Free Soft

Oct 28

Tether your iPhone: EDGE internet on your laptop

Posted by in edge data, edge internet, iphone, proxy server, recent developments, iphe, firmware, 3g, wifi, socks, hackers, laptop, amp on 10 28th, 2008| icon3

Instructions for tethering your iPhone 3G or iPhone with 2.0 firmware are here

Recent developments have allowed iPhone hackers to compile background applications for the iPhone - among the most interesting so far is srelay, a SOCKS proxy server.

srelay running on your iPhone opens up a very exciting possibility - you can use your iPhone's EDGE connection with a laptop or other Wifi-enabled device.

A note of caution: Accessing your EDGE data plan through a laptop may be against your AT&T terms of service. Even modifying your iPhone to enable this service may be a violation. Please check before attempting this procedure.

Currently these instructions only work for Windows - as I don't have a Mac I can't really test anything on that side. I was hoping a...

Read the rest of this post

Tagi: edge data, edge internet, iphone, proxy server, recent developments, iphe, firmware, 3g, wifi, socks, hackers, laptop, amp

Oct 28

iPhone 1.1.1 restore mode verbose boot captured on video

Posted by in shutter speed, iphe, iphone, videocamera, ipod touch, hey guys, trusty, firmware, hd, insight, images on 10 28th, 2008| icon3

Hey guys,

This won't mean jack squat to most of you but I've managed (with the help of the iPod Touch dev team) to boot the iPhone in restore verbose mode which will hopefully give us some insight into what we can do to crack the new firmware.

I trained my trusty Canon XH A1 HD videocamera at it with a high shutter speed to make sense of the quickly passing images. Check out the video and stills below.

I'll go through and translate it by hand to make things clearer.

Read the rest of this post

Tagi: shutter speed, iphe, iphone, videocamera, ipod touch, hey guys, trusty, firmware, hd, insight, images

Oct 28

Custom ringtones / sounds on your iPhone using Windows

Posted by in mac check, iphone, jailbreak, iphe, software package, important news, hack, interface on 10 28th, 2008| icon3

These instructions are deprecated - it's much easier to download iBrickr and just use the Ringtones interface.

I worked my eyes bloody today crawling through disassembly to help ziel port his Jailbreak program to Windows, and today we can announce that we have succeeded! All the iPhone users running Windows can now put custom ringtones and sounds onto their iPhones.

IMPORTANT NEWS: The iPhone software update 1.0.1 makes these instructions invalid. You STILL need to acquire the old 1.0.0 software package for Jailbreak to still work. Apple will surely have stopped distributing the package by now so I will see what I can do to get Jailbreak working on the new package. Watch for updates!

If you have a Mac, check out the Mac instructions over at Hack the iPhone.

These instructions work...
Read the rest of this post

Tagi: mac check, iphone, jailbreak, iphe, software package, important news, hack, interface

Oct 28

Notes on a 1.1.2 OTB Software Unlock

Posted by George Hotz in bootloader, nck, wrg, ipsf, brute force, chunk, firmware, algorithm, vector, hack, boots, pers, spy on 10 28th, 2008| icon3

I don't see it happening anytime soon.

The old exploits aren't there anymore. The hope would be finding an exploit in the new baseband code itself to run a large chunk of code. But I think the bootloader is pretty well locked down.

First of all, downgrading the bootloader from software is out of the question. The bootrom exploit runs before the current bootloader, so it can access the bootloader. But when the bootloader boots, it locks down its sections of flash. So after the bootloader runs, the bootloader can't be touched.

Secondly, the only secpack that validates on 4.6 is >= 1.1.3 They made a change to the format of the secpack so the older ones don't validate. So if we looked for an exploit in the baseband itself, it would have to be on post 1.1.2

Firmware is written as it is uploaded, and this is what IPSF and AnySim take advantage of. The old bootloader just relied on waiting for the sig to verify before writing the first 0x400 bytes, which contain the start vector. The new bootloader also needs the "secpack" in 0x3c0000 to not verify. So we would have to find an exploit which can write the first 0x400 and erase 0x3c0000.

The IPSF unlock itself uses an RSA hack in bootloader 3.9 This has been thoroughly patched in 4.6

Also even if we found a way to brute force the NCK's in reasonable time, we can't get the information to do the brute force off 4.6 The only hope here is to find the Apple algorithm used to generate the NCK. I don't think this is possible, unless we have a spy in Apple :)

I hope I am wrong, and some clever person will come along with a software unlock.

Tagi: bootloader, nck, wrg, ipsf, brute force, chunk, firmware, algorithm, vector, hack, boots, pers, spy

Oct 28

Remember what I said re: software unlock...

Posted by George Hotz in on 10 28th, 2008| icon3

I *REALLY* think I lied

next >

Free Soft

Themes

Categories

Archives

Search