1.1.3 Unlock and another 3.9 exploit
February 4th, 2008
I cleaned up the token generator code and wrote a shell script to do the IPSF style unlock. I believe that this is the best unlock for 3.9, since we know Apple doesn't update the bootloader. Here is the script and some support files, including a new version of norz that fixes the "Waiting for data..." problem. This unlock should be restore, and *hopefully* upgrade resistant. Thanks to elite for the virginizor, dev for iUnlock, PmgR for getting lip to compile on the iPhone, and gray for his initial crypto work. It works on 04.03.13, the baseband of 1.1.3
The unlock command needs to be rerun on restart. Could someone patch lockdownd to send 'AT+CLCK="PN",0,"00000000"' on startup?
Also I finally found the download exploit IPSF uses. If the last four bytes in the SHA are 00, the endpack command, which writes 0xA0020000-0xA0020400, always validates. Get the IPSF hlloader and check it out.
Read the rest of the story from source
The unlock command needs to be rerun on restart. Could someone patch lockdownd to send 'AT+CLCK="PN",0,"00000000"' on startup?
Also I finally found the download exploit IPSF uses. If the last four bytes in the SHA are 00, the endpack command, which writes 0xA0020000-0xA0020400, always validates. Get the IPSF hlloader and check it out.
Read the rest of the story from source
Recent Comments