https://www.theiphonewiki.com/w/api.php?action=feedcontributions&feedformat=atom&user=SrtsThe iPhone Wiki - User contributions [en]2026-06-14T17:01:27ZUser contributionsMediaWiki 1.31.14https://www.theiphonewiki.com/w/index.php?title=N90AP&diff=7890N90AP2010-08-04T18:04:05Z<p>Srts: /* Jailbreaks and Unlocks */</p>
<hr />
<div>This is the iPhone 4. Announced on WWDC keynote in June 2010. It features a new exterior design, 5-megapixel camera with LED flash, the 960x640 Retina Display screen and [[Facetime|FaceTime]] Video Calls<br />
<br />
== [[Application Processor]] ==<br />
It uses the [[S5L8930|Apple A4]] CPU, same as the iPad. It ships with 512MB of RAM, double that of the iPad and iPhone 3GS. [http://www.macrumors.com/2010/06/17/iphone-4-confirmed-to-have-512mb-of-ram-twice-the-ipad-and-3gs/]<br />
<br />
== [[Baseband]] ==<br />
It uses the [[X-Gold 618]].<br />
<br />
== Jailbreaks and Unlocks ==<br />
1 August 2010<br />
[[comex]] releases the [[jailbreak]] called [[Star]]. He revives the [[jailbreakme|jailbreakme.com domain]] from the early jailbreak days.<br />
3 unknown [[exploits]][http://theiphonewiki.com/wiki/index.php?title=Star] are brought forth.<br />
[[ultrasn0w]] can unlock the iPhone 4 as of 3 August 2010.<br />
<br />
== GPS ==<br />
The iPhone 4 uses the [[Broadcom BCM4750]] single-chip GPS receiver, like the iPad. [http://www.ifixit.com/Teardown/iPhone-4-Teardown/3130/3]<br />
<br />
== Specifications ==<br />
'''Color:''' Black or white <br /><br />
'''Size''': 115.2 mm (4.5 inches) (h), 58.6 mm (2.31 inches) (w), 9.3 mm (0.37 inches) (d) <br /><br />
'''Weight''': 135 g (4.8 oz) <br /><br />
'''Battery''': Standby up to 300 hours, talk time up to 7 hours on 3G and up to 14 hours on 2G <br /><br />
'''Rear camera''': 5MP with Autofocus and manual focus (''Tap to focus''), supporting HD video recording @ 30FPS <br /><br />
'''Front camera''': VGA photos and video @ 30 FPS, supporting [[Facetime|FaceTime]] Video Calls<br />
<br />
== Major Upgrades/Difference from [[N88ap|iPhone 3GS]] ==<br />
* A4 processor<br />
* RAM upgrade to 512 MB<br />
* Gyroscope<br />
* Totally new baseband device, firmware, and bootloader<br />
* Two cameras: front (640×480 VGA) and back (5 megapixel)</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Talk:ITunes&diff=5692Talk:ITunes2009-11-23T00:14:11Z<p>Srts: /* iTunes 64 Bit? */</p>
<hr />
<div>Can anyone else confirm "iTunes 8.2.1.6 Does not put signed iBSS/iBEC in temp folder on 3GS restores"? On my system the ECID signed files were available in the temp folder during full 3.0.1 restore. --[[User:CleanAir|CleanAir]] 18:20, 14 August 2009 (UTC)<br />
<br />
I'd also like to know the answer to that as I got the data too on 8.2.1. On a mac if that helps.<br />
--[[User:Sammypwns|sammypwns]] 02:40, 17 August 2009 (UTC)<br />
<br />
== Do we need to mention Palm Pre with each update? ==<br />
<br />
I don't think we need to mention that each iTunes update breaks Pre sync. First of all, this is the '''iPhone''', not Pre wiki. Pre owners can easily find more relevant information elsewhere. And both Apple and Palm seem to not give up that fight easily, and the cat-and-mouse game will continue until either of the following happens:<br />
<br />
1) Palm finds a method to spoof the iPod with no way for Apple to break it without compromising compatibility with existing iPods.<br />
<br />
2) Apple sues Palm and wins.<br />
<br />
3) USB-IF threatens to revoke Palm's license.<br />
<br />
Until then, it'll be fun to watch.--[[User:Blackbox|Blackbox]] 23:11, 29 October 2009 (UTC)<br />
<br />
== iTunes 64 Bit? ==<br />
I was under the influence that iTunes updates shortly after snow leopard allowed iTunes to run in 64bit? If so, should that be posted here?--[[User:Srts|Srts]] 02:55, 20 November 2009 (UTC)<br />
:Nope, iTunes has always been 32-bit on both Windows and Mac OS X. --[[User:Dialexio|Dialexio]] 01:04, 20 November 2009 (UTC)<br />
Okay sorry :) --[[User:Srts|Srts]] 02:55, 20 November 2009 (UTC)<br />
:So uh, why does Apple have a separate 64bit version of iTunes for Vista/7 64bit, if it's only a 32bit program? #noobquestion [[User:Beau|Beau]] 20:19, 20 November 2009 (UTC)<br />
The 64 bit version of iTunes for windows is just that, a 64 bit version, I was just wondering if they had made a 64 bit version of the program for their own OS yet --[[User:Srts|Srts]] 00:29, 21 November 2009 (UTC)<br />
:The "64 bit" version of iTunes for Windows is still a 32-bit application. In fact, both "32-bit" iTunes.exe and "64-bit" iTunes.exe are exactly the same. The only difference are 64-bit drivers for iPhone and iPod and the mini player DLL (that runs inside 64-bit explorer.exe). [[User:Blackbox|Blackbox]] 13:11, 22 November 2009 (UTC)<br />
I'll shut up now. --[[User:Srts|Srts]] 00:13, 23 November 2009 (UTC)</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Talk:ITunes&diff=5691Talk:ITunes2009-11-23T00:13:51Z<p>Srts: </p>
<hr />
<div>Can anyone else confirm "iTunes 8.2.1.6 Does not put signed iBSS/iBEC in temp folder on 3GS restores"? On my system the ECID signed files were available in the temp folder during full 3.0.1 restore. --[[User:CleanAir|CleanAir]] 18:20, 14 August 2009 (UTC)<br />
<br />
I'd also like to know the answer to that as I got the data too on 8.2.1. On a mac if that helps.<br />
--[[User:Sammypwns|sammypwns]] 02:40, 17 August 2009 (UTC)<br />
<br />
== Do we need to mention Palm Pre with each update? ==<br />
<br />
I don't think we need to mention that each iTunes update breaks Pre sync. First of all, this is the '''iPhone''', not Pre wiki. Pre owners can easily find more relevant information elsewhere. And both Apple and Palm seem to not give up that fight easily, and the cat-and-mouse game will continue until either of the following happens:<br />
<br />
1) Palm finds a method to spoof the iPod with no way for Apple to break it without compromising compatibility with existing iPods.<br />
<br />
2) Apple sues Palm and wins.<br />
<br />
3) USB-IF threatens to revoke Palm's license.<br />
<br />
Until then, it'll be fun to watch.--[[User:Blackbox|Blackbox]] 23:11, 29 October 2009 (UTC)<br />
<br />
== iTunes 64 Bit? ==<br />
I was under the influence that iTunes updates shortly after snow leopard allowed iTunes to run in 64bit? If so, should that be posted here?--[[User:Srts|Srts]] 02:55, 20 November 2009 (UTC)<br />
:Nope, iTunes has always been 32-bit on both Windows and Mac OS X. --[[User:Dialexio|Dialexio]] 01:04, 20 November 2009 (UTC)<br />
Okay sorry :) --[[User:Srts|Srts]] 02:55, 20 November 2009 (UTC)<br />
:So uh, why does Apple have a separate 64bit version of iTunes for Vista/7 64bit, if it's only a 32bit program? #noobquestion [[User:Beau|Beau]] 20:19, 20 November 2009 (UTC)<br />
The 64 bit version of iTunes for windows is just that, a 64 bit version, I was just wondering if they had made a 64 bit version of the program for their own OS yet --[[User:Srts|Srts]] 00:29, 21 November 2009 (UTC)<br />
:The "64 bit" version of iTunes for Windows is still a 32-bit application. In fact, both "32-bit" iTunes.exe and "64-bit" iTunes.exe are exactly the same. The only difference are 64-bit drivers for iPhone and iPod and the mini player DLL (that runs inside 64-bit explorer.exe). [[User:Blackbox|Blackbox]] 13:11, 22 November 2009 (UTC)<br />
:I'll shut up now. --[[User:Srts|Srts]] 00:13, 23 November 2009 (UTC)</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Talk:ITunes&diff=5671Talk:ITunes2009-11-21T00:29:23Z<p>Srts: /* iTunes 64 Bit? */</p>
<hr />
<div>Can anyone else confirm "iTunes 8.2.1.6 Does not put signed iBSS/iBEC in temp folder on 3GS restores"? On my system the ECID signed files were available in the temp folder during full 3.0.1 restore. --[[User:CleanAir|CleanAir]] 18:20, 14 August 2009 (UTC)<br />
<br />
I'd also like to know the answer to that as I got the data too on 8.2.1. On a mac if that helps.<br />
--[[User:Sammypwns|sammypwns]] 02:40, 17 August 2009 (UTC)<br />
<br />
== Do we need to mention Palm Pre with each update? ==<br />
<br />
I don't think we need to mention that each iTunes update breaks Pre sync. First of all, this is the '''iPhone''', not Pre wiki. Pre owners can easily find more relevant information elsewhere. And both Apple and Palm seem to not give up that fight easily, and the cat-and-mouse game will continue until either of the following happens:<br />
<br />
1) Palm finds a method to spoof the iPod with no way for Apple to break it without compromising compatibility with existing iPods.<br />
<br />
2) Apple sues Palm and wins.<br />
<br />
3) USB-IF threatens to revoke Palm's license.<br />
<br />
Until then, it'll be fun to watch.--[[User:Blackbox|Blackbox]] 23:11, 29 October 2009 (UTC)<br />
<br />
== iTunes 64 Bit? ==<br />
I was under the influence that iTunes updates shortly after snow leopard allowed iTunes to run in 64bit? If so, should that be posted here?--[[User:Srts|Srts]] 02:55, 20 November 2009 (UTC)<br />
:Nope, iTunes has always been 32-bit on both Windows and Mac OS X. --[[User:Dialexio|Dialexio]] 01:04, 20 November 2009 (UTC)<br />
Okay sorry :) --[[User:Srts|Srts]] 02:55, 20 November 2009 (UTC)<br />
:So uh, why does Apple have a separate 64bit version of iTunes for Vista/7 64bit, if it's only a 32bit program? #noobquestion [[User:Beau|Beau]] 20:19, 20 November 2009 (UTC)<br />
The 64 bit version of iTunes for windows is just that, a 64 bit version, I was just wondering if they had made a 64 bit version of the program for their own OS yet --[[User:Srts|Srts]] 00:29, 21 November 2009 (UTC)</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Talk:ITunes&diff=5666Talk:ITunes2009-11-20T02:55:22Z<p>Srts: lol iFail</p>
<hr />
<div>Can anyone else confirm "iTunes 8.2.1.6 Does not put signed iBSS/iBEC in temp folder on 3GS restores"? On my system the ECID signed files were available in the temp folder during full 3.0.1 restore. --[[User:CleanAir|CleanAir]] 18:20, 14 August 2009 (UTC)<br />
<br />
I'd also like to know the answer to that as I got the data too on 8.2.1. On a mac if that helps.<br />
--[[User:Sammypwns|sammypwns]] 02:40, 17 August 2009 (UTC)<br />
<br />
== Do we need to mention Palm Pre with each update? ==<br />
<br />
I don't think we need to mention that each iTunes update breaks Pre sync. First of all, this is the '''iPhone''', not Pre wiki. Pre owners can easily find more relevant information elsewhere. And both Apple and Palm seem to not give up that fight easily, and the cat-and-mouse game will continue until either of the following happens:<br />
<br />
1) Palm finds a method to spoof the iPod with no way for Apple to break it without compromising compatibility with existing iPods.<br />
<br />
2) Apple sues Palm and wins.<br />
<br />
3) USB-IF threatens to revoke Palm's license.<br />
<br />
Until then, it'll be fun to watch.--[[User:Blackbox|Blackbox]] 23:11, 29 October 2009 (UTC)<br />
<br />
== iTunes 64 Bit? ==<br />
I was under the influence that iTunes updates shortly after snow leopard allowed iTunes to run in 64bit? If so, should that be posted here?--[[User:Srts|Srts]] 02:55, 20 November 2009 (UTC)<br />
:Nope, iTunes has always been 32-bit on both Windows and Mac OS X. --[[User:Dialexio|Dialexio]] 01:04, 20 November 2009 (UTC)<br />
Okay sorry :) --[[User:Srts|Srts]] 02:55, 20 November 2009 (UTC)</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Talk:ITunes&diff=5664Talk:ITunes2009-11-20T00:38:35Z<p>Srts: </p>
<hr />
<div>Can anyone else confirm "iTunes 8.2.1.6 Does not put signed iBSS/iBEC in temp folder on 3GS restores"? On my system the ECID signed files were available in the temp folder during full 3.0.1 restore. --[[User:CleanAir|CleanAir]] 18:20, 14 August 2009 (UTC)<br />
<br />
I'd also like to know the answer to that as I got the data too on 8.2.1. On a mac if that helps.<br />
--[[User:Sammypwns|sammypwns]] 02:40, 17 August 2009 (UTC)<br />
<br />
== Do we need to mention Palm Pre with each update? ==<br />
<br />
I don't think we need to mention that each iTunes update breaks Pre sync. First of all, this is the '''iPhone''', not Pre wiki. Pre owners can easily find more relevant information elsewhere. And both Apple and Palm seem to not give up that fight easily, and the cat-and-mouse game will continue until either of the following happens:<br />
<br />
1) Palm finds a method to spoof the iPod with no way for Apple to break it without compromising compatibility with existing iPods.<br />
<br />
2) Apple sues Palm and wins.<br />
<br />
3) USB-IF threatens to revoke Palm's license.<br />
<br />
Until then, it'll be fun to watch.--[[User:Blackbox|Blackbox]] 23:11, 29 October 2009 (UTC)<br />
<br />
== iTunes 64 Bit? ==<br />
I was under the influence that iTunes updates shortly after snow leopard allowed iTunes to run in 64bit? If so, should that be posted here?</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Blacksn0w&diff=5656Blacksn0w2009-11-17T00:27:14Z<p>Srts: link change</p>
<hr />
<div>[[User:Geohot|Geohot]]'s runtime [[unlock]] for [[baseband]] [[5.11.07]] (used by the [[N82ap|iPhone 3G]] & [[N88ap|3GS]]). blacksn0w exploits the [[AT+XEMN Heap Overflow]], and can be installed via [[blackra1n]] or its [[Cydia]] repo (http://blackra1n.com/).</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Blacksn0w&diff=5655Blacksn0w2009-11-17T00:25:49Z<p>Srts: more links</p>
<hr />
<div>[[User:Geohot|Geohot]]'s runtime unlock for [[baseband]] [[5.11.07]] (used by the [[N82ap|iPhone 3G]] & [[N88ap|3GS]]). blacksn0w [[exploits]] the [[AT+XEMN Heap Overflow]], and can be installed via [[blackra1n]] or its [[Cydia]] repo (http://blackra1n.com/).</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=The_iPhone_Wiki:Spam&diff=5623The iPhone Wiki:Spam2009-11-09T02:34:03Z<p>Srts: .</p>
<hr />
<div>How do we combat this recent spamming of this wiki? I suggest a possible invite system or similar? --[[User:Srts|Srts]] 02:24, 9 November 2009 (UTC)<br />
<br />
I have already blocked account signup, they must have had this account for a while. --[[User:Geohot|geohot]] 02:29, 9 November 2009 (UTC)<br />
<br />
Well if they don't stop, we can't have account creation disabled forever, defeats the purpose of the wiki. People like him are sad. Great work to all the sysops et all. keeping disruption to a minimal :D --[[User:Srts|Srts]] 02:34, 9 November 2009 (UTC)</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=The_iPhone_Wiki:Spam&diff=5621The iPhone Wiki:Spam2009-11-09T02:24:35Z<p>Srts: Combatting Spam?</p>
<hr />
<div>How do we combat this recent spamming of this wiki? I suggest a possible invite system or similar? --[[User:Srts|Srts]] 02:24, 9 November 2009 (UTC)</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=The_iPhone_Wiki:Spam&diff=5619The iPhone Wiki:Spam2009-11-09T02:23:23Z<p>Srts: UGG Cove Boots, Full Package of Comfort, Warmth and Cuteness moved to Spam: Spam</p>
<hr />
<div></div>Srtshttps://www.theiphonewiki.com/w/index.php?title=The_iPhone_Wiki:Spam&diff=5618The iPhone Wiki:Spam2009-11-09T02:22:46Z<p>Srts: Spam</p>
<hr />
<div></div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Timeline&diff=5098Timeline2009-10-12T23:58:37Z<p>Srts: </p>
<hr />
<div>==2009==<br />
<br />
===October===<br />
*October 11 -- [[Geohot]] releases [[blackra1n]], a 30 second software jailbreak for all devices, including a tethered jailbreak for the [[iPod Touch 3G]].<br />
<br />
===July===<br />
* July 14 -- [[Geohot]] releases [[purplesn0w]], a software unlock for the [[iPhone 3GS]] using [[AT+XLOG Vulnerability|the same exploit as ultrasn0w]], but handled differently. Minutes later, an explanation and source code was posted.<br />
* July 7 -- [[The dev team]] updates [[redsn0w]] and [[ultrasn0w]] to version 0.8, now with [[iPhone 3GS]] support. Saurik also updates Winterboard to support the [[iPhone 3GS]].<br />
* July 3 -- [[Geohot]] releases [[purplera1n]], a software jailbreak for the [[iPhone 3GS]].<br />
<br />
===June===<br />
* June 28 -- [[Geohot]] posts pictures on his blog of the first fully jailbroken [[iPhone 3GS]].<br />
* June 25 -- It's discovered that [[iPhone 3GS]] is vulnerable to [[0x24000 Segment Overflow|24kpwn]] exploit.<br />
* June 24 -- [[The dev team]] release [[ultrasn0w]] unlock for [[iPhone 3G]] thanks to [[AT+XLOG Vulnerability|a new exploit]] discovered by [[User:Oranav|Oranav]].<br />
* June 23 -- [[Geohot]] announces he's found a new exploit in [[iBoot]] he calls purplera1n.<br />
* June 19 -- Release of [[iPhone2,1|iPhone 3GS]] to the public and the release of [[PwnageTool|Pwnage Tool 3.0]] and [[RedSn0w|Redsn0w]] for jailbreaking devices running firmware 3.0<br />
* June 17 -- Release of firmware 3.0 to the public.<br />
* June 8 -- Apple announces the [[iPhone2,1|iPhone 3GS]].<br />
<br />
===March===<br />
* March 10 -- The [[0x24000 Segment Overflow|untethered jailbreak]] for the [[iPod touch 2G]] is released thanks to the combined work of chronic, CPICH, posixninja, pod2g, ius, planetbeing, MuscleNerd, and co after being leaked and sold by [[NitroKey]]. To prevent users wasting their money on a stolen exploit, the Hybrid DevTeam decided to release it immediately.<br />
<br />
===January===<br />
* January 31 -- The [[iPhone Dev Team]] released a [[redsn0w Lite]], a tethered jailbreak for the [[N72ap|iPod touch 2G]]. It combines the [[ARM7 Go]] vulnerability with the well-established pwnage flow for other Apple mobile devices. It was bundled in a way that will allow usage on the 2.2.1 firmware through uploading the [[ARM7 Go]] vulnerable 2.1.1 iBoot to the device while in DFU mode.<br />
<br />
* January 25 -- [[0wnboot]] is released to chronicdev google code page, thanks to AriX, chronic, CPICH, westbaer, ius, pod2g, the rest of the iPod devel crew on IRC, and to the #iphone-hax lab rats. Within days, the AriX and the chronic dev team got a ramdisk booting for a tethered jailbreak.<br />
<br />
* January 17 -- MuscleNerd of the [[iPhone Dev Team]] [http://twitter.com/MuscleNerd/status/1127346766 shows a video demo] of the first jailbroken iPod Touch 2G.<br />
<br />
* January 16 -- [[ARM7 Go]] hole disclosed where else but here on The iPhone Wiki, for developers to poke and prod at<br />
<br />
* January 15 -- The [[iPhone Dev Team]] [http://twitter.com/iphone_dev/status/1120595069 tweets the vfdecrypt key] for the [[iPod touch 2G]] 2.2 firmware, demonstrating for the first time that unsigned code can now be run on that device.<br />
<br />
* January 1 -- The [[iPhone Dev Team]] releases [[yellowsn0w]] 0.9 beta for baseband 02.28.00.<br />
<br />
==2008==<br />
<br />
===December===<br />
* December 21 -- [[MuscleNerd]], of [[the dev team]] does a live demo of the 3G unlock, dubbed as 'yellowsn0w': http://qik.com/video/729275<br />
<br />
===August===<br />
* August 18 -- [[The dev team]] releases [http://wikee.iphwn.org/news:pwnage20announcement QuickPwn], a 2.x [[pwnage]]/ramdisk combination exploit that allows jailbreaking without needing to create custom IPSWs.<br />
<br />
===July===<br />
* July 22 -- [[TA_Mobile]] hardware dumps the 3G baseband (bootloader 5.8 & FW 1.45.00) by desoldering the [[NOR]].<br />
* July 19 -- [[The dev team]] releases [[PwnageTool]] 2.0, jailbreaking and unlocking the 2.0 software on the iPhone 2G and jailbreaking the 2.0 software on the iPhone 3G.<br />
* July 11 -- [[iPhone 3G]] is released.<br />
<br />
===June===<br />
* June 9 - [[iPhone 3G]] is announced at [[WWDC]] '08.<br />
<br />
===April===<br />
* April 3 -- Dev team releases [[PwnageTool]] 1.0, making use of the pmdx exploit (to patch RSA checks out of the [[kernel]], to write unsigned to [[NOR]])<br />
<br />
===March===<br />
* March 12 -- Dev team releases dual-boot jailbreak method, only to be silently fixed in 2.0.<br />
* March 4 -- [[User:N000b|George Zhu (n000b)]] releases [[ILiberty / ILiberty%2B]].<br />
<br />
===February===<br />
* February 28 -- [[Cydia]] is released as an open-source alternative to Installer.app, and prepares to take over the jailbreak application scene upon 2.0's release.<br />
* February 11 -- [[Zibri]] releases [[ZiPhone]], the first all-in-one unlock, activate, jailbreak solution.<br />
* February 8 -- [[User:Geohot|geohot]] releases software unlock for 4.6, Apple states 25% of phones were never activated with AT&T.<br />
<br />
===January===<br />
* January 28 -- Dev team releases soft upgrade jailbreak for 1.1.3.<br />
* January 18 -- Geohot and his friends [http://iphonejtag.blogspot.com/2008/01/112-otb-unlocked.html unlocked 1.1.2 OTB 4.6 by test point], the unbeatable version at that time.<br />
* January 18 -- Dev team posts YouTube video of a jailbroken 1.1.3, which was made possible by the dual boot jailbreak from bgm.<br />
<br />
== 2007 ==<br />
===November===<br />
* November 15 -- New baseband [[Bootloader 4.6|bootloader (4.6)]] comes out, new iPhones can't be unlocked.<br />
* November 2 -- [[Jailbreakme]] is released, bringing jailbreaking to the mainstream iPhone user.<br />
<br />
===October===<br />
* October 23 -- iPhone-Elite Team releases the [[Virginizer]].<br />
* October 14 -- AriX releases iJailBreak, the first automated iPod touch jailbreak for the Mac.<br />
* October 12 -- planetbeing releases touchFree, the first automated iPod touch jailbreak.<br />
* October 10 -- niacin, cmw, and dre release the [[LibTiff]] exploit to jailbreak the iPod touch, which is later adapted for use in [[Jailbreakme]].<br />
<br />
===September===<br />
* September 11 -- [[The dev team]] releases [[iUnlock]], first free software unlock.<br />
* September 10 -- [[IPSF]] releases first paid software unlock.<br />
* September 9 -- Apple announces the [[iPod touch]] at a media event.<br />
<br />
===August===<br />
* August 23 -- [[User:Geohot|geohot]] and team release [[hardware unlock]] method.<br />
* August 21 -- Installer.app is released by Nullriver, first GUI apps are distributed.<br />
<br />
===July===<br />
* July 23 -- First phones are used with other carriers by means of [[SIM hacks]].<br />
* July 20 -- nightwatch adapts a [[toolchain]] to the iPhone. The first apps are compiled.<br />
* July 9 -- [[The dev team]] releases a [[jailbreak]] method. The first use of this is ringtones.<br />
* July 3 -- DVD Jon first cracks [[activation]]. People can use the apps on the phone without a subscription.<br />
<br />
===June===<br />
* June 29 -- [[iPhone]] is released. World's most hyped consumer product.</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=IPhone_Dev_Team&diff=4534IPhone Dev Team2009-08-01T14:57:54Z<p>Srts: np101137 it wer not me it waz chronic :P</p>
<hr />
<div>==Blog==<br />
[http://blog.iphone-dev.org Dev Team blog]<br />
<br />
==Current members== <br />
asap18, bgm, Bugout, bushing, c1de0x, chris, CPICH, dinopio, Fred_, ghost_000, gray, iZsh, jim–, marcan, MuscleNerd, netkas, np101137, penisbird, planetbeing, pr3d4t0r, pumpkin, pytey, roxfan, saurik, Turbo, w___, wizdaz, Zf<br />
<br />
==Previous Members==<br />
drudge, [[geohot]], gj, kroo, Nate True, NerveGas, sam, Whiterat, [[Zibri]]<br />
<br />
==See also==<br />
* [[PwnageTool]]<br />
* [[pwnage]]<br />
* [[pwnage 2.0]]<br />
* [[yellowsn0w]]<br />
* [[redsn0w]]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=IPhone_Dev_Team&diff=4526IPhone Dev Team2009-07-31T22:46:33Z<p>Srts: /* Previous Members */</p>
<hr />
<div>==Blog==<br />
[http://blog.iphone-dev.org Dev Team blog]<br />
<br />
==Current members== <br />
asap18, bgm, Bugout, bushing, c1de0x, chris, CPICH, dinopio, Fred_, ghost_000, gray, iZsh, jim–, marcan, MuscleNerd, netkas, penisbird, planetbeing, pr3d4t0r, pumpkin, pytey, roxfan, saurik, Turbo, w___, wizdaz, Zf<br />
<br />
==Previous Members==<br />
drudge, [[geohot]], gj, kroo, Nate True, NerveGas, sam, Whiterat, [[Zibri]]<br />
<br />
==See also==<br />
* [[PwnageTool]]<br />
* [[pwnage]]<br />
* [[pwnage 2.0]]<br />
* [[yellowsn0w]]<br />
* [[redsn0w]]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=IPhone_Dev_Team&diff=4525IPhone Dev Team2009-07-31T22:45:56Z<p>Srts: </p>
<hr />
<div>==Blog==<br />
[http://blog.iphone-dev.org Dev Team blog]<br />
<br />
==Current members== <br />
asap18, bgm, Bugout, bushing, c1de0x, chris, CPICH, dinopio, Fred_, ghost_000, gray, iZsh, jim–, marcan, MuscleNerd, netkas, penisbird, planetbeing, pr3d4t0r, pumpkin, pytey, roxfan, saurik, Turbo, w___, wizdaz, Zf<br />
<br />
==Previous Members==<br />
[[geohot]], gj, kroo, Nate True, drudge, NerveGas, sam, Whiterat, [[Zibri]]<br />
<br />
==See also==<br />
* [[PwnageTool]]<br />
* [[pwnage]]<br />
* [[pwnage 2.0]]<br />
* [[yellowsn0w]]<br />
* [[redsn0w]]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=IPhone_Dev_Team&diff=3888IPhone Dev Team2009-06-21T19:22:31Z<p>Srts: /* Current members */</p>
<hr />
<div>==Blog==<br />
[http://blog.iphone-dev.org Dev Team blog]<br />
<br />
==Current members== <br />
asap18, bgm, Bugout, bushing, c1de0x, chris, CPICH, nopio, drudge, Fred_, ghost_000, gray, iZsh, jim–, marcan, MuscleNerd, netkas, np101137, penisbird, planetbeing, pr3d4t0r, pumpkin, pytey, roxfan, saurik, Turbo, w___, wizdaz, Zf<br />
<br />
==Previous Members==<br />
[[geohot]], gj, kroo, Nate True, NerveGas, sam, Whiterat, [[Zibri]]<br />
<br />
==See also==<br />
* [[PwnageTool]]<br />
* [[pwnage]]<br />
* [[pwnage 2.0]]<br />
* [[yellowsn0w]]<br />
* [[redsn0w]]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Tutorial:Unlock_iPhone_3G_with_TurboSim&diff=3666Tutorial:Unlock iPhone 3G with TurboSim2009-05-05T00:10:16Z<p>Srts: /* TurboSIM Compatibility with Operators */</p>
<hr />
<div>{{disclaimer}}<br />
<br />
This article is a step by step instruction to use a net-locked iPhone-3G with a different provider. <br />
<br />
The dev team states on [http://blog.iphone-dev.org/post/44428446/updates their blog] that the SIM hacks they examined send illegal signals. <br />
<table border=1 width=100%><tr><br />
<td bgcolor=#ffA4A4><br />
<br />
'''Update / Warning:'''<br />
<br />
'''ZeroG''', was '''''not intended''''' ''' to do trickery to your cellular network'''. But due to the way the iPhone's 2.x baseband firmware handles the login, '''actually it does'''. Short overview: ZeroG starts up the SIM replacing MCC / MNC with test IMSI codes, leaving the MSIN untouched. Then it restarts the SIM giving the correct IMSI afterwards. Unfortunately the iPhone asks the SIM exactly ''one'' time for the IMSI, it doesn't care about the restart. So effectively the login into the cellular network is done in test IMSI mode. Now it is up to your provider, how it handles such requests. For normal logins (no turboSIM) the login request is processed by your provider. In the roaming case your login request is routed from the guest provider to your provider. There is no provider for 'test' MCC / MCN. Your provider has to recognize this upon login (This implies you have to manually select cellular network right from the start.) If your provider accepts the test IMSI code and does authentication with your MSIN (this implies, (real) roaming is not possible, as only _your_ provider can process MSIN correctly), everything ''could'' be fine. You don't spoof your identity, there should also be no billing problems. But if you try this method, have successfully installed ZeroG.trb and do _not_ gain access, probably your provider does not accept test IMSI mode. In this case better do not retry as you might risk your IMSI beeing blacklisted.<BR><br />
<br />
</td><br />
</tr><br />
</table><BR><br />
<br />
[[Image:Ip terminal.png | thumb | right | 240px | Swisscom -> O2 Germany]]<br />
<br />
----<br />
<br />
=== Preamble ===<br />
<br />
Apart from the warning and some other things, the method is quite stable if it works with your provider at all. You have to take care of:<br />
* never switch on 3G mode<br />
* before you use your SIM card that you want to unlock, put it in a different 2G phone and manually select provider and check GPRS works<br />
* for GPRS, "data roaming" has to be enabled on the iPhone (it is not roaming for your provider, but the iPhone thinks it's roaming)<br />
<br />
=== Motivation ===<br />
<br />
Everyone who dislikes pink T's, over-priced unlocked iPhones and likes investigating exciting techniques ... (a.s.o.)<br />
<br />
<br><br />
=== Supported Basebands ===<br />
<br />
<table cellpadding=5 border=1><br />
<tr><br />
<td style="text-align: center">Baseband</td><br />
<td style="text-align: center">Exploitable</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">01.43.00</td><br />
<td style="background-color: #c0c0c0; text-align: center">unknown</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">01.45.00</td><br />
<td style="background-color: #64ff64; text-align: center">yes</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">01.48.02</td><br />
<td style="background-color: #64ff64; text-align: center">yes</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">02.04.03</td><br />
<td style="background-color: #c0c0c0; text-align: center">unknown</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">02.08.01</td><br />
<td style="background-color: #64ff64; text-align: center">yes</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">02.11.07</td><br />
<td style="background-color: #64ff64; text-align: center">yes</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">02.28.00</td><br />
<td style="background-color: #64ff64; text-align: center">yes</td><br />
</tr><br />
</table><br />
<br><br />
<br />
=== Prerequisites ===<br />
<br />
You need:<br />
* Jailbroken iPhone 3G with OpenSSH installed (from cydia) and WLAN connection to your PC. ([http://www.iclarified.com/entry/index.php?enid=1558 Jailbreak Tutorial])<br />
* Bladox's TurboSIM. (From http://www.bladox.com)<br />
* SSH client for Windows Users such as Putty ([http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html Putty Download Page])<br />
* SCP client (e.g. [http://winscp.net/eng/download.php#download2 WinSCP]) or FTP Client such as [http://rsug.itd.umich.edu/software/fugu/ Fugu] for Mac and [http://rsug.itd.umich.edu/software/fugu/ SmartFTP] for Windows<br />
* TurboSIM programming sw [[http://dl.free.fr/pzijbVjXl/turbo-cable-utils-iPhone-0.7.0-rev3-firmware-v2.tar.gz download]]<br />
* TurboSIM app zero-g [[http://www.bladox.com/pub/zerog-0.95.tar.gz download]]<br />
<br />
----<br />
<br />
=== Installation ===<br />
<br />
1. Insert your simcard in another 2G phone, and remove the SIM Card Pin Code. You should also go to the Network Selection, and Manually select your network. Then cut your SIM card to fit with the TurboSIM. Google a little bit how to do this, or use YouTube and insert both into your iPhone 3G.<br />
<br />
2. Unpack turbo-cable-utils<br />
<br />
3. Copy contents of bin-iphonev2 to folder /bin/ on your iPhone. (username: root password: alpine)<br />
<br />
4. Unpack zerog-0.95 and copy zerog095.trb to /private/var/root/<br />
<br />
[[Image:Winscp_turbo-utils.png]]<br />
<br />
5. For Windows users, SSH into your iPhone using Putty. For Mac users, SSH into your iPhone using Terminal (Applications::Utilities::Terminal)<br />
<br />
6. Change the permissions of the turbo files to 755<br />
<br />
chmod 755 /bin/turbo-*<br />
<br />
7. Run<br />
launchctl unload -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist<br />
<br />
8. You should now lose your signal, and WiFi. Restart your phone. You will now have WiFi on and CommCentre unloaded.<br />
<br />
9. Run turbo-info<br />
<br />
# turbo-info<br />
initializing modem<br />
modem initiated<br />
OK. No Error<br />
<br />
NOTE: If you get an error from turbo-info, look for turbo-iphone-smsreset and run it.<br />
<br />
10. Now run turbo-app /private/var/root/zerog095.trb<br />
<br />
# turbo-app /private/var/root/zerog095.trb <br />
SRC /private/var/root/zerog095.trb<br />
SIZE 1032<br />
initializing modem<br />
modem initiated<br />
OK. No Error<br />
<br />
11. Run <br />
launchctl load -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist<br />
<br />
12. Now you should see Zero-G in the Sim Applications in Settings -> Phone -> Sim Applications<br />
<br />
<br />
<br />
[[Image:Ip_simapp.png]]<br />
<br />
[[Image:Ip_zerog.png]]<br />
<br />
<br />
<br />
14. Click on Zero-G<br />
<br />
15. Remove your card and TurboSIM from the 1st Generation iPhone<br />
<br />
16. You will get No Service<br />
<br />
[[Image:Ip_noservice.png]]<br />
<br />
<br />
17. Open Settings -> Phone -> Sim Applications and click on Zero-G<br />
You may be interrupted by a popup which says Going to Switch, just choose Accept (Green Button) If you do not get interrupted, it will appear in a minute after choosing Zero-G from Sim Applications.<br />
<br />
<br />
<br />
[[Image:Ip_zerog2.png]]<br />
<br />
<br />
18. That's it!!<br />
<br />
[[Image:Ip_unlocked.png]]<br />
<br />
----<br />
<br />
=== 2G data settings ===<br />
* roaming must be enabled<br />
* make sure APN settings are correct (if APN options don't show up, just install a configuration file created with Apple's 'Web Configuration Utility' ([http://www.apple.com/support/downloads/iphoneconfigurationwebutility10formac.html Mac] / [http://www.apple.com/support/downloads/iphoneconfigurationwebutility10forwindows.html Windoze]) (In Windoze you can reach it with http://localhost:3000 ). Send this file to yourself and open it with the mail client.<br />
* in BossPref (if you don't use it, don't care) 'edge' should be left enabled, even if network does not provide it (seems the BossPref option is a little bit misleading and 'edge' actually means 'GPRS/edge')<br />
<br />
=== 3G-SIM / USIM ===<br />
<br />
A new adapter was released in December 2008 (Gevey-3G Plus 2) which allows full unlocking of any firmware version (2.2 and previous), without the need of first placing the simcard in another unlocked device. You may have to turn 3G off, then insert the adapter placed with your sim card. After that you can turn 3G on. You'll have a full unlocked iPhone, including 3G signal. Also, this particular adapter does not require to cut your simcard, since the memory component is placed in the bottom part. This new version allows "flight mode" use, seamless 3G/EDGE working, as well other functions. In some cases a jailbreaking is needed in order to have it working properly.<br />
<br />
It works with (some?) USIMs (blau.de Germany) as well. 3G '''must not be activated''' on the iPhone. Once 3G is activated, it stops working, even if it is deactivated afterwards. To revive such SIM, put it in a non UMTS capable phone (did it together with turboSIM), check phone and GPRS functions and then this USIM will work again on the iPhone-3G. The SIM application (zero-g) was not visible, but it worked though. If GPRS does not work after a while (3 minutes or so), reboot your phone and try again.<br />
<br />
=== GPRS-'Fix' ===<br />
<br />
Today GPRS stopped working for me. Seems to be there are some 'states', stored on the SIM. This fixed the issue:<br />
* removed SIM+TSim<br />
* put SIM (without TSim) into non UMTS, but GPRS/edge mobile<br />
* checked GPRS<br />
* repacked Sim+TSim and put it back to the iPhone<br />
<br />
Voilà, here we go :-) GPRS for another few days :-)<br />
<br />
Tho' this might really not be the ultimate solution, I could hardly switch back to my old XDA Orbit. But XDA is a good device to revive the TSim solution... For that, I still love it a litte bit ;-)<br />
<br />
<br />
=== Stuck in No Signal after a period ===<br />
<br />
Randomly you can get stuck in a bad No Signal. To correct that:<br />
<br />
* remove SIM+TSim<br />
* put SIM (without TSim) into non 3G phone<br />
* Manually select your provider (desired to unlock) network<br />
* repack Sim+TSim and put it back to the iPhone<br />
<br />
Here we go again, unlock iphone for a few days more also.<br />
<br />
<br><br />
<br />
=== TurboSIM Compatibility with Operators ===<br />
<br />
Actually this table gives a rough overview of all *sim solutions because it reflects working of MCC/MNC = 001/01 and all *sim known so far use this method. The table doesn't give information about 3G though, as turbosim does not support 3G SIM-ME communication at the moment. So could be, some *sim solutions work with 3G where this table indicates no. Most probably there isn't any *sim solution that works in a specific configuration if this table indicates 'no' for the method at all.<br><br />
<br />
{| class="wikitable sortable" style="text-align: center; width: auto; table-layout: fixed; border-collapse: collapse;" border="1"<br />
|-<br />
! Country<br />
! Unlocked Provider<br />
! SIM/USIM<br />
! Calls?<br />
! SMS?<br />
! GPRS/EDGE?<br />
! UMTS/HSDPA?<br />
! Comments<br />
|-<br />
| Brazil<br />
| TIM<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| 3G signal with Gevey-3G adapter. Turn off 3G, insert simcard, then turn 3G on.<br />
|-<br />
| Brazil<br />
| Claro<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| 3G signal with Gevey-3G adapter. Turn off 3G, insert simcard, then turn 3G on.<br />
|-<br />
| Brazil<br />
| Vivo (Telefónica)<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| 3G signal with Gevey-3G adapter. Turn off 3G, insert simcard, then turn 3G on.<br />
|-<br />
| Brazil<br />
| Oi<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| 3G signal with Gevey-3G adapter. Turn off 3G, insert simcard, then turn 3G on.<br />
|-<br />
| Germany<br />
| Blau.de<br />
| USIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{no}}<br />
| <br />
|-<br />
| Germany<br />
| Congstar<br />
| USIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{no}}<br />
| {{no}}<br />
| N/A<br />
|-<br />
| Germany<br />
| O2<br />
| USIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| They realized the challenge, striking back. Don't stress them. Don't use it.<br />
|-<br />
| Germany<br />
| O2<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| N/A<br />
| They realized the challenge, striking back. Don't stress them. Don't use it.<br />
|-<br />
| Israel<br />
| Orange (Partner)<br />
| USIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{no}}<br />
| <br />
|-<br />
| Jordan<br />
| Orange<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| <br />
|-<br />
| Jordan<br />
| Umniah<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| <br />
|-<br />
| Jordan<br />
| Zain<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| <br />
|-<br />
| Netherlands<br />
| KPN<br />
| USIM<br />
| {{yes}}<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| Unstable.<br />
|-<br />
| Turkey<br />
| Turkcell<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
|<br />
|-<br />
| UK<br />
| Orange<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| N/A<br />
|<br />
|-<br />
| UK<br />
| Tesco<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| N/A<br />
| <br />
|-<br />
| UK<br />
| Virgin<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| N/A<br />
| <br />
|-<br />
| UK<br />
| Vodafone<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| N/A<br />
|<br />
|-<br />
| N/A<br />
| T-Mobile<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| N/A<br />
|<br />
|-<br />
| Bermuda<br />
| Mobility<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| No Signal, Works With Yellowsn0w, but loses signal as soon as TurboSim is insrted.<br />
|-<br />
| Australia<br />
| Three<br />
| USIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{no}}<br />
| {{yes}}<br />
| Airplane mode not working. Turn 3G off needs reboot if you want signal again. Using "i-SmartPhone" TSim<br />
|-}<br />
<br />
=== Remarks ===<br />
<br />
* Important is you get zero-g into your turboSim. So you could also try with a first gen iphone, this needs the other version of turbo-cable-utils (bin-iphonev1) in case you didn't upgrade to 2.x yet.<br />
* If you get ''ERROR: Not Enough RAM'' run '''turbo-rm-apps'''<br />
* If you should encounter any problems with your TurboSIM (no access anymore, wrong app, ...) there is an easy method to remove installed turbo sim applications: instead of giving your SIM-Pin, enter the TPIN which you can find next to the serial number on the cover. This will reset your TurboSIM. Afterwards the phone asks a second time for your PIN, now use the SIM-Pin.<br />
<br />
<br />
[[Category:Unlocking Methods]]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Ultrasn0w&diff=3525Ultrasn0w2009-04-14T21:36:07Z<p>Srts: /* Compatibility */</p>
<hr />
<div>The first [[iPhone 3G]] [[Unlock 2.0|unlock]] payload. Released on 01/01/09. [http://blog.iphone-dev.org/post/67797811/dont-eat-yellowsn0w]<br />
<br />
==Credit==<br />
MuscleNerd, and [[The dev team]]<br />
<br />
==Exploit==<br />
Relies on an unsigned code injection vulnerability.<br />
<br />
The actual unlock works by a daemon patching the baseband's RAM on-the-fly, overriding the carrier lock code. It is not permanent because of the signature checks - the bootloader has to pass the sigchecks and the baseband has to pass them too, so any change to the baseband/bootloader cannot be made.<br />
<br />
==Current Injection Vector==<br />
yellowsn0w refers to the reuseable '''payload''', but it requires an injection vector in order to be inserted into the baseband. yellowsn0w was originally to be released with an injection vector that works on pre-2.28.00 baseband versions. However, [[geohot]] had an injection vector for 2.28.00 and the decision was made to release yellowsn0w with this injection vector to benefit the most people.<br />
<br />
The injection vector is discussed [[AT+stkprof Exploit|here]]<br />
<br />
==Payload w/ Comments (by Darkmen) ===<br />
<br />
The exploit consists from 4 parts:<br />
<br />
===Code loader===<br />
<pre><br />
ROM:00000000 ; =============== S U B R O U T I N E =======================================<br />
ROM:00000000<br />
ROM:00000000<br />
ROM:00000000 loader<br />
ROM:00000000 LDR R2, =0x11700 ; unused ram to place code<br />
ROM:00000002 ADDS R4, R2, #1 ; thumb switch<br />
ROM:00000004 LDR R3, =0x40159FBF ; at-handler buffer where stage2 binary and following hexdata are<br />
ROM:00000006<br />
ROM:00000006 copy.loop ; CODE XREF: loader+12�j<br />
ROM:00000006 LDRB R0, [R3] ; copying code+data until double quotes<br />
ROM:00000008 CMP R0, #0x22 ; '"'<br />
ROM:0000000A BEQ run ; jump thumb code<br />
ROM:0000000C STRB R0, [R2]<br />
ROM:0000000E ADDS R2, #1<br />
ROM:00000010 ADDS R3, #1<br />
ROM:00000012 B copy.loop ; <br />
ROM:00000014 run ; CODE XREF: loader+A�j<br />
ROM:00000014 BX R4 ; jump stage2 code<br />
ROM:00000014 ; End of function loader<br />
ROM:00000014<br />
ROM:00000014 ; ---------------------------------------------------------------------------<br />
</pre><br />
<br />
===Stage2(tm)===<br />
<pre><br />
RAM:00000000 ; =============== S U B R O U T I N E =======================================<br />
RAM:00000000 stage2<br />
RAM:00000000 ADDS R2, #0x10 ; R2 = 0x11700 + stage2 size<br />
RAM:00000002 MOVS R7, #0xF<br />
RAM:00000004 BICS R2, R7 ; align offset by 0x10<br />
RAM:00000006 ADDS R7, R2, #0 ; saving address to jump<br />
RAM:00000008 ADR R4, 0x44 ; skipping Stage2 size and taking first char from at-string<br />
RAM:0000000A ADR R5, char2byte ; loading routine addr<br />
RAM:0000000C ADDS R5, #1 ; thumb<br />
RAM:0000000E<br />
RAM:0000000E loop ; CODE XREF: stage2+2C�j<br />
RAM:0000000E LDRB R1, [R4] ; at-string[index]<br />
RAM:00000010 CMP R1, #'x' ; end of line?<br />
RAM:00000012 BEQ jump_code<br />
RAM:00000014 BLX R5 ; char2byte first hakfbyte<br />
RAM:00000016 LSLS R3, R1, #4 ; <<4 0X becoming X0<br />
RAM:00000018 LDRB R1, [R4,#1] ; at-string[index+1]<br />
RAM:0000001A BLX R5 ; char2hex second halfbyte<br />
RAM:0000001C NOP<br />
RAM:0000001E NOP<br />
RAM:00000020 NOP<br />
RAM:00000022 NOP<br />
RAM:00000024 ADDS R1, R1, R3 ; R1 = complete byte<br />
RAM:00000026 STRB R1, [R2] ; storing byte to dst<br />
RAM:00000028 ADDS R4, #2 ; hexstr_index+=2<br />
RAM:0000002A ADDS R2, #1 ; dst++<br />
RAM:0000002C B loop ; at-string[index]<br />
RAM:0000002E jump_code<br />
RAM:0000002E NOP<br />
RAM:00000030 NOP<br />
RAM:00000032 ADDS R7, #1 ; thumbing<br />
RAM:00000034 BX R7 ; run Task creator code<br />
RAM:00000034 ; End of function stage2<br />
RAM:00000038<br />
RAM:00000038 ; =============== S U B R O U T I N E =======================================<br />
RAM:00000038 char2byte ; DATA XREF: stage2+A�o<br />
RAM:00000038 CMP R1, #0x41 ; 'A'<br />
RAM:0000003A BGE letter ; letter to number<br />
RAM:0000003C SUBS R1, #0x30 ; '0' ; digit to number<br />
RAM:0000003E BX LR<br />
RAM:00000040 letter ; CODE XREF: char2byte+2�j<br />
RAM:00000040 SUBS R1, #0x37 ; '7' ; letter to number<br />
RAM:00000042 BX LR ; ret<br />
RAM:00000042 ; End of function char2byte<br />
</pre><br />
<br />
===Task creator===<br />
<pre><br />
RAM:000119A0 ; =============== S U B R O U T I N E =======================================<br />
RAM:000119A0<br />
RAM:000119A0<br />
RAM:000119A0 handler_replace<br />
RAM:000119A0 LDR R0, =0x4011714C ; soft reset handler addr<br />
RAM:000119A2 ADR R1, new_handler<br />
RAM:000119A4 ADDS R1, #1 ; thumbing<br />
RAM:000119A6 STR R1, [R0] ; setting new handler<br />
RAM:000119A8 POP {R0-R4,PC} ; safe exit fixing stack<br />
RAM:000119A8 ; End of function handler_replace<br />
<br />
RAM:000119B0 ; =============== S U B R O U T I N E =======================================<br />
RAM:000119B0<br />
RAM:000119B0<br />
RAM:000119B0 new_handler ; DATA XREF: handler_replace+2�o<br />
RAM:000119B0 PUSH {R4-R7,LR}<br />
RAM:000119B2 LDR R3, =0x403BB344 ; jamptable var<br />
RAM:000119B4 MOVS R6, #0x80<br />
RAM:000119B6 SUB SP, SP, #0x2C<br />
RAM:000119B8 LSLS R6, R6, #4 ; 0x200<br />
RAM:000119BA STRH R0, [R3] ; saving R0 to mem var<br />
RAM:000119BC STR R1, [SP,#0x40+resp_string] ; saving responce prt to stack<br />
RAM:000119BE LDR R4, =0x201420AC ; malloc<br />
RAM:000119C0 ADDS R0, R6, #0<br />
RAM:000119C2 BLX R4 ; malloc(0x200)<br />
RAM:000119C4 MOVS R5, #0<br />
RAM:000119C6 STR R0, [SP,#0x40+ptr_200] ; saving pointer to stack<br />
RAM:000119C8 MOVS R0, #0x98 ; sizeof(NU_TASK)<br />
RAM:000119CA BLX R4 ; malloc(0x98)<br />
RAM:000119CC ADDS R7, R0, #0 ; R7 = task<br />
RAM:000119CE STR R5, [R0,#0xC] ; task.field=0<br />
RAM:000119D0 MOVS R0, 0x100<br />
RAM:000119D4 BLX R4 ; malloc(0x100)<br />
RAM:000119D6 MOVS R2, #0x80<br />
RAM:000119D8 LDR R1, =task_loop ; src<br />
RAM:000119DA LSLS R2, R2, #1 ; size to copy<br />
RAM:000119DC LDR R3, =0x203C58A0 ; bytecpy<br />
RAM:000119DE ADDS R4, R0, #0 ; R4 = dyn_task_loop<br />
RAM:000119E0 BLX R3 ; bytecpy(task_loop, dyn_task_loop, 0x100)<br />
RAM:000119E2 LDR R3, [SP,#0x40+ptr_200]<br />
RAM:000119E4 STR R3, [SP,#4] ; void *stack_address = malloc(0x200)<br />
RAM:000119E6 MOVS R3, #0x44<br />
RAM:000119E8 STR R3, [SP,#0xC] ; priority = 0x44<br />
RAM:000119EA MOVS R3, #0xA<br />
RAM:000119EC ADDS R4, #1 ; thumbing dyn_task_loop<br />
RAM:000119EE STR R3, [SP,#0x14] ; preempt = NU_PREEMPT<br />
RAM:000119F0 MOVS R3, #0xC<br />
RAM:000119F2 ADDS R2, R4, #0 ; void(*task_entry)<br />
RAM:000119F4 STR R3, [SP,#0x18] ; auto_start = NU_START<br />
RAM:000119F6 LDR R1, =devteam1 ; char *name<br />
RAM:000119F8 STR R5, [SP] ; void *argv = 0<br />
RAM:000119FA STR R6, [SP,#8] ; stack_size = 0x200<br />
RAM:000119FC STR R5, [SP,#0x10] ; time_slice = 0<br />
RAM:000119FE ADDS R0, R7, #0 ; NU_TASK *task<br />
RAM:00011A00 MOVS R3, #0 ; int argc = 0<br />
RAM:00011A02 LDR R4, =0x203FB540 ; NU_Create_Task<br />
RAM:00011A04 BLX R4 ; status = NU_Create_Task()<br />
RAM:00011A06 ADDS R2, R0, #0<br />
RAM:00011A08 CMP R0, #0 ; success = zero<br />
RAM:00011A0A BNE status_error<br />
RAM:00011A0C LDR R1, =OK<br />
RAM:00011A0E LDR R0, [SP,#0x40+resp_string]<br />
RAM:00011A10 LDR R3, =0x2046DD00 ; sprintf<br />
RAM:00011A12 BLX R3 ; sprintf(resp_string,"OK")<br />
RAM:00011A14 B exit ; fixing stack<br />
RAM:00011A16 ; ---------------------------------------------------------------------------<br />
RAM:00011A16<br />
RAM:00011A16 status_error ; CODE XREF: new_handler+5A�j<br />
RAM:00011A16 LDR R1, =ERROR<br />
RAM:00011A18 LDR R0, [SP,#0x40+resp_string]<br />
RAM:00011A1A LDR R3, =0x2046DD00 ; sprintf<br />
RAM:00011A1C BLX R3 ; sprintf(resp_string,"ERROR")<br />
RAM:00011A1E<br />
RAM:00011A1E exit ; CODE XREF: new_handler+64�j<br />
RAM:00011A1E ADD SP, SP, #0x2C ; fixing stack<br />
RAM:00011A20 POP {R4-R7,PC} ; bye<br />
RAM:00011A20 ; End of function new_handler<br />
RAM:00011A20<br />
RAM:00011A20 ; ---------------------------------------------------------------------------<br />
</pre><br />
<br />
===Unlock task loop===<br />
<pre><br />
RAM:00011A64 ; =============== S U B R O U T I N E =======================================<br />
RAM:00011A64<br />
RAM:00011A64 task_loop ; DATA XREF: RAM:off_11A2C�o<br />
RAM:00011A64 PUSH {R4,R5,LR}<br />
RAM:00011A66 LDR R5, =0x40232754 ; sec mailbox<br />
RAM:00011A68 SUB SP, SP, #0x14<br />
RAM:00011A6A<br />
RAM:00011A6A loop ; CODE XREF: task_loop+44�j<br />
RAM:00011A6A LDR R3, =0x20165998 ; NU_Receive_From_Mailbox<br />
RAM:00011A6C ADDS R0, R5, #0 ; NU_MAILBOX *mailbox<br />
RAM:00011A6E MOV R1, SP ; void *Message<br />
RAM:00011A70 MOVS R2, #0xFF ; Timeout<br />
RAM:00011A72 BLX R3 ; NU_Receive_From_Mailbox(sec_mailbox,SP,0xFF)<br />
RAM:00011A74 LDR R3, [SP] ; Message[0]<br />
RAM:00011A76 CMP R3, #0xD ; Message[0] = 0xD ?<br />
RAM:00011A78 BNE skip ; <br />
RAM:00011A7A LDR R1, [SP,#4] ; Message[1]<br />
RAM:00011A7C LDR R3, =0x402F79BC<br />
RAM:00011A7E LDR R2, [R1] ; Message[1].field0<br />
RAM:00011A80 STR R2, [R3] ; sec_task_var1 = Message[1].field0<br />
RAM:00011A82 ADDS R3, #4 ; 0x402F79C0<br />
RAM:00011A84 LDR R2, [R1,#4] ; Message[1].field1<br />
RAM:00011A86 STR R2, [R3] ; sec_task_var2 = Message[1].field1<br />
RAM:00011A88 LDR R2, [R1,#8] ; Message[1].field2<br />
RAM:00011A8A LDR R3, =0x100FF00<br />
RAM:00011A8C STR R3, [R2] ; Message[1].field2[0] = 0x100FF00<br />
RAM:00011A8E LDR R3, =0x4020401<br />
RAM:00011A90 STR R3, [R2,#4] ; Message[1].field2[1] = 0x4020401<br />
RAM:00011A92 LDR R3, =0x4040403<br />
RAM:00011A94 STR R3, [R2,#8] ; Message[1].field2[2] = 0x4040403<br />
RAM:00011A96 MOVS R3, #1<br />
RAM:00011A98 STR R3, [R1,#0xC] ; Message[1].field3 = 1<br />
RAM:00011A9A MOVS R3, #0x20 <br />
RAM:00011A9C STR R3, [SP] ; Message[0] = 0x20<br />
RAM:00011A9E<br />
RAM:00011A9E skip ; CODE XREF: task_loop+14�j<br />
RAM:00011A9E ADDS R0, R5, #0 ; sec mailbox<br />
RAM:00011AA0 MOV R1, SP ; void *Message<br />
RAM:00011AA2 MOVS R2, #0xFF ; timeout<br />
RAM:00011AA4 LDR R3, =0x203ED568<br />
RAM:00011AA6 BLX R3 ; NU_Send_To_Mailbox()<br />
RAM:00011AA8 B loop ; NU_Receive_From_Mailbox<br />
RAM:00011AA8 ; End of function task_loop<br />
</pre><br />
<br />
==Source Code==<br />
The source code for yellowsn0w is now live [http://xs1.iphwn.org/releases/yellowsn0w.tar.bz2]<br />
<br />
==Compatibility==<br />
<br />
{| class="wikitable sortable" style="text-align: center; width: auto; table-layout: fixed; border-collapse: collapse;" border="1"<br />
|-<br />
! Country<br />
! Provider<br />
! yellowsn0w Version<br />
! SIM/USIM<br />
! Ingoing Calls?<br />
! Outgoing Calls?<br />
! SMS?<br />
! GPRS/EDGE?<br />
! UMTS/HSDPA?<br />
! Comments<br />
|-<br />
| Bermuda<br />
| Mobility<br />
| 0.9.8<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| Works perfectly. <br />
|-<br />
| Germany<br />
| O2<br />
| 0.9.6<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| <br />
|-<br />
| Israel<br />
| IL Orange<br />
| 0.9.6<br />
| USIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| Works perfect.<br />
|}<br />
<br />
Additional information:<br />
http://report.yellowsn0w.com/<br />
<br />
==See Also==<br />
* [[Unlock 2.0]]<br />
* [[X-Gold 608]]<br />
* [[Baseband]]<br />
<br />
==External links==<br />
* [http://chronic-dev.org/blog/2008/12/props/ Chronic Dev's post about Yellowsn0w]<br />
* [http://blog.iphone-dev.org/post/65126957/tis-the-season-to-be-jolly Yellowsn0w Announcement]<br />
* [http://qik.com/video/729275 MuscleNerd's Demo]<br />
* [http://yellowsn0w.com Official Website]<br />
<br />
[[Category:Unlocking Methods]]<br />
[[Category:Baseband]]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Baseband_Bootloader&diff=2944Baseband Bootloader2009-02-04T20:00:21Z<p>Srts: </p>
<hr />
<div>The baseband bootloader is the code which runs before the baseband FW, it is responsible for signature checking and updating the baseband. See also [[bootloader]].<br />
<br />
==3.9==<br />
This is the old bootloader from the [[iPhone]]/[[S-Gold 2]]. It is vulnerable to [[Minus 0x400]] and [[IPSF]]<br />
<br />
==4.6==<br />
This is the new bootloader from the [[iPhone]]/[[S-Gold 2]]. It is vulnerable to [[Minus 0x20000 with Back Extend Erase]]<br />
<br />
==5.8==<br />
This is the bootloader from the [[iPhone 3G]]/[[X-Gold 608]]. Currently it has no known exploits. It is, in contrast to 3.9 and 4.6, sig checked on startup. DWD_ICE2_SECURE_BOOTLOADER/Secure_ICE2_Bootloader.5.8.fls.<br />
<br />
==5.9==<br />
This is the latest bootloader of iPhone 3G/X-Gold 608. Still has no known exploits and it was released as soon as Apple knew The Dev Team could downgrade their iPhone 3G baseband from 1.48 to 1.45. Now, all the iPhone 3G has bootloader 5.9. DWD_ICE2_SECURE_BOOTLOADER/Secure_ICE2_Bootloader.5.9.fls</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Baseband_Bootloader&diff=2943Baseband Bootloader2009-02-04T19:59:41Z<p>Srts: </p>
<hr />
<div>The baseband bootloader is the code which runs before the baseband FW, it is responsible for signature checking and updating the baseband. See also [[bootloader]].<br />
<br />
==3.9==<br />
This is the old bootloader from the [[iPhone]]/[[S-Gold 2]]. It is vulnerable to [[Minus 0x400]] and [[IPSF]]<br />
<br />
==4.6==<br />
This is the new bootloader from the [[iPhone]]/[[S-Gold 2]]. It is vulnerable to [[Minus 0x20000 with Back Extend Erase]]<br />
<br />
==5.8==<br />
This is the bootloader from the [[iPhone 3G]]/[[X-Gold 608]]. Currently it has no known exploits. It is, in contrast to 3.9 and 4.6, sig checked on startup. DWD_ICE2_SECURE_BOOTLOADER/Secure_ICE2_Bootloader.5.8.fls.<br />
<br />
==5.9==<br />
This is the lastet bootloader of iPhone 3G/X-Gold 608. Still has no kwown exploits and it was released as soon as Apple knew The Dev Team could downgrade their iPhone 3G baseband from 1.48 to 1.45. Now, all the iPhone 3G has bootloader 5.9. DWD_ICE2_SECURE_BOOTLOADER/Secure_ICE2_Bootloader.5.9.fls</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=QuickOIB&diff=2935QuickOIB2009-02-01T18:24:03Z<p>Srts: /* Support */</p>
<hr />
<div>=An Easy Install Of Open iBoot On A Device=<br />
==Developed by pH==<br />
*Quickly and easily installs QuickOIB temporarily on a device.<br />
*Works much like a linux live cd.<br />
<br />
==Support==<br />
*Mac OSX<br />
*Ubuntu 8.10 <br />
<br />
<br />
<br />
See [http://www.quickoib.com/ The Quick OIB Home Page]<br />
[http://files.quickoib.com/quickoib_1.0.zip Download]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=QuickOIB&diff=2934QuickOIB2009-02-01T18:22:14Z<p>Srts: /* Support */ 1</p>
<hr />
<div>=An Easy Install Of Open iBoot On A Device=<br />
==Developed by pH==<br />
*Quickly and easily installs QuickOIB temporarily on a device.<br />
*Works much like a linux live cd.<br />
<br />
==Support==<br />
*Mac OSX<br />
*Ubuntu 8.10 <br />
<br />
<br />
<br />
See [http://www.quickoib.com/ The Quick OIB Home Page]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=QuickOIB&diff=2933QuickOIB2009-02-01T18:21:53Z<p>Srts: /* An Easy Install Of OIb On A Device */</p>
<hr />
<div>=An Easy Install Of Open iBoot On A Device=<br />
==Developed by pH==<br />
*Quickly and easily installs QuickOIB temporarily on a device.<br />
*Works much like a linux live cd.<br />
<br />
==Support==<br />
*Mac OSX<br />
*Ubuntu 8.10 <br />
<br />
See [http://www.quickoib.com/ The Quick OIB Home Page]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=QuickOIB&diff=2932QuickOIB2009-02-01T18:20:43Z<p>Srts: Added Information</p>
<hr />
<div>=An Easy Install Of OIb On A Device=<br />
==Developed by pH==<br />
*Quickly and easily installs QuickOIB temporarily on a device.<br />
<br />
==Support==<br />
*Mac OSX<br />
*Ubuntu 8.10 <br />
<br />
See [http://www.quickoib.com/ The Quick OIB Home Page]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=IDroid&diff=2930IDroid2009-02-01T18:15:12Z<p>Srts: /* See */</p>
<hr />
<div>[[Image:Openiboot.png|thumb|right|200px|Device running the OpeniBoot console.]]<br />
[http://iphonelinux.org iPhonelinux] is a project which goals are to port linux on the iPhone and make a Free (free software) OS alternative to the Apple proprietary "[http://en.wikipedia.org/wiki/IPhone_OS iPhone OS]".<br />
<br />
iPhonelinux is not actually a hack/exploit neither an unlock, but it is based on the [[Pwnage]] exploit.<br />
<br />
There are three steps in the iPhonelinux roadmap : OpeniBoot, linux kernel and long term (GUI, phone...)<br />
<br />
== OpeniBoot ==<br />
The Goals of OpeniBoot is to run low-level code, to have low and critical drivers (nand and nor driver, NVRAM...), debugger and development environment (chainloading, upgrading itself and USB mass storage).<br />
<br />
== Linux ==<br />
A linux Bootloader, a working linux kernel (just a question of cross-compiler), porting drivers, run wifi and command line thru SSH.<br />
<br />
== Long-Term Plans ==<br />
Multi-touch driver, Baseband driver, port X server and create an SDK.<br />
Then have a viable alternative of the iPhone OS.<br />
<br />
== Binaries ==<br />
<br />
These are utility binaries precompiled on Ubuntu 8.10. They require:<br />
<br />
- libpthread<br />
- libncurses<br />
- libusb<br />
- libreadline<br />
<br />
You may elect to build them from source by pulling from<br />
iphonelinux/openiboot's git repository.<br />
<br />
== Disclaimer ==<br />
<br />
BE WARNED THAT THESE STEPS ARE NOT INTENDED FOR NOVICES. YOU ATTEMPT THIS AT<br />
YOUR OWN RISK. AT THIS TIME, WE CANNOT AFFORD THE EFFORT REQUIRED TO GIVE<br />
SUPPORT TO NOVICES AND/OR RESCUE THEM FROM THEIR OWN ACTIONS.<br />
<br />
Although unlikely, if the installation goes wrong, you may have to perform a<br />
DFU restore on your iPhone. If you do not know how to do that, you should not<br />
follow these steps. You should also know how to use iRecovery (or similar) and<br />
the fsboot command to "kick an iPhone out of recovery mode". If you do not<br />
know how to do that, you should not follow these steps.<br />
<br />
The installation of openiboot itself is safe, but openiboot has the facility<br />
to erase device-specific information from your NOR flash. If you did not make<br />
a backup, and execute the commands necessary to make openiboot erase that<br />
information, it is gone forever and your device may never boot properly again.<br />
<br />
The instructions below will show you how to make such a backup before any<br />
changes are made.<br />
<br />
== Installing OpeniBoot ==<br />
<br />
1. Put your iPhone in [[Recovery Mode]].<br />
<br />
2. sudo ./loadibec openiboot-2g.img3, or -3g, -ipod, depending on your platform.<br />
<br />
3. sudo ./oibc<br />
<br />
4. nor_read 0x09000000 0x0 1048576<br />
<br />
5. ~norbackup.dump:1048576. This will create a file called norbackup.dump in your current directory. GUARD IT WITH YOUR LIFE.<br />
<br />
6. install<br />
<br />
7. After 'install' has finished, type in: reboot.<br />
<br />
8. You ought to see the openiboot menu.<br />
<br />
===See===<br />
* [[QuickOIB]]<br />
<br />
== Booting Linux ==<br />
<br />
<br />
Use the Hold button to navigate the menu. Push the Home button<br />
when openiboot client is selected.<br />
sudo ./oibc<br />
!zImage<br />
kernel<br />
!rootfs.arm.ext2.gz<br />
ramdisk 3588<br />
boot "console=tty console=ttyUSB root=/dev/ram0 rw"<br />
sudo ./linux<br />
<br />
You should now get a login prompt. Nothing that's happening will show up on<br />
the LCD automatically, but you can redirect it to the display with the<br />
following command:<br />
<br />
sh 2>&1 > /dev/tty0<br />
<br />
Enjoy!<br />
<br />
== iPhone Linux Resources ==<br />
<br />
- Framebuffer driver<br />
- Serial driver<br />
- Serial over USB driver<br />
- Interrupts, MMU, clock, etc.<br />
<br />
<br />
=== OpeniBoot Resources ===<br />
<br />
- Read-only support for the NAND<br />
<br />
<br />
=== OpeniBoot Missing Resources ===<br />
<br />
- Write support for the NAND<br />
- Wireless networking<br />
- Touchscreen<br />
- Sound<br />
- Accelerometer<br />
- Baseband support<br />
<br />
<br />
<br />
=== Support ===<br />
<br />
The current userland we're using, in the interest of expedience, is a Busybox installation created with buildroot, but glibc works fine as well, and we're going to build a more permanent userland solution.<br />
<br />
A demonstration video can be seen here: http://www.vimeo.com/2373142<br />
<br />
Download here: http://localhostr.com/files/b00133/iphonelinux-demo.tar.gz<br />
<br />
Project leader: '''planetbeing'''<br />
<br />
Contributors: '''CPICH, cmw, poorlad, ius, saurik'''<br />
<br />
If you're experienced with '''hacking/porting Linux''' and especially if you're experienced with porting '''Android''', I'd definitely like to hear from you. Come chill in the ''#iphonelinux'' channel on ''irc.osx86.hu'' . If you're not experienced, and still want to help, you can digg/slashdot this posting to heaven so our little project gets more visibility. Thanks. :)</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=IDroid&diff=2929IDroid2009-02-01T18:14:37Z<p>Srts: /* Installing OpeniBoot */</p>
<hr />
<div>[[Image:Openiboot.png|thumb|right|200px|Device running the OpeniBoot console.]]<br />
[http://iphonelinux.org iPhonelinux] is a project which goals are to port linux on the iPhone and make a Free (free software) OS alternative to the Apple proprietary "[http://en.wikipedia.org/wiki/IPhone_OS iPhone OS]".<br />
<br />
iPhonelinux is not actually a hack/exploit neither an unlock, but it is based on the [[Pwnage]] exploit.<br />
<br />
There are three steps in the iPhonelinux roadmap : OpeniBoot, linux kernel and long term (GUI, phone...)<br />
<br />
== OpeniBoot ==<br />
The Goals of OpeniBoot is to run low-level code, to have low and critical drivers (nand and nor driver, NVRAM...), debugger and development environment (chainloading, upgrading itself and USB mass storage).<br />
<br />
== Linux ==<br />
A linux Bootloader, a working linux kernel (just a question of cross-compiler), porting drivers, run wifi and command line thru SSH.<br />
<br />
== Long-Term Plans ==<br />
Multi-touch driver, Baseband driver, port X server and create an SDK.<br />
Then have a viable alternative of the iPhone OS.<br />
<br />
== Binaries ==<br />
<br />
These are utility binaries precompiled on Ubuntu 8.10. They require:<br />
<br />
- libpthread<br />
- libncurses<br />
- libusb<br />
- libreadline<br />
<br />
You may elect to build them from source by pulling from<br />
iphonelinux/openiboot's git repository.<br />
<br />
== Disclaimer ==<br />
<br />
BE WARNED THAT THESE STEPS ARE NOT INTENDED FOR NOVICES. YOU ATTEMPT THIS AT<br />
YOUR OWN RISK. AT THIS TIME, WE CANNOT AFFORD THE EFFORT REQUIRED TO GIVE<br />
SUPPORT TO NOVICES AND/OR RESCUE THEM FROM THEIR OWN ACTIONS.<br />
<br />
Although unlikely, if the installation goes wrong, you may have to perform a<br />
DFU restore on your iPhone. If you do not know how to do that, you should not<br />
follow these steps. You should also know how to use iRecovery (or similar) and<br />
the fsboot command to "kick an iPhone out of recovery mode". If you do not<br />
know how to do that, you should not follow these steps.<br />
<br />
The installation of openiboot itself is safe, but openiboot has the facility<br />
to erase device-specific information from your NOR flash. If you did not make<br />
a backup, and execute the commands necessary to make openiboot erase that<br />
information, it is gone forever and your device may never boot properly again.<br />
<br />
The instructions below will show you how to make such a backup before any<br />
changes are made.<br />
<br />
== Installing OpeniBoot ==<br />
<br />
1. Put your iPhone in [[Recovery Mode]].<br />
<br />
2. sudo ./loadibec openiboot-2g.img3, or -3g, -ipod, depending on your platform.<br />
<br />
3. sudo ./oibc<br />
<br />
4. nor_read 0x09000000 0x0 1048576<br />
<br />
5. ~norbackup.dump:1048576. This will create a file called norbackup.dump in your current directory. GUARD IT WITH YOUR LIFE.<br />
<br />
6. install<br />
<br />
7. After 'install' has finished, type in: reboot.<br />
<br />
8. You ought to see the openiboot menu.<br />
<br />
=See=<br />
* [[QuickOIB]]<br />
<br />
== Booting Linux ==<br />
<br />
<br />
Use the Hold button to navigate the menu. Push the Home button<br />
when openiboot client is selected.<br />
sudo ./oibc<br />
!zImage<br />
kernel<br />
!rootfs.arm.ext2.gz<br />
ramdisk 3588<br />
boot "console=tty console=ttyUSB root=/dev/ram0 rw"<br />
sudo ./linux<br />
<br />
You should now get a login prompt. Nothing that's happening will show up on<br />
the LCD automatically, but you can redirect it to the display with the<br />
following command:<br />
<br />
sh 2>&1 > /dev/tty0<br />
<br />
Enjoy!<br />
<br />
== iPhone Linux Resources ==<br />
<br />
- Framebuffer driver<br />
- Serial driver<br />
- Serial over USB driver<br />
- Interrupts, MMU, clock, etc.<br />
<br />
<br />
=== OpeniBoot Resources ===<br />
<br />
- Read-only support for the NAND<br />
<br />
<br />
=== OpeniBoot Missing Resources ===<br />
<br />
- Write support for the NAND<br />
- Wireless networking<br />
- Touchscreen<br />
- Sound<br />
- Accelerometer<br />
- Baseband support<br />
<br />
<br />
<br />
=== Support ===<br />
<br />
The current userland we're using, in the interest of expedience, is a Busybox installation created with buildroot, but glibc works fine as well, and we're going to build a more permanent userland solution.<br />
<br />
A demonstration video can be seen here: http://www.vimeo.com/2373142<br />
<br />
Download here: http://localhostr.com/files/b00133/iphonelinux-demo.tar.gz<br />
<br />
Project leader: '''planetbeing'''<br />
<br />
Contributors: '''CPICH, cmw, poorlad, ius, saurik'''<br />
<br />
If you're experienced with '''hacking/porting Linux''' and especially if you're experienced with porting '''Android''', I'd definitely like to hear from you. Come chill in the ''#iphonelinux'' channel on ''irc.osx86.hu'' . If you're not experienced, and still want to help, you can digg/slashdot this posting to heaven so our little project gets more visibility. Thanks. :)</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=IDroid&diff=2928IDroid2009-02-01T18:14:17Z<p>Srts: /* Installing OpeniBoot */</p>
<hr />
<div>[[Image:Openiboot.png|thumb|right|200px|Device running the OpeniBoot console.]]<br />
[http://iphonelinux.org iPhonelinux] is a project which goals are to port linux on the iPhone and make a Free (free software) OS alternative to the Apple proprietary "[http://en.wikipedia.org/wiki/IPhone_OS iPhone OS]".<br />
<br />
iPhonelinux is not actually a hack/exploit neither an unlock, but it is based on the [[Pwnage]] exploit.<br />
<br />
There are three steps in the iPhonelinux roadmap : OpeniBoot, linux kernel and long term (GUI, phone...)<br />
<br />
== OpeniBoot ==<br />
The Goals of OpeniBoot is to run low-level code, to have low and critical drivers (nand and nor driver, NVRAM...), debugger and development environment (chainloading, upgrading itself and USB mass storage).<br />
<br />
== Linux ==<br />
A linux Bootloader, a working linux kernel (just a question of cross-compiler), porting drivers, run wifi and command line thru SSH.<br />
<br />
== Long-Term Plans ==<br />
Multi-touch driver, Baseband driver, port X server and create an SDK.<br />
Then have a viable alternative of the iPhone OS.<br />
<br />
== Binaries ==<br />
<br />
These are utility binaries precompiled on Ubuntu 8.10. They require:<br />
<br />
- libpthread<br />
- libncurses<br />
- libusb<br />
- libreadline<br />
<br />
You may elect to build them from source by pulling from<br />
iphonelinux/openiboot's git repository.<br />
<br />
== Disclaimer ==<br />
<br />
BE WARNED THAT THESE STEPS ARE NOT INTENDED FOR NOVICES. YOU ATTEMPT THIS AT<br />
YOUR OWN RISK. AT THIS TIME, WE CANNOT AFFORD THE EFFORT REQUIRED TO GIVE<br />
SUPPORT TO NOVICES AND/OR RESCUE THEM FROM THEIR OWN ACTIONS.<br />
<br />
Although unlikely, if the installation goes wrong, you may have to perform a<br />
DFU restore on your iPhone. If you do not know how to do that, you should not<br />
follow these steps. You should also know how to use iRecovery (or similar) and<br />
the fsboot command to "kick an iPhone out of recovery mode". If you do not<br />
know how to do that, you should not follow these steps.<br />
<br />
The installation of openiboot itself is safe, but openiboot has the facility<br />
to erase device-specific information from your NOR flash. If you did not make<br />
a backup, and execute the commands necessary to make openiboot erase that<br />
information, it is gone forever and your device may never boot properly again.<br />
<br />
The instructions below will show you how to make such a backup before any<br />
changes are made.<br />
<br />
== Installing OpeniBoot ==<br />
<br />
1. Put your iPhone in [[Recovery Mode]].<br />
<br />
2. sudo ./loadibec openiboot-2g.img3, or -3g, -ipod, depending on your platform.<br />
<br />
3. sudo ./oibc<br />
<br />
4. nor_read 0x09000000 0x0 1048576<br />
<br />
5. ~norbackup.dump:1048576. This will create a file called norbackup.dump in your current directory. GUARD IT WITH YOUR LIFE.<br />
<br />
6. install<br />
<br />
7. After 'install' has finished, type in: reboot.<br />
<br />
8. You ought to see the openiboot menu.<br />
<br />
See<br />
* [[QuickOIB]]<br />
<br />
== Booting Linux ==<br />
<br />
<br />
Use the Hold button to navigate the menu. Push the Home button<br />
when openiboot client is selected.<br />
sudo ./oibc<br />
!zImage<br />
kernel<br />
!rootfs.arm.ext2.gz<br />
ramdisk 3588<br />
boot "console=tty console=ttyUSB root=/dev/ram0 rw"<br />
sudo ./linux<br />
<br />
You should now get a login prompt. Nothing that's happening will show up on<br />
the LCD automatically, but you can redirect it to the display with the<br />
following command:<br />
<br />
sh 2>&1 > /dev/tty0<br />
<br />
Enjoy!<br />
<br />
== iPhone Linux Resources ==<br />
<br />
- Framebuffer driver<br />
- Serial driver<br />
- Serial over USB driver<br />
- Interrupts, MMU, clock, etc.<br />
<br />
<br />
=== OpeniBoot Resources ===<br />
<br />
- Read-only support for the NAND<br />
<br />
<br />
=== OpeniBoot Missing Resources ===<br />
<br />
- Write support for the NAND<br />
- Wireless networking<br />
- Touchscreen<br />
- Sound<br />
- Accelerometer<br />
- Baseband support<br />
<br />
<br />
<br />
=== Support ===<br />
<br />
The current userland we're using, in the interest of expedience, is a Busybox installation created with buildroot, but glibc works fine as well, and we're going to build a more permanent userland solution.<br />
<br />
A demonstration video can be seen here: http://www.vimeo.com/2373142<br />
<br />
Download here: http://localhostr.com/files/b00133/iphonelinux-demo.tar.gz<br />
<br />
Project leader: '''planetbeing'''<br />
<br />
Contributors: '''CPICH, cmw, poorlad, ius, saurik'''<br />
<br />
If you're experienced with '''hacking/porting Linux''' and especially if you're experienced with porting '''Android''', I'd definitely like to hear from you. Come chill in the ''#iphonelinux'' channel on ''irc.osx86.hu'' . If you're not experienced, and still want to help, you can digg/slashdot this posting to heaven so our little project gets more visibility. Thanks. :)</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=IDroid&diff=2927IDroid2009-02-01T18:13:51Z<p>Srts: /* Installing OpeniBoot */</p>
<hr />
<div>[[Image:Openiboot.png|thumb|right|200px|Device running the OpeniBoot console.]]<br />
[http://iphonelinux.org iPhonelinux] is a project which goals are to port linux on the iPhone and make a Free (free software) OS alternative to the Apple proprietary "[http://en.wikipedia.org/wiki/IPhone_OS iPhone OS]".<br />
<br />
iPhonelinux is not actually a hack/exploit neither an unlock, but it is based on the [[Pwnage]] exploit.<br />
<br />
There are three steps in the iPhonelinux roadmap : OpeniBoot, linux kernel and long term (GUI, phone...)<br />
<br />
== OpeniBoot ==<br />
The Goals of OpeniBoot is to run low-level code, to have low and critical drivers (nand and nor driver, NVRAM...), debugger and development environment (chainloading, upgrading itself and USB mass storage).<br />
<br />
== Linux ==<br />
A linux Bootloader, a working linux kernel (just a question of cross-compiler), porting drivers, run wifi and command line thru SSH.<br />
<br />
== Long-Term Plans ==<br />
Multi-touch driver, Baseband driver, port X server and create an SDK.<br />
Then have a viable alternative of the iPhone OS.<br />
<br />
== Binaries ==<br />
<br />
These are utility binaries precompiled on Ubuntu 8.10. They require:<br />
<br />
- libpthread<br />
- libncurses<br />
- libusb<br />
- libreadline<br />
<br />
You may elect to build them from source by pulling from<br />
iphonelinux/openiboot's git repository.<br />
<br />
== Disclaimer ==<br />
<br />
BE WARNED THAT THESE STEPS ARE NOT INTENDED FOR NOVICES. YOU ATTEMPT THIS AT<br />
YOUR OWN RISK. AT THIS TIME, WE CANNOT AFFORD THE EFFORT REQUIRED TO GIVE<br />
SUPPORT TO NOVICES AND/OR RESCUE THEM FROM THEIR OWN ACTIONS.<br />
<br />
Although unlikely, if the installation goes wrong, you may have to perform a<br />
DFU restore on your iPhone. If you do not know how to do that, you should not<br />
follow these steps. You should also know how to use iRecovery (or similar) and<br />
the fsboot command to "kick an iPhone out of recovery mode". If you do not<br />
know how to do that, you should not follow these steps.<br />
<br />
The installation of openiboot itself is safe, but openiboot has the facility<br />
to erase device-specific information from your NOR flash. If you did not make<br />
a backup, and execute the commands necessary to make openiboot erase that<br />
information, it is gone forever and your device may never boot properly again.<br />
<br />
The instructions below will show you how to make such a backup before any<br />
changes are made.<br />
<br />
== Installing OpeniBoot ==<br />
<br />
1. Put your iPhone in [[Recovery Mode]].<br />
<br />
2. sudo ./loadibec openiboot-2g.img3, or -3g, -ipod, depending on your platform.<br />
<br />
3. sudo ./oibc<br />
<br />
4. nor_read 0x09000000 0x0 1048576<br />
<br />
5. ~norbackup.dump:1048576. This will create a file called norbackup.dump in your current directory. GUARD IT WITH YOUR LIFE.<br />
<br />
6. install<br />
<br />
7. After 'install' has finished, type in: reboot.<br />
<br />
8. You ought to see the openiboot menu.<br />
<br />
[[See]] <br />
* [[QuickOIB]]<br />
<br />
== Booting Linux ==<br />
<br />
<br />
Use the Hold button to navigate the menu. Push the Home button<br />
when openiboot client is selected.<br />
sudo ./oibc<br />
!zImage<br />
kernel<br />
!rootfs.arm.ext2.gz<br />
ramdisk 3588<br />
boot "console=tty console=ttyUSB root=/dev/ram0 rw"<br />
sudo ./linux<br />
<br />
You should now get a login prompt. Nothing that's happening will show up on<br />
the LCD automatically, but you can redirect it to the display with the<br />
following command:<br />
<br />
sh 2>&1 > /dev/tty0<br />
<br />
Enjoy!<br />
<br />
== iPhone Linux Resources ==<br />
<br />
- Framebuffer driver<br />
- Serial driver<br />
- Serial over USB driver<br />
- Interrupts, MMU, clock, etc.<br />
<br />
<br />
=== OpeniBoot Resources ===<br />
<br />
- Read-only support for the NAND<br />
<br />
<br />
=== OpeniBoot Missing Resources ===<br />
<br />
- Write support for the NAND<br />
- Wireless networking<br />
- Touchscreen<br />
- Sound<br />
- Accelerometer<br />
- Baseband support<br />
<br />
<br />
<br />
=== Support ===<br />
<br />
The current userland we're using, in the interest of expedience, is a Busybox installation created with buildroot, but glibc works fine as well, and we're going to build a more permanent userland solution.<br />
<br />
A demonstration video can be seen here: http://www.vimeo.com/2373142<br />
<br />
Download here: http://localhostr.com/files/b00133/iphonelinux-demo.tar.gz<br />
<br />
Project leader: '''planetbeing'''<br />
<br />
Contributors: '''CPICH, cmw, poorlad, ius, saurik'''<br />
<br />
If you're experienced with '''hacking/porting Linux''' and especially if you're experienced with porting '''Android''', I'd definitely like to hear from you. Come chill in the ''#iphonelinux'' channel on ''irc.osx86.hu'' . If you're not experienced, and still want to help, you can digg/slashdot this posting to heaven so our little project gets more visibility. Thanks. :)</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Useful_Links&diff=2887Useful Links2009-01-28T18:20:52Z<p>Srts: /* Websites */</p>
<hr />
<div>== Wikis ==<br />
* [http://www.deloware.com/iphone/doku.php iPhone Information Wiki (Outdated)]<br />
* [http://wikee.iphwn.org/ iPhone Dev Team Portal]<br />
* [http://iphonedevwiki.scribblewiki.com Snapshot of original Dev Team fiveforty wiki]<br />
* [http://chronic-dev.org/userwiki/ Chronic Dev User Wiki]<br />
* [http://www.modmyifone.com/wiki/index.php/Main_Page ModMyiFone Wiki] (Good n00b starting point)<br />
<br />
== Forums ==<br />
* [http://www.hackint0sh.org/forum/forumdisplay.php?f=123 Hackint0sh Forums (iPhone)]<br />
* [http://www.hackint0sh.org/forum/forumdisplay.php?f=135 Hackint0sh Forums (iPod Touch)]<br />
* [http://www.modmyifone.com/forums/ ModMyiFone Forums]<br />
* [http://www.iphone-hacks.com/forums/ iPhone Hacks Forums]<br />
<br />
== International ==<br />
* [http://www.iphonemod.com.br/ iPhone forum for the Brazilian community]<br />
* [http://www.mackorisnik.com/forum iPhone forum for the Croatian community]<br />
* [http://iPhone-Forums.de/ iPhone forum for the German community]<br />
* [http://i-phone.ir/forums/ iPhone forum for the Persian Community]<br />
* [http://www.iphone-forum.ro/ iPhone forum for the Romanian community], also [http://www.i18n.ro/iPhone iPhone localization for Romanian language]<br />
* [http://iPhones.ru/forum/ iPhone forum for the Russian community] and its [http://www.inews76.com/ English translation]<br />
* [http://iPhoneApps.ru/forums/ Other iPhone forum for the Russian community. Contains discussions of iTunes apps]<br />
* [http://www.ru-iphone.com/ Yet other Russian newsfeed/forum]<br />
* [http://russianiphone.ru/ New home of RiP Dev, authors of Russian Project - alternative keyboard implementation]<br />
* [http://www.iphonedo.com/ iPhone blog for the Turkish community]<br />
<br />
== iPhone Downloads ==<br />
* [http://www.iphone-hacks.com/downloads iPhone Hacking Downloads]<br />
* [[System]]<br />
<br />
== iPhone Themes and Guides==<br />
* [http://www.ggiphone.com iPhone themes]<br />
<br />
== Websites ==<br />
* [http://iphonejtag.blogspot.com/ geohot's blog on the iPhone]<br />
* [http://chronic-dev.org/blog/ chronic dev blog]<br />
* [http://blog.iphone-dev.org/ dev team's blog on the iPhone]<br />
* [http://www.iclarified.com/tutorials/iphone/index.php iClarified iPhone tutorials]<br />
* [http://george.insideiphone.com George Zhu's Blog]<br />
* [http://www.intermedia.net/visitor/iphone.asp Email archiving for iPhone]<br />
* [http://www.rapidrepair.com/guides/iphone3g/iphone3grepairguide.html Disassembling iPhone-3G]<br />
* [http://www.sleepers.net BigBoss's blog/ repo page]<br />
* [http://iPhone.cazisoft.com The iPhone]<br />
* [http://www.getjailbird.com/ WinPwn Replacement]<br />
* [http://is.gd/hlhV iPhone Developers On Twitter]<br />
<br />
== File Resources ==<br />
* [http://www.iphonefix.de/ Large iPhone and iPod related Filebase]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Useful_Links&diff=2841Useful Links2009-01-17T18:05:43Z<p>Srts: </p>
<hr />
<div>== Wikis ==<br />
* [http://www.deloware.com/iphone/doku.php iPhone Information Wiki (Outdated)]<br />
* [http://wikee.iphwn.org/ iPhone Dev Team Portal]<br />
* [http://iphonedevwiki.scribblewiki.com Snapshot of original Dev Team fiveforty wiki]<br />
* [http://chronic-dev.org/userwiki/ Chronic Dev User Wiki]<br />
* [http://www.modmyifone.com/wiki/index.php/Main_Page ModMyiFone Wiki] (Good n00b starting point)<br />
<br />
== Forums ==<br />
* [http://www.hackint0sh.org/forum/forumdisplay.php?f=123 Hackint0sh Forums (iPhone)]<br />
* [http://www.hackint0sh.org/forum/forumdisplay.php?f=135 Hackint0sh Forums (iPod Touch)]<br />
* [http://www.modmyifone.com/forums/ ModMyiFone Forums]<br />
* [http://www.iphone-hacks.com/forums/ iPhone Hacks Forums]<br />
<br />
== International ==<br />
* [http://www.iphonemod.com.br/ iPhone forum for the Brazilian community]<br />
* [http://www.mackorisnik.com/forum iPhone forum for the Croatian community]<br />
* [http://iPhone-Forums.de/ iPhone forum for the German community]<br />
* [http://i-phone.ir/forums/ iPhone forum for the Persian Community]<br />
* [http://www.iphone-forum.ro/ iPhone forum for the Romanian community], also [http://www.i18n.ro/iPhone iPhone localization for Romanian language]<br />
* [http://iPhones.ru/forum/ iPhone forum for the Russian community] and its [http://www.inews76.com/ English translation]<br />
* [http://iPhoneApps.ru/forums/ Other iPhone forum for the Russian community. Contains discussions of iTunes apps]<br />
* [http://www.ru-iphone.com/ Yet other Russian newsfeed/forum]<br />
* [http://russianiphone.ru/ New home of RiP Dev, authors of Russian Project - alternative keyboard implementation]<br />
* [http://www.iphonedo.com/ iPhone blog for the Turkish community]<br />
<br />
== iPhone Downloads ==<br />
* [http://www.iphone-hacks.com/downloads iPhone Hacking Downloads]<br />
* [[System]]<br />
<br />
== iPhone Themes and Guides==<br />
* [http://www.ggiphone.com iPhone themes]<br />
<br />
== Websites ==<br />
* [http://iphonejtag.blogspot.com/ geohot's blog on the iPhone]<br />
* [http://chronic-dev.org/blog/ chronic dev blog]<br />
* [http://blog.iphone-dev.org/ dev team's blog on the iPhone]<br />
* [http://www.iclarified.com/tutorials/iphone/index.php iClarified iPhone tutorials]<br />
* [http://george.insideiphone.com George Zhu's Blog]<br />
* [http://www.intermedia.net/visitor/iphone.asp Email archiving for iPhone]<br />
* [http://www.rapidrepair.com/guides/iphone3g/iphone3grepairguide.html Disassembling iPhone-3G]<br />
* [http://www.sleepers.net BigBoss's blog/ repo page]<br />
* [http://iPhone.cazisoft.com The iPhone]<br />
* [http://www.getjailbird.com/ WinPwn Replacement]<br />
== File Resources ==<br />
* [http://www.iphonefix.de/ Large iPhone and iPod related Filebase]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Ultrasn0w&diff=2814Ultrasn0w2009-01-15T01:33:23Z<p>Srts: /* Compatibility */</p>
<hr />
<div>The first [[iPhone 3G]] [[Unlock 2.0|unlock]] payload. Released on 01/01/09. [http://blog.iphone-dev.org/post/67797811/dont-eat-yellowsn0w]<br />
<br />
==Credit==<br />
MuscleNerd, and [[The dev team]]<br />
<br />
==Exploit==<br />
Relies on an unsigned code injection vulnerability.<br />
<br />
The actual unlock works by a daemon patching the baseband's RAM on-the-fly, overriding the carrier lock code. It is not permanent because of the signature checks - the bootloader has to pass the sigchecks and the baseband has to pass them too, so any change to the baseband/bootloader cannot be made.<br />
<br />
==Current Injection Vector==<br />
yellowsn0w refers to the reuseable '''payload''', but it requires an injection vector in order to be inserted into the baseband. yellowsn0w was originally to be released with an injection vector that works on pre-2.28.00 baseband versions. However, [[geohot]] had an injection vector for 2.28.00 and the decision was made to release yellowsn0w with this injection vector to benefit the most people.<br />
<br />
The injection vector is discussed [[AT+stkprof Exploit|here]]<br />
<br />
==Payload w/ Comments (by Darkmen) ===<br />
<br />
The exploit consists from 4 parts:<br />
<br />
===Code loader===<br />
<pre><br />
ROM:00000000 ; =============== S U B R O U T I N E =======================================<br />
ROM:00000000<br />
ROM:00000000<br />
ROM:00000000 loader<br />
ROM:00000000 LDR R2, =0x11700 ; unused ram to place code<br />
ROM:00000002 ADDS R4, R2, #1 ; thumb switch<br />
ROM:00000004 LDR R3, =0x40159FBF ; at-handler buffer where stage2 binary and following hexdata are<br />
ROM:00000006<br />
ROM:00000006 copy.loop ; CODE XREF: loader+12�j<br />
ROM:00000006 LDRB R0, [R3] ; copying code+data until double quotes<br />
ROM:00000008 CMP R0, #0x22 ; '"'<br />
ROM:0000000A BEQ run ; jump thumb code<br />
ROM:0000000C STRB R0, [R2]<br />
ROM:0000000E ADDS R2, #1<br />
ROM:00000010 ADDS R3, #1<br />
ROM:00000012 B copy.loop ; <br />
ROM:00000014 run ; CODE XREF: loader+A�j<br />
ROM:00000014 BX R4 ; jump stage2 code<br />
ROM:00000014 ; End of function loader<br />
ROM:00000014<br />
ROM:00000014 ; ---------------------------------------------------------------------------<br />
</pre><br />
<br />
===Stage2(tm)===<br />
<pre><br />
RAM:00000000 ; =============== S U B R O U T I N E =======================================<br />
RAM:00000000 stage2<br />
RAM:00000000 ADDS R2, #0x10 ; R2 = 0x11700 + stage2 size<br />
RAM:00000002 MOVS R7, #0xF<br />
RAM:00000004 BICS R2, R7 ; align offset by 0x10<br />
RAM:00000006 ADDS R7, R2, #0 ; saving address to jump<br />
RAM:00000008 ADR R4, 0x44 ; skipping Stage2 size and taking first char from at-string<br />
RAM:0000000A ADR R5, char2byte ; loading routine addr<br />
RAM:0000000C ADDS R5, #1 ; thumb<br />
RAM:0000000E<br />
RAM:0000000E loop ; CODE XREF: stage2+2C�j<br />
RAM:0000000E LDRB R1, [R4] ; at-string[index]<br />
RAM:00000010 CMP R1, #'x' ; end of line?<br />
RAM:00000012 BEQ jump_code<br />
RAM:00000014 BLX R5 ; char2byte first hakfbyte<br />
RAM:00000016 LSLS R3, R1, #4 ; <<4 0X becoming X0<br />
RAM:00000018 LDRB R1, [R4,#1] ; at-string[index+1]<br />
RAM:0000001A BLX R5 ; char2hex second halfbyte<br />
RAM:0000001C NOP<br />
RAM:0000001E NOP<br />
RAM:00000020 NOP<br />
RAM:00000022 NOP<br />
RAM:00000024 ADDS R1, R1, R3 ; R1 = complete byte<br />
RAM:00000026 STRB R1, [R2] ; storing byte to dst<br />
RAM:00000028 ADDS R4, #2 ; hexstr_index+=2<br />
RAM:0000002A ADDS R2, #1 ; dst++<br />
RAM:0000002C B loop ; at-string[index]<br />
RAM:0000002E jump_code<br />
RAM:0000002E NOP<br />
RAM:00000030 NOP<br />
RAM:00000032 ADDS R7, #1 ; thumbing<br />
RAM:00000034 BX R7 ; run Task creator code<br />
RAM:00000034 ; End of function stage2<br />
RAM:00000038<br />
RAM:00000038 ; =============== S U B R O U T I N E =======================================<br />
RAM:00000038 char2byte ; DATA XREF: stage2+A�o<br />
RAM:00000038 CMP R1, #0x41 ; 'A'<br />
RAM:0000003A BGE letter ; letter to number<br />
RAM:0000003C SUBS R1, #0x30 ; '0' ; digit to number<br />
RAM:0000003E BX LR<br />
RAM:00000040 letter ; CODE XREF: char2byte+2�j<br />
RAM:00000040 SUBS R1, #0x37 ; '7' ; letter to number<br />
RAM:00000042 BX LR ; ret<br />
RAM:00000042 ; End of function char2byte<br />
</pre><br />
<br />
===Task creator===<br />
<pre><br />
RAM:000119A0 ; =============== S U B R O U T I N E =======================================<br />
RAM:000119A0<br />
RAM:000119A0<br />
RAM:000119A0 handler_replace<br />
RAM:000119A0 LDR R0, =0x4011714C ; soft reset handler addr<br />
RAM:000119A2 ADR R1, new_handler<br />
RAM:000119A4 ADDS R1, #1 ; thumbing<br />
RAM:000119A6 STR R1, [R0] ; setting new handler<br />
RAM:000119A8 POP {R0-R4,PC} ; safe exit fixing stack<br />
RAM:000119A8 ; End of function handler_replace<br />
<br />
RAM:000119B0 ; =============== S U B R O U T I N E =======================================<br />
RAM:000119B0<br />
RAM:000119B0<br />
RAM:000119B0 new_handler ; DATA XREF: handler_replace+2�o<br />
RAM:000119B0 PUSH {R4-R7,LR}<br />
RAM:000119B2 LDR R3, =0x403BB344 ; jamptable var<br />
RAM:000119B4 MOVS R6, #0x80<br />
RAM:000119B6 SUB SP, SP, #0x2C<br />
RAM:000119B8 LSLS R6, R6, #4 ; 0x200<br />
RAM:000119BA STRH R0, [R3] ; saving R0 to mem var<br />
RAM:000119BC STR R1, [SP,#0x40+resp_string] ; saving responce prt to stack<br />
RAM:000119BE LDR R4, =0x201420AC ; malloc<br />
RAM:000119C0 ADDS R0, R6, #0<br />
RAM:000119C2 BLX R4 ; malloc(0x200)<br />
RAM:000119C4 MOVS R5, #0<br />
RAM:000119C6 STR R0, [SP,#0x40+ptr_200] ; saving pointer to stack<br />
RAM:000119C8 MOVS R0, #0x98 ; sizeof(NU_TASK)<br />
RAM:000119CA BLX R4 ; malloc(0x98)<br />
RAM:000119CC ADDS R7, R0, #0 ; R7 = task<br />
RAM:000119CE STR R5, [R0,#0xC] ; task.field=0<br />
RAM:000119D0 MOVS R0, 0x100<br />
RAM:000119D4 BLX R4 ; malloc(0x100)<br />
RAM:000119D6 MOVS R2, #0x80<br />
RAM:000119D8 LDR R1, =task_loop ; src<br />
RAM:000119DA LSLS R2, R2, #1 ; size to copy<br />
RAM:000119DC LDR R3, =0x203C58A0 ; bytecpy<br />
RAM:000119DE ADDS R4, R0, #0 ; R4 = dyn_task_loop<br />
RAM:000119E0 BLX R3 ; bytecpy(task_loop, dyn_task_loop, 0x100)<br />
RAM:000119E2 LDR R3, [SP,#0x40+ptr_200]<br />
RAM:000119E4 STR R3, [SP,#4] ; void *stack_address = malloc(0x200)<br />
RAM:000119E6 MOVS R3, #0x44<br />
RAM:000119E8 STR R3, [SP,#0xC] ; priority = 0x44<br />
RAM:000119EA MOVS R3, #0xA<br />
RAM:000119EC ADDS R4, #1 ; thumbing dyn_task_loop<br />
RAM:000119EE STR R3, [SP,#0x14] ; preempt = NU_PREEMPT<br />
RAM:000119F0 MOVS R3, #0xC<br />
RAM:000119F2 ADDS R2, R4, #0 ; void(*task_entry)<br />
RAM:000119F4 STR R3, [SP,#0x18] ; auto_start = NU_START<br />
RAM:000119F6 LDR R1, =devteam1 ; char *name<br />
RAM:000119F8 STR R5, [SP] ; void *argv = 0<br />
RAM:000119FA STR R6, [SP,#8] ; stack_size = 0x200<br />
RAM:000119FC STR R5, [SP,#0x10] ; time_slice = 0<br />
RAM:000119FE ADDS R0, R7, #0 ; NU_TASK *task<br />
RAM:00011A00 MOVS R3, #0 ; int argc = 0<br />
RAM:00011A02 LDR R4, =0x203FB540 ; NU_Create_Task<br />
RAM:00011A04 BLX R4 ; status = NU_Create_Task()<br />
RAM:00011A06 ADDS R2, R0, #0<br />
RAM:00011A08 CMP R0, #0 ; success = zero<br />
RAM:00011A0A BNE status_error<br />
RAM:00011A0C LDR R1, =OK<br />
RAM:00011A0E LDR R0, [SP,#0x40+resp_string]<br />
RAM:00011A10 LDR R3, =0x2046DD00 ; sprintf<br />
RAM:00011A12 BLX R3 ; sprintf(resp_string,"OK")<br />
RAM:00011A14 B exit ; fixing stack<br />
RAM:00011A16 ; ---------------------------------------------------------------------------<br />
RAM:00011A16<br />
RAM:00011A16 status_error ; CODE XREF: new_handler+5A�j<br />
RAM:00011A16 LDR R1, =ERROR<br />
RAM:00011A18 LDR R0, [SP,#0x40+resp_string]<br />
RAM:00011A1A LDR R3, =0x2046DD00 ; sprintf<br />
RAM:00011A1C BLX R3 ; sprintf(resp_string,"ERROR")<br />
RAM:00011A1E<br />
RAM:00011A1E exit ; CODE XREF: new_handler+64�j<br />
RAM:00011A1E ADD SP, SP, #0x2C ; fixing stack<br />
RAM:00011A20 POP {R4-R7,PC} ; bye<br />
RAM:00011A20 ; End of function new_handler<br />
RAM:00011A20<br />
RAM:00011A20 ; ---------------------------------------------------------------------------<br />
</pre><br />
<br />
===Unlock task loop===<br />
<pre><br />
RAM:00011A64 ; =============== S U B R O U T I N E =======================================<br />
RAM:00011A64<br />
RAM:00011A64 task_loop ; DATA XREF: RAM:off_11A2C�o<br />
RAM:00011A64 PUSH {R4,R5,LR}<br />
RAM:00011A66 LDR R5, =0x40232754 ; sec mailbox<br />
RAM:00011A68 SUB SP, SP, #0x14<br />
RAM:00011A6A<br />
RAM:00011A6A loop ; CODE XREF: task_loop+44�j<br />
RAM:00011A6A LDR R3, =0x20165998 ; NU_Receive_From_Mailbox<br />
RAM:00011A6C ADDS R0, R5, #0 ; NU_MAILBOX *mailbox<br />
RAM:00011A6E MOV R1, SP ; void *Message<br />
RAM:00011A70 MOVS R2, #0xFF ; Timeout<br />
RAM:00011A72 BLX R3 ; NU_Receive_From_Mailbox(sec_mailbox,SP,0xFF)<br />
RAM:00011A74 LDR R3, [SP] ; Message[0]<br />
RAM:00011A76 CMP R3, #0xD ; Message[0] = 0xD ?<br />
RAM:00011A78 BNE skip ; <br />
RAM:00011A7A LDR R1, [SP,#4] ; Message[1]<br />
RAM:00011A7C LDR R3, =0x402F79BC<br />
RAM:00011A7E LDR R2, [R1] ; Message[1].field0<br />
RAM:00011A80 STR R2, [R3] ; sec_task_var1 = Message[1].field0<br />
RAM:00011A82 ADDS R3, #4 ; 0x402F79C0<br />
RAM:00011A84 LDR R2, [R1,#4] ; Message[1].field1<br />
RAM:00011A86 STR R2, [R3] ; sec_task_var2 = Message[1].field1<br />
RAM:00011A88 LDR R2, [R1,#8] ; Message[1].field2<br />
RAM:00011A8A LDR R3, =0x100FF00<br />
RAM:00011A8C STR R3, [R2] ; Message[1].field2[0] = 0x100FF00<br />
RAM:00011A8E LDR R3, =0x4020401<br />
RAM:00011A90 STR R3, [R2,#4] ; Message[1].field2[1] = 0x4020401<br />
RAM:00011A92 LDR R3, =0x4040403<br />
RAM:00011A94 STR R3, [R2,#8] ; Message[1].field2[2] = 0x4040403<br />
RAM:00011A96 MOVS R3, #1<br />
RAM:00011A98 STR R3, [R1,#0xC] ; Message[1].field3 = 1<br />
RAM:00011A9A MOVS R3, #0x20 <br />
RAM:00011A9C STR R3, [SP] ; Message[0] = 0x20<br />
RAM:00011A9E<br />
RAM:00011A9E skip ; CODE XREF: task_loop+14�j<br />
RAM:00011A9E ADDS R0, R5, #0 ; sec mailbox<br />
RAM:00011AA0 MOV R1, SP ; void *Message<br />
RAM:00011AA2 MOVS R2, #0xFF ; timeout<br />
RAM:00011AA4 LDR R3, =0x203ED568<br />
RAM:00011AA6 BLX R3 ; NU_Send_To_Mailbox()<br />
RAM:00011AA8 B loop ; NU_Receive_From_Mailbox<br />
RAM:00011AA8 ; End of function task_loop<br />
</pre><br />
<br />
==Source Code==<br />
The source code for yellowsn0w is now live [http://xs1.iphwn.org/releases/yellowsn0w.tar.bz2]<br />
<br />
==Compatibility==<br />
<br />
{| class="wikitable sortable" style="text-align: center; width: auto; table-layout: fixed; border-collapse: collapse;" border="1"<br />
|-<br />
! Country<br />
! Provider<br />
! yellowsn0w Version<br />
! SIM/USIM<br />
! Ingoing Calls?<br />
! Outgoing Calls?<br />
! SMS?<br />
! GPRS/EDGE?<br />
! UMTS/HSDPA?<br />
! Comments<br />
|-<br />
| Bermuda<br />
| Mobility<br />
| 0.9.6<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| Not Available<br />
| Works but often loses signal. <br />
|-<br />
| Germany<br />
| O2<br />
| <=0.9.4<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| Icon shown but not tested<br />
| Icon shown but not tested<br />
| <br />
|-<br />
| Israel<br />
| IL Orange<br />
| 0.9.5<br />
| USIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| Requires turning airplane mode on and off to get signal. After that, works perfectly.<br />
|}<br />
<br />
Additional information:<br />
http://report.yellowsn0w.com/<br />
<br />
==See Also==<br />
* [[Unlock 2.0]]<br />
* [[X-Gold 608]]<br />
* [[Baseband]]<br />
<br />
==External links==<br />
* [http://chronic-dev.org/blog/2008/12/props/ Chronic Dev's post about Yellowsn0w]<br />
* [http://blog.iphone-dev.org/post/65126957/tis-the-season-to-be-jolly Yellowsn0w Announcement]<br />
* [http://qik.com/video/729275 MuscleNerd's Demo]<br />
* [http://yellowsn0w.com Official Website]<br />
<br />
[[Category:Unlocking Methods]]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Ultrasn0w&diff=2732Ultrasn0w2009-01-06T22:21:09Z<p>Srts: /* Compatibility */</p>
<hr />
<div>The first [[iPhone 3G]] [[Unlock 2.0|unlock]] payload. Released on 01/01/09. [http://blog.iphone-dev.org/post/67797811/dont-eat-yellowsn0w]<br />
<br />
==Credit==<br />
MuscleNerd, and [[The dev team]]<br />
<br />
==Exploit==<br />
Relies on an unsigned code injection vulnerability.<br />
<br />
The actual unlock works by a daemon patching the baseband's RAM on-the-fly, overriding the carrier lock code. It is not permanent because of the signature checks - the bootloader has to pass the sigchecks and the baseband has to pass them too, so any change to the baseband/bootloader cannot be made.<br />
<br />
==Current Injection Vector==<br />
<br />
yellowsn0w refers to the reuseable '''payload''', but it requires an injection vector in order to be inserted into the baseband. yellowsn0w was originally to be released with an injection vector that works on pre-2.28.00 baseband versions. However, [[geohot]] had an injection vector for 2.28.00 and the decision was made to release yellowsn0w with this injection vector to benefit the most people.<br />
<br />
The injection vector is discussed [[AT+stkprof Exploit|here]]<br />
<br />
==Source Code==<br />
The source code for yellowsn0w is now live [http://xs1.iphwn.org/releases/yellowsn0w.tar.bz2]<br />
<br />
==Compatibility==<br />
<br />
{| class="wikitable sortable" style="text-align: center; width: auto; table-layout: fixed; border-collapse: collapse;" border="1"<br />
|-<br />
! Country<br />
! Provider<br />
! yellowsn0w Version<br />
! SIM/USIM<br />
! Ingoing Calls?<br />
! Outgoing Calls?<br />
! SMS?<br />
! GPRS/EDGE?<br />
! UMTS/HSDPA?<br />
! Comments<br />
|-<br />
| Bermuda<br />
| Mobility<br />
| 0.9.5<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| Not Available<br />
| Still stops working after a while of regular use :(<br />
|-<br />
| Germany<br />
| O2<br />
| <=0.9.4<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| Icon shown but not tested<br />
| Icon shown but not tested<br />
| <br />
|-<br />
| Israel<br />
| IL Orange<br />
| 0.9.5<br />
| USIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| Requires turning airplane mode on and off to get signal. After that, works perfectly.<br />
|}<br />
<br />
Additional information:<br />
http://report.yellowsn0w.com/<br />
<br />
==See Also==<br />
* [[Unlock 2.0]]<br />
* [[X-Gold 608]]<br />
* [[Baseband]]<br />
<br />
==External links==<br />
* [http://chronic-dev.org/blog/2008/12/props/ Chronic Dev's post about Yellowsn0w]<br />
* [http://blog.iphone-dev.org/post/65126957/tis-the-season-to-be-jolly Yellowsn0w Announcement]<br />
* [http://qik.com/video/729275 MuscleNerd's Demo]<br />
* [http://yellowsn0w.com Official Website]<br />
<br />
[[Category:Unlocking Methods]]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Ultrasn0w&diff=2731Ultrasn0w2009-01-06T22:19:35Z<p>Srts: /* Compatibility */</p>
<hr />
<div>The first [[iPhone 3G]] [[Unlock 2.0|unlock]] payload. Released on 01/01/09. [http://blog.iphone-dev.org/post/67797811/dont-eat-yellowsn0w]<br />
<br />
==Credit==<br />
MuscleNerd, and [[The dev team]]<br />
<br />
==Exploit==<br />
Relies on an unsigned code injection vulnerability.<br />
<br />
The actual unlock works by a daemon patching the baseband's RAM on-the-fly, overriding the carrier lock code. It is not permanent because of the signature checks - the bootloader has to pass the sigchecks and the baseband has to pass them too, so any change to the baseband/bootloader cannot be made.<br />
<br />
==Current Injection Vector==<br />
<br />
yellowsn0w refers to the reuseable '''payload''', but it requires an injection vector in order to be inserted into the baseband. yellowsn0w was originally to be released with an injection vector that works on pre-2.28.00 baseband versions. However, [[geohot]] had an injection vector for 2.28.00 and the decision was made to release yellowsn0w with this injection vector to benefit the most people.<br />
<br />
The injection vector is discussed [[AT+stkprof Exploit|here]]<br />
<br />
==Source Code==<br />
The source code for yellowsn0w is now live [http://xs1.iphwn.org/releases/yellowsn0w.tar.bz2]<br />
<br />
==Compatibility==<br />
<br />
{| class="wikitable sortable" style="text-align: center; width: auto; table-layout: fixed; border-collapse: collapse;" border="1"<br />
|-<br />
! Country<br />
! Provider<br />
! yellowsn0w Version<br />
! SIM/USIM<br />
! Ingoing Calls?<br />
! Outgoing Calls?<br />
! SMS?<br />
! GPRS/EDGE?<br />
! UMTS/HSDPA?<br />
! Comments<br />
|-<br />
| Bermuda<br />
| Mobility<br />
| 0.9.5<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| Not Available<br />
| Still stops working after a while or regular use :(<br />
|-<br />
| Germany<br />
| O2<br />
| <=0.9.4<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| Icon shown but not tested<br />
| Icon shown but not tested<br />
| <br />
|-<br />
| Israel<br />
| IL Orange<br />
| 0.9.5<br />
| USIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| Requires turning airplane mode on and off to get signal. After that, works perfectly.<br />
|}<br />
<br />
Additional information:<br />
http://report.yellowsn0w.com/<br />
<br />
==See Also==<br />
* [[Unlock 2.0]]<br />
* [[X-Gold 608]]<br />
* [[Baseband]]<br />
<br />
==External links==<br />
* [http://chronic-dev.org/blog/2008/12/props/ Chronic Dev's post about Yellowsn0w]<br />
* [http://blog.iphone-dev.org/post/65126957/tis-the-season-to-be-jolly Yellowsn0w Announcement]<br />
* [http://qik.com/video/729275 MuscleNerd's Demo]<br />
* [http://yellowsn0w.com Official Website]<br />
<br />
[[Category:Unlocking Methods]]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Ultrasn0w&diff=2597Ultrasn0w2009-01-04T01:04:21Z<p>Srts: /* Compatibility */</p>
<hr />
<div>The first [[iPhone 3G]] [[Unlock 2.0|unlock]] payload. Released on 01/01/09. [http://blog.iphone-dev.org/post/67797811/dont-eat-yellowsn0w]<br />
<br />
==Credit==<br />
MuscleNerd, and [[The dev team]]<br />
<br />
==Exploit==<br />
Relies on an unsigned code injection vulnerability.<br />
<br />
The actual unlock works by a daemon patching the baseband's RAM on-the-fly, overriding the carrier lock code. It is not permanent because of the signature checks - the bootloader has to pass the sigchecks and the baseband has to pass them too, so any change to the baseband/bootloader cannot be made.<br />
<br />
==Current Injection Vector==<br />
<br />
yellowsn0w refers to the reuseable '''payload''', but it requires an injection vector in order to be inserted into the baseband. yellowsn0w was originally to be released with an injection vector that works on pre-2.28.00 baseband versions. However, [[geohot]] had an injection vector for 2.28.00 and the decision was made to release yellowsn0w with this injection vector to benefit the most people.<br />
<br />
The injection vector is discussed [[AT+stkprof Exploit|here]]<br />
<br />
==Source Code==<br />
The source code for yellowsn0w is now live [http://xs1.iphwn.org/releases/yellowsn0w.tar.bz2]<br />
<br />
==Compatibility==<br />
<br />
{| class="wikitable sortable" style="text-align: center; width: auto; table-layout: fixed; border-collapse: collapse;" border="1"<br />
|-<br />
! Country<br />
! Provider<br />
! yellowsn0w Version<br />
! SIM/USIM<br />
! Ingoing Calls?<br />
! Outgoing Calls?<br />
! SMS?<br />
! GPRS/EDGE?<br />
! UMTS/HSDPA?<br />
! Comments<br />
|-<br />
| Bermuda<br />
| Mobility<br />
| 0.9.5<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| Not Available<br />
| <br />
|-<br />
| Germany<br />
| O2<br />
| <=0.9.4<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| Icon shown but not tested<br />
| Icon shown but not tested<br />
| <br />
|-<br />
| Israel<br />
| IL Orange<br />
| 0.9.5<br />
| USIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| Requires turning airplane mode on and off to get signal. After that, works perfectly.<br />
|}<br />
<br />
Additional information:<br />
http://report.yellowsn0w.com/<br />
<br />
==See Also==<br />
* [[Unlock 2.0]]<br />
* [[X-Gold 608]]<br />
* [[Baseband]]<br />
<br />
==External links==<br />
* [http://chronic-dev.org/blog/2008/12/props/ Chronic Dev's post about yellowsn0w]<br />
* [http://blog.iphone-dev.org/post/65126957/tis-the-season-to-be-jolly yellowsn0w Announcement]<br />
* [http://qik.com/video/729275 MuscleNerd's Demo]<br />
<br />
[[Category:Unlocking Methods]]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Ultrasn0w&diff=2596Ultrasn0w2009-01-04T01:03:59Z<p>Srts: </p>
<hr />
<div>The first [[iPhone 3G]] [[Unlock 2.0|unlock]] payload. Released on 01/01/09. [http://blog.iphone-dev.org/post/67797811/dont-eat-yellowsn0w]<br />
<br />
==Credit==<br />
MuscleNerd, and [[The dev team]]<br />
<br />
==Exploit==<br />
Relies on an unsigned code injection vulnerability.<br />
<br />
The actual unlock works by a daemon patching the baseband's RAM on-the-fly, overriding the carrier lock code. It is not permanent because of the signature checks - the bootloader has to pass the sigchecks and the baseband has to pass them too, so any change to the baseband/bootloader cannot be made.<br />
<br />
==Current Injection Vector==<br />
<br />
yellowsn0w refers to the reuseable '''payload''', but it requires an injection vector in order to be inserted into the baseband. yellowsn0w was originally to be released with an injection vector that works on pre-2.28.00 baseband versions. However, [[geohot]] had an injection vector for 2.28.00 and the decision was made to release yellowsn0w with this injection vector to benefit the most people.<br />
<br />
The injection vector is discussed [[AT+stkprof Exploit|here]]<br />
<br />
==Source Code==<br />
The source code for yellowsn0w is now live [http://xs1.iphwn.org/releases/yellowsn0w.tar.bz2]<br />
<br />
==Compatibility==<br />
<br />
{| class="wikitable sortable" style="text-align: center; width: auto; table-layout: fixed; border-collapse: collapse;" border="1"<br />
|-<br />
! Country<br />
! Provider<br />
! yellowsn0w Version<br />
! SIM/USIM<br />
! Ingoing Calls?<br />
! Outgoing Calls?<br />
! SMS?<br />
! GPRS/EDGE?<br />
! UMTS/HSDPA?<br />
! Comments<br />
|-<br />
| Bermuda<br />
| Mobility<br />
| 0.9.5<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| Not Available<br />
| Works for about ten minutes then "Sim Failure" occurs and yellowsn0w stops working.<br />
|-<br />
| Germany<br />
| O2<br />
| <=0.9.4<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| Icon shown but not tested<br />
| Icon shown but not tested<br />
| <br />
|-<br />
| Israel<br />
| IL Orange<br />
| 0.9.5<br />
| USIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| Requires turning airplane mode on and off to get signal. After that, works perfectly.<br />
|}<br />
<br />
Additional information:<br />
http://report.yellowsn0w.com/<br />
<br />
==See Also==<br />
* [[Unlock 2.0]]<br />
* [[X-Gold 608]]<br />
* [[Baseband]]<br />
<br />
==External links==<br />
* [http://chronic-dev.org/blog/2008/12/props/ Chronic Dev's post about yellowsn0w]<br />
* [http://blog.iphone-dev.org/post/65126957/tis-the-season-to-be-jolly yellowsn0w Announcement]<br />
* [http://qik.com/video/729275 MuscleNerd's Demo]<br />
<br />
[[Category:Unlocking Methods]]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Timeline&diff=2548Timeline2009-01-02T22:53:16Z<p>Srts: </p>
<hr />
<div>==2009==<br />
<br />
===January===<br />
<br />
*January 1 -- [[the dev team]] release yellowsn0w beta.<br />
<br />
==2008==<br />
<br />
===December===<br />
* December 31 -- [[The dev team]] are scheduled to release yellowsn0w, the iPhone 3G unlock for baseband 02.28.00 (coupled with iPhoneOS ver 2.2). [http://blog.iphone-dev.org/post/65126957/tis-the-season-to-be-jolly]<br />
<br />
* December 21 -- MuscleNerd, of [[the dev team]] does a live demo of the 3G unlock, dubbed as 'yellowsn0w': http://qik.com/video/729275<br />
<br />
===August===<br />
* August 18 -- [[The dev team]] releases [http://wikee.iphwn.org/news:pwnage20announcement QuickPwn], a 2.x pwnage/ramdisk combination exploit that allows jailbreaking without needing to create custom IPSWs.<br />
<br />
===July===<br />
* July 22 -- [[TA_Mobile]] hardware dumps the 3G baseband (bootloader 5.8 & FW 1.45.00) by desoldering the NOR.<br />
* July 19 -- [[The dev team]] releases [[PwnageTool]] 2.0, jailbreaking and unlocking the 2.0 software on the iPhone 2G and jailbreaking the 2.0 software on the iPhone 3G.<br />
* July 11 -- [[iPhone 3G]] is released.<br />
<br />
===June===<br />
* June 9 - [[iPhone 3G]] is announced at [[WWDC]] '08.<br />
<br />
===April===<br />
* April 3 -- Dev team releases [[PwnageTool]] 1.0, making use of the ramdisk exploit, to write to the kernel, to write to the NOR.<br />
<br />
===March===<br />
* March 12 -- Dev team releases dual-boot jailbreak method, only to be silently fixed in 2.0.<br />
* March 4 -- [[User:N000b|George Zhu (n000b)]] releases [[ILiberty / ILiberty%2B]].<br />
<br />
===February===<br />
* February 11 -- [[Zibri]] releases [[ZiPhone]], the first all-in-one unlock, activate, jailbreak solution.<br />
* February 8 -- [[User:Geohot|geohot]] releases software unlock for 4.6, Apple states 25% of phones were never activated with AT&T.<br />
<br />
===January===<br />
* January 28 -- Dev team releases soft upgrade jailbreak for 1.1.3.<br />
* January 18 -- Geohot and his friends [http://iphonejtag.blogspot.com/2008/01/112-otb-unlocked.html unlocked 1.1.2 OTB 4.6 by test point], the unbeatable version at that time.<br />
* January 18 -- Dev team posts YouTube video of a jailbroken 1.1.3, which was made possible by the dual boot jailbreak from bgm.<br />
<br />
== 2007 ==<br />
===November===<br />
* November 15 -- New baseband [[Bootloader 4.6|bootloader (4.6)]] comes out, new iPhones can't be unlocked.<br />
* November 2 -- [[Jailbreakme]] is released, bringing jailbreaking to the mainstream iPhone user.<br />
<br />
===October===<br />
* October 23 -- iPhone-Elite Team releases the [[Virginizer]].<br />
<br />
===September===<br />
* September 11 -- [[The dev team]] releases [[iUnlock]], first free software unlock.<br />
* September 10 -- [[IPSF]] releases first paid software unlock.<br />
<br />
===August===<br />
* August 23 -- [[User:Geohot|geohot]] and team release [[hardware unlock]] method.<br />
* August 21 -- Installer.app is released, first GUI apps are distributed.<br />
<br />
===July===<br />
* July 23 -- First phones are used with other carriers by means of [[SIM hacks]].<br />
* July 20 -- nightwatch adapts a [[toolchain]] to the iPhone. The first apps are compiled.<br />
* July 9 -- [[The dev team]] releases a [[jailbreak]] method. The first use of this is ringtones.<br />
* July 3 -- DVD Jon first cracks [[activation]]. People can use the apps on the phone without a subscription.<br />
<br />
===June===<br />
* June 29 -- [[iPhone]] is released. World's most hyped consumer product.</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Ultrasn0w&diff=2520Ultrasn0w2009-01-02T00:59:58Z<p>Srts: Added compatibility table.</p>
<hr />
<div>The first [[iPhone 3G]] [[Unlock 2.0|unlock]]. Released on 01/01/09. [http://blog.iphone-dev.org/post/67797811/dont-eat-yellowsn0w]<br />
<br />
A demo (of a console-only version of the app though) can be seen at http://qik.com/video/729275.<br />
<br />
==Credit==<br />
[[geohot]] (injection exploit), MuscleNerd, and [[The dev team]] (payload).<br />
<br />
==Exploit==<br />
Relies on an unsigned code exploit.<br />
<br />
The actual unlock works by a daemon patching the baseband's RAM on-the-fly, overriding the carrier lock code. It is not permanent because of the signature checks - the bootloader has to pass the sigchecks and the baseband has to pass them too, so any change to the baseband/bootloader cannot be made.<br />
<br />
The exploit itself is a buffer overflow in the at+stkprof cmd that devteam used to patch out the carrier checks in RAM.<br />
<br />
==Source Code==<br />
The source code for yellowsn0w is now live [http://xs1.iphwn.org/releases/yellowsn0w.tar.bz2]<br />
<br />
==Compatibility==<br />
yellowsn0w doesn't work with some carriers or stops working after a while.<br />
<br />
{| class="wikitable sortable" style="text-align: center; width: auto; table-layout: fixed; border-collapse: collapse;" border="1"<br />
|-<br />
! Country<br />
! Provider<br />
! SIM/USIM<br />
! Calls?<br />
! SMS?<br />
! GPRS/EDGE?<br />
! UMTS/HSDPA?<br />
! Comments<br />
|-<br />
| Bermuda<br />
| Mobility<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| Works for about ten minutes then "Sim Failure" occurs and yellowsn0w stops working.<br />
|-}<br />
<br />
==See Also==<br />
* [[Unlock 2.0]]<br />
* [[Baseband]]<br />
<br />
==External links==<br />
* [http://chronic-dev.org/blog/2008/12/props/ Chronic Dev's post about yellowsn0w]<br />
* [http://blog.iphone-dev.org/post/65126957/tis-the-season-to-be-jolly yellowsn0w Announcement]<br />
* [http://blog.iphone-dev.org/post/60599514/the-silicon-chip-inside-her-head What yellowsn0w relies on]<br />
<br />
[[Category:Unlocking Methods]]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Tutorial:Unlock_iPhone_3G_with_TurboSim&diff=2519Tutorial:Unlock iPhone 3G with TurboSim2009-01-02T00:55:38Z<p>Srts: </p>
<hr />
<div>{{disclaimer}}<br />
<br />
This article is a step by step instruction to use a net-locked iPhone-3G with a different provider. <br />
<br />
The dev team states on [http://blog.iphone-dev.org/post/44428446/updates their blog] that the SIM hacks they examined send illegal signals. <br />
<table border=1 width=100%><tr><br />
<td bgcolor=#ffA4A4><br />
<br />
'''Update / Warning:'''<br />
<br />
'''ZeroG''', was '''''not intended''''' ''' to do trickery to your cellular network'''. But due to the way the iPhone's 2.x baseband firmware handles the login, '''actually it does'''. Short overview: ZeroG starts up the SIM replacing MCC / MNC with test IMSI codes, leaving the MSIN untouched. Then it restarts the SIM giving the correct IMSI afterwards. Unfortunately the iPhone asks the SIM exactly ''one'' time for the IMSI, it doesn't care about the restart. So effectively the login into the cellular network is done in test IMSI mode. Now it is up to your provider, how it handles such requests. For normal logins (no turboSIM) the login request is processed by your provider. In the roaming case your login request is routed from the guest provider to your provider. There is no provider for 'test' MCC / MCN. Your provider has to recognize this upon login (This implies you have to manually select cellular network right from the start.) If your provider accepts the test IMSI code and does authentication with your MSIN (this implies, (real) roaming is not possible, as only _your_ provider can process MSIN correctly), everything ''could'' be fine. You don't spoof your identity, there should also be no billing problems. But if you try this method, have successfully installed ZeroG.trb and do _not_ gain access, probably your provider does not accept test IMSI mode. In this case better do not retry as you might risk your IMSI beeing blacklisted.<BR><br />
<br />
</td><br />
</tr><br />
</table><BR><br />
<br />
[[Image:Ip terminal.png | thumb | right | 240px | Swisscom -> O2 Germany]]<br />
<br />
----<br />
<br />
=== Preamble ===<br />
<br />
Apart from the warning and some other things, the method is quite stable if it works with your provider at all. You have to take care of:<br />
* never switch on 3G mode<br />
* before you use your SIM card that you want to unlock, put it in a different 2G phone and manually select provider and check GPRS works<br />
* for GPRS, "data roaming" has to be enabled on the iPhone (it is not roaming for your provider, but the iPhone thinks it's roaming)<br />
<br />
=== Motivation ===<br />
<br />
Everyone who dislikes pink T's, over-priced unlocked iPhones and likes investigating exciting techniques ... (a.s.o.)<br />
<br />
<br><br />
=== Supported Basebands ===<br />
<br />
<table cellpadding=5 border=1><br />
<tr><br />
<td style="text-align: center">Baseband</td><br />
<td style="text-align: center">Exploitable</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">01.43.00</td><br />
<td style="background-color: #c0c0c0; text-align: center">unknown</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">01.45.00</td><br />
<td style="background-color: #64ff64; text-align: center">yes</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">01.48.02</td><br />
<td style="background-color: #64ff64; text-align: center">yes</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">02.04.03</td><br />
<td style="background-color: #c0c0c0; text-align: center">unknown</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">02.08.01</td><br />
<td style="background-color: #64ff64; text-align: center">yes</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">02.11.07</td><br />
<td style="background-color: #64ff64; text-align: center">yes</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">02.28.00</td><br />
<td style="background-color: #64ff64; text-align: center">yes</td><br />
</tr><br />
</table><br />
<br><br />
<br />
=== Prerequisites ===<br />
<br />
You need:<br />
* Jailbroken iPhone 3G with OpenSSH installed (from cydia) and WLAN connection to your PC. ([http://www.iclarified.com/entry/index.php?enid=1558 Jailbreak Tutorial])<br />
* Bladox's TurboSIM. (From http://www.bladox.com)<br />
* SSH client for Windows Users such as Putty ([http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html Putty Download Page])<br />
* SCP client (e.g. [http://winscp.net/eng/download.php#download2 WinSCP]) or FTP Client such as [http://rsug.itd.umich.edu/software/fugu/ Fugu] for Mac and [http://rsug.itd.umich.edu/software/fugu/ SmartFTP] for Windows<br />
* TurboSIM programming sw [[http://dl.free.fr/pzijbVjXl/turbo-cable-utils-iPhone-0.7.0-rev3-firmware-v2.tar.gz download]]<br />
* TurboSIM app zero-g [[http://www.bladox.com/pub/zerog-0.95.tar.gz download]]<br />
<br />
----<br />
<br />
=== Installation ===<br />
<br />
1. Insert your simcard in another 2G phone, and remove the SIM Card Pin Code. You should also go to the Network Selection, and Manually select your network. Then cut your SIM card to fit with the TurboSIM. Google a little bit how to do this, or use YouTube and insert both into your iPhone 3G.<br />
<br />
2. Unpack turbo-cable-utils<br />
<br />
3. Copy contents of bin-iphonev2 to folder /bin/ on your iPhone. (username: root password: alpine)<br />
<br />
4. Unpack zerog-0.95 and copy zerog095.trb to /private/var/root/<br />
<br />
[[Image:Winscp_turbo-utils.png]]<br />
<br />
5. For Windows users, SSH into your iPhone using Putty. For Mac users, SSH into your iPhone using Terminal (Applications::Utilities::Terminal)<br />
<br />
6. Change the permissions of the turbo files to 755<br />
<br />
chmod 755 /bin/turbo-*<br />
<br />
7. Run<br />
launchctl unload -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist<br />
<br />
8. You should now lose your signal, and WiFi. Restart your phone. You will now have WiFi on and CommCentre unloaded.<br />
<br />
9. Run turbo-info<br />
<br />
# turbo-info<br />
initializing modem<br />
modem initiated<br />
OK. No Error<br />
<br />
NOTE: If you get an error from turbo-info, look for turbo-iphone-smsreset and run it.<br />
<br />
10. Now run turbo-app /private/var/root/zerog095.trb<br />
<br />
# turbo-app /private/var/root/zerog095.trb <br />
SRC /private/var/root/zerog095.trb<br />
SIZE 1032<br />
initializing modem<br />
modem initiated<br />
OK. No Error<br />
<br />
11. Run <br />
launchctl load -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist<br />
<br />
12. Now you should see Zero-G in the Sim Applications in Settings -> Phone -> Sim Applications<br />
<br />
<br />
<br />
[[Image:Ip_simapp.png]]<br />
<br />
[[Image:Ip_zerog.png]]<br />
<br />
<br />
<br />
14. Click on Zero-G<br />
<br />
15. Remove your card and TurboSIM from the 1st Generation iPhone<br />
<br />
16. You will get No Service<br />
<br />
[[Image:Ip_noservice.png]]<br />
<br />
<br />
17. Open Settings -> Phone -> Sim Applications and click on Zero-G<br />
You may be interrupted by a popup which says Going to Switch, just choose Accept (Green Button) If you do not get interrupted, it will appear in a minute after choosing Zero-G from Sim Applications.<br />
<br />
<br />
<br />
[[Image:Ip_zerog2.png]]<br />
<br />
<br />
18. That's it!!<br />
<br />
[[Image:Ip_unlocked.png]]<br />
<br />
----<br />
<br />
=== 2G data settings ===<br />
* roaming must be enabled<br />
* make sure APN settings are correct (if APN options don't show up, just install a configuration file created with Apple's 'Web Configuration Utility' ([http://www.apple.com/support/downloads/iphoneconfigurationwebutility10formac.html Mac] / [http://www.apple.com/support/downloads/iphoneconfigurationwebutility10forwindows.html Windoze]) (In Windoze you can reach it with http://localhost:3000 ). Send this file to yourself and open it with the mail client.<br />
* in BossPref (if you don't use it, don't care) 'edge' should be left enabled, even if network does not provide it (seems the BossPref option is a little bit misleading and 'edge' actually means 'GPRS/edge')<br />
<br />
=== 3G-SIM / USIM ===<br />
<br />
A new adapter was released in December 2008 (Gevey-3G Plus 2) which allows full unlocking of any firmware version (2.2 and previous), without the need of first placing the simcard in another unlocked device. You may have to turn 3G off, then insert the adapter placed with your sim card. After that you can turn 3G on. You'll have a full unlocked iPhone, including 3G signal. Also, this particular adapter does not require to cut your simcard, since the memory component is placed in the bottom part. This new version allows "flight mode" use, seamless 3G/EDGE working, as well other functions. In some cases a jailbreaking is needed in order to have it working properly.<br />
<br />
It works with (some?) USIMs (blau.de Germany) as well. 3G '''must not be activated''' on the iPhone. Once 3G is activated, it stops working, even if it is deactivated afterwards. To revive such SIM, put it in a non UMTS capable phone (did it together with turboSIM), check phone and GPRS functions and then this USIM will work again on the iPhone-3G. The SIM application (zero-g) was not visible, but it worked though. If GPRS does not work after a while (3 minutes or so), reboot your phone and try again.<br />
<br />
=== GPRS-'Fix' ===<br />
<br />
Today GPRS stopped working for me. Seems to be there are some 'states', stored on the SIM. This fixed the issue:<br />
* removed SIM+TSim<br />
* put SIM (without TSim) into non UMTS, but GPRS/edge mobile<br />
* checked GPRS<br />
* repacked Sim+TSim and put it back to the iPhone<br />
<br />
Voilà, here we go :-) GPRS for another few days :-)<br />
<br />
Tho' this might really not be the ultimate solution, I could hardly switch back to my old XDA Orbit. But XDA is a good device to revive the TSim solution... For that, I still love it a litte bit ;-)<br />
<br />
<br />
=== Stuck in No Signal after a period ===<br />
<br />
Randomly you can get stuck in a bad No Signal. To correct that:<br />
<br />
* remove SIM+TSim<br />
* put SIM (without TSim) into non 3G phone<br />
* Manually select your provider (desired to unlock) network<br />
* repack Sim+TSim and put it back to the iPhone<br />
<br />
Here we go again, unlock iphone for a few days more also.<br />
<br />
<br><br />
<br />
=== TurboSIM Compatibility with Operators ===<br />
<br />
Actually this table gives a rough overview of all *sim solutions because it reflects working of MCC/MNC = 001/01 and all *sim known so far use this method. The table doesn't give information about 3G though, as turbosim does not support 3G SIM-ME communication at the moment. So could be, some *sim solutions work with 3G where this table indicates no. Most probably there isn't any *sim solution that works in a specific configuration if this table indicates 'no' for the method at all.<br><br />
<br />
{| class="wikitable sortable" style="text-align: center; width: auto; table-layout: fixed; border-collapse: collapse;" border="1"<br />
|-<br />
! Country<br />
! Unlocked Provider<br />
! SIM/USIM<br />
! Calls?<br />
! SMS?<br />
! GPRS/EDGE?<br />
! UMTS/HSDPA?<br />
! Comments<br />
|-<br />
| Brazil<br />
| TIM<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| 3G signal with Gevey-3G adapter. Turn off 3G, insert simcard, then turn 3G on.<br />
|-<br />
| Brazil<br />
| Claro<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| 3G signal with Gevey-3G adapter. Turn off 3G, insert simcard, then turn 3G on.<br />
|-<br />
| Brazil<br />
| Vivo (Telefónica)<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| 3G signal with Gevey-3G adapter. Turn off 3G, insert simcard, then turn 3G on.<br />
|-<br />
| Brazil<br />
| BrasilTelecom<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| 3G signal with Gevey-3G adapter. Turn off 3G, insert simcard, then turn 3G on.<br />
|-<br />
| Germany<br />
| Blau.de<br />
| USIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{no}}<br />
| <br />
|-<br />
| Germany<br />
| Congstar<br />
| USIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{no}}<br />
| {{no}}<br />
| N/A<br />
|-<br />
| Germany<br />
| O2<br />
| USIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| They realized the challenge, striking back. Don't stress them. Don't use it.<br />
|-<br />
| Germany<br />
| O2<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| N/A<br />
| They realized the challenge, striking back. Don't stress them. Don't use it.<br />
|-<br />
| Israel<br />
| Orange (Partner)<br />
| USIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{no}}<br />
| <br />
|-<br />
| Jordan<br />
| Orange<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| <br />
|-<br />
| Jordan<br />
| Umniah<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| <br />
|-<br />
| Jordan<br />
| Zain<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| <br />
|-<br />
| Netherlands<br />
| KPN<br />
| USIM<br />
| {{yes}}<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| Unstable.<br />
|-<br />
| Turkey<br />
| Turkcell<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
|<br />
|-<br />
| UK<br />
| Orange<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| N/A<br />
|<br />
|-<br />
| UK<br />
| Tesco<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| N/A<br />
| <br />
|-<br />
| UK<br />
| Virgin<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| N/A<br />
| <br />
|-<br />
| UK<br />
| Vodafone<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| N/A<br />
|<br />
|-<br />
| N/A<br />
| T-Mobile<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| N/A<br />
|<br />
|-<br />
| Bermuda<br />
| Mobility<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| Please note this is a Gevey 3G and it may just be my card.<br />
|-<br />
| Australia<br />
| Three<br />
| USIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{no}}<br />
| {{yes}}<br />
| Airplane mode not working. Turn 3G off needs reboot if you want signal again. Using "i-SmartPhone" TSim<br />
|-}<br />
<br />
=== Remarks ===<br />
<br />
* Important is you get zero-g into your turboSim. So you could also try with a first gen iphone, this needs the other version of turbo-cable-utils (bin-iphonev1) in case you didn't upgrade to 2.x yet.<br />
* If you get ''ERROR: Not Enough RAM'' run '''turbo-rm-apps'''<br />
* If you should encounter any problems with your TurboSIM (no access anymore, wrong app, ...) there is an easy method to remove installed turbo sim applications: instead of giving your SIM-Pin, enter the TPIN which you can find next to the serial number on the cover. This will reset your TurboSIM. Afterwards the phone asks a second time for your PIN, now use the SIM-Pin.<br />
<br />
<br />
[[Category:Unlocking Methods]]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=X-Gold_608_Unlock&diff=2511X-Gold 608 Unlock2009-01-01T16:03:24Z<p>Srts: </p>
<hr />
<div>Currently, the 3G (software) [[unlock]] which is not baseband-dependent is the biggest missing piece of the iPhone community. It is more difficult than the previous unlocks due to the fact that the [[Baseband_Bootloader | baseband bootloader]] is signature checked. [[The dev team]] has successfully unlocked all baseband versions, by a somehow patching the baseband on-the-fly (in RAM), therefore at boot the baseband bootrom can validate the bootloader, the bootloader can validate the baseband, and not until after the boot up will it be patched. The unlock (called [[yellowsn0w]]) was released on 01/01/09. [http://blog.iphone-dev.org/post/67797811/dont-eat-yellowsn0w]<br />
<br />
==Possible Methods==<br />
===Class 1===<br />
* Find an exploit in the [[Baseband Bootrom|bootrom]] to break the chain of trust<br />
* Improve by several orders of magnitude the [[NCK Brute Force|NCK brute forcer]], and find a way to extract the CHIPID and NORID<br />
* Find the theorized algorithm of NCK generation<br />
===Class 2===<br />
* Use a [[SIM hacks|SIM hack]] such as the [[Unlock iphone-3G with TurboSim|TurboSIM Unlock]]<br />
* Find a way to patch running memory to "unlock" the phone on every bootup. The [[dev team]] has accomplished this.<br />
<br />
==Resources==<br />
* Read about the [[X-Gold 608]]<br />
* Read geohot's [http://iphonejtag.blogspot.com/2008/07/infineon-we-have-problem.html blog post]<br />
* 25CC presentation [http://events.ccc.de/congress/2008/Fahrplan/events/2976.en.html "Hacking the iPhone"] video [http://vimeo.com/2646755?pg=embed&sec=2646755 here]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Main_Page&diff=2510Main Page2009-01-01T16:02:17Z<p>Srts: </p>
<hr />
<div><table border=1 width=100%><tr><br />
<td bgcolor=#64ff64 width=50%><center><b>[[PwnageTool|Jailbreak]]</b></center></td><br />
<td bgcolor=#64ff64 width=50%><center><b>[[Unlock 2.0|Unlock]]</b></center></td><br />
</tr><br />
<tr><br />
<td colspan=2><br />
<center>[[Disclaimer]]</center><br />
</td><br />
</tr><br />
</table><BR><br />
<br />
<!-- Just a try to make the layout more comfortable -caique2001 --><br />
{| cellspacing="3" width="100%"<br />
|- valign="top"<br />
|width="20%" class="MainPageBG" style="border: 1px #999999; color: #000; background-color: rgb(255,255,255)"|<br />
<div style="padding: .3em .7em .7em"> <BR> <BR> __TOC__ </div><br />
|width="80%" class="MainPageBG" style="border: 1px #c6c9ff; color: #000; background-color: #f0f0ff"|<br />
<div style="padding: .3em .7em .7em"> {{Welcome}} </div><br />
|}<br />
==Software==<br />
* [[Filesystem]]<br />
* [[Device Nodes]]<br />
* [[System Log]]<br />
* [[IPhoneLinux|Linux on iPhone]]<br />
<br />
==Hardware==<br />
* [[m68ap|iPhone (m68ap)]]<br />
* [[n82ap|iPhone 3G (n82ap)]]<br />
* [[n45ap|iPod touch (n45ap)]]<br />
* [[n72ap|iPod touch 2nd Generation (n72ap)]]<br />
<br />
==App Processor (Jailbreak)==<br />
The iPhone makes use of the [[S5L8900]] platform as application processor. Here is where the [[Jailbreak|jailbreak]] applies.<br />
<br />
==Baseband (Unlock)==<br />
<br />
The [[Baseband Device]] is where the [[unlock]] applies.<br />
<br />
==File formats==<br />
* [[8900 File Format]]<br />
* [[IMG2 File Format]]<br />
* [[IMG3 File Format]]<br />
* [[secpack]]<br />
* [[secpack 2.0]]<br />
* [[seczone]]<br />
<br />
==Protocols==<br />
* [[Recovery Mode 0x1280]]<br />
* [[Recovery Mode 0x1281]]<br />
* [[DFU 0x1222]]<br />
* [[WTF 0x1227]]<br />
* [[Normal Mode 0x1290]]<br />
* [[Restore Mode]]<br />
* [[Baseband Bootrom Protocol]]<br />
* [[Interactive Mode|Baseband Bootloader Protocol]]<br />
<br />
==Keys==<br />
* [[AES Keys]]<br />
* [[Apple Certificate]]<br />
* [[Baseband RSA Keys]]<br />
* [[Baseband TEA Keys]]<br />
* [[IMG3 Keys / IVs]]<br />
* [[NCK]]<br />
* [[VFDecrypt Keys|Root Filesystem DMG Keys]]<br />
<br />
==Application Development==<br />
* [[Toolchain]] (Includes tutorials)<br />
* [[Toolchain 2.0]] (Includes tutorials)<br />
* [[Frameworks]]<br />
* [[MobileDevice Library]]<br />
* [[Apple Certification Process]]<br />
* [[Bypassing iPhone Code Signatures]]<br />
* [[Distribution Methods]]<br />
<br />
==Tutorials==<br />
see [[Tutorials|here]]<br />
<br />
==Useful Links==<br />
see [[Useful Links|here]]<br />
<br />
==Definitions==<br />
* [[jailbreak]]<br />
* [[activation]]<br />
* [[unlock]]<br />
* [[Baseband Device|baseband]]<br />
* [[Baseband Bootloader|bootloader]]<br />
* [[DFU]]<br />
* [[NORID]]<br />
* [[CHIPID]]<br />
<br />
==Other Useful Hacks==<br />
* [[Bluetooth]]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Main_Page&diff=2509Main Page2009-01-01T16:02:00Z<p>Srts: </p>
<hr />
<div><table border=1 width=100%><tr><br />
<td bgcolor=#64ff64 width=50%><center><b>[[PwnageTool|Jailbreak]]</b></center></td><br />
<td bgcolor=#64ff64 width=50%><center><b>[[Unlock 2.0|Unlock]] (Complete)</b></center></td><br />
</tr><br />
<tr><br />
<td colspan=2><br />
<center>[[Disclaimer]]</center><br />
</td><br />
</tr><br />
</table><BR><br />
<br />
<!-- Just a try to make the layout more comfortable -caique2001 --><br />
{| cellspacing="3" width="100%"<br />
|- valign="top"<br />
|width="20%" class="MainPageBG" style="border: 1px #999999; color: #000; background-color: rgb(255,255,255)"|<br />
<div style="padding: .3em .7em .7em"> <BR> <BR> __TOC__ </div><br />
|width="80%" class="MainPageBG" style="border: 1px #c6c9ff; color: #000; background-color: #f0f0ff"|<br />
<div style="padding: .3em .7em .7em"> {{Welcome}} </div><br />
|}<br />
==Software==<br />
* [[Filesystem]]<br />
* [[Device Nodes]]<br />
* [[System Log]]<br />
* [[IPhoneLinux|Linux on iPhone]]<br />
<br />
==Hardware==<br />
* [[m68ap|iPhone (m68ap)]]<br />
* [[n82ap|iPhone 3G (n82ap)]]<br />
* [[n45ap|iPod touch (n45ap)]]<br />
* [[n72ap|iPod touch 2nd Generation (n72ap)]]<br />
<br />
==App Processor (Jailbreak)==<br />
The iPhone makes use of the [[S5L8900]] platform as application processor. Here is where the [[Jailbreak|jailbreak]] applies.<br />
<br />
==Baseband (Unlock)==<br />
<br />
The [[Baseband Device]] is where the [[unlock]] applies.<br />
<br />
==File formats==<br />
* [[8900 File Format]]<br />
* [[IMG2 File Format]]<br />
* [[IMG3 File Format]]<br />
* [[secpack]]<br />
* [[secpack 2.0]]<br />
* [[seczone]]<br />
<br />
==Protocols==<br />
* [[Recovery Mode 0x1280]]<br />
* [[Recovery Mode 0x1281]]<br />
* [[DFU 0x1222]]<br />
* [[WTF 0x1227]]<br />
* [[Normal Mode 0x1290]]<br />
* [[Restore Mode]]<br />
* [[Baseband Bootrom Protocol]]<br />
* [[Interactive Mode|Baseband Bootloader Protocol]]<br />
<br />
==Keys==<br />
* [[AES Keys]]<br />
* [[Apple Certificate]]<br />
* [[Baseband RSA Keys]]<br />
* [[Baseband TEA Keys]]<br />
* [[IMG3 Keys / IVs]]<br />
* [[NCK]]<br />
* [[VFDecrypt Keys|Root Filesystem DMG Keys]]<br />
<br />
==Application Development==<br />
* [[Toolchain]] (Includes tutorials)<br />
* [[Toolchain 2.0]] (Includes tutorials)<br />
* [[Frameworks]]<br />
* [[MobileDevice Library]]<br />
* [[Apple Certification Process]]<br />
* [[Bypassing iPhone Code Signatures]]<br />
* [[Distribution Methods]]<br />
<br />
==Tutorials==<br />
see [[Tutorials|here]]<br />
<br />
==Useful Links==<br />
see [[Useful Links|here]]<br />
<br />
==Definitions==<br />
* [[jailbreak]]<br />
* [[activation]]<br />
* [[unlock]]<br />
* [[Baseband Device|baseband]]<br />
* [[Baseband Bootloader|bootloader]]<br />
* [[DFU]]<br />
* [[NORID]]<br />
* [[CHIPID]]<br />
<br />
==Other Useful Hacks==<br />
* [[Bluetooth]]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Ultrasn0w&diff=2508Ultrasn0w2009-01-01T16:00:51Z<p>Srts: </p>
<hr />
<div>The first [[iPhone 3G]] [[Unlock 2.0|unlock]]. Released on 01/01/09. [http://blog.iphone-dev.org/post/67797811/dont-eat-yellowsn0w]<br />
<br />
A demo (of a console-only version of the app though) can be seen at http://qik.com/video/729275.<br />
<br />
==Credit==<br />
[[The dev team]].<br />
<br />
==Exploit==<br />
Relies on an unsigned code exploit.<br />
<br />
The actual unlock works by a daemon patching the baseband's RAM on-the-fly, overriding the carrier lock code. It is not permanent because of the signature checks - the bootloader has to pass the sigchecks and the baseband has to pass them too, so any change to the baseband/bootloader cannot be made.<br />
<br />
(Currently there's no any further information)<br />
<br />
==See Also==<br />
* [[Unlock 2.0]]<br />
* [[Baseband]]<br />
<br />
==External links==<br />
* [http://chronic-dev.org/blog/2008/12/props/ Chronic Dev's post about yellowsn0w]<br />
* [http://blog.iphone-dev.org/post/65126957/tis-the-season-to-be-jolly yellowsn0w Announcement]<br />
* [http://blog.iphone-dev.org/post/60599514/the-silicon-chip-inside-her-head What yellowsn0w relies on]<br />
<br />
[[Category:Unlocking Methods]]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Tutorial:Unlock_iPhone_3G_with_TurboSim&diff=2316Tutorial:Unlock iPhone 3G with TurboSim2008-11-02T00:14:22Z<p>Srts: /* TurboSIM Compatibility with Operators */</p>
<hr />
<div>{{disclaimer}}<br />
<br />
This article is a step by step instruction to use a net-locked iPhone-3G with a different provider. <br />
<br />
The dev team states on [http://blog.iphone-dev.org/post/44428446/updates their blog] that the SIM hacks they examined send illegal signals. <br />
<table border=1 width=100%><tr><br />
<td bgcolor=#ffA4A4><br />
<br />
'''Update / Warning:'''<br />
<br />
'''ZeroG''', was '''''not intended''''' ''' to do trickery to your cellular network'''. But due to the way the iPhone's 2.x baseband firmware handles the login, '''actually it does'''. Short overview: ZeroG starts up the SIM replacing MCC / MNC with test IMSI codes, leaving the MSIN untouched. Then it restarts the SIM giving the correct IMSI afterwards. Unfortunately the iPhone asks the SIM exactly ''one'' time for the IMSI, it doesn't care about the restart. So effectively the login into the cellular network is done in test IMSI mode. Now it is up to your provider, how it handles such requests. For normal logins (no turboSIM) the login request is processed by your provider. In the roaming case your login request is routed from the guest provider to your provider. There is no provider for 'test' MCC / MCN. Your provider has to recognize this upon login (This implies you have to manually select cellular network right from the start.) If your provider accepts the test IMSI code and does authentication with your MSIN (this implies, (real) roaming is not possible, as only _your_ provider can process MSIN correctly), everything ''could'' be fine. You don't spoof your identity, there should also be no billing problems. But if you try this method, have successfully installed ZeroG.trb and do _not_ gain access, probably your provider does not accept test IMSI mode. In this case better do not retry as you might risk your IMSI beeing blacklisted.<BR><br />
<br />
</td><br />
</tr><br />
</table><BR><br />
<br />
[[Image:Ip terminal.png | thumb | right | 240px | Swisscom -> O2 Germany]]<br />
<br />
----<br />
<br />
=== Preamble ===<br />
<br />
Apart from the warning and some other things, the method is quite stable if it works with your provider at all. You have to take care of:<br />
* never switch on 3G mode<br />
* before you use your SIM card that you want to unlock, put it in a different 2G phone and manually select provider and check GPRS works<br />
* for GPRS, "data roaming" has to be enabled on the iPhone (it is not roaming for your provider, but the iPhone thinks it's roaming)<br />
<br />
=== Motivation ===<br />
<br />
Everyone who dislikes pink T's, over-priced unlocked iPhones and likes investigating exciting techniques ... (a.s.o.)<br />
<br />
<br><br />
=== Supported Basebands ===<br />
<br />
<table cellpadding=5 border=1><br />
<tr><br />
<td style="text-align: center">Baseband</td><br />
<td style="text-align: center">Exploitable</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">1.43.00</td><br />
<td style="background-color: #c0c0c0; text-align: center">unknown</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">1.45.00</td><br />
<td style="background-color: #64ff64; text-align: center">yes</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">1.48.02</td><br />
<td style="background-color: #64ff64; text-align: center">yes</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">2.04.03</td><br />
<td style="background-color: #c0c0c0; text-align: center">unknown</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">2.08.01</td><br />
<td style="background-color: #64ff64; text-align: center">yes</td><br />
</tr><br />
</table><br />
<br><br />
<br />
=== Prerequisites ===<br />
<br />
You need:<br />
* Jailbroken iPhone 3G with OpenSSH installed (from cydia) and WLAN connection to your PC. ([http://www.iclarified.com/entry/index.php?enid=1558 Jailbreak Tutorial])<br />
* Bladox's TurboSIM. (From http://www.bladox.com)<br />
* SSH client for Windows Users such as Putty ([http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html Putty Download Page])<br />
* SCP client (e.g. [http://winscp.net/eng/download.php#download2 WinSCP]) or FTP Client such as [http://rsug.itd.umich.edu/software/fugu/ Fugu] for Mac and [http://rsug.itd.umich.edu/software/fugu/ SmartFTP] for Windows<br />
* TurboSIM programming sw [[http://dl.free.fr/pzijbVjXl/turbo-cable-utils-iPhone-0.7.0-rev3-firmware-v2.tar.gz download]]<br />
* TurboSIM app zero-g [[http://www.bladox.com/pub/zerog-0.95.tar.gz download]]<br />
<br />
----<br />
<br />
=== Installation ===<br />
<br />
1. Insert your simcard in another 2G phone, and remove the SIM Card Pin Code. You should also go to the Network Selection, and Manually select your network. Then cut your SIM card to fit with the TurboSIM. Google a little bit how to do this, or use YouTube and insert both into your iPhone 3G.<br />
<br />
2. Unpack turbo-cable-utils<br />
<br />
3. Copy contents of bin-iphonev2 to folder /bin/ on your iPhone. (username: root password: alpine)<br />
<br />
4. Unpack zerog-0.95 and copy zerog095.trb to /private/var/root/<br />
<br />
[[Image:Winscp_turbo-utils.png]]<br />
<br />
5. For Windows users, SSH into your iPhone using Putty. For Mac users, SSH into your iPhone using Terminal (Applications::Utilities::Terminal)<br />
<br />
6. Change the permissions of the turbo files to 755<br />
<br />
chmod 755 /bin/turbo-*<br />
<br />
7. Run<br />
launchctl unload -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist<br />
<br />
8. You should now lose your signal, and WiFi. Restart your phone. You will now have WiFi on and CommCentre unloaded.<br />
<br />
9. Run turbo-info<br />
<br />
# turbo-info<br />
initializing modem<br />
modem initiated<br />
OK. No Error<br />
<br />
NOTE: If you get an error from turbo-info, look for turbo-iphone-smsreset and run it.<br />
<br />
10. Now run turbo-app /private/var/root/zerog095.trb<br />
<br />
# turbo-app /private/var/root/zerog095.trb <br />
SRC /private/var/root/zerog095.trb<br />
SIZE 1032<br />
initializing modem<br />
modem initiated<br />
OK. No Error<br />
<br />
11. Run <br />
launchctl load -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist<br />
<br />
12. Now you should see Zero-G in the Sim Applications in Settings -> Phone -> Sim Applications<br />
<br />
<br />
<br />
[[Image:Ip_simapp.png]]<br />
<br />
[[Image:Ip_zerog.png]]<br />
<br />
<br />
<br />
14. Click on Zero-G<br />
<br />
15. Remove your card and TurboSIM from the 1st Generation iPhone<br />
<br />
16. You will get No Service<br />
<br />
[[Image:Ip_noservice.png]]<br />
<br />
<br />
17. Open Settings -> Phone -> Sim Applications and click on Zero-G<br />
You may be interrupted by a popup which says Going to Switch, just choose Accept (Green Button) If you do not get interrupted, it will appear in a minute after choosing Zero-G from Sim Applications.<br />
<br />
<br />
<br />
[[Image:Ip_zerog2.png]]<br />
<br />
<br />
18. That's it!!<br />
<br />
[[Image:Ip_unlocked.png]]<br />
<br />
----<br />
<br />
=== 2G data settings ===<br />
* roaming must be enabled<br />
* make sure APN settings are correct (if APN options don't show up, just install a configuration file created with Apple's 'Web Configuration Utility' ([http://www.apple.com/support/downloads/iphoneconfigurationwebutility10formac.html Mac] / [http://www.apple.com/support/downloads/iphoneconfigurationwebutility10forwindows.html Windoze]) (In Windoze you can reach it with http://localhost:3000 ). Send this file to yourself and open it with the mail client.<br />
* in BossPref (if you don't use it, don't care) 'edge' should be left enabled, even if network does not provide it (seems the BossPref option is a little bit misleading and 'edge' actually means 'GPRS/edge')<br />
<br />
=== 3G-SIM / USIM ===<br />
<br />
A new adapter was released in September (Gevey-3G) which allows full unlocking without the need of first placing the simcard in another unlocked device. You may have to turn 3G off, then insert the adapter placed with your sim card. After that you can turn 3G on. You'll have a full unlocked iPhone, including 3G signal. Also, this particular adapter does not require to cut your simcard, since the memory component is placed in the bottom part. This adapter does not allow "flight mode" use. In some cases a jailbreaking is needed in order to have it working properly.<br />
<br />
It works with (some?) USIMs (blau.de Germany) as well. 3G '''must not be activated''' on the iPhone. Once 3G is activated, it stops working, even if it is deactivated afterwards. To revive such SIM, put it in a non UMTS capable phone (did it together with turboSIM), check phone and GPRS functions and then this USIM will work again on the iPhone-3G. The SIM application (zero-g) was not visible, but it worked though. If GPRS does not work after a while (3 minutes or so), reboot your phone and try again.<br />
<br />
=== GPRS-'Fix' ===<br />
<br />
Today GPRS stopped working for me. Seems to be there are some 'states', stored on the SIM. This fixed the issue:<br />
* removed SIM+TSim<br />
* put SIM (without TSim) into non UMTS, but GPRS/edge mobile<br />
* checked GPRS<br />
* repacked Sim+TSim and put it back to the iPhone<br />
<br />
Voilà, here we go :-) GPRS for another few days :-)<br />
<br />
Tho' this might really not be the ultimate solution, I could hardly switch back to my old XDA Orbit. But XDA is a good device to revive the TSim solution... For that, I still love it a litte bit ;-)<br />
<br />
<br />
=== Stuck in No Signal after a period ===<br />
<br />
Randomly you can get stuck in a bad No Signal. To correct that:<br />
<br />
* remove SIM+TSim<br />
* put SIM (without TSim) into non 3G phone<br />
* Manually select your provider (desired to unlock) network<br />
* repack Sim+TSim and put it back to the iPhone<br />
<br />
Here we go again, unlock iphone for a few days more also.<br />
<br />
<br><br />
<br />
=== TurboSIM Compatibility with Operators ===<br />
<br />
Actually this table gives a rough overview of all *sim solutions because it reflects working of MCC/MNC = 001/01 and all *sim known so far use this method. The table doesn't give information about 3G though, as turbosim does not support 3G SIM-ME communication at the moment. So could be, some *sim solutions work with 3G where this table indicates no. Most probably there isn't any *sim solution that works in a specific configuration if this table indicates 'no' for the method at all.<br><br />
<br />
{| class="wikitable sortable" style="text-align: center; width: auto; table-layout: fixed; border-collapse: collapse;" border="1"<br />
|-<br />
! Country<br />
! Unlocked Provider<br />
! SIM/USIM<br />
! Calls?<br />
! SMS?<br />
! GPRS/EDGE?<br />
! UMTS/HSDPA?<br />
! Comments<br />
|-<br />
| Brazil<br />
| TIM<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| 3G signal with Gevey-3G adapter. Turn off 3G, insert simcard, then turn 3G on.<br />
|-<br />
| Brazil<br />
| Claro<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| 3G signal with Gevey-3G adapter. Turn off 3G, insert simcard, then turn 3G on.<br />
|-<br />
| Brazil<br />
| Vivo (Telefónica)<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| 3G signal with Gevey-3G adapter. Turn off 3G, insert simcard, then turn 3G on.<br />
|-<br />
| Brazil<br />
| BrasilTelecom<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| 3G signal with Gevey-3G adapter. Turn off 3G, insert simcard, then turn 3G on.<br />
|-<br />
| Germany<br />
| Blau.de<br />
| USIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{no}}<br />
| <br />
|-<br />
| Germany<br />
| Congstar<br />
| USIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{no}}<br />
| {{no}}<br />
| N/A<br />
|-<br />
| Germany<br />
| O2<br />
| USIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| They realized the challenge, striking back. Don't stress them. Don't use it.<br />
|-<br />
| Germany<br />
| O2<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| N/A<br />
| They realized the challenge, striking back. Don't stress them. Don't use it.<br />
|-<br />
| Israel<br />
| Orange (Partner)<br />
| USIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{no}}<br />
| <br />
|-<br />
| Jordan<br />
| Orange<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| <br />
|-<br />
| Jordan<br />
| Umniah<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| <br />
|-<br />
| Jordan<br />
| Zain<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| <br />
|-<br />
| Netherlands<br />
| KPN<br />
| USIM<br />
| {{yes}}<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| Unstable.<br />
|-<br />
| Turkey<br />
| Turkcell<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
|<br />
|-<br />
| UK<br />
| Orange<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| N/A<br />
|<br />
|-<br />
| UK<br />
| Tesco<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| N/A<br />
| <br />
|-<br />
| UK<br />
| Virgin<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| N/A<br />
| <br />
|-<br />
| UK<br />
| Vodafone<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| N/A<br />
|<br />
|-<br />
| N/A<br />
| T-Mobile<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| N/A<br />
|<br />
|-<br />
| Bermuda<br />
| Mobility<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| Please note this is a Gevey 3G and it may just be my card.<br />
|}<br />
<br />
=== Remarks ===<br />
<br />
* Important is you get zero-g into your turboSim. So you could also try with a first gen iphone, this needs the other version of turbo-cable-utils (bin-iphonev1) in case you didn't upgrade to 2.x yet.<br />
* If you get ''ERROR: Not Enough RAM'' run '''turbo-rm-apps'''<br />
* If you should encounter any problems with your TurboSIM (no access anymore, wrong app, ...) there is an easy method to remove installed turbo sim applications: instead of giving your SIM-Pin, enter the TPIN which you can find next to the serial number on the cover. This will reset your TurboSIM. Afterwards the phone asks a second time for your PIN, now use the SIM-Pin.<br />
<br />
**A little help Gevey 3G not working at all not even picking up sim card any suggestions?**<br />
<br />
[[Category:Unlocking Methods]]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Tutorial:Unlock_iPhone_3G_with_TurboSim&diff=2315Tutorial:Unlock iPhone 3G with TurboSim2008-11-02T00:13:32Z<p>Srts: /* TurboSIM Compatibility with Operators */</p>
<hr />
<div>{{disclaimer}}<br />
<br />
This article is a step by step instruction to use a net-locked iPhone-3G with a different provider. <br />
<br />
The dev team states on [http://blog.iphone-dev.org/post/44428446/updates their blog] that the SIM hacks they examined send illegal signals. <br />
<table border=1 width=100%><tr><br />
<td bgcolor=#ffA4A4><br />
<br />
'''Update / Warning:'''<br />
<br />
'''ZeroG''', was '''''not intended''''' ''' to do trickery to your cellular network'''. But due to the way the iPhone's 2.x baseband firmware handles the login, '''actually it does'''. Short overview: ZeroG starts up the SIM replacing MCC / MNC with test IMSI codes, leaving the MSIN untouched. Then it restarts the SIM giving the correct IMSI afterwards. Unfortunately the iPhone asks the SIM exactly ''one'' time for the IMSI, it doesn't care about the restart. So effectively the login into the cellular network is done in test IMSI mode. Now it is up to your provider, how it handles such requests. For normal logins (no turboSIM) the login request is processed by your provider. In the roaming case your login request is routed from the guest provider to your provider. There is no provider for 'test' MCC / MCN. Your provider has to recognize this upon login (This implies you have to manually select cellular network right from the start.) If your provider accepts the test IMSI code and does authentication with your MSIN (this implies, (real) roaming is not possible, as only _your_ provider can process MSIN correctly), everything ''could'' be fine. You don't spoof your identity, there should also be no billing problems. But if you try this method, have successfully installed ZeroG.trb and do _not_ gain access, probably your provider does not accept test IMSI mode. In this case better do not retry as you might risk your IMSI beeing blacklisted.<BR><br />
<br />
</td><br />
</tr><br />
</table><BR><br />
<br />
[[Image:Ip terminal.png | thumb | right | 240px | Swisscom -> O2 Germany]]<br />
<br />
----<br />
<br />
=== Preamble ===<br />
<br />
Apart from the warning and some other things, the method is quite stable if it works with your provider at all. You have to take care of:<br />
* never switch on 3G mode<br />
* before you use your SIM card that you want to unlock, put it in a different 2G phone and manually select provider and check GPRS works<br />
* for GPRS, "data roaming" has to be enabled on the iPhone (it is not roaming for your provider, but the iPhone thinks it's roaming)<br />
<br />
=== Motivation ===<br />
<br />
Everyone who dislikes pink T's, over-priced unlocked iPhones and likes investigating exciting techniques ... (a.s.o.)<br />
<br />
<br><br />
=== Supported Basebands ===<br />
<br />
<table cellpadding=5 border=1><br />
<tr><br />
<td style="text-align: center">Baseband</td><br />
<td style="text-align: center">Exploitable</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">1.43.00</td><br />
<td style="background-color: #c0c0c0; text-align: center">unknown</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">1.45.00</td><br />
<td style="background-color: #64ff64; text-align: center">yes</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">1.48.02</td><br />
<td style="background-color: #64ff64; text-align: center">yes</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">2.04.03</td><br />
<td style="background-color: #c0c0c0; text-align: center">unknown</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">2.08.01</td><br />
<td style="background-color: #64ff64; text-align: center">yes</td><br />
</tr><br />
</table><br />
<br><br />
<br />
=== Prerequisites ===<br />
<br />
You need:<br />
* Jailbroken iPhone 3G with OpenSSH installed (from cydia) and WLAN connection to your PC. ([http://www.iclarified.com/entry/index.php?enid=1558 Jailbreak Tutorial])<br />
* Bladox's TurboSIM. (From http://www.bladox.com)<br />
* SSH client for Windows Users such as Putty ([http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html Putty Download Page])<br />
* SCP client (e.g. [http://winscp.net/eng/download.php#download2 WinSCP]) or FTP Client such as [http://rsug.itd.umich.edu/software/fugu/ Fugu] for Mac and [http://rsug.itd.umich.edu/software/fugu/ SmartFTP] for Windows<br />
* TurboSIM programming sw [[http://dl.free.fr/pzijbVjXl/turbo-cable-utils-iPhone-0.7.0-rev3-firmware-v2.tar.gz download]]<br />
* TurboSIM app zero-g [[http://www.bladox.com/pub/zerog-0.95.tar.gz download]]<br />
<br />
----<br />
<br />
=== Installation ===<br />
<br />
1. Insert your simcard in another 2G phone, and remove the SIM Card Pin Code. You should also go to the Network Selection, and Manually select your network. Then cut your SIM card to fit with the TurboSIM. Google a little bit how to do this, or use YouTube and insert both into your iPhone 3G.<br />
<br />
2. Unpack turbo-cable-utils<br />
<br />
3. Copy contents of bin-iphonev2 to folder /bin/ on your iPhone. (username: root password: alpine)<br />
<br />
4. Unpack zerog-0.95 and copy zerog095.trb to /private/var/root/<br />
<br />
[[Image:Winscp_turbo-utils.png]]<br />
<br />
5. For Windows users, SSH into your iPhone using Putty. For Mac users, SSH into your iPhone using Terminal (Applications::Utilities::Terminal)<br />
<br />
6. Change the permissions of the turbo files to 755<br />
<br />
chmod 755 /bin/turbo-*<br />
<br />
7. Run<br />
launchctl unload -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist<br />
<br />
8. You should now lose your signal, and WiFi. Restart your phone. You will now have WiFi on and CommCentre unloaded.<br />
<br />
9. Run turbo-info<br />
<br />
# turbo-info<br />
initializing modem<br />
modem initiated<br />
OK. No Error<br />
<br />
NOTE: If you get an error from turbo-info, look for turbo-iphone-smsreset and run it.<br />
<br />
10. Now run turbo-app /private/var/root/zerog095.trb<br />
<br />
# turbo-app /private/var/root/zerog095.trb <br />
SRC /private/var/root/zerog095.trb<br />
SIZE 1032<br />
initializing modem<br />
modem initiated<br />
OK. No Error<br />
<br />
11. Run <br />
launchctl load -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist<br />
<br />
12. Now you should see Zero-G in the Sim Applications in Settings -> Phone -> Sim Applications<br />
<br />
<br />
<br />
[[Image:Ip_simapp.png]]<br />
<br />
[[Image:Ip_zerog.png]]<br />
<br />
<br />
<br />
14. Click on Zero-G<br />
<br />
15. Remove your card and TurboSIM from the 1st Generation iPhone<br />
<br />
16. You will get No Service<br />
<br />
[[Image:Ip_noservice.png]]<br />
<br />
<br />
17. Open Settings -> Phone -> Sim Applications and click on Zero-G<br />
You may be interrupted by a popup which says Going to Switch, just choose Accept (Green Button) If you do not get interrupted, it will appear in a minute after choosing Zero-G from Sim Applications.<br />
<br />
<br />
<br />
[[Image:Ip_zerog2.png]]<br />
<br />
<br />
18. That's it!!<br />
<br />
[[Image:Ip_unlocked.png]]<br />
<br />
----<br />
<br />
=== 2G data settings ===<br />
* roaming must be enabled<br />
* make sure APN settings are correct (if APN options don't show up, just install a configuration file created with Apple's 'Web Configuration Utility' ([http://www.apple.com/support/downloads/iphoneconfigurationwebutility10formac.html Mac] / [http://www.apple.com/support/downloads/iphoneconfigurationwebutility10forwindows.html Windoze]) (In Windoze you can reach it with http://localhost:3000 ). Send this file to yourself and open it with the mail client.<br />
* in BossPref (if you don't use it, don't care) 'edge' should be left enabled, even if network does not provide it (seems the BossPref option is a little bit misleading and 'edge' actually means 'GPRS/edge')<br />
<br />
=== 3G-SIM / USIM ===<br />
<br />
A new adapter was released in September (Gevey-3G) which allows full unlocking without the need of first placing the simcard in another unlocked device. You may have to turn 3G off, then insert the adapter placed with your sim card. After that you can turn 3G on. You'll have a full unlocked iPhone, including 3G signal. Also, this particular adapter does not require to cut your simcard, since the memory component is placed in the bottom part. This adapter does not allow "flight mode" use. In some cases a jailbreaking is needed in order to have it working properly.<br />
<br />
It works with (some?) USIMs (blau.de Germany) as well. 3G '''must not be activated''' on the iPhone. Once 3G is activated, it stops working, even if it is deactivated afterwards. To revive such SIM, put it in a non UMTS capable phone (did it together with turboSIM), check phone and GPRS functions and then this USIM will work again on the iPhone-3G. The SIM application (zero-g) was not visible, but it worked though. If GPRS does not work after a while (3 minutes or so), reboot your phone and try again.<br />
<br />
=== GPRS-'Fix' ===<br />
<br />
Today GPRS stopped working for me. Seems to be there are some 'states', stored on the SIM. This fixed the issue:<br />
* removed SIM+TSim<br />
* put SIM (without TSim) into non UMTS, but GPRS/edge mobile<br />
* checked GPRS<br />
* repacked Sim+TSim and put it back to the iPhone<br />
<br />
Voilà, here we go :-) GPRS for another few days :-)<br />
<br />
Tho' this might really not be the ultimate solution, I could hardly switch back to my old XDA Orbit. But XDA is a good device to revive the TSim solution... For that, I still love it a litte bit ;-)<br />
<br />
<br />
=== Stuck in No Signal after a period ===<br />
<br />
Randomly you can get stuck in a bad No Signal. To correct that:<br />
<br />
* remove SIM+TSim<br />
* put SIM (without TSim) into non 3G phone<br />
* Manually select your provider (desired to unlock) network<br />
* repack Sim+TSim and put it back to the iPhone<br />
<br />
Here we go again, unlock iphone for a few days more also.<br />
<br />
<br><br />
<br />
=== TurboSIM Compatibility with Operators ===<br />
<br />
Actually this table gives a rough overview of all *sim solutions because it reflects working of MCC/MNC = 001/01 and all *sim known so far use this method. The table doesn't give information about 3G though, as turbosim does not support 3G SIM-ME communication at the moment. So could be, some *sim solutions work with 3G where this table indicates no. Most probably there isn't any *sim solution that works in a specific configuration if this table indicates 'no' for the method at all.<br><br />
<br />
{| class="wikitable sortable" style="text-align: center; width: auto; table-layout: fixed; border-collapse: collapse;" border="1"<br />
|-<br />
! Country<br />
! Unlocked Provider<br />
! SIM/USIM<br />
! Calls?<br />
! SMS?<br />
! GPRS/EDGE?<br />
! UMTS/HSDPA?<br />
! Comments<br />
|-<br />
| Brazil<br />
| TIM<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| 3G signal with Gevey-3G adapter. Turn off 3G, insert simcard, then turn 3G on.<br />
|-<br />
| Brazil<br />
| Claro<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| 3G signal with Gevey-3G adapter. Turn off 3G, insert simcard, then turn 3G on.<br />
|-<br />
| Brazil<br />
| Vivo (Telefónica)<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| 3G signal with Gevey-3G adapter. Turn off 3G, insert simcard, then turn 3G on.<br />
|-<br />
| Brazil<br />
| BrasilTelecom<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| 3G signal with Gevey-3G adapter. Turn off 3G, insert simcard, then turn 3G on.<br />
|-<br />
| Germany<br />
| Blau.de<br />
| USIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{no}}<br />
| <br />
|-<br />
| Germany<br />
| Congstar<br />
| USIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{no}}<br />
| {{no}}<br />
| N/A<br />
|-<br />
| Germany<br />
| O2<br />
| USIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| They realized the challenge, striking back. Don't stress them. Don't use it.<br />
|-<br />
| Germany<br />
| O2<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| N/A<br />
| They realized the challenge, striking back. Don't stress them. Don't use it.<br />
|-<br />
| Israel<br />
| Orange (Partner)<br />
| USIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{no}}<br />
| <br />
|-<br />
| Jordan<br />
| Orange<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| <br />
|-<br />
| Jordan<br />
| Umniah<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| <br />
|-<br />
| Jordan<br />
| Zain<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| <br />
|-<br />
| Netherlands<br />
| KPN<br />
| USIM<br />
| {{yes}}<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| Unstable.<br />
|-<br />
| Turkey<br />
| Turkcell<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
|<br />
|-<br />
| UK<br />
| Orange<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| N/A<br />
|<br />
|-<br />
| UK<br />
| Tesco<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| N/A<br />
| <br />
|-<br />
| UK<br />
| Virgin<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| N/A<br />
| <br />
|-<br />
| UK<br />
| Vodafone<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| N/A<br />
|<br />
|-<br />
| N/A<br />
| T-Mobile<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| N/A<br />
|-<br />
| Bermuda<br />
| Mobility<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| Please note this is a Gevey 3G and it may just be my card.<br />
| -<br />
|}<br />
<br />
=== Remarks ===<br />
<br />
* Important is you get zero-g into your turboSim. So you could also try with a first gen iphone, this needs the other version of turbo-cable-utils (bin-iphonev1) in case you didn't upgrade to 2.x yet.<br />
* If you get ''ERROR: Not Enough RAM'' run '''turbo-rm-apps'''<br />
* If you should encounter any problems with your TurboSIM (no access anymore, wrong app, ...) there is an easy method to remove installed turbo sim applications: instead of giving your SIM-Pin, enter the TPIN which you can find next to the serial number on the cover. This will reset your TurboSIM. Afterwards the phone asks a second time for your PIN, now use the SIM-Pin.<br />
<br />
**A little help Gevey 3G not working at all not even picking up sim card any suggestions?**<br />
<br />
[[Category:Unlocking Methods]]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Tutorial:Unlock_iPhone_3G_with_TurboSim&diff=2314Tutorial:Unlock iPhone 3G with TurboSim2008-11-02T00:12:14Z<p>Srts: /* TurboSIM Compatibility with Operators */</p>
<hr />
<div>{{disclaimer}}<br />
<br />
This article is a step by step instruction to use a net-locked iPhone-3G with a different provider. <br />
<br />
The dev team states on [http://blog.iphone-dev.org/post/44428446/updates their blog] that the SIM hacks they examined send illegal signals. <br />
<table border=1 width=100%><tr><br />
<td bgcolor=#ffA4A4><br />
<br />
'''Update / Warning:'''<br />
<br />
'''ZeroG''', was '''''not intended''''' ''' to do trickery to your cellular network'''. But due to the way the iPhone's 2.x baseband firmware handles the login, '''actually it does'''. Short overview: ZeroG starts up the SIM replacing MCC / MNC with test IMSI codes, leaving the MSIN untouched. Then it restarts the SIM giving the correct IMSI afterwards. Unfortunately the iPhone asks the SIM exactly ''one'' time for the IMSI, it doesn't care about the restart. So effectively the login into the cellular network is done in test IMSI mode. Now it is up to your provider, how it handles such requests. For normal logins (no turboSIM) the login request is processed by your provider. In the roaming case your login request is routed from the guest provider to your provider. There is no provider for 'test' MCC / MCN. Your provider has to recognize this upon login (This implies you have to manually select cellular network right from the start.) If your provider accepts the test IMSI code and does authentication with your MSIN (this implies, (real) roaming is not possible, as only _your_ provider can process MSIN correctly), everything ''could'' be fine. You don't spoof your identity, there should also be no billing problems. But if you try this method, have successfully installed ZeroG.trb and do _not_ gain access, probably your provider does not accept test IMSI mode. In this case better do not retry as you might risk your IMSI beeing blacklisted.<BR><br />
<br />
</td><br />
</tr><br />
</table><BR><br />
<br />
[[Image:Ip terminal.png | thumb | right | 240px | Swisscom -> O2 Germany]]<br />
<br />
----<br />
<br />
=== Preamble ===<br />
<br />
Apart from the warning and some other things, the method is quite stable if it works with your provider at all. You have to take care of:<br />
* never switch on 3G mode<br />
* before you use your SIM card that you want to unlock, put it in a different 2G phone and manually select provider and check GPRS works<br />
* for GPRS, "data roaming" has to be enabled on the iPhone (it is not roaming for your provider, but the iPhone thinks it's roaming)<br />
<br />
=== Motivation ===<br />
<br />
Everyone who dislikes pink T's, over-priced unlocked iPhones and likes investigating exciting techniques ... (a.s.o.)<br />
<br />
<br><br />
=== Supported Basebands ===<br />
<br />
<table cellpadding=5 border=1><br />
<tr><br />
<td style="text-align: center">Baseband</td><br />
<td style="text-align: center">Exploitable</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">1.43.00</td><br />
<td style="background-color: #c0c0c0; text-align: center">unknown</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">1.45.00</td><br />
<td style="background-color: #64ff64; text-align: center">yes</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">1.48.02</td><br />
<td style="background-color: #64ff64; text-align: center">yes</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">2.04.03</td><br />
<td style="background-color: #c0c0c0; text-align: center">unknown</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">2.08.01</td><br />
<td style="background-color: #64ff64; text-align: center">yes</td><br />
</tr><br />
</table><br />
<br><br />
<br />
=== Prerequisites ===<br />
<br />
You need:<br />
* Jailbroken iPhone 3G with OpenSSH installed (from cydia) and WLAN connection to your PC. ([http://www.iclarified.com/entry/index.php?enid=1558 Jailbreak Tutorial])<br />
* Bladox's TurboSIM. (From http://www.bladox.com)<br />
* SSH client for Windows Users such as Putty ([http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html Putty Download Page])<br />
* SCP client (e.g. [http://winscp.net/eng/download.php#download2 WinSCP]) or FTP Client such as [http://rsug.itd.umich.edu/software/fugu/ Fugu] for Mac and [http://rsug.itd.umich.edu/software/fugu/ SmartFTP] for Windows<br />
* TurboSIM programming sw [[http://dl.free.fr/pzijbVjXl/turbo-cable-utils-iPhone-0.7.0-rev3-firmware-v2.tar.gz download]]<br />
* TurboSIM app zero-g [[http://www.bladox.com/pub/zerog-0.95.tar.gz download]]<br />
<br />
----<br />
<br />
=== Installation ===<br />
<br />
1. Insert your simcard in another 2G phone, and remove the SIM Card Pin Code. You should also go to the Network Selection, and Manually select your network. Then cut your SIM card to fit with the TurboSIM. Google a little bit how to do this, or use YouTube and insert both into your iPhone 3G.<br />
<br />
2. Unpack turbo-cable-utils<br />
<br />
3. Copy contents of bin-iphonev2 to folder /bin/ on your iPhone. (username: root password: alpine)<br />
<br />
4. Unpack zerog-0.95 and copy zerog095.trb to /private/var/root/<br />
<br />
[[Image:Winscp_turbo-utils.png]]<br />
<br />
5. For Windows users, SSH into your iPhone using Putty. For Mac users, SSH into your iPhone using Terminal (Applications::Utilities::Terminal)<br />
<br />
6. Change the permissions of the turbo files to 755<br />
<br />
chmod 755 /bin/turbo-*<br />
<br />
7. Run<br />
launchctl unload -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist<br />
<br />
8. You should now lose your signal, and WiFi. Restart your phone. You will now have WiFi on and CommCentre unloaded.<br />
<br />
9. Run turbo-info<br />
<br />
# turbo-info<br />
initializing modem<br />
modem initiated<br />
OK. No Error<br />
<br />
NOTE: If you get an error from turbo-info, look for turbo-iphone-smsreset and run it.<br />
<br />
10. Now run turbo-app /private/var/root/zerog095.trb<br />
<br />
# turbo-app /private/var/root/zerog095.trb <br />
SRC /private/var/root/zerog095.trb<br />
SIZE 1032<br />
initializing modem<br />
modem initiated<br />
OK. No Error<br />
<br />
11. Run <br />
launchctl load -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist<br />
<br />
12. Now you should see Zero-G in the Sim Applications in Settings -> Phone -> Sim Applications<br />
<br />
<br />
<br />
[[Image:Ip_simapp.png]]<br />
<br />
[[Image:Ip_zerog.png]]<br />
<br />
<br />
<br />
14. Click on Zero-G<br />
<br />
15. Remove your card and TurboSIM from the 1st Generation iPhone<br />
<br />
16. You will get No Service<br />
<br />
[[Image:Ip_noservice.png]]<br />
<br />
<br />
17. Open Settings -> Phone -> Sim Applications and click on Zero-G<br />
You may be interrupted by a popup which says Going to Switch, just choose Accept (Green Button) If you do not get interrupted, it will appear in a minute after choosing Zero-G from Sim Applications.<br />
<br />
<br />
<br />
[[Image:Ip_zerog2.png]]<br />
<br />
<br />
18. That's it!!<br />
<br />
[[Image:Ip_unlocked.png]]<br />
<br />
----<br />
<br />
=== 2G data settings ===<br />
* roaming must be enabled<br />
* make sure APN settings are correct (if APN options don't show up, just install a configuration file created with Apple's 'Web Configuration Utility' ([http://www.apple.com/support/downloads/iphoneconfigurationwebutility10formac.html Mac] / [http://www.apple.com/support/downloads/iphoneconfigurationwebutility10forwindows.html Windoze]) (In Windoze you can reach it with http://localhost:3000 ). Send this file to yourself and open it with the mail client.<br />
* in BossPref (if you don't use it, don't care) 'edge' should be left enabled, even if network does not provide it (seems the BossPref option is a little bit misleading and 'edge' actually means 'GPRS/edge')<br />
<br />
=== 3G-SIM / USIM ===<br />
<br />
A new adapter was released in September (Gevey-3G) which allows full unlocking without the need of first placing the simcard in another unlocked device. You may have to turn 3G off, then insert the adapter placed with your sim card. After that you can turn 3G on. You'll have a full unlocked iPhone, including 3G signal. Also, this particular adapter does not require to cut your simcard, since the memory component is placed in the bottom part. This adapter does not allow "flight mode" use. In some cases a jailbreaking is needed in order to have it working properly.<br />
<br />
It works with (some?) USIMs (blau.de Germany) as well. 3G '''must not be activated''' on the iPhone. Once 3G is activated, it stops working, even if it is deactivated afterwards. To revive such SIM, put it in a non UMTS capable phone (did it together with turboSIM), check phone and GPRS functions and then this USIM will work again on the iPhone-3G. The SIM application (zero-g) was not visible, but it worked though. If GPRS does not work after a while (3 minutes or so), reboot your phone and try again.<br />
<br />
=== GPRS-'Fix' ===<br />
<br />
Today GPRS stopped working for me. Seems to be there are some 'states', stored on the SIM. This fixed the issue:<br />
* removed SIM+TSim<br />
* put SIM (without TSim) into non UMTS, but GPRS/edge mobile<br />
* checked GPRS<br />
* repacked Sim+TSim and put it back to the iPhone<br />
<br />
Voilà, here we go :-) GPRS for another few days :-)<br />
<br />
Tho' this might really not be the ultimate solution, I could hardly switch back to my old XDA Orbit. But XDA is a good device to revive the TSim solution... For that, I still love it a litte bit ;-)<br />
<br />
<br />
=== Stuck in No Signal after a period ===<br />
<br />
Randomly you can get stuck in a bad No Signal. To correct that:<br />
<br />
* remove SIM+TSim<br />
* put SIM (without TSim) into non 3G phone<br />
* Manually select your provider (desired to unlock) network<br />
* repack Sim+TSim and put it back to the iPhone<br />
<br />
Here we go again, unlock iphone for a few days more also.<br />
<br />
<br><br />
<br />
=== TurboSIM Compatibility with Operators ===<br />
<br />
Actually this table gives a rough overview of all *sim solutions because it reflects working of MCC/MNC = 001/01 and all *sim known so far use this method. The table doesn't give information about 3G though, as turbosim does not support 3G SIM-ME communication at the moment. So could be, some *sim solutions work with 3G where this table indicates no. Most probably there isn't any *sim solution that works in a specific configuration if this table indicates 'no' for the method at all.<br><br />
<br />
{| class="wikitable sortable" style="text-align: center; width: auto; table-layout: fixed; border-collapse: collapse;" border="1"<br />
|-<br />
! Country<br />
! Unlocked Provider<br />
! SIM/USIM<br />
! Calls?<br />
! SMS?<br />
! GPRS/EDGE?<br />
! UMTS/HSDPA?<br />
! Comments<br />
|-<br />
| Brazil<br />
| TIM<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| 3G signal with Gevey-3G adapter. Turn off 3G, insert simcard, then turn 3G on.<br />
|-<br />
| Brazil<br />
| Claro<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| 3G signal with Gevey-3G adapter. Turn off 3G, insert simcard, then turn 3G on.<br />
|-<br />
| Brazil<br />
| Vivo (Telefónica)<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| 3G signal with Gevey-3G adapter. Turn off 3G, insert simcard, then turn 3G on.<br />
|-<br />
| Brazil<br />
| BrasilTelecom<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| 3G signal with Gevey-3G adapter. Turn off 3G, insert simcard, then turn 3G on.<br />
|-<br />
| Germany<br />
| Blau.de<br />
| USIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{no}}<br />
| <br />
|-<br />
| Germany<br />
| Congstar<br />
| USIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{no}}<br />
| {{no}}<br />
| N/A<br />
|-<br />
| Germany<br />
| O2<br />
| USIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| They realized the challenge, striking back. Don't stress them. Don't use it.<br />
|-<br />
| Germany<br />
| O2<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| N/A<br />
| They realized the challenge, striking back. Don't stress them. Don't use it.<br />
|-<br />
| Israel<br />
| Orange (Partner)<br />
| USIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{no}}<br />
| <br />
|-<br />
| Jordan<br />
| Orange<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| <br />
|-<br />
| Jordan<br />
| Umniah<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| <br />
|-<br />
| Jordan<br />
| Zain<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| <br />
|-<br />
| Netherlands<br />
| KPN<br />
| USIM<br />
| {{yes}}<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| Unstable.<br />
|-<br />
| Turkey<br />
| Turkcell<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
|<br />
|-<br />
| UK<br />
| Orange<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| N/A<br />
|<br />
|-<br />
| UK<br />
| Tesco<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| N/A<br />
| <br />
|-<br />
| UK<br />
| Virgin<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| N/A<br />
| <br />
|-<br />
| UK<br />
| Vodafone<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| N/A<br />
|<br />
|-<br />
| N/A<br />
| T-Mobile<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| N/A<br />
|-<br />
| Bermuda<br />
| Mobility<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| -<br />
|}<br />
<br />
=== Remarks ===<br />
<br />
* Important is you get zero-g into your turboSim. So you could also try with a first gen iphone, this needs the other version of turbo-cable-utils (bin-iphonev1) in case you didn't upgrade to 2.x yet.<br />
* If you get ''ERROR: Not Enough RAM'' run '''turbo-rm-apps'''<br />
* If you should encounter any problems with your TurboSIM (no access anymore, wrong app, ...) there is an easy method to remove installed turbo sim applications: instead of giving your SIM-Pin, enter the TPIN which you can find next to the serial number on the cover. This will reset your TurboSIM. Afterwards the phone asks a second time for your PIN, now use the SIM-Pin.<br />
<br />
**A little help Gevey 3G not working at all not even picking up sim card any suggestions?**<br />
<br />
[[Category:Unlocking Methods]]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Tutorial:Unlock_iPhone_3G_with_TurboSim&diff=2313Tutorial:Unlock iPhone 3G with TurboSim2008-11-02T00:11:14Z<p>Srts: Added bermuda data and asked a question</p>
<hr />
<div>{{disclaimer}}<br />
<br />
This article is a step by step instruction to use a net-locked iPhone-3G with a different provider. <br />
<br />
The dev team states on [http://blog.iphone-dev.org/post/44428446/updates their blog] that the SIM hacks they examined send illegal signals. <br />
<table border=1 width=100%><tr><br />
<td bgcolor=#ffA4A4><br />
<br />
'''Update / Warning:'''<br />
<br />
'''ZeroG''', was '''''not intended''''' ''' to do trickery to your cellular network'''. But due to the way the iPhone's 2.x baseband firmware handles the login, '''actually it does'''. Short overview: ZeroG starts up the SIM replacing MCC / MNC with test IMSI codes, leaving the MSIN untouched. Then it restarts the SIM giving the correct IMSI afterwards. Unfortunately the iPhone asks the SIM exactly ''one'' time for the IMSI, it doesn't care about the restart. So effectively the login into the cellular network is done in test IMSI mode. Now it is up to your provider, how it handles such requests. For normal logins (no turboSIM) the login request is processed by your provider. In the roaming case your login request is routed from the guest provider to your provider. There is no provider for 'test' MCC / MCN. Your provider has to recognize this upon login (This implies you have to manually select cellular network right from the start.) If your provider accepts the test IMSI code and does authentication with your MSIN (this implies, (real) roaming is not possible, as only _your_ provider can process MSIN correctly), everything ''could'' be fine. You don't spoof your identity, there should also be no billing problems. But if you try this method, have successfully installed ZeroG.trb and do _not_ gain access, probably your provider does not accept test IMSI mode. In this case better do not retry as you might risk your IMSI beeing blacklisted.<BR><br />
<br />
</td><br />
</tr><br />
</table><BR><br />
<br />
[[Image:Ip terminal.png | thumb | right | 240px | Swisscom -> O2 Germany]]<br />
<br />
----<br />
<br />
=== Preamble ===<br />
<br />
Apart from the warning and some other things, the method is quite stable if it works with your provider at all. You have to take care of:<br />
* never switch on 3G mode<br />
* before you use your SIM card that you want to unlock, put it in a different 2G phone and manually select provider and check GPRS works<br />
* for GPRS, "data roaming" has to be enabled on the iPhone (it is not roaming for your provider, but the iPhone thinks it's roaming)<br />
<br />
=== Motivation ===<br />
<br />
Everyone who dislikes pink T's, over-priced unlocked iPhones and likes investigating exciting techniques ... (a.s.o.)<br />
<br />
<br><br />
=== Supported Basebands ===<br />
<br />
<table cellpadding=5 border=1><br />
<tr><br />
<td style="text-align: center">Baseband</td><br />
<td style="text-align: center">Exploitable</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">1.43.00</td><br />
<td style="background-color: #c0c0c0; text-align: center">unknown</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">1.45.00</td><br />
<td style="background-color: #64ff64; text-align: center">yes</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">1.48.02</td><br />
<td style="background-color: #64ff64; text-align: center">yes</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">2.04.03</td><br />
<td style="background-color: #c0c0c0; text-align: center">unknown</td><br />
</tr><br />
<tr><br />
<td style="text-align: center">2.08.01</td><br />
<td style="background-color: #64ff64; text-align: center">yes</td><br />
</tr><br />
</table><br />
<br><br />
<br />
=== Prerequisites ===<br />
<br />
You need:<br />
* Jailbroken iPhone 3G with OpenSSH installed (from cydia) and WLAN connection to your PC. ([http://www.iclarified.com/entry/index.php?enid=1558 Jailbreak Tutorial])<br />
* Bladox's TurboSIM. (From http://www.bladox.com)<br />
* SSH client for Windows Users such as Putty ([http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html Putty Download Page])<br />
* SCP client (e.g. [http://winscp.net/eng/download.php#download2 WinSCP]) or FTP Client such as [http://rsug.itd.umich.edu/software/fugu/ Fugu] for Mac and [http://rsug.itd.umich.edu/software/fugu/ SmartFTP] for Windows<br />
* TurboSIM programming sw [[http://dl.free.fr/pzijbVjXl/turbo-cable-utils-iPhone-0.7.0-rev3-firmware-v2.tar.gz download]]<br />
* TurboSIM app zero-g [[http://www.bladox.com/pub/zerog-0.95.tar.gz download]]<br />
<br />
----<br />
<br />
=== Installation ===<br />
<br />
1. Insert your simcard in another 2G phone, and remove the SIM Card Pin Code. You should also go to the Network Selection, and Manually select your network. Then cut your SIM card to fit with the TurboSIM. Google a little bit how to do this, or use YouTube and insert both into your iPhone 3G.<br />
<br />
2. Unpack turbo-cable-utils<br />
<br />
3. Copy contents of bin-iphonev2 to folder /bin/ on your iPhone. (username: root password: alpine)<br />
<br />
4. Unpack zerog-0.95 and copy zerog095.trb to /private/var/root/<br />
<br />
[[Image:Winscp_turbo-utils.png]]<br />
<br />
5. For Windows users, SSH into your iPhone using Putty. For Mac users, SSH into your iPhone using Terminal (Applications::Utilities::Terminal)<br />
<br />
6. Change the permissions of the turbo files to 755<br />
<br />
chmod 755 /bin/turbo-*<br />
<br />
7. Run<br />
launchctl unload -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist<br />
<br />
8. You should now lose your signal, and WiFi. Restart your phone. You will now have WiFi on and CommCentre unloaded.<br />
<br />
9. Run turbo-info<br />
<br />
# turbo-info<br />
initializing modem<br />
modem initiated<br />
OK. No Error<br />
<br />
NOTE: If you get an error from turbo-info, look for turbo-iphone-smsreset and run it.<br />
<br />
10. Now run turbo-app /private/var/root/zerog095.trb<br />
<br />
# turbo-app /private/var/root/zerog095.trb <br />
SRC /private/var/root/zerog095.trb<br />
SIZE 1032<br />
initializing modem<br />
modem initiated<br />
OK. No Error<br />
<br />
11. Run <br />
launchctl load -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist<br />
<br />
12. Now you should see Zero-G in the Sim Applications in Settings -> Phone -> Sim Applications<br />
<br />
<br />
<br />
[[Image:Ip_simapp.png]]<br />
<br />
[[Image:Ip_zerog.png]]<br />
<br />
<br />
<br />
14. Click on Zero-G<br />
<br />
15. Remove your card and TurboSIM from the 1st Generation iPhone<br />
<br />
16. You will get No Service<br />
<br />
[[Image:Ip_noservice.png]]<br />
<br />
<br />
17. Open Settings -> Phone -> Sim Applications and click on Zero-G<br />
You may be interrupted by a popup which says Going to Switch, just choose Accept (Green Button) If you do not get interrupted, it will appear in a minute after choosing Zero-G from Sim Applications.<br />
<br />
<br />
<br />
[[Image:Ip_zerog2.png]]<br />
<br />
<br />
18. That's it!!<br />
<br />
[[Image:Ip_unlocked.png]]<br />
<br />
----<br />
<br />
=== 2G data settings ===<br />
* roaming must be enabled<br />
* make sure APN settings are correct (if APN options don't show up, just install a configuration file created with Apple's 'Web Configuration Utility' ([http://www.apple.com/support/downloads/iphoneconfigurationwebutility10formac.html Mac] / [http://www.apple.com/support/downloads/iphoneconfigurationwebutility10forwindows.html Windoze]) (In Windoze you can reach it with http://localhost:3000 ). Send this file to yourself and open it with the mail client.<br />
* in BossPref (if you don't use it, don't care) 'edge' should be left enabled, even if network does not provide it (seems the BossPref option is a little bit misleading and 'edge' actually means 'GPRS/edge')<br />
<br />
=== 3G-SIM / USIM ===<br />
<br />
A new adapter was released in September (Gevey-3G) which allows full unlocking without the need of first placing the simcard in another unlocked device. You may have to turn 3G off, then insert the adapter placed with your sim card. After that you can turn 3G on. You'll have a full unlocked iPhone, including 3G signal. Also, this particular adapter does not require to cut your simcard, since the memory component is placed in the bottom part. This adapter does not allow "flight mode" use. In some cases a jailbreaking is needed in order to have it working properly.<br />
<br />
It works with (some?) USIMs (blau.de Germany) as well. 3G '''must not be activated''' on the iPhone. Once 3G is activated, it stops working, even if it is deactivated afterwards. To revive such SIM, put it in a non UMTS capable phone (did it together with turboSIM), check phone and GPRS functions and then this USIM will work again on the iPhone-3G. The SIM application (zero-g) was not visible, but it worked though. If GPRS does not work after a while (3 minutes or so), reboot your phone and try again.<br />
<br />
=== GPRS-'Fix' ===<br />
<br />
Today GPRS stopped working for me. Seems to be there are some 'states', stored on the SIM. This fixed the issue:<br />
* removed SIM+TSim<br />
* put SIM (without TSim) into non UMTS, but GPRS/edge mobile<br />
* checked GPRS<br />
* repacked Sim+TSim and put it back to the iPhone<br />
<br />
Voilà, here we go :-) GPRS for another few days :-)<br />
<br />
Tho' this might really not be the ultimate solution, I could hardly switch back to my old XDA Orbit. But XDA is a good device to revive the TSim solution... For that, I still love it a litte bit ;-)<br />
<br />
<br />
=== Stuck in No Signal after a period ===<br />
<br />
Randomly you can get stuck in a bad No Signal. To correct that:<br />
<br />
* remove SIM+TSim<br />
* put SIM (without TSim) into non 3G phone<br />
* Manually select your provider (desired to unlock) network<br />
* repack Sim+TSim and put it back to the iPhone<br />
<br />
Here we go again, unlock iphone for a few days more also.<br />
<br />
<br><br />
<br />
=== TurboSIM Compatibility with Operators ===<br />
<br />
Actually this table gives a rough overview of all *sim solutions because it reflects working of MCC/MNC = 001/01 and all *sim known so far use this method. The table doesn't give information about 3G though, as turbosim does not support 3G SIM-ME communication at the moment. So could be, some *sim solutions work with 3G where this table indicates no. Most probably there isn't any *sim solution that works in a specific configuration if this table indicates 'no' for the method at all.<br><br />
<br />
{| class="wikitable sortable" style="text-align: center; width: auto; table-layout: fixed; border-collapse: collapse;" border="1"<br />
|-<br />
! Country<br />
! Unlocked Provider<br />
! SIM/USIM<br />
! Calls?<br />
! SMS?<br />
! GPRS/EDGE?<br />
! UMTS/HSDPA?<br />
! Comments<br />
|-<br />
| Brazil<br />
| TIM<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| 3G signal with Gevey-3G adapter. Turn off 3G, insert simcard, then turn 3G on.<br />
|-<br />
| Brazil<br />
| Claro<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| 3G signal with Gevey-3G adapter. Turn off 3G, insert simcard, then turn 3G on.<br />
|-<br />
| Brazil<br />
| Vivo (Telefónica)<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| 3G signal with Gevey-3G adapter. Turn off 3G, insert simcard, then turn 3G on.<br />
|-<br />
| Brazil<br />
| BrasilTelecom<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| 3G signal with Gevey-3G adapter. Turn off 3G, insert simcard, then turn 3G on.<br />
|-<br />
| Germany<br />
| Blau.de<br />
| USIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{no}}<br />
| <br />
|-<br />
| Germany<br />
| Congstar<br />
| USIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{no}}<br />
| {{no}}<br />
| N/A<br />
|-<br />
| Germany<br />
| O2<br />
| USIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| They realized the challenge, striking back. Don't stress them. Don't use it.<br />
|-<br />
| Germany<br />
| O2<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| N/A<br />
| They realized the challenge, striking back. Don't stress them. Don't use it.<br />
|-<br />
| Israel<br />
| Orange (Partner)<br />
| USIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| {{no}}<br />
| <br />
|-<br />
| Jordan<br />
| Orange<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| <br />
|-<br />
| Jordan<br />
| Umniah<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| <br />
|-<br />
| Jordan<br />
| Zain<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| <br />
|-<br />
| Netherlands<br />
| KPN<br />
| USIM<br />
| {{yes}}<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| Unstable.<br />
|-<br />
| Turkey<br />
| Turkcell<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
|<br />
|-<br />
| UK<br />
| Orange<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| N/A<br />
|<br />
|-<br />
| UK<br />
| Tesco<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| N/A<br />
| <br />
|-<br />
| UK<br />
| Virgin<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| N/A<br />
| <br />
|-<br />
| UK<br />
| Vodafone<br />
| SIM<br />
| {{yes}}<br />
| {{yes}}<br />
| N/A<br />
| N/A<br />
|<br />
|-<br />
| N/A<br />
| T-Mobile<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| N/A<br />
| |-<br />
| Bermuda<br />
| Mobility<br />
| SIM<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
| {{no}}<br />
|}<br />
<br />
<br />
=== Remarks ===<br />
<br />
* Important is you get zero-g into your turboSim. So you could also try with a first gen iphone, this needs the other version of turbo-cable-utils (bin-iphonev1) in case you didn't upgrade to 2.x yet.<br />
* If you get ''ERROR: Not Enough RAM'' run '''turbo-rm-apps'''<br />
* If you should encounter any problems with your TurboSIM (no access anymore, wrong app, ...) there is an easy method to remove installed turbo sim applications: instead of giving your SIM-Pin, enter the TPIN which you can find next to the serial number on the cover. This will reset your TurboSIM. Afterwards the phone asks a second time for your PIN, now use the SIM-Pin.<br />
<br />
**A little help Gevey 3G not working at all not even picking up sim card any suggestions?**<br />
<br />
[[Category:Unlocking Methods]]</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Talk:Seczone&diff=2294Talk:Seczone2008-10-16T13:44:25Z<p>Srts: </p>
<hr />
<div>Any chance we could create a new seczone for a specific carrier that would overwrite the current one therefore re-locking it to another carrier or would that be too much work/impossible. Just a question. [i know this would be illegal in england but in the states?] ~sam<br />
<br />
but is the lock not in nck? -[[User:Rekoil|Rekoil]] 21:20, 13 October 2008 (UTC)<br />
<br />
It is where the token that talks to the nck and tells it its locked state.</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Talk:Seczone&diff=2291Talk:Seczone2008-10-13T23:07:21Z<p>Srts: </p>
<hr />
<div>Any chance we could create a new seczone for a specific carrier that would overwrite the current one therefore re-locking it to another carrier or would that be too much work/impossible. Just a question ~sam<br />
<br />
but is the lock not in nck? -[[User:Rekoil|Rekoil]] 21:20, 13 October 2008 (UTC)<br />
<br />
It is where the token that talks to the nck and tells it its locked state.</div>Srtshttps://www.theiphonewiki.com/w/index.php?title=Talk:Seczone&diff=2287Talk:Seczone2008-10-11T13:30:22Z<p>Srts: New page: Any chance we could create a new seczone for a specific carrier that would overwrite the current one therefore re-locking it to another carrier or would that be too much work/impossible. J...</p>
<hr />
<div>Any chance we could create a new seczone for a specific carrier that would overwrite the current one therefore re-locking it to another carrier or would that be too much work/impossible. Just a question ~sam</div>Srts