Difference between revisions of "Ultrasn0w"

From The iPhone Wiki
Jump to: navigation, search
(Current Injection Vector)
(Compatibility)
Line 57: Line 57:
 
| Israel
 
| Israel
 
| IL Orange
 
| IL Orange
| 0.9.4
+
| 0.9.5
 
| USIM
 
| USIM
 
| {{yes}}
 
| {{yes}}
| {{no}}
 
 
| {{yes}}
 
| {{yes}}
 
| {{yes}}
 
| {{yes}}
 
| {{yes}}
 
| {{yes}}
  +
| {{yes}}
| Requires some tricks to get signal. While trying to place a call, signal is lost and call failed.
 
  +
| Requires turning airplane mode on and off to get signal. After that, works perfectly.
 
|}
 
|}
   

Revision as of 18:24, 3 January 2009

The first iPhone 3G unlock payload. Released on 01/01/09. [1]

Credit

MuscleNerd, and The dev team

Exploit

Relies on an unsigned code injection vulnerability.

The actual unlock works by a daemon patching the baseband's RAM on-the-fly, overriding the carrier lock code. It is not permanent because of the signature checks - the bootloader has to pass the sigchecks and the baseband has to pass them too, so any change to the baseband/bootloader cannot be made.

Current Injection Vector

yellowsn0w refers to the reuseable payload, but it requires an injection vector in order to be inserted into the baseband. yellowsn0w was originally to be released with an injection vector that works on pre-2.28.00 baseband versions. However, geohot had an injection vector for 2.28.00 and the decision was made to release yellowsn0w with this injection vector to benefit the most people.

The vulnerability is a stack-based buffer overflow in the at+stkprof command.

Source Code

The source code for yellowsn0w is now live [2]

Compatibility

Country Provider yellowsn0w Version SIM/USIM Ingoing Calls? Outgoing Calls? SMS? GPRS/EDGE? UMTS/HSDPA? Comments
Bermuda Mobility ? SIM No No No No No Works for about ten minutes then "Sim Failure" occurs and yellowsn0w stops working.
Germany O2 ? SIM Yes Yes Yes Icon shown but not tested Icon shown but not tested
Israel IL Orange 0.9.5 USIM Yes Yes Yes Yes Yes Requires turning airplane mode on and off to get signal. After that, works perfectly.

Additional information: http://report.yellowsn0w.com/

See Also

External links