Purplesn0w

From The iPhone Wiki
Revision as of 05:22, 12 September 2010 by Dialexio (talk | contribs) (Copied and pasted info from geohot's blog.)
Jump to: navigation, search

purplesn0w is geohot's unlock which used the AT+XLOG Vulnerability. Its implementation of the vulnerability differs from ultrasn0w's, and requires a legitimately activated iPhone.

How it works

purplesn0w copies the page that needs patching to an unused region of memory. It gets patched in RAM. Using the MMU, the flash page is mapped out and the patched memory page is remapped in its place. No new iPhones are really unlocked; activation creates a ticket allowing the baseband to be used with that SIM. The lockstate of the phone really lies on Apple's servers. Being unlocked means all SIMs are authorized, and being locked means only certain carriers' SIMs are authorized (for instance, AT&T). Fortunately, this ticket system provides an easy way to deliver the payload and re-execute the patched code all in one. And since the ticket is already delivered on baseband resets, there's no need to write another daemon to use the battery. Instead the daemon already designed for this, lockdownd, is used. A patch to CommCenter gets it to run the payload on ticket delivery. And a patch to your activation record contains the payload.

Installation notes

  • Be sure to have a legitimately activated iPhone.
  • Disable 3G if you don't have it (like T-Mobile in the US).
  • Watch for success output in Cydia (actually do this step)
  • Wait for signal, and enjoy your unlocked iPhone (no reboot required)

Links