https://www.theiphonewiki.com/w/api.php?action=feedcontributions&feedformat=atom&user=DrgThe iPhone Wiki - User contributions [en]2026-05-06T09:40:38ZUser contributionsMediaWiki 1.31.14https://www.theiphonewiki.com/w/index.php?title=Siri&diff=22098Siri2011-10-30T20:39:57Z<p>Drg: </p>
<hr />
<div>[[Siri]] is a voice control feature in the [[N94ap|iPhone 4S]], one of the main selling points for this device, although still in beta. A port to iPhone 4 and late model iPod touch has been completed by [http://twitter.com/#!/stroughtonsmith stroughtonsmith] with the help of [http://twitter.com/#!/chpwn chpwn].<br />
<br />
== References ==<br />
* [http://twitter.com/stroughtonsmith Steve on Twitter]<br />
<br />
{{stub|Software}}</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Siri&diff=22097Siri2011-10-30T20:38:34Z<p>Drg: </p>
<hr />
<div>[[Siri]] is a voice control feature in the [[N94ap|iPhone 4S]], one of the main selling points for this device, although still in beta. A port to iPhone 4 and late model iPod touch has been completed by [http://twitter.com/#!/stroughtonsmith stroughtonsmith] and [http://twitter.com/#!/chpwn chpwn].<br />
<br />
== References ==<br />
* [http://twitter.com/stroughtonsmith Steve on Twitter]<br />
<br />
{{stub|Software}}</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Limera1n&diff=10416Limera1n2010-10-11T04:26:49Z<p>Drg: /* Exploits */</p>
<hr />
<div>==Introduction==<br />
[[Image:Ra1ndrop.png|right]]This is [[User:Geohot|geohot's]] [[jailbreak]] utility. It uses his undisclosed exploit, along with [[User:Comex|comex's]] [[userland exploit]], to achieve an [[untethered jailbreak]] on newer devices.<br />
* [[N88ap|iPhone 3GS]] (New [[bootrom]] is now working with Beta 3)<br />
* [[N90ap|iPhone 4]]<br />
* [[N72ap|iPod touch 2G]] (support announced, not released)<br />
* [[N18ap|iPod touch 3G]]<br />
* [[N81ap|iPod touch 4G]]<br />
* [[K48ap|iPad]]<br />
<br />
It has been demonstrated multiple times by [[User:Geohot|geohot]], using blog posts on his now private blog. [[User:Geohot|Geohot]] [http://1.bp.blogspot.com/_NJ4JFBfr1tY/TDgkAsTQEmI/AAAAAAAAAcw/ZNHDxMNNL4Y/s1600/iphone4.png showed off a high-res picture of Cydia on an iPhone 4]. He [http://www.youtube.com/watch?v=__TR86PLiHw displayed an iPod touch 3G with an untethered jailbreak] that met MuscleNerd's requirements for a good video. In addition, he took a [http://4.bp.blogspot.com/_NJ4JFBfr1tY/S7_OvGMqJMI/AAAAAAAAAcE/R5WLrCizGw0/s1600/ipad_jb.jpg picture of Cydia and blackra1n icons on his iPad's SpringBoard].<br />
<br />
[[limera1n]] beta 1 was released on October 9, 2010, delaying the release of [[greenpois0n]], because [[greenpois0n]] has to be rewritten to use the [[limera1n]] exploit instead of [[SHAtter]]. It only supports Windows at the moment and some devices have issues.<br />
<br />
==Release text==<br />
<center>limera1n, 6 months in the making<br><br />
iPhone 3GS, iPod Touch 3G, iPad, iPhone 4, iPod Touch 4G<br><br />
4.0-4.1 and beyond+++<br><br />
limera1n is unpatchable<br><br />
untethered thanks to jailbreakme star '''comex'''<br><br />
released today to get chronicdev to do the right thing<br><br />
brought to you by '''geohot'''<br><br />
hacktivates<br><br />
Mac coming soon<br><br />
follow the instructions in the box, sadly limera1n isn't one click<br><br />
that's the price of unpatchability<br><br />
as usual, donations appreciated but not required<br><br />
still in beta, pardon my ragged edges<br><br />
AppleTV is technically supported, but theres no apps yet<br><br />
zero pictures of my face</center><br />
<br />
==Credit==<br />
*[[User:Geohot|geohot]] - the program itself, and [[bootrom exploit]].<br />
*[[User:Comex|comex]] - [[userland exploit]] that allows [[limera1n]] to run [[untethered]].<br />
<br />
==Changelog==<br />
{| class="wikitable" style="border-collapse:collapse;" border="1"<br />
|-<br />
|<center>'''Version'''</center><br />
|<center>'''Release time'''</center><br />
|<center>'''md5'''</center><br />
|<center>'''Change comment'''</center><br />
|-<br />
|RC1 beta 1<br />
|9 Oct 2010 XX:XX GMT<br />
|2f2b09a6ed5c5613d5361d8a9d0696b6<br />
|First release.<br />
|-<br />
|RC1 beta 2<br />
|9 Oct 2010 XX:XX GMT<br />
|a70dccb3dfc0e505687424184dc3d1ce<br />
|Fixed kernel patching magic. Rerun BETA2+ over BETA1.<br />
|-<br />
|RC1 beta 3<br />
|9 Oct 2010 XX:XX GMT<br />
|81730090f7de1576268ee8c2407c3d35<br />
|Fixed an issue with [[N88ap|iPhone 3GS]] ([[iBoot-359.3.2|new bootrom]])<br />
|-<br />
|RC1 beta 4<br />
|9 Oct 2010 XX:XX GMT<br />
|d901c4b3a544983f095b0d03eb94e4db<br />
|Uninstall fixed, respring fixed<br />
|}<br />
<br />
==Technical Information==<br />
=== Basics ===<br />
* [[limera1n]] does not use [[SHAtter]].<br />
* [[limera1n]] uses a [[bootrom exploit]] to achieve the [[tethered jailbreak]] and [[unsigned code execution]].<br />
* [[limera1n]] uses a userland exploit to make the jailbreak [[Untethered jailbreak|untethered]], which was developed by [[User:Comex|comex]].<br />
<br />
=== Exploits ===<br />
Details of the [[bootrom exploit]] to follow.<br />
<br />
=== Process ===<br />
The jailbreak appears to execute something like the following (in no particular order):<br />
* In [[recovery1]],<br />
"setenv debug-uarts 1<br />
setenv auto-boot false<br />
saveenv"<br />
* In [[DFU]], it uploads a [[payload]].<br />
* In [[recovery2]], it uploads another [[payload]] and its [[ramdisk]].<br />
<br />
==Controversy==<br />
The release of this jailbreak is specifically designed to pressure [[Chronic Dev]] into not releasing the SHAtter exploit, instead implementing the [[limera1n]] exploit into [[greenpois0n]]. Now that [[User:Geohot|geohot]] has released [[limera1n]], releasing[[SHAtter]] would uselessly disclose another [[bootrom exploit]] to Apple.<br />
<br />
[[User:Geohot|geohot]]'s rationale is that Apple has already discovered, through internal testing, the [[limera1n]] exploit, making it very likely that it will be fixed in the next bootrom. Because iBoot code is present both in the bootrom and firmware, and because firmware is refreshed much more often that bootrom code, any fix in this code branch would appear first in firmware. geohot observed his [[limera1n]] exploit was closed in firmware and concluded that it would almost certainly be fixed in the next bootrom revision, whereas SHAtter still has a chance of remaining usefull in iPhone 5 should it not be disclosed at this time.<br />
<br />
[[limera1n]]'s [[Untethered jailbreak|untethered]] userland exploit was obtained by [[User:Geohot|geohot]] under questionable circumstances from [[User:Comex|comex]]. [[User:Comex|comex]] did in fact end up giving his approval for the exploit to be included in [[limera1n]].<br />
<br />
==External Links==<br />
* [http://loadingchanges.com/wp-content/uploads/2010/10/limetime.jpg Picture of limera1n in action]<br />
* [http://limera1n.com/ Actual Site http://limera1n.com/]<br />
* [http://theiphonewiki.com/limera1n Mirror Site http://theiphonewiki.com/limera1n]<br />
* [http://www.mediafire.com/?5sovoo41rbcdspw Limera1n RC Beta2 Dump on Mediafire]<br />
* [http://www.pastie.org/1210054 Veence's explanation for release]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Limera1n&diff=10415Limera1n2010-10-11T04:26:14Z<p>Drg: /* Basics */</p>
<hr />
<div>==Introduction==<br />
[[Image:Ra1ndrop.png|right]]This is [[User:Geohot|geohot's]] [[jailbreak]] utility. It uses his undisclosed exploit, along with [[User:Comex|comex's]] [[userland exploit]], to achieve an [[untethered jailbreak]] on newer devices.<br />
* [[N88ap|iPhone 3GS]] (New [[bootrom]] is now working with Beta 3)<br />
* [[N90ap|iPhone 4]]<br />
* [[N72ap|iPod touch 2G]] (support announced, not released)<br />
* [[N18ap|iPod touch 3G]]<br />
* [[N81ap|iPod touch 4G]]<br />
* [[K48ap|iPad]]<br />
<br />
It has been demonstrated multiple times by [[User:Geohot|geohot]], using blog posts on his now private blog. [[User:Geohot|Geohot]] [http://1.bp.blogspot.com/_NJ4JFBfr1tY/TDgkAsTQEmI/AAAAAAAAAcw/ZNHDxMNNL4Y/s1600/iphone4.png showed off a high-res picture of Cydia on an iPhone 4]. He [http://www.youtube.com/watch?v=__TR86PLiHw displayed an iPod touch 3G with an untethered jailbreak] that met MuscleNerd's requirements for a good video. In addition, he took a [http://4.bp.blogspot.com/_NJ4JFBfr1tY/S7_OvGMqJMI/AAAAAAAAAcE/R5WLrCizGw0/s1600/ipad_jb.jpg picture of Cydia and blackra1n icons on his iPad's SpringBoard].<br />
<br />
[[limera1n]] beta 1 was released on October 9, 2010, delaying the release of [[greenpois0n]], because [[greenpois0n]] has to be rewritten to use the [[limera1n]] exploit instead of [[SHAtter]]. It only supports Windows at the moment and some devices have issues.<br />
<br />
==Release text==<br />
<center>limera1n, 6 months in the making<br><br />
iPhone 3GS, iPod Touch 3G, iPad, iPhone 4, iPod Touch 4G<br><br />
4.0-4.1 and beyond+++<br><br />
limera1n is unpatchable<br><br />
untethered thanks to jailbreakme star '''comex'''<br><br />
released today to get chronicdev to do the right thing<br><br />
brought to you by '''geohot'''<br><br />
hacktivates<br><br />
Mac coming soon<br><br />
follow the instructions in the box, sadly limera1n isn't one click<br><br />
that's the price of unpatchability<br><br />
as usual, donations appreciated but not required<br><br />
still in beta, pardon my ragged edges<br><br />
AppleTV is technically supported, but theres no apps yet<br><br />
zero pictures of my face</center><br />
<br />
==Credit==<br />
*[[User:Geohot|geohot]] - the program itself, and [[bootrom exploit]].<br />
*[[User:Comex|comex]] - [[userland exploit]] that allows [[limera1n]] to run [[untethered]].<br />
<br />
==Changelog==<br />
{| class="wikitable" style="border-collapse:collapse;" border="1"<br />
|-<br />
|<center>'''Version'''</center><br />
|<center>'''Release time'''</center><br />
|<center>'''md5'''</center><br />
|<center>'''Change comment'''</center><br />
|-<br />
|RC1 beta 1<br />
|9 Oct 2010 XX:XX GMT<br />
|2f2b09a6ed5c5613d5361d8a9d0696b6<br />
|First release.<br />
|-<br />
|RC1 beta 2<br />
|9 Oct 2010 XX:XX GMT<br />
|a70dccb3dfc0e505687424184dc3d1ce<br />
|Fixed kernel patching magic. Rerun BETA2+ over BETA1.<br />
|-<br />
|RC1 beta 3<br />
|9 Oct 2010 XX:XX GMT<br />
|81730090f7de1576268ee8c2407c3d35<br />
|Fixed an issue with [[N88ap|iPhone 3GS]] ([[iBoot-359.3.2|new bootrom]])<br />
|-<br />
|RC1 beta 4<br />
|9 Oct 2010 XX:XX GMT<br />
|d901c4b3a544983f095b0d03eb94e4db<br />
|Uninstall fixed, respring fixed<br />
|}<br />
<br />
==Technical Information==<br />
=== Basics ===<br />
* [[limera1n]] does not use [[SHAtter]].<br />
* [[limera1n]] uses a [[bootrom exploit]] to achieve the [[tethered jailbreak]] and [[unsigned code execution]].<br />
* [[limera1n]] uses a userland exploit to make the jailbreak [[Untethered jailbreak|untethered]], which was developed by [[User:Comex|comex]].<br />
<br />
=== Exploits ===<br />
[[limera1n]] uses an undisclosed [[bootrom exploit]].<br />
<br />
=== Process ===<br />
The jailbreak appears to execute something like the following (in no particular order):<br />
* In [[recovery1]],<br />
"setenv debug-uarts 1<br />
setenv auto-boot false<br />
saveenv"<br />
* In [[DFU]], it uploads a [[payload]].<br />
* In [[recovery2]], it uploads another [[payload]] and its [[ramdisk]].<br />
<br />
==Controversy==<br />
The release of this jailbreak is specifically designed to pressure [[Chronic Dev]] into not releasing the SHAtter exploit, instead implementing the [[limera1n]] exploit into [[greenpois0n]]. Now that [[User:Geohot|geohot]] has released [[limera1n]], releasing[[SHAtter]] would uselessly disclose another [[bootrom exploit]] to Apple.<br />
<br />
[[User:Geohot|geohot]]'s rationale is that Apple has already discovered, through internal testing, the [[limera1n]] exploit, making it very likely that it will be fixed in the next bootrom. Because iBoot code is present both in the bootrom and firmware, and because firmware is refreshed much more often that bootrom code, any fix in this code branch would appear first in firmware. geohot observed his [[limera1n]] exploit was closed in firmware and concluded that it would almost certainly be fixed in the next bootrom revision, whereas SHAtter still has a chance of remaining usefull in iPhone 5 should it not be disclosed at this time.<br />
<br />
[[limera1n]]'s [[Untethered jailbreak|untethered]] userland exploit was obtained by [[User:Geohot|geohot]] under questionable circumstances from [[User:Comex|comex]]. [[User:Comex|comex]] did in fact end up giving his approval for the exploit to be included in [[limera1n]].<br />
<br />
==External Links==<br />
* [http://loadingchanges.com/wp-content/uploads/2010/10/limetime.jpg Picture of limera1n in action]<br />
* [http://limera1n.com/ Actual Site http://limera1n.com/]<br />
* [http://theiphonewiki.com/limera1n Mirror Site http://theiphonewiki.com/limera1n]<br />
* [http://www.mediafire.com/?5sovoo41rbcdspw Limera1n RC Beta2 Dump on Mediafire]<br />
* [http://www.pastie.org/1210054 Veence's explanation for release]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Limera1n&diff=10414Limera1n2010-10-11T04:25:37Z<p>Drg: /* Controversy */</p>
<hr />
<div>==Introduction==<br />
[[Image:Ra1ndrop.png|right]]This is [[User:Geohot|geohot's]] [[jailbreak]] utility. It uses his undisclosed exploit, along with [[User:Comex|comex's]] [[userland exploit]], to achieve an [[untethered jailbreak]] on newer devices.<br />
* [[N88ap|iPhone 3GS]] (New [[bootrom]] is now working with Beta 3)<br />
* [[N90ap|iPhone 4]]<br />
* [[N72ap|iPod touch 2G]] (support announced, not released)<br />
* [[N18ap|iPod touch 3G]]<br />
* [[N81ap|iPod touch 4G]]<br />
* [[K48ap|iPad]]<br />
<br />
It has been demonstrated multiple times by [[User:Geohot|geohot]], using blog posts on his now private blog. [[User:Geohot|Geohot]] [http://1.bp.blogspot.com/_NJ4JFBfr1tY/TDgkAsTQEmI/AAAAAAAAAcw/ZNHDxMNNL4Y/s1600/iphone4.png showed off a high-res picture of Cydia on an iPhone 4]. He [http://www.youtube.com/watch?v=__TR86PLiHw displayed an iPod touch 3G with an untethered jailbreak] that met MuscleNerd's requirements for a good video. In addition, he took a [http://4.bp.blogspot.com/_NJ4JFBfr1tY/S7_OvGMqJMI/AAAAAAAAAcE/R5WLrCizGw0/s1600/ipad_jb.jpg picture of Cydia and blackra1n icons on his iPad's SpringBoard].<br />
<br />
[[limera1n]] beta 1 was released on October 9, 2010, delaying the release of [[greenpois0n]], because [[greenpois0n]] has to be rewritten to use the [[limera1n]] exploit instead of [[SHAtter]]. It only supports Windows at the moment and some devices have issues.<br />
<br />
==Release text==<br />
<center>limera1n, 6 months in the making<br><br />
iPhone 3GS, iPod Touch 3G, iPad, iPhone 4, iPod Touch 4G<br><br />
4.0-4.1 and beyond+++<br><br />
limera1n is unpatchable<br><br />
untethered thanks to jailbreakme star '''comex'''<br><br />
released today to get chronicdev to do the right thing<br><br />
brought to you by '''geohot'''<br><br />
hacktivates<br><br />
Mac coming soon<br><br />
follow the instructions in the box, sadly limera1n isn't one click<br><br />
that's the price of unpatchability<br><br />
as usual, donations appreciated but not required<br><br />
still in beta, pardon my ragged edges<br><br />
AppleTV is technically supported, but theres no apps yet<br><br />
zero pictures of my face</center><br />
<br />
==Credit==<br />
*[[User:Geohot|geohot]] - the program itself, and [[bootrom exploit]].<br />
*[[User:Comex|comex]] - [[userland exploit]] that allows [[limera1n]] to run [[untethered]].<br />
<br />
==Changelog==<br />
{| class="wikitable" style="border-collapse:collapse;" border="1"<br />
|-<br />
|<center>'''Version'''</center><br />
|<center>'''Release time'''</center><br />
|<center>'''md5'''</center><br />
|<center>'''Change comment'''</center><br />
|-<br />
|RC1 beta 1<br />
|9 Oct 2010 XX:XX GMT<br />
|2f2b09a6ed5c5613d5361d8a9d0696b6<br />
|First release.<br />
|-<br />
|RC1 beta 2<br />
|9 Oct 2010 XX:XX GMT<br />
|a70dccb3dfc0e505687424184dc3d1ce<br />
|Fixed kernel patching magic. Rerun BETA2+ over BETA1.<br />
|-<br />
|RC1 beta 3<br />
|9 Oct 2010 XX:XX GMT<br />
|81730090f7de1576268ee8c2407c3d35<br />
|Fixed an issue with [[N88ap|iPhone 3GS]] ([[iBoot-359.3.2|new bootrom]])<br />
|-<br />
|RC1 beta 4<br />
|9 Oct 2010 XX:XX GMT<br />
|d901c4b3a544983f095b0d03eb94e4db<br />
|Uninstall fixed, respring fixed<br />
|}<br />
<br />
==Technical Information==<br />
=== Basics ===<br />
* [[limera1n]] does not use [[SHAtter]].<br />
* [[limera1n]] uses a [[bootrom exploit]] to achieve the [[tethered jailbreak]] and [[unsigned code execution]].<br />
* [[limera1n]] uses a userland exploit to make the jailbreak [[Untethered jailbreak|untethered]], which [[User:Geohot|geohot]] was developped by [[User:Comex|comex]].<br />
<br />
=== Exploits ===<br />
[[limera1n]] uses an undisclosed [[bootrom exploit]].<br />
<br />
=== Process ===<br />
The jailbreak appears to execute something like the following (in no particular order):<br />
* In [[recovery1]],<br />
"setenv debug-uarts 1<br />
setenv auto-boot false<br />
saveenv"<br />
* In [[DFU]], it uploads a [[payload]].<br />
* In [[recovery2]], it uploads another [[payload]] and its [[ramdisk]].<br />
<br />
==Controversy==<br />
The release of this jailbreak is specifically designed to pressure [[Chronic Dev]] into not releasing the SHAtter exploit, instead implementing the [[limera1n]] exploit into [[greenpois0n]]. Now that [[User:Geohot|geohot]] has released [[limera1n]], releasing[[SHAtter]] would uselessly disclose another [[bootrom exploit]] to Apple.<br />
<br />
[[User:Geohot|geohot]]'s rationale is that Apple has already discovered, through internal testing, the [[limera1n]] exploit, making it very likely that it will be fixed in the next bootrom. Because iBoot code is present both in the bootrom and firmware, and because firmware is refreshed much more often that bootrom code, any fix in this code branch would appear first in firmware. geohot observed his [[limera1n]] exploit was closed in firmware and concluded that it would almost certainly be fixed in the next bootrom revision, whereas SHAtter still has a chance of remaining usefull in iPhone 5 should it not be disclosed at this time.<br />
<br />
[[limera1n]]'s [[Untethered jailbreak|untethered]] userland exploit was obtained by [[User:Geohot|geohot]] under questionable circumstances from [[User:Comex|comex]]. [[User:Comex|comex]] did in fact end up giving his approval for the exploit to be included in [[limera1n]].<br />
<br />
==External Links==<br />
* [http://loadingchanges.com/wp-content/uploads/2010/10/limetime.jpg Picture of limera1n in action]<br />
* [http://limera1n.com/ Actual Site http://limera1n.com/]<br />
* [http://theiphonewiki.com/limera1n Mirror Site http://theiphonewiki.com/limera1n]<br />
* [http://www.mediafire.com/?5sovoo41rbcdspw Limera1n RC Beta2 Dump on Mediafire]<br />
* [http://www.pastie.org/1210054 Veence's explanation for release]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Limera1n&diff=10413Limera1n2010-10-11T04:25:20Z<p>Drg: /* Controversy */</p>
<hr />
<div>==Introduction==<br />
[[Image:Ra1ndrop.png|right]]This is [[User:Geohot|geohot's]] [[jailbreak]] utility. It uses his undisclosed exploit, along with [[User:Comex|comex's]] [[userland exploit]], to achieve an [[untethered jailbreak]] on newer devices.<br />
* [[N88ap|iPhone 3GS]] (New [[bootrom]] is now working with Beta 3)<br />
* [[N90ap|iPhone 4]]<br />
* [[N72ap|iPod touch 2G]] (support announced, not released)<br />
* [[N18ap|iPod touch 3G]]<br />
* [[N81ap|iPod touch 4G]]<br />
* [[K48ap|iPad]]<br />
<br />
It has been demonstrated multiple times by [[User:Geohot|geohot]], using blog posts on his now private blog. [[User:Geohot|Geohot]] [http://1.bp.blogspot.com/_NJ4JFBfr1tY/TDgkAsTQEmI/AAAAAAAAAcw/ZNHDxMNNL4Y/s1600/iphone4.png showed off a high-res picture of Cydia on an iPhone 4]. He [http://www.youtube.com/watch?v=__TR86PLiHw displayed an iPod touch 3G with an untethered jailbreak] that met MuscleNerd's requirements for a good video. In addition, he took a [http://4.bp.blogspot.com/_NJ4JFBfr1tY/S7_OvGMqJMI/AAAAAAAAAcE/R5WLrCizGw0/s1600/ipad_jb.jpg picture of Cydia and blackra1n icons on his iPad's SpringBoard].<br />
<br />
[[limera1n]] beta 1 was released on October 9, 2010, delaying the release of [[greenpois0n]], because [[greenpois0n]] has to be rewritten to use the [[limera1n]] exploit instead of [[SHAtter]]. It only supports Windows at the moment and some devices have issues.<br />
<br />
==Release text==<br />
<center>limera1n, 6 months in the making<br><br />
iPhone 3GS, iPod Touch 3G, iPad, iPhone 4, iPod Touch 4G<br><br />
4.0-4.1 and beyond+++<br><br />
limera1n is unpatchable<br><br />
untethered thanks to jailbreakme star '''comex'''<br><br />
released today to get chronicdev to do the right thing<br><br />
brought to you by '''geohot'''<br><br />
hacktivates<br><br />
Mac coming soon<br><br />
follow the instructions in the box, sadly limera1n isn't one click<br><br />
that's the price of unpatchability<br><br />
as usual, donations appreciated but not required<br><br />
still in beta, pardon my ragged edges<br><br />
AppleTV is technically supported, but theres no apps yet<br><br />
zero pictures of my face</center><br />
<br />
==Credit==<br />
*[[User:Geohot|geohot]] - the program itself, and [[bootrom exploit]].<br />
*[[User:Comex|comex]] - [[userland exploit]] that allows [[limera1n]] to run [[untethered]].<br />
<br />
==Changelog==<br />
{| class="wikitable" style="border-collapse:collapse;" border="1"<br />
|-<br />
|<center>'''Version'''</center><br />
|<center>'''Release time'''</center><br />
|<center>'''md5'''</center><br />
|<center>'''Change comment'''</center><br />
|-<br />
|RC1 beta 1<br />
|9 Oct 2010 XX:XX GMT<br />
|2f2b09a6ed5c5613d5361d8a9d0696b6<br />
|First release.<br />
|-<br />
|RC1 beta 2<br />
|9 Oct 2010 XX:XX GMT<br />
|a70dccb3dfc0e505687424184dc3d1ce<br />
|Fixed kernel patching magic. Rerun BETA2+ over BETA1.<br />
|-<br />
|RC1 beta 3<br />
|9 Oct 2010 XX:XX GMT<br />
|81730090f7de1576268ee8c2407c3d35<br />
|Fixed an issue with [[N88ap|iPhone 3GS]] ([[iBoot-359.3.2|new bootrom]])<br />
|-<br />
|RC1 beta 4<br />
|9 Oct 2010 XX:XX GMT<br />
|d901c4b3a544983f095b0d03eb94e4db<br />
|Uninstall fixed, respring fixed<br />
|}<br />
<br />
==Technical Information==<br />
=== Basics ===<br />
* [[limera1n]] does not use [[SHAtter]].<br />
* [[limera1n]] uses a [[bootrom exploit]] to achieve the [[tethered jailbreak]] and [[unsigned code execution]].<br />
* [[limera1n]] uses a userland exploit to make the jailbreak [[Untethered jailbreak|untethered]], which [[User:Geohot|geohot]] was developped by [[User:Comex|comex]].<br />
<br />
=== Exploits ===<br />
[[limera1n]] uses an undisclosed [[bootrom exploit]].<br />
<br />
=== Process ===<br />
The jailbreak appears to execute something like the following (in no particular order):<br />
* In [[recovery1]],<br />
"setenv debug-uarts 1<br />
setenv auto-boot false<br />
saveenv"<br />
* In [[DFU]], it uploads a [[payload]].<br />
* In [[recovery2]], it uploads another [[payload]] and its [[ramdisk]].<br />
<br />
==Controversy==<br />
The release of this jailbreak is specifically designed to pressure [[Chronic Dev]] into not releasing the SHAtter exploit, instead implementing the [[limera1n]] exploit into [[greenpois0n]]. Now that [[User:Geohot|geohot]] has released [[limera1n]], releasing[[SHAtter]] would uselessly disclose another [[bootrom exploit]] to Apple.<br />
<br />
[[User:Geohot|geohot]]'s rationale is that Apple has already discovered, through internal testing, the [[limera1n]] exploit, making it very likely that it will be fixed in the next bootrom. Because iBoot code is present both in the bootrom and firmware, and because firmware is refreshed much more often that bootrom code, any fix in this code branch would appear first in firmware. geohot observed his [[limera1n]] exploit was closed in firmware and concluded that it would almost certainly be fixed in the next bootrom revision, whereas SHAtter still has a chance of remaining usefull in iPhone 5 should it not be disclosed at this time.<br />
<br />
[[limera1n]]'s [[Untethered jailbreak|untethered]] userland exploit was obtained by [[User:Geohot|geohot]]under questionable circumstances from [[User:Comex|comex]]. [[User:Comex|comex]] did in fact end up giving his approval for the exploit to be included in [[limera1n]].<br />
<br />
==External Links==<br />
* [http://loadingchanges.com/wp-content/uploads/2010/10/limetime.jpg Picture of limera1n in action]<br />
* [http://limera1n.com/ Actual Site http://limera1n.com/]<br />
* [http://theiphonewiki.com/limera1n Mirror Site http://theiphonewiki.com/limera1n]<br />
* [http://www.mediafire.com/?5sovoo41rbcdspw Limera1n RC Beta2 Dump on Mediafire]<br />
* [http://www.pastie.org/1210054 Veence's explanation for release]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Limera1n&diff=10412Limera1n2010-10-11T04:24:54Z<p>Drg: /* Controversy */</p>
<hr />
<div>==Introduction==<br />
[[Image:Ra1ndrop.png|right]]This is [[User:Geohot|geohot's]] [[jailbreak]] utility. It uses his undisclosed exploit, along with [[User:Comex|comex's]] [[userland exploit]], to achieve an [[untethered jailbreak]] on newer devices.<br />
* [[N88ap|iPhone 3GS]] (New [[bootrom]] is now working with Beta 3)<br />
* [[N90ap|iPhone 4]]<br />
* [[N72ap|iPod touch 2G]] (support announced, not released)<br />
* [[N18ap|iPod touch 3G]]<br />
* [[N81ap|iPod touch 4G]]<br />
* [[K48ap|iPad]]<br />
<br />
It has been demonstrated multiple times by [[User:Geohot|geohot]], using blog posts on his now private blog. [[User:Geohot|Geohot]] [http://1.bp.blogspot.com/_NJ4JFBfr1tY/TDgkAsTQEmI/AAAAAAAAAcw/ZNHDxMNNL4Y/s1600/iphone4.png showed off a high-res picture of Cydia on an iPhone 4]. He [http://www.youtube.com/watch?v=__TR86PLiHw displayed an iPod touch 3G with an untethered jailbreak] that met MuscleNerd's requirements for a good video. In addition, he took a [http://4.bp.blogspot.com/_NJ4JFBfr1tY/S7_OvGMqJMI/AAAAAAAAAcE/R5WLrCizGw0/s1600/ipad_jb.jpg picture of Cydia and blackra1n icons on his iPad's SpringBoard].<br />
<br />
[[limera1n]] beta 1 was released on October 9, 2010, delaying the release of [[greenpois0n]], because [[greenpois0n]] has to be rewritten to use the [[limera1n]] exploit instead of [[SHAtter]]. It only supports Windows at the moment and some devices have issues.<br />
<br />
==Release text==<br />
<center>limera1n, 6 months in the making<br><br />
iPhone 3GS, iPod Touch 3G, iPad, iPhone 4, iPod Touch 4G<br><br />
4.0-4.1 and beyond+++<br><br />
limera1n is unpatchable<br><br />
untethered thanks to jailbreakme star '''comex'''<br><br />
released today to get chronicdev to do the right thing<br><br />
brought to you by '''geohot'''<br><br />
hacktivates<br><br />
Mac coming soon<br><br />
follow the instructions in the box, sadly limera1n isn't one click<br><br />
that's the price of unpatchability<br><br />
as usual, donations appreciated but not required<br><br />
still in beta, pardon my ragged edges<br><br />
AppleTV is technically supported, but theres no apps yet<br><br />
zero pictures of my face</center><br />
<br />
==Credit==<br />
*[[User:Geohot|geohot]] - the program itself, and [[bootrom exploit]].<br />
*[[User:Comex|comex]] - [[userland exploit]] that allows [[limera1n]] to run [[untethered]].<br />
<br />
==Changelog==<br />
{| class="wikitable" style="border-collapse:collapse;" border="1"<br />
|-<br />
|<center>'''Version'''</center><br />
|<center>'''Release time'''</center><br />
|<center>'''md5'''</center><br />
|<center>'''Change comment'''</center><br />
|-<br />
|RC1 beta 1<br />
|9 Oct 2010 XX:XX GMT<br />
|2f2b09a6ed5c5613d5361d8a9d0696b6<br />
|First release.<br />
|-<br />
|RC1 beta 2<br />
|9 Oct 2010 XX:XX GMT<br />
|a70dccb3dfc0e505687424184dc3d1ce<br />
|Fixed kernel patching magic. Rerun BETA2+ over BETA1.<br />
|-<br />
|RC1 beta 3<br />
|9 Oct 2010 XX:XX GMT<br />
|81730090f7de1576268ee8c2407c3d35<br />
|Fixed an issue with [[N88ap|iPhone 3GS]] ([[iBoot-359.3.2|new bootrom]])<br />
|-<br />
|RC1 beta 4<br />
|9 Oct 2010 XX:XX GMT<br />
|d901c4b3a544983f095b0d03eb94e4db<br />
|Uninstall fixed, respring fixed<br />
|}<br />
<br />
==Technical Information==<br />
=== Basics ===<br />
* [[limera1n]] does not use [[SHAtter]].<br />
* [[limera1n]] uses a [[bootrom exploit]] to achieve the [[tethered jailbreak]] and [[unsigned code execution]].<br />
* [[limera1n]] uses a userland exploit to make the jailbreak [[Untethered jailbreak|untethered]], which [[User:Geohot|geohot]] was developped by [[User:Comex|comex]].<br />
<br />
=== Exploits ===<br />
[[limera1n]] uses an undisclosed [[bootrom exploit]].<br />
<br />
=== Process ===<br />
The jailbreak appears to execute something like the following (in no particular order):<br />
* In [[recovery1]],<br />
"setenv debug-uarts 1<br />
setenv auto-boot false<br />
saveenv"<br />
* In [[DFU]], it uploads a [[payload]].<br />
* In [[recovery2]], it uploads another [[payload]] and its [[ramdisk]].<br />
<br />
==Controversy==<br />
The release of this jailbreak is specifically designed to pressure [[Chronic Dev]] into not releasing the SHAtter exploit, instead implementing the [[limera1n]] exploit into [[greenpois0n]]. Now that [[User:Geohot|geohot]] has released [[limera1n]], releasing[[SHAtter]] would uselessly disclose another [[bootrom exploit]] to Apple.<br />
<br />
[[User:Geohot|geohot]]'s rationale is that Apple has already discovered, through internal testing, the [[limera1n]] exploit, making it very likely that it will be fixed in the next bootrom. Because iBoot code is present both in the bootrom and firmware, and because firmware is refreshed much more often that bootrom code, any fix in this code branch would appear first in firmware. geohot observed his [[limera1n]] exploit was closed in firmware and concluded that it would almost certainly be fixed in the next bootrom revision, whereas SHAtter still has a chance of remaining usefull in iPhone 5 should it not be disclosed at this time.<br />
<br />
[[limera1n]]'s [[Untethered jailbreak|untethered userland exploit was obtained by [[User:Geohot|geohot]]under questionable circumstances from [[User:Comex|comex]]. [[User:Comex|comex]] did in fact end up giving his approval for the exploit to be included in [[limera1n]].<br />
<br />
==External Links==<br />
* [http://loadingchanges.com/wp-content/uploads/2010/10/limetime.jpg Picture of limera1n in action]<br />
* [http://limera1n.com/ Actual Site http://limera1n.com/]<br />
* [http://theiphonewiki.com/limera1n Mirror Site http://theiphonewiki.com/limera1n]<br />
* [http://www.mediafire.com/?5sovoo41rbcdspw Limera1n RC Beta2 Dump on Mediafire]<br />
* [http://www.pastie.org/1210054 Veence's explanation for release]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Limera1n&diff=10411Limera1n2010-10-11T04:24:46Z<p>Drg: /* Controversy */</p>
<hr />
<div>==Introduction==<br />
[[Image:Ra1ndrop.png|right]]This is [[User:Geohot|geohot's]] [[jailbreak]] utility. It uses his undisclosed exploit, along with [[User:Comex|comex's]] [[userland exploit]], to achieve an [[untethered jailbreak]] on newer devices.<br />
* [[N88ap|iPhone 3GS]] (New [[bootrom]] is now working with Beta 3)<br />
* [[N90ap|iPhone 4]]<br />
* [[N72ap|iPod touch 2G]] (support announced, not released)<br />
* [[N18ap|iPod touch 3G]]<br />
* [[N81ap|iPod touch 4G]]<br />
* [[K48ap|iPad]]<br />
<br />
It has been demonstrated multiple times by [[User:Geohot|geohot]], using blog posts on his now private blog. [[User:Geohot|Geohot]] [http://1.bp.blogspot.com/_NJ4JFBfr1tY/TDgkAsTQEmI/AAAAAAAAAcw/ZNHDxMNNL4Y/s1600/iphone4.png showed off a high-res picture of Cydia on an iPhone 4]. He [http://www.youtube.com/watch?v=__TR86PLiHw displayed an iPod touch 3G with an untethered jailbreak] that met MuscleNerd's requirements for a good video. In addition, he took a [http://4.bp.blogspot.com/_NJ4JFBfr1tY/S7_OvGMqJMI/AAAAAAAAAcE/R5WLrCizGw0/s1600/ipad_jb.jpg picture of Cydia and blackra1n icons on his iPad's SpringBoard].<br />
<br />
[[limera1n]] beta 1 was released on October 9, 2010, delaying the release of [[greenpois0n]], because [[greenpois0n]] has to be rewritten to use the [[limera1n]] exploit instead of [[SHAtter]]. It only supports Windows at the moment and some devices have issues.<br />
<br />
==Release text==<br />
<center>limera1n, 6 months in the making<br><br />
iPhone 3GS, iPod Touch 3G, iPad, iPhone 4, iPod Touch 4G<br><br />
4.0-4.1 and beyond+++<br><br />
limera1n is unpatchable<br><br />
untethered thanks to jailbreakme star '''comex'''<br><br />
released today to get chronicdev to do the right thing<br><br />
brought to you by '''geohot'''<br><br />
hacktivates<br><br />
Mac coming soon<br><br />
follow the instructions in the box, sadly limera1n isn't one click<br><br />
that's the price of unpatchability<br><br />
as usual, donations appreciated but not required<br><br />
still in beta, pardon my ragged edges<br><br />
AppleTV is technically supported, but theres no apps yet<br><br />
zero pictures of my face</center><br />
<br />
==Credit==<br />
*[[User:Geohot|geohot]] - the program itself, and [[bootrom exploit]].<br />
*[[User:Comex|comex]] - [[userland exploit]] that allows [[limera1n]] to run [[untethered]].<br />
<br />
==Changelog==<br />
{| class="wikitable" style="border-collapse:collapse;" border="1"<br />
|-<br />
|<center>'''Version'''</center><br />
|<center>'''Release time'''</center><br />
|<center>'''md5'''</center><br />
|<center>'''Change comment'''</center><br />
|-<br />
|RC1 beta 1<br />
|9 Oct 2010 XX:XX GMT<br />
|2f2b09a6ed5c5613d5361d8a9d0696b6<br />
|First release.<br />
|-<br />
|RC1 beta 2<br />
|9 Oct 2010 XX:XX GMT<br />
|a70dccb3dfc0e505687424184dc3d1ce<br />
|Fixed kernel patching magic. Rerun BETA2+ over BETA1.<br />
|-<br />
|RC1 beta 3<br />
|9 Oct 2010 XX:XX GMT<br />
|81730090f7de1576268ee8c2407c3d35<br />
|Fixed an issue with [[N88ap|iPhone 3GS]] ([[iBoot-359.3.2|new bootrom]])<br />
|-<br />
|RC1 beta 4<br />
|9 Oct 2010 XX:XX GMT<br />
|d901c4b3a544983f095b0d03eb94e4db<br />
|Uninstall fixed, respring fixed<br />
|}<br />
<br />
==Technical Information==<br />
=== Basics ===<br />
* [[limera1n]] does not use [[SHAtter]].<br />
* [[limera1n]] uses a [[bootrom exploit]] to achieve the [[tethered jailbreak]] and [[unsigned code execution]].<br />
* [[limera1n]] uses a userland exploit to make the jailbreak [[Untethered jailbreak|untethered]], which [[User:Geohot|geohot]] was developped by [[User:Comex|comex]].<br />
<br />
=== Exploits ===<br />
[[limera1n]] uses an undisclosed [[bootrom exploit]].<br />
<br />
=== Process ===<br />
The jailbreak appears to execute something like the following (in no particular order):<br />
* In [[recovery1]],<br />
"setenv debug-uarts 1<br />
setenv auto-boot false<br />
saveenv"<br />
* In [[DFU]], it uploads a [[payload]].<br />
* In [[recovery2]], it uploads another [[payload]] and its [[ramdisk]].<br />
<br />
==Controversy==<br />
The release of this jailbreak is specifically designed to pressure [[Chronic Dev]] into not releasing the SHAtter exploit, instead implementing the [[limera1n]] exploit into [[greenpois0n]]. Now that [[User:Geohot|geohot]] has released [[limera1n]], releasing[[SHAtter]] would uselessly disclose another [[bootrom exploit]] to Apple.<br />
<br />
[[User:Geohot|geohot]]'s rationale is that Apple has already discovered, through internal testing, the [[limera1n]] exploit, making it very likely that it will be fixed in the next bootrom. Because iBoot code is present both in the bootrom and firmware, and because firmware is refreshed much more often that bootrom code, any fix in this code branch would appear first in firmware. geohot observed his [[limera1n]] exploit was closed in firmware and concluded that it would almost certainly be fixed in the next bootrom revision, whereas SHAtter still has a chance of remaining usefull in iPhone 5 should it not be disclosed at this time.<br />
<br />
<br />
[[limera1n]]'s [[Untethered jailbreak|untethered userland exploit was obtained by [[User:Geohot|geohot]]under questionable circumstances from [[User:Comex|comex]]. [[User:Comex|comex]] did in fact end up giving his approval for the exploit to be included in [[limera1n]].<br />
<br />
==External Links==<br />
* [http://loadingchanges.com/wp-content/uploads/2010/10/limetime.jpg Picture of limera1n in action]<br />
* [http://limera1n.com/ Actual Site http://limera1n.com/]<br />
* [http://theiphonewiki.com/limera1n Mirror Site http://theiphonewiki.com/limera1n]<br />
* [http://www.mediafire.com/?5sovoo41rbcdspw Limera1n RC Beta2 Dump on Mediafire]<br />
* [http://www.pastie.org/1210054 Veence's explanation for release]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Limera1n&diff=10410Limera1n2010-10-11T04:23:38Z<p>Drg: /* Basics */</p>
<hr />
<div>==Introduction==<br />
[[Image:Ra1ndrop.png|right]]This is [[User:Geohot|geohot's]] [[jailbreak]] utility. It uses his undisclosed exploit, along with [[User:Comex|comex's]] [[userland exploit]], to achieve an [[untethered jailbreak]] on newer devices.<br />
* [[N88ap|iPhone 3GS]] (New [[bootrom]] is now working with Beta 3)<br />
* [[N90ap|iPhone 4]]<br />
* [[N72ap|iPod touch 2G]] (support announced, not released)<br />
* [[N18ap|iPod touch 3G]]<br />
* [[N81ap|iPod touch 4G]]<br />
* [[K48ap|iPad]]<br />
<br />
It has been demonstrated multiple times by [[User:Geohot|geohot]], using blog posts on his now private blog. [[User:Geohot|Geohot]] [http://1.bp.blogspot.com/_NJ4JFBfr1tY/TDgkAsTQEmI/AAAAAAAAAcw/ZNHDxMNNL4Y/s1600/iphone4.png showed off a high-res picture of Cydia on an iPhone 4]. He [http://www.youtube.com/watch?v=__TR86PLiHw displayed an iPod touch 3G with an untethered jailbreak] that met MuscleNerd's requirements for a good video. In addition, he took a [http://4.bp.blogspot.com/_NJ4JFBfr1tY/S7_OvGMqJMI/AAAAAAAAAcE/R5WLrCizGw0/s1600/ipad_jb.jpg picture of Cydia and blackra1n icons on his iPad's SpringBoard].<br />
<br />
[[limera1n]] beta 1 was released on October 9, 2010, delaying the release of [[greenpois0n]], because [[greenpois0n]] has to be rewritten to use the [[limera1n]] exploit instead of [[SHAtter]]. It only supports Windows at the moment and some devices have issues.<br />
<br />
==Release text==<br />
<center>limera1n, 6 months in the making<br><br />
iPhone 3GS, iPod Touch 3G, iPad, iPhone 4, iPod Touch 4G<br><br />
4.0-4.1 and beyond+++<br><br />
limera1n is unpatchable<br><br />
untethered thanks to jailbreakme star '''comex'''<br><br />
released today to get chronicdev to do the right thing<br><br />
brought to you by '''geohot'''<br><br />
hacktivates<br><br />
Mac coming soon<br><br />
follow the instructions in the box, sadly limera1n isn't one click<br><br />
that's the price of unpatchability<br><br />
as usual, donations appreciated but not required<br><br />
still in beta, pardon my ragged edges<br><br />
AppleTV is technically supported, but theres no apps yet<br><br />
zero pictures of my face</center><br />
<br />
==Credit==<br />
*[[User:Geohot|geohot]] - the program itself, and [[bootrom exploit]].<br />
*[[User:Comex|comex]] - [[userland exploit]] that allows [[limera1n]] to run [[untethered]].<br />
<br />
==Changelog==<br />
{| class="wikitable" style="border-collapse:collapse;" border="1"<br />
|-<br />
|<center>'''Version'''</center><br />
|<center>'''Release time'''</center><br />
|<center>'''md5'''</center><br />
|<center>'''Change comment'''</center><br />
|-<br />
|RC1 beta 1<br />
|9 Oct 2010 XX:XX GMT<br />
|2f2b09a6ed5c5613d5361d8a9d0696b6<br />
|First release.<br />
|-<br />
|RC1 beta 2<br />
|9 Oct 2010 XX:XX GMT<br />
|a70dccb3dfc0e505687424184dc3d1ce<br />
|Fixed kernel patching magic. Rerun BETA2+ over BETA1.<br />
|-<br />
|RC1 beta 3<br />
|9 Oct 2010 XX:XX GMT<br />
|81730090f7de1576268ee8c2407c3d35<br />
|Fixed an issue with [[N88ap|iPhone 3GS]] ([[iBoot-359.3.2|new bootrom]])<br />
|-<br />
|RC1 beta 4<br />
|9 Oct 2010 XX:XX GMT<br />
|d901c4b3a544983f095b0d03eb94e4db<br />
|Uninstall fixed, respring fixed<br />
|}<br />
<br />
==Technical Information==<br />
=== Basics ===<br />
* [[limera1n]] does not use [[SHAtter]].<br />
* [[limera1n]] uses a [[bootrom exploit]] to achieve the [[tethered jailbreak]] and [[unsigned code execution]].<br />
* [[limera1n]] uses a userland exploit to make the jailbreak [[Untethered jailbreak|untethered]], which [[User:Geohot|geohot]] was developped by [[User:Comex|comex]].<br />
<br />
=== Exploits ===<br />
[[limera1n]] uses an undisclosed [[bootrom exploit]].<br />
<br />
=== Process ===<br />
The jailbreak appears to execute something like the following (in no particular order):<br />
* In [[recovery1]],<br />
"setenv debug-uarts 1<br />
setenv auto-boot false<br />
saveenv"<br />
* In [[DFU]], it uploads a [[payload]].<br />
* In [[recovery2]], it uploads another [[payload]] and its [[ramdisk]].<br />
<br />
==Controversy==<br />
The release of this jailbreak is specifically designed to pressure [[Chronic Dev]] into not releasing the SHAtter exploit, instead implementing the [[limera1n]] exploit into [[greenpois0n]]. Now that [[User:Geohot|geohot]] has released [[limera1n]], releasing[[SHAtter]] would uselessly disclose another [[bootrom exploit]] to Apple.<br />
<br />
[[User:Geohot|geohot]]'s rationale is that Apple has already discovered, through internal testing, the [[limera1n]] exploit, making it very likely that it will be fixed in the next bootrom. Because iBoot code is present both in the bootrom and firmware, and because firmware is refreshed much more often that bootrom code, any fix in this code branch would appear first in firmware. geohot observed his [[limera1n]] exploit was closed in firmware and concluded that it would almost certainly be fixed in the next bootrom revision, whereas SHAtter still has a chance of remaining usefull in iPhone 5 should it not be disclosed at this time.<br />
<br />
==External Links==<br />
* [http://loadingchanges.com/wp-content/uploads/2010/10/limetime.jpg Picture of limera1n in action]<br />
* [http://limera1n.com/ Actual Site http://limera1n.com/]<br />
* [http://theiphonewiki.com/limera1n Mirror Site http://theiphonewiki.com/limera1n]<br />
* [http://www.mediafire.com/?5sovoo41rbcdspw Limera1n RC Beta2 Dump on Mediafire]<br />
* [http://www.pastie.org/1210054 Veence's explanation for release]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Limera1n&diff=10409Limera1n2010-10-11T04:21:58Z<p>Drg: /* Basics */</p>
<hr />
<div>==Introduction==<br />
[[Image:Ra1ndrop.png|right]]This is [[User:Geohot|geohot's]] [[jailbreak]] utility. It uses his undisclosed exploit, along with [[User:Comex|comex's]] [[userland exploit]], to achieve an [[untethered jailbreak]] on newer devices.<br />
* [[N88ap|iPhone 3GS]] (New [[bootrom]] is now working with Beta 3)<br />
* [[N90ap|iPhone 4]]<br />
* [[N72ap|iPod touch 2G]] (support announced, not released)<br />
* [[N18ap|iPod touch 3G]]<br />
* [[N81ap|iPod touch 4G]]<br />
* [[K48ap|iPad]]<br />
<br />
It has been demonstrated multiple times by [[User:Geohot|geohot]], using blog posts on his now private blog. [[User:Geohot|Geohot]] [http://1.bp.blogspot.com/_NJ4JFBfr1tY/TDgkAsTQEmI/AAAAAAAAAcw/ZNHDxMNNL4Y/s1600/iphone4.png showed off a high-res picture of Cydia on an iPhone 4]. He [http://www.youtube.com/watch?v=__TR86PLiHw displayed an iPod touch 3G with an untethered jailbreak] that met MuscleNerd's requirements for a good video. In addition, he took a [http://4.bp.blogspot.com/_NJ4JFBfr1tY/S7_OvGMqJMI/AAAAAAAAAcE/R5WLrCizGw0/s1600/ipad_jb.jpg picture of Cydia and blackra1n icons on his iPad's SpringBoard].<br />
<br />
[[limera1n]] beta 1 was released on October 9, 2010, delaying the release of [[greenpois0n]], because [[greenpois0n]] has to be rewritten to use the [[limera1n]] exploit instead of [[SHAtter]]. It only supports Windows at the moment and some devices have issues.<br />
<br />
==Release text==<br />
<center>limera1n, 6 months in the making<br><br />
iPhone 3GS, iPod Touch 3G, iPad, iPhone 4, iPod Touch 4G<br><br />
4.0-4.1 and beyond+++<br><br />
limera1n is unpatchable<br><br />
untethered thanks to jailbreakme star '''comex'''<br><br />
released today to get chronicdev to do the right thing<br><br />
brought to you by '''geohot'''<br><br />
hacktivates<br><br />
Mac coming soon<br><br />
follow the instructions in the box, sadly limera1n isn't one click<br><br />
that's the price of unpatchability<br><br />
as usual, donations appreciated but not required<br><br />
still in beta, pardon my ragged edges<br><br />
AppleTV is technically supported, but theres no apps yet<br><br />
zero pictures of my face</center><br />
<br />
==Credit==<br />
*[[User:Geohot|geohot]] - the program itself, and [[bootrom exploit]].<br />
*[[User:Comex|comex]] - [[userland exploit]] that allows [[limera1n]] to run [[untethered]].<br />
<br />
==Changelog==<br />
{| class="wikitable" style="border-collapse:collapse;" border="1"<br />
|-<br />
|<center>'''Version'''</center><br />
|<center>'''Release time'''</center><br />
|<center>'''md5'''</center><br />
|<center>'''Change comment'''</center><br />
|-<br />
|RC1 beta 1<br />
|9 Oct 2010 XX:XX GMT<br />
|2f2b09a6ed5c5613d5361d8a9d0696b6<br />
|First release.<br />
|-<br />
|RC1 beta 2<br />
|9 Oct 2010 XX:XX GMT<br />
|a70dccb3dfc0e505687424184dc3d1ce<br />
|Fixed kernel patching magic. Rerun BETA2+ over BETA1.<br />
|-<br />
|RC1 beta 3<br />
|9 Oct 2010 XX:XX GMT<br />
|81730090f7de1576268ee8c2407c3d35<br />
|Fixed an issue with [[N88ap|iPhone 3GS]] ([[iBoot-359.3.2|new bootrom]])<br />
|-<br />
|RC1 beta 4<br />
|9 Oct 2010 XX:XX GMT<br />
|d901c4b3a544983f095b0d03eb94e4db<br />
|Uninstall fixed, respring fixed<br />
|}<br />
<br />
==Technical Information==<br />
=== Basics ===<br />
* [[limera1n]] does not use [[SHAtter]].<br />
* [[limera1n]] uses a [[bootrom exploit]] to achieve the [[tethered jailbreak]] and [[unsigned code execution]].<br />
* [[limera1n]] uses a userland exploit to make the jailbreak [[Untethered jailbreak|untethered]], which [[User:Geohot|geohot]] obtained under questionable circumstances from [[User:Comex|comex]]. [[User:Comex|comex]] did in fact end up giving his approval for the exploit to be included in [[limera1n]].<br />
<br />
=== Exploits ===<br />
[[limera1n]] uses an undisclosed [[bootrom exploit]].<br />
<br />
=== Process ===<br />
The jailbreak appears to execute something like the following (in no particular order):<br />
* In [[recovery1]],<br />
"setenv debug-uarts 1<br />
setenv auto-boot false<br />
saveenv"<br />
* In [[DFU]], it uploads a [[payload]].<br />
* In [[recovery2]], it uploads another [[payload]] and its [[ramdisk]].<br />
<br />
==Controversy==<br />
The release of this jailbreak is specifically designed to pressure [[Chronic Dev]] into not releasing the SHAtter exploit, instead implementing the [[limera1n]] exploit into [[greenpois0n]]. Now that [[User:Geohot|geohot]] has released [[limera1n]], releasing[[SHAtter]] would uselessly disclose another [[bootrom exploit]] to Apple.<br />
<br />
[[User:Geohot|geohot]]'s rationale is that Apple has already discovered, through internal testing, the [[limera1n]] exploit, making it very likely that it will be fixed in the next bootrom. Because iBoot code is present both in the bootrom and firmware, and because firmware is refreshed much more often that bootrom code, any fix in this code branch would appear first in firmware. geohot observed his [[limera1n]] exploit was closed in firmware and concluded that it would almost certainly be fixed in the next bootrom revision, whereas SHAtter still has a chance of remaining usefull in iPhone 5 should it not be disclosed at this time.<br />
<br />
==External Links==<br />
* [http://loadingchanges.com/wp-content/uploads/2010/10/limetime.jpg Picture of limera1n in action]<br />
* [http://limera1n.com/ Actual Site http://limera1n.com/]<br />
* [http://theiphonewiki.com/limera1n Mirror Site http://theiphonewiki.com/limera1n]<br />
* [http://www.mediafire.com/?5sovoo41rbcdspw Limera1n RC Beta2 Dump on Mediafire]<br />
* [http://www.pastie.org/1210054 Veence's explanation for release]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Limera1n&diff=10408Limera1n2010-10-11T04:20:45Z<p>Drg: /* Basics */</p>
<hr />
<div>==Introduction==<br />
[[Image:Ra1ndrop.png|right]]This is [[User:Geohot|geohot's]] [[jailbreak]] utility. It uses his undisclosed exploit, along with [[User:Comex|comex's]] [[userland exploit]], to achieve an [[untethered jailbreak]] on newer devices.<br />
* [[N88ap|iPhone 3GS]] (New [[bootrom]] is now working with Beta 3)<br />
* [[N90ap|iPhone 4]]<br />
* [[N72ap|iPod touch 2G]] (support announced, not released)<br />
* [[N18ap|iPod touch 3G]]<br />
* [[N81ap|iPod touch 4G]]<br />
* [[K48ap|iPad]]<br />
<br />
It has been demonstrated multiple times by [[User:Geohot|geohot]], using blog posts on his now private blog. [[User:Geohot|Geohot]] [http://1.bp.blogspot.com/_NJ4JFBfr1tY/TDgkAsTQEmI/AAAAAAAAAcw/ZNHDxMNNL4Y/s1600/iphone4.png showed off a high-res picture of Cydia on an iPhone 4]. He [http://www.youtube.com/watch?v=__TR86PLiHw displayed an iPod touch 3G with an untethered jailbreak] that met MuscleNerd's requirements for a good video. In addition, he took a [http://4.bp.blogspot.com/_NJ4JFBfr1tY/S7_OvGMqJMI/AAAAAAAAAcE/R5WLrCizGw0/s1600/ipad_jb.jpg picture of Cydia and blackra1n icons on his iPad's SpringBoard].<br />
<br />
[[limera1n]] beta 1 was released on October 9, 2010, delaying the release of [[greenpois0n]], because [[greenpois0n]] has to be rewritten to use the [[limera1n]] exploit instead of [[SHAtter]]. It only supports Windows at the moment and some devices have issues.<br />
<br />
==Release text==<br />
<center>limera1n, 6 months in the making<br><br />
iPhone 3GS, iPod Touch 3G, iPad, iPhone 4, iPod Touch 4G<br><br />
4.0-4.1 and beyond+++<br><br />
limera1n is unpatchable<br><br />
untethered thanks to jailbreakme star '''comex'''<br><br />
released today to get chronicdev to do the right thing<br><br />
brought to you by '''geohot'''<br><br />
hacktivates<br><br />
Mac coming soon<br><br />
follow the instructions in the box, sadly limera1n isn't one click<br><br />
that's the price of unpatchability<br><br />
as usual, donations appreciated but not required<br><br />
still in beta, pardon my ragged edges<br><br />
AppleTV is technically supported, but theres no apps yet<br><br />
zero pictures of my face</center><br />
<br />
==Credit==<br />
*[[User:Geohot|geohot]] - the program itself, and [[bootrom exploit]].<br />
*[[User:Comex|comex]] - [[userland exploit]] that allows [[limera1n]] to run [[untethered]].<br />
<br />
==Changelog==<br />
{| class="wikitable" style="border-collapse:collapse;" border="1"<br />
|-<br />
|<center>'''Version'''</center><br />
|<center>'''Release time'''</center><br />
|<center>'''md5'''</center><br />
|<center>'''Change comment'''</center><br />
|-<br />
|RC1 beta 1<br />
|9 Oct 2010 XX:XX GMT<br />
|2f2b09a6ed5c5613d5361d8a9d0696b6<br />
|First release.<br />
|-<br />
|RC1 beta 2<br />
|9 Oct 2010 XX:XX GMT<br />
|a70dccb3dfc0e505687424184dc3d1ce<br />
|Fixed kernel patching magic. Rerun BETA2+ over BETA1.<br />
|-<br />
|RC1 beta 3<br />
|9 Oct 2010 XX:XX GMT<br />
|81730090f7de1576268ee8c2407c3d35<br />
|Fixed an issue with [[N88ap|iPhone 3GS]] ([[iBoot-359.3.2|new bootrom]])<br />
|-<br />
|RC1 beta 4<br />
|9 Oct 2010 XX:XX GMT<br />
|d901c4b3a544983f095b0d03eb94e4db<br />
|Uninstall fixed, respring fixed<br />
|}<br />
<br />
==Technical Information==<br />
=== Basics ===<br />
* This does not use [[SHAtter]].<br />
* This uses a [[bootrom exploit]] to achieve the [[tethered jailbreak]] and [[unsigned code execution]].<br />
* This uses a userland exploit to make the jailbreak [[Untethered jailbreak|untethered]], which [[User:Geohot|geohot]] obtained under questionable circumstances from [[User:Comex|comex]]. [[User:Comex|comex]] did in fact end up giving approval of the exploit being included in limerain.<br />
<br />
=== Exploits ===<br />
[[limera1n]] uses an undisclosed [[bootrom exploit]].<br />
<br />
=== Process ===<br />
The jailbreak appears to execute something like the following (in no particular order):<br />
* In [[recovery1]],<br />
"setenv debug-uarts 1<br />
setenv auto-boot false<br />
saveenv"<br />
* In [[DFU]], it uploads a [[payload]].<br />
* In [[recovery2]], it uploads another [[payload]] and its [[ramdisk]].<br />
<br />
==Controversy==<br />
The release of this jailbreak is specifically designed to pressure [[Chronic Dev]] into not releasing the SHAtter exploit, instead implementing the [[limera1n]] exploit into [[greenpois0n]]. Now that [[User:Geohot|geohot]] has released [[limera1n]], releasing[[SHAtter]] would uselessly disclose another [[bootrom exploit]] to Apple.<br />
<br />
[[User:Geohot|geohot]]'s rationale is that Apple has already discovered, through internal testing, the [[limera1n]] exploit, making it very likely that it will be fixed in the next bootrom. Because iBoot code is present both in the bootrom and firmware, and because firmware is refreshed much more often that bootrom code, any fix in this code branch would appear first in firmware. geohot observed his [[limera1n]] exploit was closed in firmware and concluded that it would almost certainly be fixed in the next bootrom revision, whereas SHAtter still has a chance of remaining usefull in iPhone 5 should it not be disclosed at this time.<br />
<br />
==External Links==<br />
* [http://loadingchanges.com/wp-content/uploads/2010/10/limetime.jpg Picture of limera1n in action]<br />
* [http://limera1n.com/ Actual Site http://limera1n.com/]<br />
* [http://theiphonewiki.com/limera1n Mirror Site http://theiphonewiki.com/limera1n]<br />
* [http://www.mediafire.com/?5sovoo41rbcdspw Limera1n RC Beta2 Dump on Mediafire]<br />
* [http://www.pastie.org/1210054 Veence's explanation for release]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Limera1n&diff=10403Limera1n2010-10-11T03:23:58Z<p>Drg: /* Controversy */</p>
<hr />
<div>==Introduction==<br />
[[Image:Ra1ndrop.png|right]]This is [[User:Geohot|geohot's]] [[jailbreak]] utility. It uses his undisclosed exploit, along with [[User:Comex|comex's]] [[userland exploit]], to achieve an [[untethered jailbreak]] on newer devices.<br />
* [[N88ap|iPhone 3GS]] (New [[bootrom]] is now working with Beta 3)<br />
* [[N90ap|iPhone 4]]<br />
* [[N72ap|iPod touch 2G]] (support announced, not released)<br />
* [[N18ap|iPod touch 3G]]<br />
* [[N81ap|iPod touch 4G]]<br />
* [[K48ap|iPad]]<br />
<br />
It has been demonstrated multiple times by [[User:Geohot|geohot]], using blog posts on his now private blog. [[User:Geohot|Geohot]] [http://1.bp.blogspot.com/_NJ4JFBfr1tY/TDgkAsTQEmI/AAAAAAAAAcw/ZNHDxMNNL4Y/s1600/iphone4.png showed off a high-res picture of Cydia on an iPhone 4]. He [http://www.youtube.com/watch?v=__TR86PLiHw displayed an iPod touch 3G with an untethered jailbreak] that met MuscleNerd's requirements for a good video. In addition, he took a [http://4.bp.blogspot.com/_NJ4JFBfr1tY/S7_OvGMqJMI/AAAAAAAAAcE/R5WLrCizGw0/s1600/ipad_jb.jpg picture of Cydia and blackra1n icons on his iPad's SpringBoard].<br />
<br />
[[limera1n]] beta 1 was released on October 9, 2010, delaying the release of [[greenpois0n]], because [[greenpois0n]] has to be rewritten to use the [[limera1n]] exploit instead of [[SHAtter]]. It only supports Windows at the moment and some devices have issues.<br />
<br />
==Release text==<br />
<center>limera1n, 6 months in the making<br><br />
iPhone 3GS, iPod Touch 3G, iPad, iPhone 4, iPod Touch 4G<br><br />
4.0-4.1 and beyond+++<br><br />
limera1n is unpatchable<br><br />
untethered thanks to jailbreakme star '''comex'''<br><br />
released today to get chronicdev to do the right thing<br><br />
brought to you by '''geohot'''<br><br />
hacktivates<br><br />
Mac coming soon<br><br />
follow the instructions in the box, sadly limera1n isn't one click<br><br />
that's the price of unpatchability<br><br />
as usual, donations appreciated but not required<br><br />
still in beta, pardon my ragged edges<br><br />
AppleTV is technically supported, but theres no apps yet<br><br />
zero pictures of my face</center><br />
<br />
==Credit==<br />
*[[User:Geohot|geohot]] - the program itself, and [[bootrom exploit]].<br />
*[[User:Comex|comex]] - [[userland exploit]] that allows [[limera1n]] to run [[untethered]].<br />
<br />
==Changelog==<br />
{| class="wikitable" style="border-collapse:collapse;" border="1"<br />
|-<br />
|<center>'''Version'''</center><br />
|<center>'''Release time'''</center><br />
|<center>'''md5'''</center><br />
|<center>'''Change comment'''</center><br />
|-<br />
|RC1 beta 1<br />
|9 Oct 2010 XX:XX GMT<br />
|2f2b09a6ed5c5613d5361d8a9d0696b6<br />
|First release.<br />
|-<br />
|RC1 beta 2<br />
|9 Oct 2010 XX:XX GMT<br />
|a70dccb3dfc0e505687424184dc3d1ce<br />
|Fixed kernel patching magic. Rerun BETA2+ over BETA1.<br />
|-<br />
|RC1 beta 3<br />
|9 Oct 2010 XX:XX GMT<br />
|81730090f7de1576268ee8c2407c3d35<br />
|Fixed an issue with [[N88ap|iPhone 3GS]] ([[iBoot-359.3.2|new bootrom]])<br />
|-<br />
|RC1 beta 4<br />
|9 Oct 2010 XX:XX GMT<br />
|d901c4b3a544983f095b0d03eb94e4db<br />
|Uninstall fixed, respring fixed<br />
|}<br />
<br />
==Technical Information==<br />
=== Basics ===<br />
* This does not use [[SHAtter]].<br />
* This uses a [[bootrom exploit]] to achieve the [[tethered jailbreak]] and [[unsigned code execution]].<br />
* This uses a userland exploit to make the jailbreak [[Untethered jailbreak|untethered]], which [[User:Geohot|geohot]] obtained under questionable circumstances from [[User:Comex|comex]].<br />
<br />
=== Exploits ===<br />
[[limera1n]] uses an undisclosed [[bootrom exploit]].<br />
<br />
=== Process ===<br />
The jailbreak appears to execute something like the following (in no particular order):<br />
* In [[recovery1]],<br />
"setenv debug-uarts 1<br />
setenv auto-boot false<br />
saveenv"<br />
* In [[DFU]], it uploads a [[payload]].<br />
* In [[recovery2]], it uploads another [[payload]] and its [[ramdisk]].<br />
<br />
==Controversy==<br />
The release of this jailbreak is specifically designed to pressure [[Chronic Dev]] into not releasing the SHAtter exploit, instead implementing the [[limera1n]] exploit into [[greenpois0n]]. Now that [[User:Geohot|geohot]] has released [[limera1n]], releasing[[SHAtter]] would uselessly disclose another [[bootrom exploit]] to Apple.<br />
<br />
[[User:Geohot|geohot]]'s rationale is that Apple has already discovered, through internal testing, the [[limera1n]] exploit, making it very likely that it will be fixed in the next bootrom. Because iBoot code is present both in the bootrom and firmware, and because firmware is refreshed much more often that bootrom code, any fix in this code branch would appear first in firmware. geohot observed his [[limera1n]] exploit was closed in firmware and concluded that it would almost certainly be fixed in the next bootrom revision, whereas SHAtter still has a chance of remaining usefull in iPhone 5 should it not be disclosed at this time.<br />
<br />
==External Links==<br />
* [http://loadingchanges.com/wp-content/uploads/2010/10/limetime.jpg Picture of limera1n in action]<br />
* [http://limera1n.com/ Actual Site http://limera1n.com/]<br />
* [http://theiphonewiki.com/limera1n Mirror Site http://theiphonewiki.com/limera1n]<br />
* [http://www.mediafire.com/?5sovoo41rbcdspw Limera1n RC Beta2 Dump on Mediafire]<br />
* [http://www.pastie.org/1210054 Veence's explanation for release]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Limera1n&diff=10402Limera1n2010-10-11T03:23:27Z<p>Drg: /* Controversy */</p>
<hr />
<div>==Introduction==<br />
[[Image:Ra1ndrop.png|right]]This is [[User:Geohot|geohot's]] [[jailbreak]] utility. It uses his undisclosed exploit, along with [[User:Comex|comex's]] [[userland exploit]], to achieve an [[untethered jailbreak]] on newer devices.<br />
* [[N88ap|iPhone 3GS]] (New [[bootrom]] is now working with Beta 3)<br />
* [[N90ap|iPhone 4]]<br />
* [[N72ap|iPod touch 2G]] (support announced, not released)<br />
* [[N18ap|iPod touch 3G]]<br />
* [[N81ap|iPod touch 4G]]<br />
* [[K48ap|iPad]]<br />
<br />
It has been demonstrated multiple times by [[User:Geohot|geohot]], using blog posts on his now private blog. [[User:Geohot|Geohot]] [http://1.bp.blogspot.com/_NJ4JFBfr1tY/TDgkAsTQEmI/AAAAAAAAAcw/ZNHDxMNNL4Y/s1600/iphone4.png showed off a high-res picture of Cydia on an iPhone 4]. He [http://www.youtube.com/watch?v=__TR86PLiHw displayed an iPod touch 3G with an untethered jailbreak] that met MuscleNerd's requirements for a good video. In addition, he took a [http://4.bp.blogspot.com/_NJ4JFBfr1tY/S7_OvGMqJMI/AAAAAAAAAcE/R5WLrCizGw0/s1600/ipad_jb.jpg picture of Cydia and blackra1n icons on his iPad's SpringBoard].<br />
<br />
[[limera1n]] beta 1 was released on October 9, 2010, delaying the release of [[greenpois0n]], because [[greenpois0n]] has to be rewritten to use the [[limera1n]] exploit instead of [[SHAtter]]. It only supports Windows at the moment and some devices have issues.<br />
<br />
==Release text==<br />
<center>limera1n, 6 months in the making<br><br />
iPhone 3GS, iPod Touch 3G, iPad, iPhone 4, iPod Touch 4G<br><br />
4.0-4.1 and beyond+++<br><br />
limera1n is unpatchable<br><br />
untethered thanks to jailbreakme star '''comex'''<br><br />
released today to get chronicdev to do the right thing<br><br />
brought to you by '''geohot'''<br><br />
hacktivates<br><br />
Mac coming soon<br><br />
follow the instructions in the box, sadly limera1n isn't one click<br><br />
that's the price of unpatchability<br><br />
as usual, donations appreciated but not required<br><br />
still in beta, pardon my ragged edges<br><br />
AppleTV is technically supported, but theres no apps yet<br><br />
zero pictures of my face</center><br />
<br />
==Credit==<br />
*[[User:Geohot|geohot]] - the program itself, and [[bootrom exploit]].<br />
*[[User:Comex|comex]] - [[userland exploit]] that allows [[limera1n]] to run [[untethered]].<br />
<br />
==Changelog==<br />
{| class="wikitable" style="border-collapse:collapse;" border="1"<br />
|-<br />
|<center>'''Version'''</center><br />
|<center>'''Release time'''</center><br />
|<center>'''md5'''</center><br />
|<center>'''Change comment'''</center><br />
|-<br />
|RC1 beta 1<br />
|9 Oct 2010 XX:XX GMT<br />
|2f2b09a6ed5c5613d5361d8a9d0696b6<br />
|First release.<br />
|-<br />
|RC1 beta 2<br />
|9 Oct 2010 XX:XX GMT<br />
|a70dccb3dfc0e505687424184dc3d1ce<br />
|Fixed kernel patching magic. Rerun BETA2+ over BETA1.<br />
|-<br />
|RC1 beta 3<br />
|9 Oct 2010 XX:XX GMT<br />
|81730090f7de1576268ee8c2407c3d35<br />
|Fixed an issue with [[N88ap|iPhone 3GS]] ([[iBoot-359.3.2|new bootrom]])<br />
|-<br />
|RC1 beta 4<br />
|9 Oct 2010 XX:XX GMT<br />
|d901c4b3a544983f095b0d03eb94e4db<br />
|Uninstall fixed, respring fixed<br />
|}<br />
<br />
==Technical Information==<br />
=== Basics ===<br />
* This does not use [[SHAtter]].<br />
* This uses a [[bootrom exploit]] to achieve the [[tethered jailbreak]] and [[unsigned code execution]].<br />
* This uses a userland exploit to make the jailbreak [[Untethered jailbreak|untethered]], which [[User:Geohot|geohot]] obtained under questionable circumstances from [[User:Comex|comex]].<br />
<br />
=== Exploits ===<br />
[[limera1n]] uses an undisclosed [[bootrom exploit]].<br />
<br />
=== Process ===<br />
The jailbreak appears to execute something like the following (in no particular order):<br />
* In [[recovery1]],<br />
"setenv debug-uarts 1<br />
setenv auto-boot false<br />
saveenv"<br />
* In [[DFU]], it uploads a [[payload]].<br />
* In [[recovery2]], it uploads another [[payload]] and its [[ramdisk]].<br />
<br />
==Controversy==<br />
The release of this jailbreak is specifically designed to pressure [[Chronic Dev]] into not releasing the SHAtter exploit, instead implementing the [[limera1n]] exploit into [[greenpois0n]]. Now that [[User:Geohot|geohot]] has released [[limera1n]], releasing[[SHAtter]] would uselessly disclose another[[bootrom exploit]] to Apple.<br />
<br />
[[User:Geohot|geohot]]'s rationale is that Apple has already discovered, through internal testing, the [[limera1n]] exploit, making it very likely that it will be fixed in the next bootrom. Because iBoot code is present both in the bootrom and firmware, and because firmware is refreshed much more often that bootrom code, any fix in this code branch would appear first in firmware. Geohot observed his [[limera1n]] exploit was closed in firmware and concluded that it would almost certainly be fixed in the next bootrom revision, whereas SHAtter still has a chance of remaining usefull in iPhone 5 should it not be disclosed at this time.<br />
<br />
==External Links==<br />
* [http://loadingchanges.com/wp-content/uploads/2010/10/limetime.jpg Picture of limera1n in action]<br />
* [http://limera1n.com/ Actual Site http://limera1n.com/]<br />
* [http://theiphonewiki.com/limera1n Mirror Site http://theiphonewiki.com/limera1n]<br />
* [http://www.mediafire.com/?5sovoo41rbcdspw Limera1n RC Beta2 Dump on Mediafire]<br />
* [http://www.pastie.org/1210054 Veence's explanation for release]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Limera1n&diff=10328Limera1n2010-10-10T02:40:19Z<p>Drg: /* Basics */</p>
<hr />
<div>== Release ==<br />
On the 9th of October 2010 [[Limera1n]] was released, delaying the release of [[SHAtter]]. [[Limera1n]] is now in Beta 2. It only supports Windows at the moment and a large number of devices have issues.<br />
<br />
== Download ==<br />
<!-- DO NOT CHANGE ANY LINKS! THESE ARE HERE FOR A REASON. ONLY CHANGE TO ADD YOUR OWN MIRROR LINKS! --><br />
{| border=3<br />
|-<br />
| RC1 BETA2 for Windows from the official website. <!-- DO NOT CHANGE THIS LINK UNLESS THE LINK ON LIMERA1N.com CHANGES! --><br />
| [http://limera1n.com/limera1n.exe HTTP]<br />
<!-- A MIRROR IS NOT NEEDED. THIS ISN'T A PAGE MEANT TO ENCOURAGE LIMERA1N! --><br />
|}<br />
<br />
== Background Information ==<br />
Limera1n is a jailbreak by [[User:Geohot|geohot]]. It is untethered on all supported devices, which include the following (but aren't necessarily limited to):<br />
* [[N88ap|iPhone 3GS]]<br />
* [[N90ap|iPhone 4]]<br />
* [[N18ap|iPod touch 3G]]<br />
* [[N81ap|iPod touch 4G]]<br />
* [[K48ap|iPad 1G]]<br />
* [[K66ap|Apple TV 2G]]<br />
<br />
It has been demonstrated multiple times by geohot, using blog posts on his now private blog. Geohot showed off a high-res picture of Cydia on an iPhone 4. [http://1.bp.blogspot.com/_NJ4JFBfr1tY/TDgkAsTQEmI/AAAAAAAAAcw/ZNHDxMNNL4Y/s1600/iphone4.png Image] He displayed an [[untethered jailbreak]] that met MuscleNerd's requirements for a good video on the iPod touch 3G: [http://www.youtube.com/watch?v=__TR86PLiHw YouTube Video] In addition, he demonstrated Cydia, blackra1n, and a verbose boot on an iPad (before Spirit was released): [http://4.bp.blogspot.com/_NJ4JFBfr1tY/S7_OvGMqJMI/AAAAAAAAAcE/R5WLrCizGw0/s1600/ipad_jb.jpg Image]<br />
<br />
== Technical Information ==<br />
=== Basics ===<br />
* This does not use [[SHAtter]].<br />
* This uses a [[bootrom]] exploit (different than the [[greenpois0n]] one) to achieve the tethered jailbreak and unsigned code execution<br />
* This uses a userland exploit to provide untetheredness, which [[User:Geohot|geohot]] obtained under questionable circumstances from [[User:Comex|comex]].<br />
* [[Chronic Dev (team)|Chronic Dev]] knows about this exploit and has confirmed its legitimacy<br />
<br />
=== Exploits ===<br />
* The pwnage-type exploit appears to reside in DFU mode of the device.<br />
=== Process ===<br />
The jailbreak appears to execute something like the following:<br />
1) The tool has you boot into DFU mode, where the fun starts.<br />
2) Limera1n.exe appears to upload a payload to your device and execute it at this time, to pwn out the signature checks.<br />
3) The device reboots and is now pwned. From here, it uploads an exploit and a ramdisk. The ramdisk installs limera1n.app and possibly the untethered part of the jailbreak.<br />
4) The device shuts down and upon reboot with no computer necessary, the device is jailbroken.<br />
<br />
== Controversy ==<br />
The release of this jailbreak is specifically designed to pressure the Chronic Dev team into implementing the exploits in limera1n into greenpois0n. Now that geohot has released limera1n, [[SHAtter]] can't be released without major negative backlash from other hackers, as this would burn a bootrom exploit.<br />
<br />
== External Links ==<br />
* [http://loadingchanges.com/wp-content/uploads/2010/10/limetime.jpg Picture of limera1n in action]<br />
* http://limera1n.com/<br />
* http://theiphonewiki.com/limera1n (cached copy)<br />
* [http://www.twitlonger.com/show/6d31jr Info from cdevwill]<br />
* [http://www.mediafire.com/?5sovoo41rbcdspw Sumdin sexay]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=M68AP&diff=6104M68AP2010-04-21T17:13:18Z<p>Drg: /* Jailbreak/Unlock Status */</p>
<hr />
<div>[[Image:Jailbroken.PNG|right|thumb|Homescreen of a jailbroken iPhone 3G. Note that when it comes to the [[iPhone]] and [[iPhone 3G]], the OS remains exactly the same, as does the home screen. However, this does not apply to the [[iPod Touch]]|300px]]<br />
<br />
This is the original [[iPhone]]. It was released on June 29, 2007, it is an internet-connected multimedia smartphone designed and manufactered by Apple Inc, with a multi-touch screen. It does not have a physical keyboard, so a virtual keyboard is rendered onto the multi-touch screen. The iPhone functions as a camera phone, a media player and an internet client. The first generation includes Quad-Band GSM with EDGE, unlike the later versions with more advanced UMTS and HSDPA.<br />
==Internals==<br />
<i>See: [[M68ap (Internals)]][http://maltiel-consulting.com/iPhone_Chip_Components_maltiel_semiconductor.htm]</i><br />
<br />
== Baseband ==<br />
The [[iPhone]] uses the [[S-Gold 2]] baseband chip<br />
<br />
== Application Processor ==<br />
It makes use of the [[S5L8900]] application processor. At the time, the [[iPhone]], [[iPhone 3G]], and [[iPod Touch]] all use this same processor.<br />
<br />
== [[Bluetooth]] ==<br />
<br />
Uses the CSR BlueCore4 Chip (BC41B41)<br />
<br />
== Differences between iPhone Models ==<br />
<br />
{| class="wikitable" style="font-size: smaller; text-align: center; width: auto; table-layout: fixed; border-collapse: collapse;" border="1"<br />
!Device<br />
!Case Material<br />
!Colours<br />
!Dimensions<br />
!Weight<br />
!Capacity<br />
!Processor Speed<br />
!RAM<br />
!Battery Life<br />
!Initial Firmware<br />
!Camera<br />
!Voice Controls<br />
!GPS<br />
|-<br />
|iPhone 2G<br />
|Aluminium<br />
|Aluminium<br />
|4.5x2.4x0.46 in.<br />
|4.8oz.<br />
|4*/8/16**GB<br />
|412MHz<br />
|128Mb<br />
|24h (Music), 7h (Video)<br />
|1.0 (1A543a)<br />
|2MP<br />
|{{no}}<br />
|{{no}}<br />
|-<br />
|iPhone 3G<br />
|Plastic<br />
|Black/White***<br />
|4.5x2.4x0.48 in.<br />
|4.7oz.<br />
|8/16GB<br />
|412MHz<br />
|128Mb<br />
|24h (Music), 7h (Video)<br />
|2.0 (5A345)<br />
|2MP<br />
|{{no}}<br />
|{{yes}}<br />
|-<br />
|iPhone 3GS<br />
|Plastic<br />
|Black/White<br />
|4.5x2.4x0.48 in.<br />
|4.8oz.<br />
|16/32GB<br />
|620MHz<br />
|256Mb<br />
|30h (Music), 10h (Video)<br />
|3.0 (7A341)<br />
|3.2MP Auto Focus<br />
|{{yes}}<br />
|{{yes}}<br />
|}<br />
<br />
(*) Discontinued on September 5, 2007<br />
(**) Introduced on February 5, 2008<br />
(***) 16GB version only<br />
<br />
== Jailbreak/Unlock Status ==<br />
Naturally, as the iPhone 2G was a first generation device, it is one of the more hack-friendly iDevices. It is susceptible to [[Pwnage 2.0]] for an [[untethered jailbreak]], and will remain that way since it is a hardware-based exploit. The iPhone 2G [[unlock]] is also available and is unfixable by Apple. The [[iPhone Dev Team]] created [[BootNeuter]] which can remove restrictions the [[Baseband Bootloader]] imposes and unlock the iPhone 2G no matter what.<br />
<br />
==External Links==<br />
*[http://maltiel-consulting.com/iPhone_Chip_Components_maltiel_semiconductor.htm iPhone semiconductor components]<br />
*[http://www.eetasia.com/ART_8800470713_499488_NT_d06c93ea.HTM Analysts crack open the iPhone, reveal chip suppliers]<br />
*[http://www.anandtech.com/mac/showdoc.aspx?i=3026&p=1 Apple's iPhone Dissected: We did it, so you don't have to]<br />
*[http://www.hardwarebook.info/IPhone Hwb iPhone]<br />
*[http://ivitto.wordpress.com/ iVitto's Blog]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=M68AP&diff=6103M68AP2010-04-21T17:11:46Z<p>Drg: /* Differences between iPhone Models */</p>
<hr />
<div>[[Image:Jailbroken.PNG|right|thumb|Homescreen of a jailbroken iPhone 3G. Note that when it comes to the [[iPhone]] and [[iPhone 3G]], the OS remains exactly the same, as does the home screen. However, this does not apply to the [[iPod Touch]]|300px]]<br />
<br />
This is the original [[iPhone]]. It was released on June 29, 2007, it is an internet-connected multimedia smartphone designed and manufactered by Apple Inc, with a multi-touch screen. It does not have a physical keyboard, so a virtual keyboard is rendered onto the multi-touch screen. The iPhone functions as a camera phone, a media player and an internet client. The first generation includes Quad-Band GSM with EDGE, unlike the later versions with more advanced UMTS and HSDPA.<br />
==Internals==<br />
<i>See: [[M68ap (Internals)]][http://maltiel-consulting.com/iPhone_Chip_Components_maltiel_semiconductor.htm]</i><br />
<br />
== Baseband ==<br />
The [[iPhone]] uses the [[S-Gold 2]] baseband chip<br />
<br />
== Application Processor ==<br />
It makes use of the [[S5L8900]] application processor. At the time, the [[iPhone]], [[iPhone 3G]], and [[iPod Touch]] all use this same processor.<br />
<br />
== [[Bluetooth]] ==<br />
<br />
Uses the CSR BlueCore4 Chip (BC41B41)<br />
<br />
== Differences between iPhone Models ==<br />
<br />
{| class="wikitable" style="font-size: smaller; text-align: center; width: auto; table-layout: fixed; border-collapse: collapse;" border="1"<br />
!Device<br />
!Case Material<br />
!Colours<br />
!Dimensions<br />
!Weight<br />
!Capacity<br />
!Processor Speed<br />
!RAM<br />
!Battery Life<br />
!Initial Firmware<br />
!Camera<br />
!Voice Controls<br />
!GPS<br />
|-<br />
|iPhone 2G<br />
|Aluminium<br />
|Aluminium<br />
|4.5x2.4x0.46 in.<br />
|4.8oz.<br />
|4*/8/16**GB<br />
|412MHz<br />
|128Mb<br />
|24h (Music), 7h (Video)<br />
|1.0 (1A543a)<br />
|2MP<br />
|{{no}}<br />
|{{no}}<br />
|-<br />
|iPhone 3G<br />
|Plastic<br />
|Black/White***<br />
|4.5x2.4x0.48 in.<br />
|4.7oz.<br />
|8/16GB<br />
|412MHz<br />
|128Mb<br />
|24h (Music), 7h (Video)<br />
|2.0 (5A345)<br />
|2MP<br />
|{{no}}<br />
|{{yes}}<br />
|-<br />
|iPhone 3GS<br />
|Plastic<br />
|Black/White<br />
|4.5x2.4x0.48 in.<br />
|4.8oz.<br />
|16/32GB<br />
|620MHz<br />
|256Mb<br />
|30h (Music), 10h (Video)<br />
|3.0 (7A341)<br />
|3.2MP Auto Focus<br />
|{{yes}}<br />
|{{yes}}<br />
|}<br />
<br />
(*) Discontinued on September 5, 2007<br />
(**) Introduced on February 5, 2008<br />
(***) 16GB version only<br />
<br />
== Jailbreak/Unlock Status ==<br />
Naturally, as the iPhone 2G was a first generation device, it is one of the more hack-friendly iDevices. It is susceptible to [[Pwnage 2.0]] for an [[untethered jailbreak]], and will remain that way since it is a hardware-based exploit. The iPhone 2G [[unlock]] was also defeated. The [[iPhone Dev Team]] created [[BootNeuter]] which can remove restrictions the [[Baseband Bootloader]] imposes and unlock the iPhone 2G no matter what.<br />
<br />
==External Links==<br />
*[http://maltiel-consulting.com/iPhone_Chip_Components_maltiel_semiconductor.htm iPhone semiconductor components]<br />
*[http://www.eetasia.com/ART_8800470713_499488_NT_d06c93ea.HTM Analysts crack open the iPhone, reveal chip suppliers]<br />
*[http://www.anandtech.com/mac/showdoc.aspx?i=3026&p=1 Apple's iPhone Dissected: We did it, so you don't have to]<br />
*[http://www.hardwarebook.info/IPhone Hwb iPhone]<br />
*[http://ivitto.wordpress.com/ iVitto's Blog]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Blacksn0w&diff=5653Blacksn0w2009-11-16T18:57:47Z<p>Drg: </p>
<hr />
<div>The runtime unlock for baseband 5.11.07 (iPhone 3G & 3GS) by geohot which uses the [[AT+XEMN Heap Overflow]] exploit. Blacksn0w was released November 3rd for the iPhone 3G and 3GS and can be downloaded for free together with [[blackra1n]] at http://blackra1n.com as well as through Cydia by adding the repo http://blackra1n.com/.</div>Drghttps://www.theiphonewiki.com/w/index.php?title=AT%2BXEMN_Heap_Overflow&diff=5342AT+XEMN Heap Overflow2009-11-01T22:55:30Z<p>Drg: /* July 2009 */</p>
<hr />
<div>AT+XEMN is a command on baseband 5.11.07 (pushed out with the 3.1 release), which when exploited correctly, causes a heap overflow allowing the crash to be moulded into an injection vector. This injection vector can then be used to inject an unlocking payload to provide a coveted Software SIM Unlock on the official 3.1(.2) firmware running 5.11.07<br />
<br />
== Credit ==<br />
* '''Vulnerability''': [[User:Oranav|Oranav]] (July) and ih8sn0w (September) (discovered independently)<br><br />
* '''Exploit''': [[User:geohot|geohot]]<br />
<br />
== Implementation ==<br />
This exploit is used in [[blacksn0w]].<br />
<br />
== Exception Dump == <br />
+XLOG: Exception Number: 1<br />
Trap Class: 0xDDDD (SW GENERATED TRAP)<br />
Identification: 140 (0x008C)<br />
Date: 22.10.2009<br />
Time: 00:30<br />
File: atform/text/_malloc.c<br />
Line: 1036<br />
Logdata:<br />
2E 0C 76 ED 40 14 31 64 61 74 63 3A 31 00 64 63 ..v.@.1datc:1.dc<br />
20 44 F4 E9 20 20 20 20 20 20 20 20 20 20 20 20 D.. <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20<br />
<br />
== Timeline ==<br />
=== July 2009 ===<br />
*[[User:Oranav|Oranav]] discovers this crash and gives is to the [[iPhone Dev Team]].<br />
*Upon initial investigation, The [[iPhone Dev Team]], mistakenly concludes that the crash is non-exploitable.<br />
<br />
=== September 2009 ===<br />
*iH8sn0w discovered this command independently but kept it a secret for about a month. [http://twitter.com/iH8sn0w/status/4353547726 ]<br />
<br />
=== October 2009 ===<br />
*When the Dev-Team stated that iH8sn0w did not have a unlock, he posted the command on Twitter. [http://twitter.com/iH8sn0w/status/4954333558]<br />
*Shortly after, Oranav posted his Hash from July. [http://pastebin.ca/1485104]<br />
*MuscleNerd tells iHacker that the crash was received awhile ago and is thought to be non-exploitable. [http://twitter.com/MuscleNerd/status/4978871033][http://twitter.com/iHacker/status/4978821448]<br />
*[[User:Geohot|Geohot]] attempts to exploit this crash, but intially also finds it to be non-exploitable. [http://twitter.com/geohot/status/4979506974]<br />
*Geohot does more investigation and discovers that this crash is indeed exploitable, and that it's a heap overflow. [http://twitter.com/geohot/status/5196861045]<br />
*Geohot achieves arbitrary code execution and begins work on unlock which will be called blacksn0w. [http://iphonejtag.blogspot.com/2009/10/heap-of-trouble.html]<br />
*Geohot posts a video of an unlocked 05.11.07 device. [http://www.youtube.com/watch?v=g23e9e9zOVI]<br />
<br />
[[Category:Baseband Exploits]]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=AT%2BXEMN_Heap_Overflow&diff=5341AT+XEMN Heap Overflow2009-11-01T22:54:08Z<p>Drg: /* October 2009 */</p>
<hr />
<div>AT+XEMN is a command on baseband 5.11.07 (pushed out with the 3.1 release), which when exploited correctly, causes a heap overflow allowing the crash to be moulded into an injection vector. This injection vector can then be used to inject an unlocking payload to provide a coveted Software SIM Unlock on the official 3.1(.2) firmware running 5.11.07<br />
<br />
== Credit ==<br />
* '''Vulnerability''': [[User:Oranav|Oranav]] (July) and ih8sn0w (September) (discovered independently)<br><br />
* '''Exploit''': [[User:geohot|geohot]]<br />
<br />
== Implementation ==<br />
This exploit is used in [[blacksn0w]].<br />
<br />
== Exception Dump == <br />
+XLOG: Exception Number: 1<br />
Trap Class: 0xDDDD (SW GENERATED TRAP)<br />
Identification: 140 (0x008C)<br />
Date: 22.10.2009<br />
Time: 00:30<br />
File: atform/text/_malloc.c<br />
Line: 1036<br />
Logdata:<br />
2E 0C 76 ED 40 14 31 64 61 74 63 3A 31 00 64 63 ..v.@.1datc:1.dc<br />
20 44 F4 E9 20 20 20 20 20 20 20 20 20 20 20 20 D.. <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20<br />
<br />
== Timeline ==<br />
=== July 2009 ===<br />
*[[User:Oranav|Oranav]] discovers this crash and gives is to the [[iPhone Dev Team]].<br />
*Upon initial investigation, The [[iPhone Dev Team]], mistakenly states that the crash is non-exploitable.<br />
<br />
=== September 2009 ===<br />
*iH8sn0w discovered this command independently but kept it a secret for about a month. [http://twitter.com/iH8sn0w/status/4353547726 ]<br />
<br />
=== October 2009 ===<br />
*When the Dev-Team stated that iH8sn0w did not have a unlock, he posted the command on Twitter. [http://twitter.com/iH8sn0w/status/4954333558]<br />
*Shortly after, Oranav posted his Hash from July. [http://pastebin.ca/1485104]<br />
*MuscleNerd tells iHacker that the crash was received awhile ago and is thought to be non-exploitable. [http://twitter.com/MuscleNerd/status/4978871033][http://twitter.com/iHacker/status/4978821448]<br />
*[[User:Geohot|Geohot]] attempts to exploit this crash, but intially also finds it to be non-exploitable. [http://twitter.com/geohot/status/4979506974]<br />
*Geohot does more investigation and discovers that this crash is indeed exploitable, and that it's a heap overflow. [http://twitter.com/geohot/status/5196861045]<br />
*Geohot achieves arbitrary code execution and begins work on unlock which will be called blacksn0w. [http://iphonejtag.blogspot.com/2009/10/heap-of-trouble.html]<br />
*Geohot posts a video of an unlocked 05.11.07 device. [http://www.youtube.com/watch?v=g23e9e9zOVI]<br />
<br />
[[Category:Baseband Exploits]]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=AT%2BXEMN_Heap_Overflow&diff=5340AT+XEMN Heap Overflow2009-11-01T22:52:37Z<p>Drg: /* October 2009 */</p>
<hr />
<div>AT+XEMN is a command on baseband 5.11.07 (pushed out with the 3.1 release), which when exploited correctly, causes a heap overflow allowing the crash to be moulded into an injection vector. This injection vector can then be used to inject an unlocking payload to provide a coveted Software SIM Unlock on the official 3.1(.2) firmware running 5.11.07<br />
<br />
== Credit ==<br />
* '''Vulnerability''': [[User:Oranav|Oranav]] (July) and ih8sn0w (September) (discovered independently)<br><br />
* '''Exploit''': [[User:geohot|geohot]]<br />
<br />
== Implementation ==<br />
This exploit is used in [[blacksn0w]].<br />
<br />
== Exception Dump == <br />
+XLOG: Exception Number: 1<br />
Trap Class: 0xDDDD (SW GENERATED TRAP)<br />
Identification: 140 (0x008C)<br />
Date: 22.10.2009<br />
Time: 00:30<br />
File: atform/text/_malloc.c<br />
Line: 1036<br />
Logdata:<br />
2E 0C 76 ED 40 14 31 64 61 74 63 3A 31 00 64 63 ..v.@.1datc:1.dc<br />
20 44 F4 E9 20 20 20 20 20 20 20 20 20 20 20 20 D.. <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20<br />
<br />
== Timeline ==<br />
=== July 2009 ===<br />
*[[User:Oranav|Oranav]] discovers this crash and gives is to the [[iPhone Dev Team]].<br />
*Upon initial investigation, The [[iPhone Dev Team]], mistakenly states that the crash is non-exploitable.<br />
<br />
=== September 2009 ===<br />
*iH8sn0w discovered this command independently but kept it a secret for about a month. [http://twitter.com/iH8sn0w/status/4353547726 ]<br />
<br />
=== October 2009 ===<br />
*When the Dev-Team stated that iH8sn0w did not have a unlock, he posted the command on Twitter. [http://twitter.com/iH8sn0w/status/4954333558]<br />
*Shortly after, Oranav posted his Hash from July. [http://pastebin.ca/1485104]<br />
*MuscleNerd tells iHacker that the crash was received awhile ago and was thought to be non-exploitable. [http://twitter.com/MuscleNerd/status/4978871033][http://twitter.com/iHacker/status/4978821448]<br />
*[[User:Geohot|Geohot]] attempts to exploit this crash, but intially also finds it to be non-exploitable. [http://twitter.com/geohot/status/4979506974]<br />
*Geohot does more investigation and discovers that this crash is indeed exploitable, and that it's a heap overflow. [http://twitter.com/geohot/status/5196861045]<br />
*Geohot achieves arbitrary code execution and begins work on unlock which will be called blacksn0w. [http://iphonejtag.blogspot.com/2009/10/heap-of-trouble.html]<br />
*Geohot posts a video of an unlocked 05.11.07 device. [http://www.youtube.com/watch?v=g23e9e9zOVI]<br />
<br />
[[Category:Baseband Exploits]]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=AT%2BXEMN_Heap_Overflow&diff=5339AT+XEMN Heap Overflow2009-11-01T22:51:05Z<p>Drg: /* July 2009 */</p>
<hr />
<div>AT+XEMN is a command on baseband 5.11.07 (pushed out with the 3.1 release), which when exploited correctly, causes a heap overflow allowing the crash to be moulded into an injection vector. This injection vector can then be used to inject an unlocking payload to provide a coveted Software SIM Unlock on the official 3.1(.2) firmware running 5.11.07<br />
<br />
== Credit ==<br />
* '''Vulnerability''': [[User:Oranav|Oranav]] (July) and ih8sn0w (September) (discovered independently)<br><br />
* '''Exploit''': [[User:geohot|geohot]]<br />
<br />
== Implementation ==<br />
This exploit is used in [[blacksn0w]].<br />
<br />
== Exception Dump == <br />
+XLOG: Exception Number: 1<br />
Trap Class: 0xDDDD (SW GENERATED TRAP)<br />
Identification: 140 (0x008C)<br />
Date: 22.10.2009<br />
Time: 00:30<br />
File: atform/text/_malloc.c<br />
Line: 1036<br />
Logdata:<br />
2E 0C 76 ED 40 14 31 64 61 74 63 3A 31 00 64 63 ..v.@.1datc:1.dc<br />
20 44 F4 E9 20 20 20 20 20 20 20 20 20 20 20 20 D.. <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 <br />
20 20 20 20 20 20 20 20<br />
<br />
== Timeline ==<br />
=== July 2009 ===<br />
*[[User:Oranav|Oranav]] discovers this crash and gives is to the [[iPhone Dev Team]].<br />
*Upon initial investigation, The [[iPhone Dev Team]], mistakenly states that the crash is non-exploitable.<br />
<br />
=== September 2009 ===<br />
*iH8sn0w discovered this command independently but kept it a secret for about a month. [http://twitter.com/iH8sn0w/status/4353547726 ]<br />
<br />
=== October 2009 ===<br />
*When the Dev-Team stated that iH8sn0w did not have a unlock, he posted the command on Twitter. [http://twitter.com/iH8sn0w/status/4954333558]<br />
*Shortly after, Oranav posted his Hash from July. [http://pastebin.ca/1485104]<br />
*MuscleNerd tells iHacker that the crash was received awhile ago and was non-exploitable. [http://twitter.com/MuscleNerd/status/4978871033][http://twitter.com/iHacker/status/4978821448]<br />
*[[User:Geohot|Geohot]] attempts to exploit this crash, but later finds out as well that it is non-exploitable. [http://twitter.com/geohot/status/4979506974]<br />
*The hunt for another exploit continues as New 3G/3G[S] users join or if 3G/3G[S] users upgrade to Official Apple Firmware.<br />
*Geohot does more investigation and discovers that this crash is indeed exploitable, and that it's a heap overflow. [http://twitter.com/geohot/status/5196861045]<br />
*Geohot has achieved arbitrary code execution and has begun working on unlock which will be called blacksn0w. [http://iphonejtag.blogspot.com/2009/10/heap-of-trouble.html]<br />
*Geohot posts a video of an unlocked 05.11.07 device. [http://www.youtube.com/watch?v=g23e9e9zOVI]<br />
<br />
[[Category:Baseband Exploits]]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Blacksn0w&diff=5330Blacksn0w2009-10-31T16:02:15Z<p>Drg: </p>
<hr />
<div>The runtime unlock for baseband 5.11 by geohot which uses the [[AT+XEMN Heap Overflow]] exploit.</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Blacksn0w&diff=5329Blacksn0w2009-10-31T16:00:57Z<p>Drg: New page: The runtime unlock for baseband 5.11 by geohot.</p>
<hr />
<div>The runtime unlock for baseband 5.11 by geohot.</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Purplera1n&diff=4198Purplera1n2009-07-13T20:03:15Z<p>Drg: /* Credit */</p>
<hr />
<div>== Credit ==<br />
[[geohot]]<br />
<br />
OSX client: AriX, and westbaer.<br />
<br />
== Phase 1: Signature Grabber ==<br />
* '''Blog Post''': http://iphonejtag.blogspot.com/2009/06/usbdump-huh-how.html<br />
<br />
Allows anyone with a [[N88AP|3GS]] right now to generate a file that contains:<br />
* The [[ECID|Exclusive Chip ID tag]] for your device<br />
* The new RSA signature for a 3.0GM [[N88AP|iPhone 3GS]] iBSS that includes your ECID<br />
<br />
This way, if Apple tries to pull a fast one and disallow downgrades to earlier versions, you have a backup that can be used to still allow you to boot an older iBSS.<br />
<br />
Apple can not stop you from obtaining the ECID from your phone. But the webapp behind purplera1n calls the same Apple servers which are also used by iTunes for signing your personal iBSS ECID combination. So this will stop working, when<br />
* a new firmware gets released and Apple does not allow downgrading any more or<br />
* Apple finds a way to distinguish between requests from iTunes and purplera1n<br />
<br />
As purplera1n uses a distributed application hosting it is not easy for Apple to filter it using IP addresses.<br />
<br />
== Phase 2: Jailbreak Tool (3.0) ==<br />
* '''Web Site''': http://purplera1n.com<br />
<br />
One-Click, dead simple, jailbreak for the [[iPhone 3GS]]. Currently available for Windows, Mac, and Linux. It utilizes the [[iBoot Environment Variable Overflow]].<br />
<br />
== How purplera1n Works ==<br />
<br />
purplera1n is so simple, that it hides the complex work it's doing from the user. Figured I'd describe it step by step<br />
* purplera1n sends the enter recovery commands using iTunesMobileDevice<br />
* once in recovery(iBoot), it sends the [[IBoot Environment Variable Overflow]] exploit<br />
* the exploit adds a "geohot" command to the phone which runs the payload<br />
* the "geohot" command is run, control is now transferred from iboot to the payload<br />
* the purplera1n client is done<br />
Inside payload<br />
* the payload restores the default environment variable ring buffer and saves the environment to nvram(sets auto-boot to true)<br />
* it patches iBoot to load unsigned img3s and not care about the tags<br />
* it loads the purplera1n picture(sent with payload)<br />
* the nor patcher starts<br />
* llb is decrypted, patched, and increased in size to 0x24200. this is the resident [[0x24000 Segment Overflow]] exploit<br />
* a little loader code is put @ 0x20000 in the LLB to load it and fix the stack<br />
* iboot is decrypted, patched<br />
* everything else is read as is<br />
* nor is written back, nor patcher is done<br />
* kernel is loaded, decrypted, and patched<br />
* ramdisk is loaded(sent with payload) and moved to ramdisk region at 0x44000000, patched kernel is tacked on to the end<br />
* patched kernel is booted<br />
* control is now transferred from payload to ramdisk<br />
Inside ramdisk<br />
* launchd is run, all stuff happens here<br />
* /dev/disk0s1 is mounted<br />
* fstab and services are overwritten here to allow disk0s1 writes and afc2 respectively<br />
* Freeze.app is transferred and Freeze.app loader has SUID bit set<br />
* patched kernel is read from end of ramdisk block device and written to filesystem<br />
* ramdisk is done, rebooting...<br />
Reboots as jailbroken phone</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Purplera1n&diff=4197Purplera1n2009-07-13T20:02:53Z<p>Drg: /* Credit */</p>
<hr />
<div>== Credit ==<br />
[[geohot]]<br />
OSX client: AriX, and westbaer.<br />
<br />
== Phase 1: Signature Grabber ==<br />
* '''Blog Post''': http://iphonejtag.blogspot.com/2009/06/usbdump-huh-how.html<br />
<br />
Allows anyone with a [[N88AP|3GS]] right now to generate a file that contains:<br />
* The [[ECID|Exclusive Chip ID tag]] for your device<br />
* The new RSA signature for a 3.0GM [[N88AP|iPhone 3GS]] iBSS that includes your ECID<br />
<br />
This way, if Apple tries to pull a fast one and disallow downgrades to earlier versions, you have a backup that can be used to still allow you to boot an older iBSS.<br />
<br />
Apple can not stop you from obtaining the ECID from your phone. But the webapp behind purplera1n calls the same Apple servers which are also used by iTunes for signing your personal iBSS ECID combination. So this will stop working, when<br />
* a new firmware gets released and Apple does not allow downgrading any more or<br />
* Apple finds a way to distinguish between requests from iTunes and purplera1n<br />
<br />
As purplera1n uses a distributed application hosting it is not easy for Apple to filter it using IP addresses.<br />
<br />
== Phase 2: Jailbreak Tool (3.0) ==<br />
* '''Web Site''': http://purplera1n.com<br />
<br />
One-Click, dead simple, jailbreak for the [[iPhone 3GS]]. Currently available for Windows, Mac, and Linux. It utilizes the [[iBoot Environment Variable Overflow]].<br />
<br />
== How purplera1n Works ==<br />
<br />
purplera1n is so simple, that it hides the complex work it's doing from the user. Figured I'd describe it step by step<br />
* purplera1n sends the enter recovery commands using iTunesMobileDevice<br />
* once in recovery(iBoot), it sends the [[IBoot Environment Variable Overflow]] exploit<br />
* the exploit adds a "geohot" command to the phone which runs the payload<br />
* the "geohot" command is run, control is now transferred from iboot to the payload<br />
* the purplera1n client is done<br />
Inside payload<br />
* the payload restores the default environment variable ring buffer and saves the environment to nvram(sets auto-boot to true)<br />
* it patches iBoot to load unsigned img3s and not care about the tags<br />
* it loads the purplera1n picture(sent with payload)<br />
* the nor patcher starts<br />
* llb is decrypted, patched, and increased in size to 0x24200. this is the resident [[0x24000 Segment Overflow]] exploit<br />
* a little loader code is put @ 0x20000 in the LLB to load it and fix the stack<br />
* iboot is decrypted, patched<br />
* everything else is read as is<br />
* nor is written back, nor patcher is done<br />
* kernel is loaded, decrypted, and patched<br />
* ramdisk is loaded(sent with payload) and moved to ramdisk region at 0x44000000, patched kernel is tacked on to the end<br />
* patched kernel is booted<br />
* control is now transferred from payload to ramdisk<br />
Inside ramdisk<br />
* launchd is run, all stuff happens here<br />
* /dev/disk0s1 is mounted<br />
* fstab and services are overwritten here to allow disk0s1 writes and afc2 respectively<br />
* Freeze.app is transferred and Freeze.app loader has SUID bit set<br />
* patched kernel is read from end of ramdisk block device and written to filesystem<br />
* ramdisk is done, rebooting...<br />
Reboots as jailbroken phone</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Purplera1n&diff=4104Purplera1n2009-07-06T04:06:41Z<p>Drg: /* Phase 1: USB Dumper */</p>
<hr />
<div>== Credit ==<br />
[[geohot]]<br />
<br />
== Phase 1: Certificate Dumper ==<br />
* '''Blog Post''': http://iphonejtag.blogspot.com/2009/06/usbdump-huh-how.html<br />
<br />
Allows anyone with a [[N88AP|3G S]] right now to generate a file that contains:<br />
* The [[ECID|Exclusive Chip ID tag]] for your device<br />
* The new RSA signature for a 3.0GM [[N88AP|iPhone 3G S]] iBSS that includes your ECID<br />
<br />
This way, if Apple tries to pull a fast one and disallow downgrades to earlier versions, you have a backup that can be used to still allow you to boot an older iBSS.<br />
<br />
Apple can not stop you from obtaining the ECID from your phone. But the webapp behind purplera1n calls the same Apple servers which are also used by iTunes for signing your personal iBSS ECID combination. So this will stop working, when<br />
* a new firmware gets released and Apple does not allow downdating any more or<br />
* Apple finds a way to disinguish between requests from iTunes and purplera1n<br />
<br />
As purplera1n uses a distributed application hosting it is not easy for Apple to filter it using IP addresses.<br />
<br />
== Phase 2: Jailbreak App ==<br />
* '''Web Site: http://purplera1n.com<br />
<br />
Multiplatform one-click jailbreak for 3GS.</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Purplera1n&diff=4103Purplera1n2009-07-06T04:05:57Z<p>Drg: </p>
<hr />
<div>== Credit ==<br />
[[geohot]]<br />
<br />
== Phase 1: USB Dumper ==<br />
* '''Blog Post''': http://iphonejtag.blogspot.com/2009/06/usbdump-huh-how.html<br />
<br />
Allows anyone with a [[N88AP|3G S]] right now to generate a file that contains:<br />
* The [[ECID|Exclusive Chip ID tag]] for your device<br />
* The new RSA signature for a 3.0GM [[N88AP|iPhone 3G S]] iBSS that includes your ECID<br />
<br />
This way, if Apple tries to pull a fast one and disallow downgrades to earlier versions, you have a backup that can be used to still allow you to boot an older iBSS.<br />
<br />
Apple can not stop you from obtaining the ECID from your phone. But the webapp behind purplera1n calls the same Apple servers which are also used by iTunes for signing your personal iBSS ECID combination. So this will stop working, when<br />
* a new firmware gets released and Apple does not allow downdating any more or<br />
* Apple finds a way to disinguish between requests from iTunes and purplera1n<br />
<br />
As purplera1n uses a distributed application hosting it is not easy for Apple to filter it using IP addresses.<br />
<br />
<br />
== Phase 2: Jailbreak App ==<br />
* '''Web Site: http://purplera1n.com<br />
<br />
Multiplatform one-click jailbreak for 3GS.</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Firmware&diff=4085Firmware2009-07-04T23:52:36Z<p>Drg: </p>
<hr />
<div>This is the iPhone OS system the iPhone runs. Latest Apple download links can be found [http://www.itunes.com/version here].<br />
<br />
==Comparison of firmware versions==<br />
<br />
===[[iPhone]]===<br />
{| class="wikitable sortable" style="font-size: smaller; text-align: center; width: auto; table-layout: fixed; border-collapse: collapse;" border="1"<br />
|-<br />
! Version<br />
! Build<br />
! [[Baseband]]<br />
! IPSW Download URL<br />
! SHA1 Hash<br />
! Comments<br />
! Can be [[jailbreak|jailbroken]]?<br />
! Can be [[unlock|unlocked]]?<br />
! File Size<br />
|-<br />
| 1.0.0<br />
| Heavenly 1A543a<br />
| 03.12.06_G<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-3538.20070629.B7vXa/iPhone1,1_1.0_1A543a_Restore.ipsw iPhone1,1_1.0_1A543a_Restore.ipsw]<br />
| fb8bb3ee2e9a997affbb97868599f2995c78209c<br />
| Initial US shipment.<br />
| {{yes}}<br />
| {{yes}}<br />
| 95,604,348<br />
|-<br />
| 1.0.1<br />
| Heavenly 1C25<br />
| 03.12.06_G<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-3614.20070731.Nt6Y7/iPhone1,1_1.0.1_1C25_Restore.ipsw iPhone1,1_1.0.1_1C25_Restore.ipsw]<br />
| a00b85a7a55d62a94be5fbf5effbc42fd63f3097<br />
| <br />
| {{yes}}<br />
| {{yes}}<br />
| 95,627,958<br />
|-<br />
| 1.0.2<br />
| Heavenly 1C28<br />
| 03.14.08_G<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-3823.20070821.vormd/iPhone1,1_1.0.2_1C28_Restore.ipsw iPhone1,1_1.0.2_1C28_Restore.ipsw]<br />
| 7f5c0ff1f84a0202b75a55c3fcb362e415334d1e<br />
| <br />
| {{yes}}<br />
| {{yes}}<br />
| 95,627,324<br />
|-<br />
| 1.1.1<br />
| Snowbird 3A109a<br />
| 04.01.13_G<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-3883.20070927.In76t/iPhone1,1_1.1.1_3A109a_Restore.ipsw iPhone1,1_1.1.1_3A109a_Restore.ipsw]<br />
| d441dd1c71ce18f25d8fc4faa71c1e6eaa02d02c<br />
| <br />
| {{yes}}<br />
| {{yes}}<br />
| 159,668,150<br />
|-<br />
| 1.1.2<br />
| Oktoberfest 3B48a<br />
| 04.02.13_G<br />
| No download available<br />
|<br />
| Initial Euro shipment.<br />
| {{yes}}<br />
| {{yes}}<br />
| <br />
|-<br />
| 1.1.2<br />
| Oktoberfest 3B48b<br />
| 04.02.13_G<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-4037.20071107.5Bghn/iPhone1,1_1.1.2_3B48b_Restore.ipsw iPhone1,1_1.1.2_3B48b_Restore.ipsw]<br />
| 797c02e7d660940e8d9a16cc7229ccf3f67dd8b1<br />
|<br />
| {{yes}}<br />
| {{yes}}<br />
| 167,927,501<br />
|-<br />
| 1.1.3<br />
| Little Bear 4A93<br />
| 04.03.13_G<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-4061.20080115.4Fvn7/iPhone1,1_1.1.3_4A93_Restore.ipsw iPhone1,1_1.1.3_4A93_Restore.ipsw]<br />
| b3dec7580bd00dc4faf28449d9618ef40aeacc96<br />
| <br />
| {{yes}}<br />
| {{yes}}<br />
| 169,950,551<br />
|-<br />
| 1.1.4<br />
| Little Bear 4A102<br />
| 04.04.05_G<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-4313.20080226.Sw39i/iPhone1,1_1.1.4_4A102_Restore.ipsw iPhone1,1_1.1.4_4A102_Restore.ipsw]<br />
| 000811bac096011b50ebf6ec1ec2285b62fda4cb<br />
| <br />
| {{yes}}<br />
| {{yes}}<br />
| 169,946,442<br />
|-<br />
| 2.0<br />
| Big Bear 5A347<br />
| 04.05.04_G<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-4956.20080710.V50OI/iPhone1,1_2.0_5A347_Restore.ipsw iPhone1,1_2.0_5A347_Restore.ipsw]<br />
| 9c510a3cfce789fa5f92a8f763c231bac82ff6d4<br />
| <br />
| {{yes}}<br />
| {{yes}}<br />
| 228,768,637<br />
|-<br />
| 2.0.1<br />
| Big Bear 5B108<br />
| 04.05.04_G<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-5135.20080729.Vfgtr/iPhone1,1_2.0.1_5B108_Restore.ipsw iPhone1,1_2.0.1_5B108_Restore.ipsw]<br />
| 61de6a2bd6ceddc9ecabad1671b91a59b3824bc4<br />
| <br />
| {{yes}}<br />
| {{yes}}<br />
| 254,048,068<br />
|-<br />
| 2.0.2<br />
| Big Bear 5C1<br />
| 04.05.04_G<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-5246.20080818.2V0hO/iPhone1,1_2.0.2_5C1_Restore.ipsw iPhone1,1_2.0.2_5C1_Restore.ipsw]<br />
| b84b57bea919bdc720287ec908c1378e7d7b5e1b<br />
| <br />
| {{yes}}<br />
| {{yes}}<br />
| 253,589,000<br />
|-<br />
| 2.1<br />
| Sugar Bowl 5F136<br />
| 04.05.04_G<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-5202.20080909.gkbEj/iPhone1,1_2.1_5F136_Restore.ipsw iPhone1,1_2.1_5F136_Restore.ipsw]<br />
| 353b7745767b85932e14e262e69463620939bdf7<br />
| <br />
| {{yes}}<br />
| {{yes}}<br />
| 242,171,241<br />
|-<br />
| 2.2<br />
| Timberline 5G77<br />
| 04.05.04_G<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-5779.20081120.Pt5yH/iPhone1,1_2.2_5G77_Restore.ipsw iPhone1,1_2.2_5G77_Restore.ipsw]<br />
| cbfc6ff886ce89868a55547b9fb980dbf92e6418 <br />
| <br />
| {{yes}}<br />
| {{yes}}<br />
| 257,576,980<br />
|-<br />
| 2.2.1<br />
| SUTimberline 5H11<br />
| 04.05.04_G<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-5830.20090127.Mmni6/iPhone1,1_2.2.1_5H11_Restore.ipsw iPhone1,1_2.2.1_5H11_Restore.ipsw]<br />
| 43b95ebe1e51f8d30eae916053396595c08440d3<br />
| <br />
| {{yes}}<br />
| {{yes}}<br />
| 257,593,705<br />
|-<br />
| 3.0<br />
| [[Kirkwood 7A341 (iPhone)|Kirkwood 7A341]]<br />
| 04.05.04_G<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-6580.20090617.XsP76/iPhone1,1_3.0_7A341_Restore.ipsw iPhone1,1_3.0_7A341_Restore.ipsw]<br />
| 2afd3f8ede17390737f508473ed205506a0bd23f<br />
| <br />
| {{yes}}<br />
| {{yes}}<br />
| 240,394,111<br />
|}<br />
<br />
===[[iPhone 3G]]===<br />
{| class="wikitable sortable" style="font-size: smaller; text-align: center; width: auto; table-layout: fixed; border-collapse: collapse;" border="1"<br />
|-<br />
! Version<br />
! Build<br />
! [[Baseband]]<br />
! IPSW Download URL<br />
! SHA1 Hash<br />
! Comments<br />
! Can be [[jailbreak|jailbroken]]?<br />
! Can be [[unlock|unlocked]]?<br />
! File Size<br />
|-<br />
| 2.0<br />
| Big Bear 5A345<br />
| 01.45.00<br />
| No download available<br />
|<br />
| Initial iPhone 3G shipment.<br />
| {{yes}}<br />
| {{yes|Yes (Upgrade to 04.26.08)}}<br />
| <br />
|-<br />
| 2.0<br />
| Big Bear 5A347<br />
| 01.45.00<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-4955.20080710.bgt53/iPhone1,2_2.0_5A347_Restore.ipsw iPhone1,2_2.0_5A347_Restore.ipsw]<br />
| af9506ca0034e462674f9f59c5406f159eaf9fc1<br />
| <br />
| {{yes}}<br />
| {{yes|Yes (Upgrade to 04.26.08)}}<br />
| 235,957,125<br />
|-<br />
| 2.0.1<br />
| Big Bear 5B108<br />
| 01.48.02<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-5134.20080729.Q2W3E/iPhone1,2_2.0.1_5B108_Restore.ipsw iPhone1,2_2.0.1_5B108_Restore.ipsw]<br />
| e81c7ac7e334a3e9d81b3b47894bfaa1ec495482<br />
| <br />
| {{yes}}<br />
| {{yes|Yes (Upgrade to 04.26.08)}}<br />
| 261,224,227<br />
|-<br />
| 2.0.2<br />
| Big Bear 5C1<br />
| 02.08.01<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-5241.20080818.t5Fv3/iPhone1,2_2.0.2_5C1_Restore.ipsw iPhone1,2_2.0.2_5C1_Restore.ipsw]<br />
| bef7fef954293046420fbcf947379839178a195b<br />
| <br />
| {{yes}}<br />
| {{yes|Yes (Upgrade to 04.26.08)}}<br />
| 260,761,030<br />
|-<br />
| 2.1<br />
| Sugar Bowl 5F136<br />
| 02.11.07<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-5198.20080909.K3294/iPhone1,2_2.1_5F136_Restore.ipsw iPhone1,2_2.1_5F136_Restore.ipsw]<br />
| c6957dcbf2a95ccfd6dce374a727b1b7700a9043<br />
| <br />
| {{yes}}<br />
| {{yes|Yes (Upgrade to 04.26.08)}}<br />
| 249,341,655<br />
|-<br />
| 2.2<br />
| Timberline 5G77<br />
| 02.28.00<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-5778.20081120.Aqw4R/iPhone1,2_2.2_5G77_Restore.ipsw iPhone1,2_2.2_5G77_Restore.ipsw]<br />
| f67f8b2b842428bf89456cda0c2d5cf954d111a4<br />
| <br />
| {{yes}}<br />
| {{yes|Yes (Upgrade to 04.26.08)}}<br />
| 258,342,348<br />
|-<br />
| 2.2.1<br />
| SUTimberline 5H11<br />
| 02.30.03<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-5828.20090127.aQLi8/iPhone1,2_2.2.1_5H11_Restore.ipsw iPhone1,2_2.2.1_5H11_Restore.ipsw]<br />
| e0098e6fab5c90b59e067e03ae3ccd4a7cd0f39c<br />
| <br />
| {{yes}}<br />
| {{yes|Yes (Upgrade to 04.26.08)}}<br />
| 258,359,073<br />
|-<br />
| 3.0<br />
| [[Kirkwood 7A341 (iPhone 3G)|Kirkwood 7A341]]<br />
| 04.26.08<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-6578.20090617.VfgtU/iPhone1,2_3.0_7A341_Restore.ipsw iPhone1,2_3.0_7A341_Restore.ipsw]<br />
| 94f1fb43de12bff0f168ce690b7e794cc6220ae3<br />
| <br />
| {{yes}}<br />
| {{yes|Yes (with [[ultrasn0w]])}}<br />
| 241,229,233<br />
|}<br />
<br />
===[[iPhone2,1|iPhone 3GS]]===<br />
{| class="wikitable sortable" style="font-size: smaller; text-align: center; width: auto; table-layout: fixed; border-collapse: collapse;" border="1"<br />
|-<br />
! Version<br />
! Build<br />
! [[Baseband]]<br />
! IPSW Download URL<br />
! SHA1 Hash<br />
! Comments<br />
! Can be [[jailbreak|jailbroken]]?<br />
! Can be [[unlock|unlocked]]?<br />
! File Size<br />
|-<br />
| 3.0<br />
| [[Kirkwood 7A341 (iPhone 3G S)|Kirkwood 7A341]]<br />
| 04.26.08<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-6582.20090617.LlI87/iPhone2,1_3.0_7A341_Restore.ipsw iPhone2,1_3.0_7A341_Restore.ipsw] <br />
| d8534408c8679c830fd0c4e36ef9762c11ef73df<br />
| Initial shipment.<br />
| {{yes}}<br />
| {{yes|Yes (with [[ultrasn0w]])}}<br />
| 312,292,933<br />
|}<br />
<br />
===[[N45ap|iPod touch (1st generation)]]===<br />
{| class="wikitable sortable" style="font-size: smaller; text-align: center; width: auto; table-layout: fixed; border-collapse: collapse;" border="1"<br />
|-<br />
! Version<br />
! Build<br />
! IPSW Download URL<br />
! SHA1 Hash<br />
! Comments<br />
! Can be [[jailbreak|jailbroken]]?<br />
! File Size<br />
|-<br />
| 1.1.0<br />
| Snowbird 3A100a<br />
| No download available<br />
|<br />
| Initial shipment.<br />
| {{yes}}<br />
|<br />
|-<br />
| 1.1.0<br />
| Snowbird 3A101a<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPod/SBML/osx/bundles/061-3882.20070910.N8uyT/iPod1,1_1.1_3A101a_Restore.ipsw iPod1,1_1.1_3A101a_Restore.ipsw]<br />
| 9b0d83c7f8b4328174a3f31e0e93f60e591ae143<br />
|<br />
| {{yes}}<br />
| 157,890,186<br />
|-<br />
| 1.1.1<br />
| Snowbird 3A110a<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPod/SBML/osx/bundles/061-3932.20070927.p23dD/iPod1,1_1.1.1_3A110a_Restore.ipsw iPod1,1_1.1.1_3A110a_Restore.ipsw]<br />
| 84bbc6ea8bf29745195bc9926c1874f7c2a36f32<br />
|<br />
| {{yes}}<br />
| 157,906,686<br />
|-<br />
| 1.1.2<br />
| Oktoberfest 3B48b<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPod/SBML/osx/bundles/061-4036.20071107.9g3DF/iPod1,1_1.1.2_3B48b_Restore.ipsw iPod1,1_1.1.2_3B48b_Restore.ipsw]<br />
| 108d8ffe9ea75e61cd5e57170ad388b7fa00d923<br />
|<br />
| {{yes}}<br />
| 165,567,897<br />
|-<br />
| 1.1.3<br />
| Little Bear 4A93<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPod/SBML/osx/061-4060.20080115.9Iuh5/iPod1,1_1.1.3_4A93_Restore.ipsw iPod1,1_1.1.3_4A93_Restore.ipsw]<br />
| 8dca23eec69d5ae58fbf3d4a23276e46cbb2e3c6<br />
|<br />
| {{yes}}<br />
| 173,511,411<br />
|-<br />
| 1.1.4<br />
| Little Bear 4A102<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPod/SBML/osx/bundles/061-4312.20080226.Btu45/iPod1,1_1.1.4_4A102_Restore.ipsw iPod1,1_1.1.4_4A102_Restore.ipsw]<br />
| c148d1eb1c979bb6434175411d4a372103a4fdd2<br />
| <br />
| {{yes}}<br />
| 173,519,589<br />
|-<br />
| 1.1.5<br />
| Little Bear 4B1<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPod/SBML/osx/bundles/061-4841.20080714.bgy8O/iPod1,1_1.1.5_4B1_Restore.ipsw iPod1,1_1.1.5_4B1_Restore.ipsw]<br />
| 1b818911316e4248ee01d3ec67f9d39afc3db240<br />
|<br />
| {{yes}}<br />
| 173,519,637<br />
|-<br />
| 2.0<br />
| Big Bear 5A347<br />
| Download Link Prohibited<br />
| ae82798e85f9953b0f4798bad36187cb020c9d22<br />
| 2.0+ is a paid upgrade series<br />
| {{yes}}<br />
| 233,409,573<br />
|-<br />
| 2.0.1<br />
| Big Bear 5B108<br />
| Download Link Prohibited<br />
| a81b6e7af4b85ef436d047f9da57c0f694d8964a<br />
| <br />
| {{yes}}<br />
| 258,660,321<br />
|-<br />
| 2.0.2<br />
| Big Bear 5C1<br />
| Download Link Prohibited<br />
| c8b6f9fefa3f3777c56285dfe4c735b1e08a81a2<br />
| <br />
| {{yes}}<br />
| 258,201,218<br />
|-<br />
| 2.1<br />
| Sugar Bowl 5F137<br />
| Download Link Prohibited<br />
| fc7f6d0972927df502ffca47438ca75dcccffaf3<br />
| <br />
| {{yes}}<br />
| 251,155,156<br />
|-<br />
| 2.2<br />
| Timberline 5G77<br />
| Download Link Prohibited<br />
| 081a7de363230fb38d0ce092cbbe42f2a50c8a5f<br />
| <br />
| {{yes}}<br />
| 260,186,851<br />
|-<br />
| 2.2.1<br />
| SUTimberline 5H11<br />
| Download Link Prohibited<br />
| fc69be9e421bc0630567184506ab771f6b7ef68b<br />
| <br />
| {{yes}}<br />
| 260,166,688<br />
|-<br />
| 3.0<br />
| Kirkwood 7A341<br />
| Download Link Prohibited<br />
| dff2bd14931225908a360fb8e60a336f17d2dd6d<br />
| <br />
| {{yes}}<br />
| 242,458,552<br />
|}<br />
<br />
===[[N72ap|iPod touch (2nd generation)]]===<br />
{| class="wikitable sortable" style="font-size: smaller; text-align: center; width: auto; table-layout: fixed; border-collapse: collapse;" border="1"<br />
|-<br />
! Version<br />
! Build<br />
! IPSW Download URL<br />
! SHA1 Hash<br />
! Comments<br />
! Can be [[jailbreak|jailbroken]]?<br />
! File Size<br />
|-<br />
| 2.1.1<br />
| [[Sugar Bowl - 5F138]]<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPod/SBML/osx/bundles/061-5494.20080909.8i9o0/iPod2,1_2.1.1_5F138_Restore.ipsw iPod2,1_2.1.1_5F138_Restore.ipsw]<br />
| c3c700be49ad227d1152188e7c1e46b8958fd1e4<br />
|<br />
| {{yes|Yes}}<br />
| 282,083,944<br />
|-<br />
| 2.2<br />
| Timberline - 5G77a<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPod/SBML/osx/061-5358.20081120.Gtghy/iPod2,1_2.2_5G77a_Restore.ipsw iPod2,1_2.2_5G77a_Restore.ipsw]<br />
| 34a0a489605f34d6cc6c9954edcaaf9a050deedc<br />
|<br />
| {{yes|Yes}}<br />
| 291,123,491<br />
|-<br />
| 2.2.1<br />
| SUTimberline - 5H11a<br />
| [http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-5863.20090127.rt56K/iPod2,1_2.2.1_5H11a_Restore.ipsw iPod2,1_2.2.1_5H11a_Restore.ipsw]<br />
| 9af5625ea34acdd8abeb6fce71a72651d0c815d5<br />
|<br />
| {{yes|Yes}}<br />
| 291,140,244<br />
|-<br />
| 3.0<br />
| [[Kirkwood 7A341 (iPod touch 2G)|Kirkwood 7A341]]<br />
| Download Link Prohibited<br />
| 0f7fc76d9b9aa826b5ab14be9821a315d3d9dc42<br />
| <br />
| {{yes|Yes}}<br />
| 270,315,364<br />
|}<br />
<br />
==See also==<br />
* [[VFDecrypt Keys]]<br />
<br />
==Resources==<br />
*[http://www.trejan.com/projects/ipod/ Firmware List]<br />
*[http://www.iphones.ru/forum/index.php?showtopic=7115 iPhone FW's Links (Russian)]<br />
*[http://www.iphones.ru/forum/index.php?showtopic=13934 iPod Touch FW's Links (Russian)]<br />
*[http://pastebin.ca/1209360 A link of interest...]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=N88AP&diff=4069N88AP2009-07-04T02:48:37Z<p>Drg: </p>
<hr />
<div>[[Image:IPhone3GS.jpg|right|thumb|iPhone 3GS, back and front.]]<br />
<br />
This is the iPhone 3GS. It was released on June 19, 2009 with a price tag of $199 for the 16GB model and $299 for the 32GB model, in the U.S., Canada and major European countries. Prices vary depending on the mobile operator. It features the same exterior design as the [[iPhone 3G]], but has new internal features such as video recording, voice control, digital compass, faster CPU, increased RAM etc.<br />
<br />
== Baseband ==<br />
The iPhone 3G S uses the [[X-Gold 608]] baseband chip, same as in the iPhone 3G.<br />
<br />
== Application Processor ==<br />
It makes use of the [[S5L8920]] application processor.<br />
<br />
== Specifications ==<br />
'''Color''': Black or white <br><br />
'''Size''': 4.5 inches (115.5 mm) (h) × 2.4 inches (62.1 mm) (w) × 0.48 inch (12.3 mm) (d) <br><br />
'''Weight''': 135 g (4.8 oz) <br><br />
'''Battery''': Up to 12 hours of 2G talk, 5 hours of 3G talk, 5 (3G) or 9 (Wi-Fi) hours of Internet use, 10 hours of video playback, and up to 30 hours of audio playback, lasting over 300 hours on standby. <br><br />
'''3G''': Broadband data speeds, supporting 7.2Mbps HSDPA <br><br />
'''Camera''': 3.15MP with Autofocus and manual focus (''Tap to focus''), supporting VGA video recording @ 30FPS<br />
<br />
More specifications available in [http://www.gsmarena.com/apple_iphone_3g_s-2826.php GSMArena].<br />
<br />
== See also ==<br />
* [[Jailbreak iPhone2,1]]<br />
* [[X-Gold 608 Unlock]]<br />
* [[N88AP Device Tree]]<br />
<br />
==External Links==<br />
* [http://www.anandtech.com/gadgets/showdoc.aspx?i=3579 AnandTech: The iPhone 3GS Hardware Exposed & Analyzed]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Talk:IBoot_Environment_Variable_Overflow&diff=4066Talk:IBoot Environment Variable Overflow2009-07-03T23:05:43Z<p>Drg: Removing all content from page</p>
<hr />
<div></div>Drghttps://www.theiphonewiki.com/w/index.php?title=N88AP&diff=4051N88AP2009-07-03T01:03:41Z<p>Drg: </p>
<hr />
<div>[[Image:IPhone3GS.jpg|right|thumb|iPhone 3GS, back and front.]]<br />
<br />
This is the iPhone 3GS. It was released on June 19, 2009 with a price tag of $199 for the 16GB model and $299 for the 32GB model, in the U.S., Canada and major European countries. Price vary depending on the mobile operator. It features the same exterior design as the [[iPhone 3G]], but has new internal features such as video recording, voice control, digital compass, faster CPU, increased RAM etc.<br />
<br />
== Baseband ==<br />
The iPhone 3G S uses the [[X-Gold 608]] baseband chip, same as in the iPhone 3G.<br />
<br />
== Application Processor ==<br />
It makes use of the [[S5L8920]] application processor.<br />
<br />
== Specifications ==<br />
'''Color''': Black or white <br><br />
'''Size''': 4.5 inches (115.5 mm) (h) × 2.4 inches (62.1 mm) (w) × 0.48 inch (12.3 mm) (d) <br><br />
'''Weight''': 135 g (4.8 oz) <br><br />
'''Battery''': Up to 12 hours of 2G talk, 5 hours of 3G talk, 5 (3G) or 9 (Wi-Fi) hours of Internet use, 10 hours of video playback, and up to 30 hours of audio playback, lasting over 300 hours on standby. <br><br />
'''3G''': Broadband data speeds, supporting 7.2Mbps HSDPA <br><br />
'''Camera''': 3.15MP with Autofocus and manual focus (''Tap to focus''), supporting VGA video recording @ 30FPS<br />
<br />
More specifications available in [http://www.gsmarena.com/apple_iphone_3g_s-2826.php GSMArena].<br />
<br />
== See also ==<br />
* [[Jailbreak iPhone2,1]]<br />
* [[X-Gold 608 Unlock]]<br />
* [[N88AP Device Tree]]<br />
<br />
==External Links==<br />
* [http://www.anandtech.com/gadgets/showdoc.aspx?i=3579 AnandTech: The iPhone 3GS Hardware Exposed & Analyzed]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=N88AP&diff=4050N88AP2009-07-03T01:03:23Z<p>Drg: </p>
<hr />
<div>[[Image:IPhone3GS.jpg|right|thumb|iPhone 3G S, back and front.]]<br />
<br />
This is the iPhone 3GS. It was released on June 19, 2009 with a price tag of $199 for the 16GB model and $299 for the 32GB model, in the U.S., Canada and major European countries. Price vary depending on the mobile operator. It features the same exterior design as the [[iPhone 3G]], but has new internal features such as video recording, voice control, digital compass, faster CPU, increased RAM etc.<br />
<br />
== Baseband ==<br />
The iPhone 3G S uses the [[X-Gold 608]] baseband chip, same as in the iPhone 3G.<br />
<br />
== Application Processor ==<br />
It makes use of the [[S5L8920]] application processor.<br />
<br />
== Specifications ==<br />
'''Color''': Black or white <br><br />
'''Size''': 4.5 inches (115.5 mm) (h) × 2.4 inches (62.1 mm) (w) × 0.48 inch (12.3 mm) (d) <br><br />
'''Weight''': 135 g (4.8 oz) <br><br />
'''Battery''': Up to 12 hours of 2G talk, 5 hours of 3G talk, 5 (3G) or 9 (Wi-Fi) hours of Internet use, 10 hours of video playback, and up to 30 hours of audio playback, lasting over 300 hours on standby. <br><br />
'''3G''': Broadband data speeds, supporting 7.2Mbps HSDPA <br><br />
'''Camera''': 3.15MP with Autofocus and manual focus (''Tap to focus''), supporting VGA video recording @ 30FPS<br />
<br />
More specifications available in [http://www.gsmarena.com/apple_iphone_3g_s-2826.php GSMArena].<br />
<br />
== See also ==<br />
* [[Jailbreak iPhone2,1]]<br />
* [[X-Gold 608 Unlock]]<br />
* [[N88AP Device Tree]]<br />
<br />
==External Links==<br />
* [http://www.anandtech.com/gadgets/showdoc.aspx?i=3579 AnandTech: The iPhone 3GS Hardware Exposed & Analyzed]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=ECID&diff=3984ECID2009-06-26T13:33:06Z<p>Drg: </p>
<hr />
<div>The '''Exclusive Chip ID''' or ECID, is a 3GS device specific numeric identifier which is sent to Apple during a restore. The ECID is included in a new, device specific, signed img3 file and sent back to iTunes for the restore process to proceed.<br />
<br />
The implication of this is Apple could dissallow downgrades (even via DFU) on newer devices and even on older devices once new firmware is released.</div>Drghttps://www.theiphonewiki.com/w/index.php?title=ECID&diff=3983ECID2009-06-26T13:32:45Z<p>Drg: </p>
<hr />
<div>The '''Exclusive Chip ID Tag''' or ECID, is a 3GS device specific numeric identifier which is sent to Apple during a restore. The ECID is included in a new, device specific, signed img3 file and sent back to iTunes for the restore process to proceed.<br />
<br />
The implication of this is Apple could dissallow downgrades (even via DFU) on newer devices and even on older devices once new firmware is released.</div>Drghttps://www.theiphonewiki.com/w/index.php?title=ECID&diff=3982ECID2009-06-26T13:31:58Z<p>Drg: New page: The '''Exclusive Chip ID Tag''' or ECID, is a 3GS device specific numeric identifier which is sent to Apple during a restore. The ECID included in a new, device specific, signed img3 file ...</p>
<hr />
<div>The '''Exclusive Chip ID Tag''' or ECID, is a 3GS device specific numeric identifier which is sent to Apple during a restore. The ECID included in a new, device specific, signed img3 file abd sent back to iTunes.<br />
<br />
The implication of this is Apple could dissallow downgrades (even via DFU) on newer devices and even on older devices once new firmware is released.</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Jailbreak_(S5L8920%2B)&diff=3981Jailbreak (S5L8920+)2009-06-26T13:27:31Z<p>Drg: /* ECID */</p>
<hr />
<div>Apple did not have the time to fix the [[24kpwn]] hole in the [[S5L8920 (Bootrom)|iPhone 3G[s] Bootrom]]. Thus, the following needs to be done:<br />
* '''Find [[iBoot]] exploit''' - In order to flash 24kPwned [[LLB]].<br />
* '''"Port" the [[24kpwn]] exploit''' - In order to run our patched [[LLB]] and to skip the ECID checks.<br />
<br />
==ECID==<br />
Apple added a new tag to the img3 format called ECID. The ECID is ''unique'' to each phone, and is being sigchecked. So Apple could block downgrades once newer firmware becomes available, unless you have a dump of your unique old firmware's img3 or signed certificate. Therefore, iBoot exploits won't be so useful for tethered JBs, because such exploits will be closed in new FWs. [http://iphonejtag.blogspot.com/2009/06/ecid-field-downgrades-no-dice.html].<br />
<br />
The issue with this is that, even with [[24kpwn]] still in bootrom, an [[iBoot]] exploit is still needed to actually flash the 24kpwned [[LLB]]. If Apple uses this ECID stuff to block downgrades, then a new [[iBoot]] exploit will be needed whenever they fix the last, so that [[24kpwn]] can be applied. This is because Apple could choose to not let you upload an older / exploitable iBEC / iBoot / iBSS to the device. 3GS owners can save a signed certificate which will always allow downgrades to 3.0 7A341 using http://purplera1n.com/ should Apple try to block this in the future.</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Jailbreak_(S5L8920%2B)&diff=3980Jailbreak (S5L8920+)2009-06-26T13:24:14Z<p>Drg: /* ECID */</p>
<hr />
<div>Apple did not have the time to fix the [[24kpwn]] hole in the [[S5L8920 (Bootrom)|iPhone 3G[s] Bootrom]]. Thus, the following needs to be done:<br />
* '''Find [[iBoot]] exploit''' - In order to flash 24kPwned [[LLB]].<br />
* '''"Port" the [[24kpwn]] exploit''' - In order to run our patched [[LLB]] and to skip the ECID checks.<br />
<br />
==ECID==<br />
Apple added a new tag to the img3 format called ECID. The ECID is ''unique'' to each phone, and is being sigchecked. So Apple could block downgrades once newer firmware becomes available, unless you have a dump of your unique old firmware's img3 or signed certificate. Therefore, iBoot exploits won't be so useful for tethered JBs, because such exploits will be closed in new FWs. [http://iphonejtag.blogspot.com/2009/06/ecid-field-downgrades-no-dice.html].<br />
<br />
The issue with this is that, even with [[24kpwn]] still in bootrom, an [[iBoot]] exploit is still needed to actually flash the 24kpwned [[LLB]]. If Apple uses this ECID stuff to block downgrades, than a new [[iBoot]] exploit will be needed whenever they fix the last, so that [[24kpwn]] can be applied. This is because Apple could choose to not let you upload an older / exploitable iBEC / iBoot / iBSS to the device. If you go to http://purplera1n.com/ now though and save the file, you will be OK.</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Jailbreak_(S5L8920%2B)&diff=3979Jailbreak (S5L8920+)2009-06-26T13:22:07Z<p>Drg: </p>
<hr />
<div>Apple did not have the time to fix the [[24kpwn]] hole in the [[S5L8920 (Bootrom)|iPhone 3G[s] Bootrom]]. Thus, the following needs to be done:<br />
* '''Find [[iBoot]] exploit''' - In order to flash 24kPwned [[LLB]].<br />
* '''"Port" the [[24kpwn]] exploit''' - In order to run our patched [[LLB]] and to skip the ECID checks.<br />
<br />
==ECID==<br />
Apple added a new tag to the img3 format called ECID. The ECID is ''unique'' to each phone, and is being sigchecked. So no downgrades unless you have a dump of your unique old firmware's img3. Therefore, iBoot exploits won't be so useful for tethered JBs, because such exploits will be closed in new FWs. [http://iphonejtag.blogspot.com/2009/06/ecid-field-downgrades-no-dice.html].<br />
<br />
The issue with this is that, even with [[24kpwn]] still in bootrom, and [[iBoot]] exploit is still needed to actually flash the 24kpwned [[LLB]]. If Apple uses this ECID stuff to block downgrades, than a new [[iBoot]] exploit will be needed whenever they fix the last, so that [[24kpwn]] can be applied. This is because Apple could choose to not let you upload an older / exploitable iBEC / iBoot / iBSS to the device. If you go to http://purplera1n.com/ now though and save the file, you will be OK.</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Purplera1n&diff=3963Purplera1n2009-06-26T02:06:33Z<p>Drg: </p>
<hr />
<div>This appears to be the codename for geohot's 3GS jailbreak. <br />
-------------<br />
As of now the domain purplera1n.com will allow 3GS users to generate a unique certificate for iBSS. This will allow downgrades to 3.0 (for exploit purposes) should Apple one day stop issuing these certs.<br />
http://iphonejtag.blogspot.com/2009/06/usbdump-huh-how.html</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Purplera1n&diff=3962Purplera1n2009-06-26T02:05:56Z<p>Drg: New page: This appears to be the codename for geohot's 3GS jailbreak. As of now the domain purplera1n.com will allow 3GS users to generate a unique certificate for iBSS. This will allow downgrades ...</p>
<hr />
<div><br />
This appears to be the codename for geohot's 3GS jailbreak. As of now the domain purplera1n.com will allow 3GS users to generate a unique certificate for iBSS. This will allow downgrades to 3.0 (for exploit purposes) should Apple one day stop issuing these certs.</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Talk:Main_Page&diff=3866Talk:Main Page2009-06-18T03:49:21Z<p>Drg: /* firmware keys */</p>
<hr />
<div>== firmware keys ==<br />
We need a "standard" for firmware key posting so that we can stay organized. Who likes this method?<br />
* [[Kirkwood 7A341 (iPhone 3G)]]<br />
* [[Kirkwood 7A341 (iPod touch 2G)]]<br />
<br />
-----<br />
<br />
Love it. -drg</div>Drghttps://www.theiphonewiki.com/w/index.php?title=PHaseBanDowngrader&diff=3494PHaseBanDowngrader2009-04-13T14:15:04Z<p>Drg: /* About */</p>
<hr />
<div>==About==<br />
pHaseBanDowngrader is a tool that allows the user to downgrade the [[iPhone 3G]] Baseband from 02.30.03 to 02.28.00 with the [[Baseband Bootloader]] 5.8. This tool will not work with BL 5.9 or the newly reported 6.0.2.<br />
<br />
==Credits==<br />
Exploit: [[Geohot]] and [[iPhone Dev Team]], independently<br><br />
Patch Implementation: [[Geohot]]<br><br />
Script: pH with thanks to EvilPenguin<br />
<br />
==README==<br />
pHaseBanDowngrader - by Pedro Henrique Cavallieri Franceschi.<br />
(a.k.a. pH).<br />
<br />
===Português===<br />
<br />
Para rodar o pHaseBanDowngrader, conecte via SSH ao seu iPhone e copie a pasta baixada (phasebandowngrader) para dentro da pasta "/Applications" no seu iPhone.<br />
OBS: A pasta TEM que se chamar phasebandowngrader, com letras minúsculas!<br />
<br />
Para rodá-lo, entre no MobileTerminal e digite "login". O usuário é "root" e a senha é "alpine" por padrão. Depois, digite: "cd /Applications/phasebandowngrader/" e, em seguida, por final, para rodar o downgrader, digite "./phasebandowngrader".<br />
<br />
Para checar a versão do seu Bootloader, mais informações aqui: [[Baseband Commands]]<br />
<br />
(rode o at+xgendata no minicom)<br />
<br />
===English===<br />
To run the pHaseBanDowngrader, connect to your iPhone via SSH and copy the downloaded folder (phasebandowngrader) into the "/Applications" on your iPhone. <br />
Note: The folder MUST named phasebandowngrader in lowercase letters! <br />
<br />
To run it, open MobileTerminal and type "login". The user is "root" and password is "alpine" by default. Then type: "cd /Applications/phasebandowngrader/", then, to run the downgrader, type "./phasebandowngrader"<br />
<br />
To check your bootloader version, install minicom and run at+xgendata (see [[Baseband Commands]] for more info)<br />
<br />
==Download links==<br />
* [http://tinyurl.com/phasebandowngrader10 MediaFire]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=PHaseBanDowngrader&diff=3489PHaseBanDowngrader2009-04-13T04:47:14Z<p>Drg: /* English */</p>
<hr />
<div>==About==<br />
pHaseBanDowngrader is a tool that allows the user to downgrade the [[iPhone 3G]] Baseband from 02.30.03 to 02.28.00 with the [[Baseband Bootloader]] 5.8 (This tool will not work with BL 5.9).<br />
<br />
==Credits==<br />
Exploit: [[Geohot]] and [[iPhone Dev Team]], independently<br><br />
Patch Implementation: [[Geohot]]<br><br />
Script: pH with thanks to EvilPenguin<br />
<br />
==README==<br />
pHaseBanDowngrader - by Pedro Henrique Cavallieri Franceschi.<br />
(a.k.a. pH).<br />
<br />
===Português===<br />
<br />
Para rodar o pHaseBanDowngrader, conecte via SSH ao seu iPhone e copie a pasta baixada (phasebandowngrader) para dentro da pasta "/Applications" no seu iPhone.<br />
OBS: A pasta TEM que se chamar phasebandowngrader, com letras minúsculas!<br />
<br />
Para rodá-lo, entre no MobileTerminal e digite "login". O usuário é "root" e a senha é "alpine" por padrão. Depois, digite: "cd /Applications/phasebandowngrader/" e, em seguida, por final, para rodar o downgrader, digite "./phasebandowngrader".<br />
<br />
Para checar a versão do seu Bootloader, mais informações aqui: [[Baseband Commands]]<br />
<br />
(rode o at+xgendata no minicom)<br />
<br />
===English===<br />
To run the pHaseBanDowngrader, connect to your iPhone via SSH and copy the downloaded folder (phasebandowngrader) into the "/Applications" on your iPhone. <br />
Note: The folder MUST named phasebandowngrader in lowercase letters! <br />
<br />
To run it, open MobileTerminal and type "login". The user is "root" and password is "alpine" by default. Then type: "cd /Applications/phasebandowngrader/", then, to run the downgrader, type "./phasebandowngrader"<br />
<br />
To check your bootloader version, install minicom and run at+xgendata (see [[Baseband Commands]] for more info)<br />
<br />
==Download links==<br />
* [http://tinyurl.com/phasebandowngrader10 MediaFire]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=PHaseBanDowngrader&diff=3488PHaseBanDowngrader2009-04-13T04:45:25Z<p>Drg: /* Credits */</p>
<hr />
<div>==About==<br />
pHaseBanDowngrader is a tool that allows the user to downgrade the [[iPhone 3G]] Baseband from 02.30.03 to 02.28.00 with the [[Baseband Bootloader]] 5.8 (This tool will not work with BL 5.9).<br />
<br />
==Credits==<br />
Exploit: [[Geohot]] and [[iPhone Dev Team]], independently<br><br />
Patch Implementation: [[Geohot]]<br><br />
Script: pH with thanks to EvilPenguin<br />
<br />
==README==<br />
pHaseBanDowngrader - by Pedro Henrique Cavallieri Franceschi.<br />
(a.k.a. pH).<br />
<br />
===Português===<br />
<br />
Para rodar o pHaseBanDowngrader, conecte via SSH ao seu iPhone e copie a pasta baixada (phasebandowngrader) para dentro da pasta "/Applications" no seu iPhone.<br />
OBS: A pasta TEM que se chamar phasebandowngrader, com letras minúsculas!<br />
<br />
Para rodá-lo, entre no MobileTerminal e digite "login". O usuário é "root" e a senha é "alpine" por padrão. Depois, digite: "cd /Applications/phasebandowngrader/" e, em seguida, por final, para rodar o downgrader, digite "./phasebandowngrader".<br />
<br />
Para checar a versão do seu Bootloader, mais informações aqui: [[Baseband Commands]]<br />
<br />
(rode o at+xgendata no minicom)<br />
<br />
===English===<br />
To run the pHaseBanDowngrader, connect via SSH to your iPhone and copy the downloaded folder (phasebandowngrader) into the folder "/Applications" on your iPhone. <br />
Note: The folder MUST named phasebandowngrader with lowercase letters! <br />
<br />
To run it, open MobileTerminal and type "login". The user is "root" and password is "alpine" by default. Then type: "cd / Applications/phasebandowngrader/", then, to run the downgrader, type "./phasebandowngrader"<br />
<br />
To check your bootloader version, install minicom and run at+xgendata (see [[Baseband Commands]] for more info)<br />
<br />
==Download links==<br />
* [http://tinyurl.com/phasebandowngrader10 MediaFire]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=PHaseBanDowngrader&diff=3487PHaseBanDowngrader2009-04-13T04:45:03Z<p>Drg: /* Credits */</p>
<hr />
<div>==About==<br />
pHaseBanDowngrader is a tool that allows the user to downgrade the [[iPhone 3G]] Baseband from 02.30.03 to 02.28.00 with the [[Baseband Bootloader]] 5.8 (This tool will not work with BL 5.9).<br />
<br />
==Credits==<br />
Exploit: [[Geohot]] and [[iPhone Dev Team]], independently<br />
<br />
Patch Implementation: [[Geohot]]<br />
<br />
Script: pH with thanks to EvilPenguin<br />
<br />
==README==<br />
pHaseBanDowngrader - by Pedro Henrique Cavallieri Franceschi.<br />
(a.k.a. pH).<br />
<br />
===Português===<br />
<br />
Para rodar o pHaseBanDowngrader, conecte via SSH ao seu iPhone e copie a pasta baixada (phasebandowngrader) para dentro da pasta "/Applications" no seu iPhone.<br />
OBS: A pasta TEM que se chamar phasebandowngrader, com letras minúsculas!<br />
<br />
Para rodá-lo, entre no MobileTerminal e digite "login". O usuário é "root" e a senha é "alpine" por padrão. Depois, digite: "cd /Applications/phasebandowngrader/" e, em seguida, por final, para rodar o downgrader, digite "./phasebandowngrader".<br />
<br />
Para checar a versão do seu Bootloader, mais informações aqui: [[Baseband Commands]]<br />
<br />
(rode o at+xgendata no minicom)<br />
<br />
===English===<br />
To run the pHaseBanDowngrader, connect via SSH to your iPhone and copy the downloaded folder (phasebandowngrader) into the folder "/Applications" on your iPhone. <br />
Note: The folder MUST named phasebandowngrader with lowercase letters! <br />
<br />
To run it, open MobileTerminal and type "login". The user is "root" and password is "alpine" by default. Then type: "cd / Applications/phasebandowngrader/", then, to run the downgrader, type "./phasebandowngrader"<br />
<br />
To check your bootloader version, install minicom and run at+xgendata (see [[Baseband Commands]] for more info)<br />
<br />
==Download links==<br />
* [http://tinyurl.com/phasebandowngrader10 MediaFire]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=PHaseBanDowngrader&diff=3482PHaseBanDowngrader2009-04-13T03:06:58Z<p>Drg: /* README */</p>
<hr />
<div>==About==<br />
pHaseBanDowngrader is a tool that allows the user to downgrade the [[iPhone 3G]] Baseband from 02.30.03 to 02.28.00 with the [[Baseband Bootloader]] 5.8 (This tool will not work with BL 5.9).<br />
<br />
==Credits==<br />
Exploit: [[Geohot]] and [[iPhone Dev Team]], independently<br><br />
Patch Implementation: [[Geohot]]<br><br />
Script: pH with thanks to EvilPenguin<br />
<br />
==README==<br />
pHaseBanDowngrader - by Pedro Henrique Cavallieri Franceschi.<br />
(a.k.a. pH).<br />
<br />
'''Português:'''<br />
<br />
Para rodar o pHaseBanDowngrader, conecte via SSH ao seu iPhone e copie a pasta baixada (phasebandowngrader) para dentro da pasta "/Applications" no seu iPhone.<br />
OBS: A pasta TEM que se chamar phasebandowngrader, com letras minúsculas!<br />
<br />
Para rodá-lo, entre no MobileTerminal e digite "login". O usuário é "root" e a senha é "alpine" por padrão. Depois, digite: "cd /Applications/phasebandowngrader/" e, em seguida, por final, para rodar o downgrader, digite "./phasebandowngrader".<br />
<br />
Para checar a versão do seu Bootloader, mais informações aqui:<br />
http://www.theiphonewiki.com/wiki/index.php?title=Baseband_Commands<br />
<br />
(rode o at+xgendata no minicom)<br />
<br />
'''English:''' <br />
<br />
To run the pHaseBanDowngrader, connect via SSH to your iPhone and copy the downloaded folder (phasebandowngrader) into the folder "/Applications" on your iPhone. <br />
Note: The folder MUST named phasebandowngrader with lowercase letters! <br />
<br />
To run it, open MobileTerminal and type "login". The user is "root" and password is "alpine" by default. Then type: "cd / Applications/phasebandowngrader/", then, to run the downgrader, type "./phasebandowngrader"<br />
<br />
To check your bootloader version, visit:<br />
http://www.theiphonewiki.com/wiki/index.php?title=Baseband_Commands<br />
<br />
(run at+xgendata in minicom)<br />
<br />
==Download links==<br />
* [http://tinyurl.com/phasebandowngrader10 MediaFire]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=PHaseBanDowngrader&diff=3481PHaseBanDowngrader2009-04-13T03:06:47Z<p>Drg: /* README */</p>
<hr />
<div>==About==<br />
pHaseBanDowngrader is a tool that allows the user to downgrade the [[iPhone 3G]] Baseband from 02.30.03 to 02.28.00 with the [[Baseband Bootloader]] 5.8 (This tool will not work with BL 5.9).<br />
<br />
==Credits==<br />
Exploit: [[Geohot]] and [[iPhone Dev Team]], independently<br><br />
Patch Implementation: [[Geohot]]<br><br />
Script: pH with thanks to EvilPenguin<br />
<br />
==README==<br />
pHaseBanDowngrader - by Pedro Henrique Cavallieri Franceschi.<br />
(a.k.a. pH).<br />
<br />
'''Português:'''<br />
<br />
Para rodar o pHaseBanDowngrader, conecte via SSH ao seu iPhone e copie a pasta baixada (phasebandowngrader) para dentro da pasta "/Applications" no seu iPhone.<br />
OBS: A pasta TEM que se chamar phasebandowngrader, com letras minúsculas!<br />
<br />
Para rodá-lo, entre no MobileTerminal e digite "login". O usuário é "root" e a senha é "alpine" por padrão. Depois, digite: "cd /Applications/phasebandowngrader/" e, em seguida, por final, para rodar o downgrader, digite "./phasebandowngrader".<br />
<br />
Para checar a versão do seu Bootloader, mais informações aqui:<br />
http://www.theiphonewiki.com/wiki/index.php?title=Baseband_Commands<br />
<br />
(rode o at+xgendata no minicom)<br />
<br />
'''English:''' <br />
To run the pHaseBanDowngrader, connect via SSH to your iPhone and copy the downloaded folder (phasebandowngrader) into the folder "/Applications" on your iPhone. <br />
Note: The folder MUST named phasebandowngrader with lowercase letters! <br />
<br />
To run it, open MobileTerminal and type "login". The user is "root" and password is "alpine" by default. Then type: "cd / Applications/phasebandowngrader/", then, to run the downgrader, type "./phasebandowngrader"<br />
<br />
To check your bootloader version, visit:<br />
http://www.theiphonewiki.com/wiki/index.php?title=Baseband_Commands<br />
<br />
(run at+xgendata in minicom)<br />
<br />
==Download links==<br />
* [http://tinyurl.com/phasebandowngrader10 MediaFire]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=PHaseBanDowngrader&diff=3480PHaseBanDowngrader2009-04-13T03:05:27Z<p>Drg: /* README */</p>
<hr />
<div>==About==<br />
pHaseBanDowngrader is a tool that allows the user to downgrade the [[iPhone 3G]] Baseband from 02.30.03 to 02.28.00 with the [[Baseband Bootloader]] 5.8 (This tool will not work with BL 5.9).<br />
<br />
==Credits==<br />
Exploit: [[Geohot]] and [[iPhone Dev Team]], independently<br><br />
Patch Implementation: [[Geohot]]<br><br />
Script: pH with thanks to EvilPenguin<br />
<br />
==README==<br />
pHaseBanDowngrader - by Pedro Henrique Cavallieri Franceschi.<br />
(a.k.a. pH).<br />
<br />
_____________________________________________________________<br />
Português:<br />
<br />
Para rodar o pHaseBanDowngrader, conecte via SSH ao seu iPhone e copie a pasta baixada (phasebandowngrader) para dentro da pasta "/Applications" no seu iPhone.<br />
OBS: A pasta TEM que se chamar phasebandowngrader, com letras minúsculas!<br />
<br />
Para rodá-lo, entre no MobileTerminal e digite "login". O usuário é "root" e a senha é "alpine" por padrão. Depois, digite: "cd /Applications/phasebandowngrader/" e, em seguida, por final, para rodar o downgrader, digite "./phasebandowngrader".<br />
<br />
Para checar a versão do seu Bootloader, mais informações aqui:<br />
http://www.theiphonewiki.com/wiki/index.php?title=Baseband_Commands<br />
<br />
(rode o at+xgendata no minicom)<br />
<br />
_____________________________________________________________<br />
English: <br />
<br />
To run the pHaseBanDowngrader, connect via SSH to your iPhone and copy the downloaded folder (phasebandowngrader) into the folder "/Applications" on your iPhone. <br />
Note: The folder MUST named phasebandowngrader with lowercase letters! <br />
<br />
To run it, open MobileTerminal and type "login". The user is "root" and password is "alpine" by default. Then type: "cd / Applications/phasebandowngrader/", then, to run the downgrader, type "./phasebandowngrader"<br />
<br />
To check your bootloader version, visit:<br />
http://www.theiphonewiki.com/wiki/index.php?title=Baseband_Commands<br />
<br />
(run at+xgendata in minicom)<br />
<br />
==Download links==<br />
* [http://tinyurl.com/phasebandowngrader10 MediaFire]</div>Drghttps://www.theiphonewiki.com/w/index.php?title=Baseband_Commands&diff=3478Baseband Commands2009-04-13T02:01:06Z<p>Drg: /* How to run Baseband Commands */</p>
<hr />
<div>==About==<br />
In this page, you'll find some Baseband Commands. You can use them with Minicom 2.2, that can be found on Cydia.<br />
<br />
==Setting up Minicom 2.2==<br />
# After installing Minicom from Cydia, make sure the folder /usr/etc exists. SSH into your iPhone and then, type: ''minicom -s''.<br />
# Now, select ''Serial Port Setup'' in the Menu and press Enter. Then, press "a" and set Serial Device to ''/dev/tty.debug''.<br />
# Press Esc, and in the Main Menu, select ''Save setup as dfl''. Now, select "exit".<br />
# To run minicom using ssh, just run minicom -w<br />
<br />
==Running Minicom 2.2 from MobileTerminal==<br />
'''Note''': minicom does work on MobileTerminal only on root (use su) and only after it has been configured (through the steps above).<br />
# Open MobileTerminal.<br />
# Run the command su, enter your root password (default alpine) and then run minicom -w.<br />
# To exit minicom, slide your finger on the screen ("gesture") to the bottom right (if you haven't changed this setting in MobileTerminal settings), then press A, X and enter.<br />
<br />
==How to run Baseband Commands==<br />
<br />
First, run Minicom. Then, type "at" and press Enter. Then, you can type the command that you want, have fun.<br />
<br />
==Baseband Commands==<br />
===Getting Information===<br />
* '''at+xgendata''': Display some baseband informations<br />
* '''at&v''': Display the profiles in the Baseband (Active Profile, Stored Profile 0 and Stored Profile 1)<br />
* '''at+clac''': Show some baseband commands<br />
* '''at&h''': Show more Baseband Commands<br />
<br />
===Unlock===<br />
* '''at+clck''': Traditional unlock command<br />
* '''at+xlock''': Wildcard unlock<br />
* '''at+xsimstate''': Print lock state (write at+xsimstate=1 to turn on, at+xsimstate=0 to turn off)</div>Drghttps://www.theiphonewiki.com/w/index.php?title=PHaseBanDowngrader&diff=3477PHaseBanDowngrader2009-04-13T02:00:13Z<p>Drg: /* About */</p>
<hr />
<div>==About==<br />
pHaseBanDowngrader is a tool that allows the user to downgrade the [[iPhone 3G]] Baseband from 02.30.03 to 02.28.00 with the [[Baseband Bootloader]] 5.8 (This tool will not work with BL 5.9).<br />
<br />
==Credits==<br />
Exploit: [[Geohot]] and [[iPhone Dev Team]], independently<br><br />
Patch Implementation: [[Geohot]]<br><br />
Script: pH with thanks to EvilPenguin<br />
<br />
==README==<br />
pHaseBanDowngrader - by Pedro Henrique Cavallieri Franceschi.<br />
(a.k.a. pH).<br />
<br />
_____________________________________________________________<br />
Português:<br />
<br />
Para rodar o pHaseBanDowngrader, conecte via SSH ao seu iPhone e copie a pasta baixada (phasebandowngrader) para dentro da pasta "/Applications" no seu iPhone.<br />
OBS: A pasta TEM que se chamar phasebandowngrader, com letras minúsculas!<br />
<br />
Para rodá-lo, entre no MobileTerminal e digite "login". O usuário é "root" e a senha é "alpine" por padrão. Depois, digite: "cd /Applications/phasebandowngrader/" e, em seguida, por final, para rodar o downgrader, digite "./phasebandowngrader".<br />
<br />
Para checar a versão do seu Bootloader, mais informações aqui:<br />
http://www.theiphonewiki.com/wiki/index.php?title=Baseband_Commands<br />
<br />
(rode o at+xgendata no minicom)<br />
<br />
_____________________________________________________________<br />
English: <br />
<br />
To run the pHaseBanDowngrader, connect via SSH to your iPhone and copy the downloaded folder (phasebandowngrader) into the folder "/Applications" on your iPhone. <br />
Note: The folder MUST named phasebandowngrader with lowercase letters! <br />
<br />
To run it, open MobileTerminal and type "login". The user is "root" and password is "alpine" by default. Then type: "cd / Applications/phasebandowngrader/", then, to run the downgrader, type "./phasebandowngrader"<br />
<br />
To check your bootloader version, visit:<br />
http://www.theiphonewiki.com/wiki/index.php?title=Baseband_Commands<br />
<br />
(run at+xgendata in minicom)<br />
<br />
_____________________________________________________________<br />
<br />
Copyright (C) - 2009<br />
iBlogeek.com - Todos os direitos reservados<br />
All rights reserved.<br />
<br />
By pH - 12/04/2009<br />
<br />
==Download links==<br />
* [http://tinyurl.com/phasebandowngrader10 MediaFire]</div>Drg