The iPhone Wiki - User contributions [en]

The iPhone Wiki:Spam

2009-11-10T11:41:45Z

Dranfi:

How do we combat this recent spamming of this wiki? I suggest a possible invite system or similar? --[[User:Srts|Srts]] 02:24, 9 November 2009 (UTC)

I have already blocked account signup, they must have had this account for a while. --[[User:Geohot|geohot]] 02:29, 9 November 2009 (UTC)

Well if they don't stop, we can't have account creation disabled forever, defeats the purpose of the wiki. People like him are sad. Great work to all the sysops et all. keeping disruption to a minimal :D --[[User:Srts|Srts]] 02:34, 9 November 2009 (UTC)

Yea thanks a lot guys for putting up with this. We'll give a bit of time, and if they continue, we'll figure something out. This kid keep trying to reset my password for hosting and the wiki. Too bad he doesn't have a life. --[[User:Geohot|geohot]] 03:10, 9 November 2009 (UTC)

An invite system might not be a bad idea actually [[User:ChronicDev|Will Strafach]] 03:16, 9 November 2009 (UTC)

feel free to post their IP addresses, lol --[[User:Posixninja|posixninja]] 04:08, 9 November 2009 (UTC)

Well, if you need an extra admin to block them (and delete spam pages), I volunteer. --[[User:Dranfi|Dranfi]] Congrats, you're an admin --[[User:Geohot|geohot]] 13:22, 9 November 2009 (UTC)

How many different IPs are we dealing with? Is it within a specific range? For the time being, it may be possible to blacklist an entire subnet if they are all coming from the same place. But if a botnet is doing this, may be more difficult. Is it possible for MediaWiki to require admin approval of an edit prior to it being commited? Not well versed with MediaWiki administration, just thossing out some ideas. --[[User:Tsuehpsyde|tsuehpsyde]] 17:29, 9 November 2009 (UTC)

We could figure out where they come rom and do the same to them. Secondly, we could create a filter that unless your part of a specific group you cannot do more than this many edits in this amount of time. We could try making a period where the admins have to approve the users. Lastly, we could make it so that in the first 12 hours of a user account that user could not edit pages so it would give time for the sysops to ban the users. [[User:Revolution|Revolution]] 00:02, 10 November 2009 (UTC)

If the ones you refer to as 'they' are the [http://code.google.com/p/pois0nhack pois0nhack] group then 'they' don't really seem to pose much of a threat in my opinion. I agree that for the time being we could impose some kind of 12/24 hr posting limitation (maybe no more than +-300 char changes?), but no more than that since this is, after all, a public wiki. Sorry if I'm intruding on some kind of admin/mod meeting, just figured I should have my say. --[[User:Rekoil|adriaaan]] 00:27, 10 November 2009 (UTC)

I am in favor of a 12hr limit for new users, but since it's a public wiki, during this time, contributions would have to be approved by sysops.

The iPhone Wiki:Spam

2009-11-09T05:37:31Z

Dranfi:

User:Geohot

2009-11-08T19:22:55Z

Dranfi: Reverted vandalim

The founder of this wiki.

Published the [http://iphonejtag.blogspot.com/2007/08/its-release-time.html first hardware unlock of the iPhone] and software unlocked BL 4.6 a.k.a. [[Minus 0x20000 with Back Extend Erase]].

Published the [http://iphonejtag.blogspot.com/2008/01/112-otb-unlocked.html first hardware unlock of the bootloader 4.6]

Found the [[AT+stkprof Exploit]] for baseband 02.28.00.

Found the [http://iphonejtag.blogspot.com/2009/04/58-exploit.html BL 5.8 exploit].

Found the [[iBoot Environment Variable Overflow]] exploit.

Released the [[purplera1n]], [[purplesn0w]] and [[blackra1n]] tools.

[http://iphonejtag.blogspot.com/ Blog]

[http://twitter.com/geohot Twitter]

Main Page

2009-11-08T19:20:09Z

Dranfi: Reverted vandalism -- Chroniccommand you're jut a lamer. Have fun with your stupid DDos attack.

<center>[[Image:Iptwiki.jpg‎]]</center>

{{:Main Page/Welcome}}
<table border="1" width="100%" style="background-color:orange;"><tr>
<td style="background-color:orange; text-align:center; width:25%;"><b>[[Jailbreak iPhone2,1 / iPod3,1|Find bootrom exploit allowing unsigned code exec via USB (S5L8920+)]]</b></td>
<td style="background-color:orange; text-align:center; width:25%;"><b>[[Unlock 2.0|Break Chain of Trust (X-Gold 608)]]</b></td>
</tr>
</table><br />

{{col-begin}}
{{col-2}}
{{HeadingA|Software}}
* [[/|Filesystem]]
* [[Firmware]]
* [[Keys]]
** [[AES Keys]]
** [[Apple Certificate]]
** [[Baseband RSA Keys|RSA Keys]]
** [[Baseband TEA Keys|TEA Keys]]
** [[NCK]]
* [[Protocols]]
** [[Normal Mode]]
** [[Recovery Mode (Protocols)|Recovery Mode]]
** [[Restore Mode]]
** [[DFU (Protocol)|DFU]]
** [[Baseband Bootrom Protocol]]
** [[Interactive Mode|Baseband Bootloader Protocol]]
* [[System Log|System Log (syslog)]]

{{col-2}}
{{HeadingB|Hardware}}
====iPhone====
* [[m68ap|iPhone (m68ap)]]
* [[n82ap|iPhone 3G (n82ap)]]
* [[N88ap|iPhone 3GS (n88ap)]]

====iPod Touch====
* [[n45ap|iPod touch (n45ap)]]
* [[n72ap|iPod touch 2nd Generation (n72ap)]]
* [[N18ap|iPod touch 3rd Generation (n18ap)]]

====Processors====
* [[S5L8900]] ([[iPhone]], [[iPod Touch]], [[iPhone 3G]])
* [[S5L8720]] ([[iPod touch 2G]])
* [[S5L8920]] ([[N88AP|iPhone 3GS]])
* [[S5L8922]] ([[N18ap|iPod Touch 3G]])
* [[Baseband Device]]

====Other====
* [[Bluetooth]]
{{col-end}}

{{col-begin}}
{{col-2}}
{{HeadingA|Development}}
====Application Development====
* [[Toolchain]] (Includes tutorials)
* [[Toolchain 2.0]] (Includes tutorials)
* [[Frameworks]]
* [[MobileDevice Library]]
* [[Apple Certification Process]]
* [[Bypassing iPhone Code Signatures]]
* [[Distribution Methods]]

====Application Copy Protection====
* [[Copy Protection Overview]]
* [[Application Structure and Signatures]]
* [[Mach-O Loading Process]]
* [[Bugging Debuggers]]
* [[Defeating Cracks]]
{{col-2}}
{{HeadingB|Help}}
====Guides====
* [[Tutorials]]
* [[Useful Links]]

====Definitions====
* [[Glossary]]
* [[Jailbreak]]
* [[Activation]]
* [[Unlock]]
* [[Baseband Device|Baseband]]
* [[Baseband Bootloader|Bootloader]]
* [[DFU]]
* [[iBoot]]
* [[iBEC]]
* [[iBSS]]
* [[NORID]]
* [[CHIPID]]
{{col-end}}

<table border="1" width="100%" style="background-color:orange;">
<tr>
<td colspan="4" style="background-color:orange; text-align:center;">
<center>[[Disclaimer]]</center>
</td>
</tr>
</table>

__NOTOC____NOEDITSECTION__

The iPhone Wiki:Current events

2009-11-08T19:18:28Z

Dranfi:

== Primary Goals ==
* [[X-Gold 608 Unlock|Break Chain of Trust (X-Gold)]]
* Untether the new iPhone 3GS model w/ new bootrom.
* Untheter the [[iPod Touch 3G]].

== Secondary ==
* Get [[iPhoneLinux]] running on [[iPod touch 2G]], [[iPod Touch 3G]] and [[iPhone 3GS]]
* Get kernel extensions working on 2.x
* Get kernel extensions working on 3.x

The iPhone Wiki:Current events

2009-11-08T19:17:14Z

Dranfi:

== Primary Goals ==
* [[X-Gold 608 Unlock|Break Chain of Trust (X-Gold)]]
* Untether the new iPhone 3GS model w/ new bootrom.

== Secondary ==
* Get [[iPhoneLinux]] running on [[iPod touch 2G]], [[iPod Touch 3G]] and [[iPhone 3GS]]
* Get kernel extensions working on 2.x
* Get kernel extensions working on 3.x

Main Page

2009-11-08T19:15:06Z

Dranfi: Reverted vandalism

Main Page

2009-11-08T19:11:29Z

Dranfi: Reverted vandalism

User:Geohot

2009-11-08T18:31:05Z

Dranfi:

User:Geohot

2009-11-08T18:29:18Z

Dranfi:

The founder of this wiki. Published the [http://iphonejtag.blogspot.com/2007/08/its-release-time.html first hardware unlock of the iPhone] and software unlocked BL 4.6 a.k.a. [[Minus 0x20000 with Back Extend Erase]].

Found the [[AT+stkprof Exploit]] for baseband 02.28.00.

Found the [http://iphonejtag.blogspot.com/2009/04/58-exploit.html BL 5.8 exploit].

Found the [[iBoot Environment Variable Overflow]] exploit.

Released the [[purplera1n]], [[purplesn0w]] and [[blackra1n]] tools.

[http://iphonejtag.blogspot.com/ Blog]

[http://twitter.com/geohot Twitter]

Talk:Baseband Device

2009-11-04T14:12:27Z

Dranfi:

Are the Wifi and Bluetooth chips really under control of the baseband processor? It is likely they interface through SPI or similar with the main processor.
Wifi chip is not in the baseband (both are in the comm board tho), they are not directly linked, although the baseband contain wifi MAC address and calibration data. The main OS transfer the information between them (please check this) --dranfi

== Question about FieldTest ==
I'm trying to get some information from baseband, kind of like what is displayed on the FieldTest.app.
I've tried to call _CTServerConnectionNetworkMonitorCopyFieldTestInfo function - But I don't see anything in response.
I'm getting 0s buffer. I think I need to specify which field exactly I want to have. someone can help with that ?
-goshong

=== some remarks on restructuring ===
There were some pages that contained similar information, so I moved things a little bit. Currently is not perfect, because
actually there is a difference between
*''baseband (the software) and
*''baseband'' aka [[Baseband Device|baseband device]]
Not that it was more correct before... Maybe someone could make it clearer.
-caique2001-

Talk:Redsn0w Lite

2009-07-28T05:43:12Z

Dranfi:

Before any speculation arises on this page, just to clear it up, the picture in the circle of the star is part of a picture of the iPod Touch 2G processor, and according to [[MuscleNerd]] the hash in the upper left hand corner is a sha1 of a decrypted 2.1.1 iBoot (the significance of that is that it shows that they can run unsigned code, because to decrypt an iboot they must have access to the aes engine, and you can only access that with unsigned code).

== iPod touch 2G ==

Does the untethered iPod touch 2G jailbreak rely on ARM7 Go to get the LLB on the device, or does it use Apple's restore process? --[[User:Dialexio|Dialexio]] 04:51, 28 July 2009 (UTC)
Well both, ARM7GO to get unsigned ramdisk and using Apple's restore process to flash custom LLB, iBoot...

Talk:Jailbreak (S5L8920+)

2009-05-20T02:02:32Z

Dranfi: New page: This kind of information should not be here until the release of the iPhone2,1.

This kind of information should not be here until the release of the iPhone2,1.

Talk:Bugging Debuggers

2009-05-14T01:27:35Z

Dranfi: New page: How does this block GDB? Is it like the App if flagging "do not debug me" (like a "do not enter sign" on a door without lock) and that GDB is reading this flag and then decides not to debu...

How does this block GDB? Is it like the App if flagging "do not debug me" (like a "do not enter sign" on a door without lock) and that GDB is reading this flag and then decides not to debug and crash? If that's the case, it would be easy to put a patched GDB (it's GPLed after all) on an alternate repository, so that protection would be useless.

Talk:IDroid

2009-04-22T11:07:16Z

Dranfi:

'''Q:''' Hmmm... I install Ubuntu 8.10 on Parallels Desktop on my MacBook Pro, I've downloaded all required files, but after I run command
sudo ./oibc
Terminal says that I type incorrect syntax... WTF?

'''A:''' First of all, OpeniBoot might not work under a virtual machine (Parallel Desktop). And you are suppose to use loadibec BEFORE oibc to upload openiboot on the phone. Be sure to send the file corresponding to your device.

'''Q:''' Of course I've upload patched iBoot before I've run ./oibc command... And iPhone show me "standard patched bootloader screen", where I choose console iBoot. And after this steps I've try to run ./oibc, but ... (see first q's)

'''A:''' So, you need to have a pwn iBoot (just jailbreak on 2.x and you'll be fine), if you use the files comming with the linux demo, make sure you are at 2.x+ (pwned 1.1.4 or 1.1.5 won't work). Be sure to upload the correct version of OpeniBoot (2g, 3g or iPod for the first gen iPhone, the 3g iPhone and the iPod Touch 1G; no support for the iPod Touch 2G, yet). After launching loadibec, check your device's screen to see wether you have the same image as in [[iPhoneLinux]]. Then you can launch oibc. Beware, after launching loadibec, the device is recognised as a different usb device, so you might need to load it in Ubuntu from OS X in Parallel Desktop options.

'''Q:''' I've got pwned iPhone 3G with 2.2.1 firmware. All steps I do with manual [[iPhoneLinux]] in hands... Before I run oibc, of course, I've connect "another USB device" to virtual machine (and disconnect it from main system). I've see picture like [[iPhoneLinux]] manual, but after I run oibc nothing happen...

You can also check out the required libraries (I just added the list to the installation section) on the article :
* Required libraries (install as a package for Uuntu).:
** libpthread
** libncurses
** libusb
** libreadline

IDroid

2009-04-22T11:05:09Z

Dranfi: /* Prerequisites */

[[Image:Openiboot.png|thumb|right|200px|Device running the OpeniBoot console.]]
[http://iphonelinux.org iPhonelinux] is a project which goals are to port linux on the iPhone and make a Free (free software) OS alternative to the Apple proprietary "[http://en.wikipedia.org/wiki/IPhone_OS iPhone OS]".

iPhonelinux is not actually a hack/exploit neither an unlock, but it is based on the [[Pwnage]] exploit.

There are three steps in the iPhonelinux roadmap : OpeniBoot, linux kernel and long term (GUI, phone...)

== OpeniBoot ==
The Goals of OpeniBoot is to run low-level code, to have low and critical drivers (nand and nor driver, NVRAM...), debugger and development environment (chainloading, upgrading itself and USB mass storage).

== Linux ==
A linux Bootloader, a working linux kernel (just a question of cross-compiler), porting drivers, run wifi and command line thru SSH.

== Long-Term Plans ==
Multi-touch driver, Baseband driver, port X server and create an SDK.
Then have a viable alternative of the iPhone OS.

== Binaries ==

These are utility binaries precompiled on Ubuntu 8.10. They require:

- libpthread
- libncurses
- libusb
- libreadline

You may elect to build them from source by pulling from
iphonelinux/openiboot's git repository.

== Disclaimer ==

BE WARNED THAT THESE STEPS ARE NOT INTENDED FOR NOVICES. YOU ATTEMPT THIS AT
YOUR OWN RISK. AT THIS TIME, WE CANNOT AFFORD THE EFFORT REQUIRED TO GIVE
SUPPORT TO NOVICES AND/OR RESCUE THEM FROM THEIR OWN ACTIONS.

Although unlikely, if the installation goes wrong, you may have to perform a
DFU restore on your iPhone. If you do not know how to do that, you should not
follow these steps. You should also know how to use iRecovery (or similar) and
the fsboot command to "kick an iPhone out of recovery mode". If you do not
know how to do that, you should not follow these steps.

The installation of openiboot itself is safe, but openiboot has the facility
to erase device-specific information from your NOR flash. If you did not make
a backup, and execute the commands necessary to make openiboot erase that
information, it is gone forever and your device may never boot properly again.

The instructions below will show you how to make such a backup before any
changes are made.

== Installing OpeniBoot ==

=== Prerequisites ===
* Having an iPhone (first gen), iPhone 3G or an iPod 1G (the 2G iPod won't work).<br />
* Being on 2.x+ to have support IMG3 (the iPhonelinux-demo provides IMG3 files, not IMG2 files).<br />
* Being Pwned : Pwnage comes with jailbreak on 2.x+, so If you used Pwnage Tool, QuickPwn or xPwn, you are good.
* Required libraries (install as a package for Uuntu).:
** libpthread
** libncurses
** libusb
** libreadline

=== Installation ===

1. Put your iPhone in [[Recovery Mode]].

2. sudo ./loadibec openiboot-2g.img3, or -3g, -ipod, depending on your platform.

3. sudo ./oibc

4. nor_read 0x09000000 0x0 1048576

5. ~norbackup.dump:1048576. This will create a file called norbackup.dump in your current directory. GUARD IT WITH YOUR LIFE.

6. install

7. After 'install' has finished, type in: reboot.

8. You ought to see the openiboot menu.

===See===
* [[QuickOIB]]

== Booting Linux ==

Use the Hold button to navigate the menu. Push the Home button
when openiboot client is selected.
sudo ./oibc
!zImage
kernel
!rootfs.arm.ext2.gz
ramdisk 3588
boot "console=tty console=ttyUSB root=/dev/ram0 rw"
sudo ./linux

You should now get a login prompt. Nothing that's happening will show up on
the LCD automatically, but you can redirect it to the display with the
following command:

sh 2>&1 > /dev/tty0

Enjoy!

== iPhone Linux Resources ==

- Framebuffer driver
- Serial driver
- Serial over USB driver
- Interrupts, MMU, clock, etc.

=== OpeniBoot Resources ===

- Read-only support for the NAND

=== OpeniBoot Missing Resources ===

- Write support for the NAND
- Wireless networking
- Touchscreen
- Sound
- Accelerometer
- Baseband support

===QuickOIB===

[[QuickOIB]] is a tool that allows the user to temporarily install OpeniBoot in a device.
It was developed by pH and work perfectly with Mac OS X and Ubuntu 8.10

=== Support ===

The current userland we're using, in the interest of expedience, is a Busybox installation created with buildroot, but glibc works fine as well, and we're going to build a more permanent userland solution.

A demonstration video can be seen here: http://www.vimeo.com/2373142

Download here: http://localhostr.com/files/b00133/iphonelinux-demo.tar.gz

Project leader: '''planetbeing'''

Contributors: '''CPICH, cmw, poorlad, ius, saurik'''

If you're experienced with '''hacking/porting Linux''' and especially if you're experienced with porting '''Android''', I'd definitely like to hear from you. Come chill in the ''#iphonelinux'' channel on ''irc.osx86.hu'' . If you're not experienced, and still want to help, you can digg/slashdot this posting to heaven so our little project gets more visibility. Thanks. :)

IDroid

2009-04-20T19:22:40Z

Dranfi: /* Installing OpeniBoot */

[[Image:Openiboot.png|thumb|right|200px|Device running the OpeniBoot console.]]
[http://iphonelinux.org iPhonelinux] is a project which goals are to port linux on the iPhone and make a Free (free software) OS alternative to the Apple proprietary "[http://en.wikipedia.org/wiki/IPhone_OS iPhone OS]".

iPhonelinux is not actually a hack/exploit neither an unlock, but it is based on the [[Pwnage]] exploit.

There are three steps in the iPhonelinux roadmap : OpeniBoot, linux kernel and long term (GUI, phone...)

== OpeniBoot ==
The Goals of OpeniBoot is to run low-level code, to have low and critical drivers (nand and nor driver, NVRAM...), debugger and development environment (chainloading, upgrading itself and USB mass storage).

== Linux ==
A linux Bootloader, a working linux kernel (just a question of cross-compiler), porting drivers, run wifi and command line thru SSH.

== Long-Term Plans ==
Multi-touch driver, Baseband driver, port X server and create an SDK.
Then have a viable alternative of the iPhone OS.

== Binaries ==

These are utility binaries precompiled on Ubuntu 8.10. They require:

- libpthread
- libncurses
- libusb
- libreadline

You may elect to build them from source by pulling from
iphonelinux/openiboot's git repository.

== Disclaimer ==

BE WARNED THAT THESE STEPS ARE NOT INTENDED FOR NOVICES. YOU ATTEMPT THIS AT
YOUR OWN RISK. AT THIS TIME, WE CANNOT AFFORD THE EFFORT REQUIRED TO GIVE
SUPPORT TO NOVICES AND/OR RESCUE THEM FROM THEIR OWN ACTIONS.

Although unlikely, if the installation goes wrong, you may have to perform a
DFU restore on your iPhone. If you do not know how to do that, you should not
follow these steps. You should also know how to use iRecovery (or similar) and
the fsboot command to "kick an iPhone out of recovery mode". If you do not
know how to do that, you should not follow these steps.

The installation of openiboot itself is safe, but openiboot has the facility
to erase device-specific information from your NOR flash. If you did not make
a backup, and execute the commands necessary to make openiboot erase that
information, it is gone forever and your device may never boot properly again.

The instructions below will show you how to make such a backup before any
changes are made.

== Installing OpeniBoot ==

=== Prerequisites ===
* Having an iPhone (first gen), iPhone 3G or an iPod 1G (the 2G iPod won't work).<br />
* Being on 2.x+ to have support IMG3 (the iPhonelinux-demo provides IMG3 files, not IMG2 files).<br />
* Being Pwned : Pwnage comes with jailbreak on 2.x+, so If you used Pwnage Tool, QuickPwn or xPwn, you are good.

=== Installation ===

1. Put your iPhone in [[Recovery Mode]].

2. sudo ./loadibec openiboot-2g.img3, or -3g, -ipod, depending on your platform.

3. sudo ./oibc

4. nor_read 0x09000000 0x0 1048576

5. ~norbackup.dump:1048576. This will create a file called norbackup.dump in your current directory. GUARD IT WITH YOUR LIFE.

6. install

7. After 'install' has finished, type in: reboot.

8. You ought to see the openiboot menu.

===See===
* [[QuickOIB]]

== Booting Linux ==

Use the Hold button to navigate the menu. Push the Home button
when openiboot client is selected.
sudo ./oibc
!zImage
kernel
!rootfs.arm.ext2.gz
ramdisk 3588
boot "console=tty console=ttyUSB root=/dev/ram0 rw"
sudo ./linux

You should now get a login prompt. Nothing that's happening will show up on
the LCD automatically, but you can redirect it to the display with the
following command:

sh 2>&1 > /dev/tty0

Enjoy!

== iPhone Linux Resources ==

- Framebuffer driver
- Serial driver
- Serial over USB driver
- Interrupts, MMU, clock, etc.

=== OpeniBoot Resources ===

- Read-only support for the NAND

=== OpeniBoot Missing Resources ===

- Write support for the NAND
- Wireless networking
- Touchscreen
- Sound
- Accelerometer
- Baseband support

===QuickOIB===

[[QuickOIB]] is a tool that allows the user to temporarily install OpeniBoot in a device.
It was developed by pH and work perfectly with Mac OS X and Ubuntu 8.10

=== Support ===

The current userland we're using, in the interest of expedience, is a Busybox installation created with buildroot, but glibc works fine as well, and we're going to build a more permanent userland solution.

A demonstration video can be seen here: http://www.vimeo.com/2373142

Download here: http://localhostr.com/files/b00133/iphonelinux-demo.tar.gz

Project leader: '''planetbeing'''

Contributors: '''CPICH, cmw, poorlad, ius, saurik'''

If you're experienced with '''hacking/porting Linux''' and especially if you're experienced with porting '''Android''', I'd definitely like to hear from you. Come chill in the ''#iphonelinux'' channel on ''irc.osx86.hu'' . If you're not experienced, and still want to help, you can digg/slashdot this posting to heaven so our little project gets more visibility. Thanks. :)

Talk:IDroid

2009-04-20T19:12:23Z

Dranfi:

'''Q:''' Hmmm... I install Ubuntu 8.10 on Parallels Desktop on my MacBook Pro, I've downloaded all required files, but after I run command
sudo ./oibc
Terminal says that I type incorrect syntax... WTF?

'''A:''' First of all, OpeniBoot might not work under a virtual machine (Parallel Desktop). And you are suppose to use loadibec BEFORE oibc to upload openiboot on the phone. Be sure to send the file corresponding to your device.

'''Q:''' Of course I've upload patched iBoot before I've run ./oibc command... And iPhone show me "standard patched bootloader screen", where I choose console iBoot. And after this steps I've try to run ./oibc, but ... (see first q's)

So, you need to have a pwn iBoot (just jailbreak on 2.x and you'll be fine), if you use the files comming with the linux demo, make sure you are at 2.x+ (pwned 1.1.4 or 1.1.5 won't work). Be sure to upload the correct version of OpeniBoot (2g, 3g or iPod for the first gen iPhone, the 3g iPhone and the iPod Touch 1G; no support for the iPod Touch 2G, yet). After launching loadibec, check your device's screen to see wether you have the same image as in [[iPhoneLinux]]. Then you can launch oibc. Beware, after launching loadibec, the device is recognised as a different usb device, so you might need to load it in Ubuntu from OS X in Parallel Desktop options.

Talk:IDroid

2009-04-20T11:35:01Z

Dranfi:

Hmmm... I install Ubuntu 8.10 on Parallels Desktop on my MacBoo Pro, I've downloaded all required files, but after I run command
sudo ./oibc
Terminal says that I type incorrect syntax... WTF?

First of all, OpeniBoot might not work under a virtual machine (Parallel Desktop). And you are suppose to use loadibec BEFORE oibc to upload openiboot on the phone. Be sure to send the file corresponding to your device.

Talk:GenPass

2009-04-16T00:06:46Z

Dranfi: /* How to use? */

== Compilation notes ==

=== Windows ===
If anyone is trying to compile this using MinGW on Windows, you'll run into some linking problems with libcrypto.
After searching around for awhile, I found that the problem can be solved by adding -lgdi32 to your linker flags.

I just needed the -lgdi32 What crap that a crypto lib linked to a graphics library

I don't know, it's screwy. I think a lot of OpenSSL is actually hacky on Windows (after reading the posts with corrections for this problem, it seems like their talking about some kind of pre-alpha program that barely works on anything besides Linux).
Also, I see that compiling works with just gdi, so I removed it from my initial suggestion.
Must have had ws2_32 first or something..

=== Mac compiling ===

Must have a recent copy of openssl installed. if you don't do this.

* download and extract openssl [http://www.openssl.org/source/openssl-0.9.8h.tar.gz]
* run './config' and then 'make' to build the lib.
* copy genpass.c into the openssl directory
* compile with 'gcc genpass.c libcrypto.a -o genpass -I./include/'

plz correct me if I'm wrong, as I'm no mac expert --[[User:Posixninja|posixninja]] 21:52, 6 April 2009 (UTC)

=== Linux compiling ===
What do you expect? Works fine with just -lcrypto.

== How to use? ==

Well, I tried to get the key for beta 2 for the 3g, I never could.
I asked on #iPhone and they told me that
Platform is s5l8***x (s5l8900x) for the iPhones and ipt1g.
Ramdisk is the path to a MOUNTED (decrypted) ramdisk file (not mount path). They didn't know wether it was the restore or update or both ramdisk.
Main is the path to the big dmg file (the rootfs > 100 mb).
Well this didn't work : I got different keys.
Please correct what is wrong in the above. dranfi

::It shouldn't matter which ramdisk you use, however, you cannot use GenPass to extract correct keys from anything >b2 without decompressing the ramdisk first. Apparently, this is a Snow Leopard only feature for now. You could also (in theory) compile GenPass on your device and use iPhone OS' tools to mount the ramdisk (since they must know how to understand them), although I haven't gotten around to try this yet.

The compression is affecting beta 3 at this point or beta 1 and 2?
And, since I have snow leopard beta, how do you decompres it under snow leopard? And is this a new feature of snow leopard (in a recent build or from the begening, just that at the moment I have a slow connection making it hard to upgrade snow leopard)?

Talk:GenPass

2009-04-15T19:58:24Z

Dranfi: /* How to use? */ new section

Talk:Baseband Bootloader

2009-04-10T20:01:24Z

Dranfi: /* 5.8 */

=== 5.8 ===

The fact that dev team could change the baseband firmware implies there '''is''' an exploit, doesn't it?

I guess that the 5.8 exploit doesn't allow unlock because of sigcheck. Is the bootloaders 5.8 or 5.9 in the ramdisks? And is it possible to downgrade from 5.9 to 5.8 (maybe running some code in the baseband thru the at+stkprof to ask to erase the bootloader). Last thing, does 5.8 allow downgrading from any baseband?
dranfi 4/10/09

== drg ==

There's an exploit somewhere, but it's not publicly known where.

Ramdisk

2009-04-05T03:21:00Z

Dranfi:

This is what iTunes boots to upgrade the [[System|OS]] and the [[NOR]], not to mention in the case of the [[iPhone]], it upgrades the [[Baseband Device|Baseband]].

It is signed, but if you have administered the [[Pwnage]] hack, then you can load modified ones.

==Two Ramdisks==
* [[Restore Ramdisk]]
* [[Update Ramdisk]]

Talk:Installous

2009-03-21T06:18:37Z

Dranfi: New page: I wonder if theiphonewiki should talk about installous as it is illegal.

I wonder if theiphonewiki should talk about installous as it is illegal.

Talk:N72AP

2008-10-13T22:33:04Z

Dranfi:

== Anyone got one? ~geohot ==

Cool, didn't realize I could download the new Touch fw.

You have a decrypted copy of iBSS in \iPod2,1_2.1.1_5F138_Restore\Firmware\dfu\iBSS.n72ap.RELEASE.dfu

I'm almost sure the DFU exploit is still there, because the DFU file is still 89001. Use [[Easier_method_of_getting_Img3_Key_/_IV|my iBoot patch]] to patch that iBSS and run the AES engine straight from iBoot. Use [http://iphonejtag.blogspot.com/2008/07/yiphone-and-otherwise.html iran] to upload the patched version.

== okay now ==

Is the DFU exploit there? Test it using "iran", not iTunes. If not, then we are up against something. Otherwise, why the long talk page?

assuming the DFU exploit is still there...

1. Do the old iBSSes and iBECs run(with exploit)? If so, you are done, just use my iBoot patches to run the AES engine right from iBoot. No chainloading required.

2. The DFUs all weren't encrypted on the iPhone firmware, including the iBSS and iBEC ones. Still true? Then theres iBoot.

assuming the DFU exploit is gone...

1. If the old iBoots run(without exploit, from normal DFU), run 1.1.4 and use the diags exploit to strap into a patched iBoot.

== questions ==
that actually would make a lot of sense. the only thing is, would new code be needed to decrypt the kbags, or business as usual since it is just a gid key change? i would think it is the later but im no crypto genius so i cant be too sure.

I know the jist of how the diags exploit works, but how exactly would i strap on another iBoot. basically, do you have code handy for that? preferably in the form of already laid out 'mw's so that i can just copy and paste :P but thats asking too much. in all seriousness, please let me know if you do as i paln on picking one up soon.

== wait! ==

Although it for some strange reason parses 8900 files, I just realized...they could have just fixed the bootrom stack overflow, and kept parsing intact for whatever reason...

== i have one ==

i have the 2g touch if anyone wants me to do any testing. I use a mac, if you need to contact me email me at fiftyfour123@gmail.com cuz i won't be checking this page.

I got one too. I'll have to stop using it before November since I'll give it as a birthday present, but not I can test that it is working well :p. My email address is julienf.collin@gmail.com Geohot, if you want to contact me, mail me, use google talk (either via gmail or via iChat for mac) or this address as a Windows Live Messenger. BTW, I sent you a 10 US$ donation for the bootloader 4.6 software unlock(s) and all your work.

Talk:BootNeuter

2008-09-18T04:25:12Z

Dranfi:

=== Fakeblank ===
It is not quite clear if fakeblank is a sort of bootloader (same level as 3.9 or 4.6, say a 'blank' bootloader) or if it is just a piece of code which is needed to run a serial payload at will '''and / or''' boots the normal bootloader (3.9 or 4.6) if no serial payload is run. The article itself is inconsistent regarding this point.

Besides there is a page [[Fakeblank]] and resorting / linking information would be a good idea, IMHO.

== Change bootloader? ==

How does BootNeuter does change the bootloader?
I suppose that BootNeuter use Gbootloader (see GeoHotz post : [http://iphonejtag.blogspot.com/2008/02/look-at-things-to-come.html] ) for changing the bootloader 4.6 stock/neutered.
I suppose that BooNeuter use 112otb (see GeoHotz post : [http://iphonejtag.blogspot.com/2008/01/112-otb-unlocked.html] ) for changing a fakeblanked bootloader.
But for the Bootloader 3.9, we don't know (maybe an upgrade to 4.6 first via bbupdater??) ? -- dranfi

BootNeuter does use geohot's extended secpack erase for erasing the 4.6 BL (as stated in its credits). For actually changing the "locked-down" NOR status of both the 3.9 and 4.6 bootloaders, BootNeuter uses the GPIO hack found by the dev team (and credited to the dev team by geohot within gbootloader/main-bleraser.c. Search that source code for the credit). The neuter patch is actually another matter, and is another (still uncredited and unmentioned (until now)) dev team discovery. And no, 3.9 is not upgraded to 4.6 before being neutered :) The 3.9 and 4.6 neuters are similar but distinct.-- MuscleNerd

Can you tell us more about the GPIO hack, I only see this in Gehot code : "//deassert WP#, thanks dev team
GPIO=0x700;" -- dranfi

== Neuter Patch ==

MuscleNerd--can you elaborate on what exactly the "neuter patch" is?
I saw a post about this before BootNeuter actually being released, but I don't think I'll be able to find it. -- dranfi

Talk:BootNeuter

2008-09-09T02:07:15Z

Dranfi: /* Change bootloader? */ new section

User talk:Geohot

2008-08-08T12:12:44Z

Dranfi:

== categories? ==

hey I was just wondering if you thought it would be a better idea to organize the stuff that is on the main page into wiki categories instead like on wikipedia, since the main page of a wiki is usually short :P

as in, a category for S5L8900 exploits, one for 2G baseband/bootloader exploits, another for 3G baseband/bootloader exploits, one for hardware, one for unlocking, one for development (as in, app development), one for brainstorming/theories, etc etc you catch my drift

i would make them already, but i am no mediawiki mastermind and i dont even know if i have to be sysop or something special like that to make them :P

just throwing it out there, in case you thought it would be a good idea

----

Your Studies?
Could you write on your profile page what did you study to know/have skill you have in computer/programming and in electronic? If you practice difficult things like JTAG before having the iPhone?
Thanks - dranfi

User talk:Geohot

2008-08-08T12:08:15Z

Dranfi:

== categories? ==

hey I was just wondering if you thought it would be a better idea to organize the stuff that is on the main page into wiki categories instead like on wikipedia, since the main page of a wiki is usually short :P

as in, a category for S5L8900 exploits, one for 2G baseband/bootloader exploits, another for 3G baseband/bootloader exploits, one for hardware, one for unlocking, one for development (as in, app development), one for brainstorming/theories, etc etc you catch my drift

i would make them already, but i am no mediawiki mastermind and i dont even know if i have to be sysop or something special like that to make them :P

just throwing it out there, in case you thought it would be a good idea

Your Studies?
Could you write on your profile page what did you study to know/have skill you have in computer/programming and in electronic? If you practice difficult things like JTAG before having the iPhone?
Thanks - dranfi

User:Dranfi

2008-08-03T20:36:50Z

Dranfi: New page: just me.

just me.

Talk:NCK Brute Force

2008-07-28T23:10:32Z

Dranfi: New page: Is this method usable to permanently unlock the iPhone (like IPSF) aka upgrade resistant and not needing a software like signal.app (and being able to use SIM PIN Code)? This would allowed...

Is this method usable to permanently unlock the iPhone (like IPSF) aka upgrade resistant and not needing a software like signal.app (and being able to use SIM PIN Code)?
This would allowed to have the "official" unlock (except activation)?

Main Page

2008-07-28T20:22:21Z

Dranfi: /* Boot Chain */

<table border=1 width=100%><tr>
<td bgcolor=#64ff64 width=50%><center><b>[[PwnageTool|Jailbreak]]</b></center></td>
<td bgcolor=#ff6464 width=50%><center><b>[[Unlock 2.0|Unlock]]</b></center></td>
</tr>
<tr>
<td colspan=2>
<center>[[Disclaimer]]</center>
</td>
</tr>
</table>

Welcome to the iPhone wiki. This is a conglomerate work of everything done by everyone on the iPhone. Anyone can post here, just create an account. This is needed to avoid spam.

Read(and edit) the [[constitution]] to understand what purpose this wiki serves.

Read [[Up to speed|this]] to get up to speed in the iPhone community. Read the [[timeline]] to see where we are.

If you have notes on something you did, post them here. Even if it isn't pretty.

If you have a fix for a problem people are having, post it here.

==Hardware==
* [[m68ap|iPhone(m68ap)]]
* [[n82ap|iPhone 3G(n82ap)]]
* [[n45ap|iPod touch(n45ap)]]

==App Processor(Jailbreak)==
* [[S5L8900]]

===Exploits===
* [[Restore Mode]]
* [[LibTiff]]
* [[symlinks]]
* [[Ramdisk Hack]]
* [[pwnage]]
* [[diags]]
* [[pwnage 2.0]]

===Boot Chain===
[[VROM]]->[[LLB]]->[[iBoot]]->[[Kernel]]->[[System|System Software]]

One of the [[iPhoneLinux]] goals are to remplace that Boot Chain after iBoot :<br>
[[VROM]]->[[LLB]]->OpeniBoot->Linux Kernel->Linux Daemons->X Server->Windows Manager...

===Upgrade Process===
[[VROM]]->[[DFU]]->[[WTF]]->[[iBoot]]->[[Kernel]]->[[Ramdisk]]->[[Restore Mode|Restore]]

==Baseband(Unlock)==
* [[S-Gold 2]]
* [[X-Gold 608]]

===Exploits===
* [[SIM hacks]]
* [[Fakeblank|Hardware Fakeblank]]
* [[IPSF]]
* [[Minus 0x400]]
* [[Jerrysim]]
* [[Minus 0x20000 with Back Extend Erase]]

===Theoretical Attacks===
* [[NCK Brute Force]]
* [[Baseband JTAG]]

===Boot Chain===
[[Baseband Bootrom|bootrom]]->[[Baseband Bootloader|bootloader]]->[[Baseband Firmware|firmware]]

==File formats==
* [[8900 File Format]]
* [[IMG2 File Format]]
* [[IMG3 File Format]]
* [[secpack]]
* [[secpack 2.0]]
* [[seczone]]

==Protocols==
* [[Recovery Mode 0x1280]]
* [[Recovery Mode 0x1281]]
* [[DFU 0x1222]]
* [[WTF 0x1227]]
* [[Normal Mode 0x1290]]
* [[Restore Mode]]
* [[Baseband Bootrom Protocol]]
* [[Interactive Mode|Baseband Bootloader Protocol]]

==Keys==
* [[AES Keys]]
* [[Apple Certificate]]
* [[Baseband RSA Keys]]
* [[Baseband TEA Keys]]
* [[VFDecrypt Keys|Root Filesystem DMG Keys]]

==Application Development==
* [[Toolchain]]
* [[Frameworks]]
* [[Apple Certification Process]]
* [[Distribution Methods]]

==Tutorials==
* [[Toolchain Tutorial]]
* [[Decrypt iPhone ipsw Beta 4-7 ramdisk]]
* [[Unlock iphone-3G with TurboSim|TurboSIM Unlock]]

==Definitions==
* [[jailbreak]]
* [[activation]]
* [[unlock]]
* [[baseband]]
* [[Baseband Bootloader|bootloader]]

IBoot (Bootloader)

2008-07-28T20:16:32Z

Dranfi:

This is Apple's bootloader for the [[S5L8900]]. It runs what is known as [[Recovery Mode]]. It has an interactive interface which can be used over USB or serial.

In versions pre 2.0, there was an exploit in the [[diags]] command.

----

There is a modified iBoot : OpeniBoot, an free and Open Source remplacement of iBoot. Its goals is to have low-level drivers in order to load [[linux on the iPhone]].

Linux on the iPhone

2008-07-28T20:15:49Z

Dranfi: Redirecting to IPhoneLinux

#REDIRECT [[iPhoneLinux]]

Ramdisk Hack

2008-07-28T20:08:58Z

Dranfi:

This allows unsigned ramdisks to be booted. It was first publicized by [[ZiPhone]]

==Credit==
[[The dev team]]

==Exploit==
Passing boot args specifying a ramdisk in ram > 0x9C000000 allows any ramdisk to be booted.

==Implementation==
* [[PwnageTool]]
* [[ZiPhone]]
* [[iPhoneLinux]]thru the [[pwnage]] exploit

Pwnage

2008-07-28T20:07:24Z

Dranfi:

This exploit is in the [[VROM]]

==Credit==
[[The dev team]]

==Exploit==
The VROM doesn't sig check the stuff it jumps to in the [[NOR]]. So to use the exploit, one finds a way of writing to the NOR unsigned, either with iBoot hacks or kernel patches.

==Implementation==
* [[PwnageTool]]
* [[iPhoneLinux]]

IDroid

2008-07-28T20:06:13Z

Dranfi: IPhonelinux moved to IPhoneLinux: Oups : capital leter also for "L"

[http://iphonelinux.org iPhonelinux] is a project which goals are to port linux on the iPhone and make a Free (free software) OS alternative to the Apple proprietary "[http://en.wikipedia.org/wiki/IPhone_OS iPhone OS]".

iPhonelinux is not actually a hack/exploit neither an unlock, but it is based on the [[Pwnage]] exploit.

There are three steps in the iPhonelinux roadmap : oPeniBoot, linux kernel and long term (GUI, phone...)

== OpeniBoot ==
The Goals of OpeniBoot is to run low-level code, to have low and critical drivers (nand and nor driver, NVRAM...), debugger and developpement environment (chainloading, upgrading itself and USB mass storage).

== Linux ==
A linux Bootloader, a working linux kernel (just a question of cross-compiler), porting drivers, run wifi and command line thru SSH.

== Long-Term Plans ==
Multi-touch driver, Baseband driver, port X server and create an SDK.
Then have a viable alternative of the iPhone OS.

IPhonelinux

2008-07-28T20:06:13Z

Dranfi: IPhonelinux moved to IPhoneLinux: Oups : capital leter also for "L"

#REDIRECT [[IPhoneLinux]]

IDroid

2008-07-28T20:04:51Z

Dranfi: Iphonelinux moved to IPhonelinux: Capital leters.

IDroid

2008-07-28T20:02:59Z

Dranfi: New page: [http://iphonelinux.org iPhonelinux] is a project which goals are to port linux on the iPhone and make a Free (free software) OS alternative to the Apple proprietary "[http://en.wikipedia....