lockdownd_original.zip.html
1.1.4 patched http://rapidshare.com/files/133067620/114_lockdownd_patched.zip.html
Details: The lockdownd in firmware 1.1.4 is very similar to the version 1.1.3, so the same patch applied to 1.1.3 also works on 1.1.4. NOTE: You can’t use the old 1.1.3 patched lockdownd because the files are different, you need to apply the patch on the 1.1.4 lockdownd.
Patch details:
Search for differences
1. G:\iPhone Stuffs\Lockdownd\lockdownd_114_original\lockdownd: 1,107,780 bytes 2. G:\iPhone Stuffs\Lockdownd\lockdownd_114_patched\lockdownd: 1,107,780 bytes Offsets: hexadec.
83AF: 0A EA AFA3: 0A EA C4CF: 1A EA CDB4: 80 04 CDB5: 28 29 CDC0: 01 00 CE08: 2C B0 CE58: DC 60 CE59: 27 28 CF24: 3C 94 CF7C: F4 3C CF7D: 26 27 D000: 70 B8 D1A8: 8C 10 D1A9: 24 25 D224: 4C 94 D274: 01 00
17 difference(s) found.
1.1.3 original http://rapidshare.com/files/133068021/113_lockdownd_original.zip.html
1.1.3 patched http://rapidshare.com/files/133068133/113_lockdownd_patched.zip.html
Patch details:
Search for differences
1. G:\iPhone Stuffs\Lockdownd\lockdownd_113_original\lockdownd: 1,107,780 bytes 2. G:\iPhone Stuffs\Lockdownd\lockdownd_113_patched\lockdownd: 1,107,780 bytes Offsets: hexadec.
83AF: 0A EA AFA3: 0A EA C4CF: 1A EA CDB4: 80 04 CDB5: 28 29 CDC0: 01 00 CE08: 2C B0 CE58: DC 60 CE59: 27 28 CF24: 3C 94 CF7C: F4 3C CF7D: 26 27 D000: 70 B8 D1A8: 8C 10 D1A9: 24 25 D224: 4C 94 D274: 01 00
17 difference(s) found.
1.1.2 original http://rapidshare.com/files/133068455/112_lockdownd_original.zip.html
1.1.2 patched http://rapidshare.com/files/133068558/112_lockdownd_patched.zip.html
Details: This patch uses the same technique as introduced in 1.1.1 patch. With this patch, the 1.1.2 can be factory activated immediately.
The patch details:
Search for differences
1. G:\iPhone Stuffs\lockdownd\lockdownd_112_original\lockdownd: 996,440 bytes 2. G:\iPhone Stuffs\lockdownd\lockdownd_112_patched\lockdownd: 996,440 bytes Offsets: hexadec.
4B4C: 01 14 4B4E: A0 00 4B4F: E3 EA C5C1: 00 40 C5C2: 54 A0 C5C8: 04 00 C5CA: 00 A0 C5CB: 1A E1 C5CC: 01 00 C5D4: 88 EC
10 difference(s) found.
Note: the 1.1.2 has a firmware checking routine which will brick phone in case an unexpected version is found. The patch at 4B4C-4B4F fixes it. In case the firmware version causes any problem, the syslog will log the following info
lookup_baseband_info: Not the expected firmware version. Enabling brick mode
but the actual bricking operations will not be run because the patch will force a jump once the syslog is done.
1.1.1 original http://rapidshare.com/files/133068876/111_lockdownd_original.zip.html
1.1.1 patched http://rapidshare.com/files/133068957/111_lockdownd_patched1.zip.html
Details: Patch detail:
Search for differences
1. C:\iPhone\lockdownd\lockdownd_111_original\lockdownd: 819,328 bytes 2. C:\iPhone\lockdownd\lockdownd_111_patched\lockdownd: 819,328 bytes Offsets: hexadec.
B810: 04 00 B812: 00 A0 B813: 1A E1 B814: 24 54 B818: 01 00
5 difference(s) found.
source: George Zhu's Blog