Tuesday, February 5, 2008

1.1.3 Unlock and another 3.9 exploit

I cleaned up the token generator code and wrote a shell script to do
the IPSF style unlock. I believe that this is the best unlock for 3.9,
since we know Apple doesn't update the bootloader. Here
is the script and some support files, including a new version of norz
that fixes the "Waiting for data..." problem. This unlock should be
restore, and *hopefully* upgrade resistant. Thanks to elite for the
virginizor, dev for iUnlock, PmgR for getting lip to compile on the
iPhone, and gray for his initial crypto work. It works on 04.03.13, the
baseband of 1.1.3
The unlock command needs to be rerun on restart. Could someone patch lockdownd to send 'AT+CLCK="PN",0,"00000000"' on startup?
I finally found the download exploit IPSF uses. If the last four bytes
in the SHA are 00, the endpack command, which writes
0xA0020000-0xA0020400, always validates. Get the IPSF hlloader and
check it out.

Powered by ScribeFire.

No comments: