On the iPhone: 11246unlock, good enough for the prize

Friday, February 8, 2008

11246unlock, good enough for the prize

OMG Updated to be more idiot proof and the winner of the 11246unlock contest.

Full software unlock of 1.1.2; the impossible(or at least I said so) Here it is; instructions are in the package. I guess I really am becoming a good reverser ;-)

ZiPhone is a conglomerate of others work. It copies a new fstab for write access to system, runs iPatcher to patch lockdownd, copies installer, and runs my gunlock to unlock. It is a good way to restore from most problems, and true jailbreak 1.1.3 My program is just patched to change the default IMEI(0049) to the user entered IMEI; although I would strongly advise against changing your IMEI. The exploit he uses runs an unsigned ramdisk with all these programs. This is the best way to jailbreak; and I had been imagining this for a long time, I just didn't have the exploit. This ramdisk exploit was stolen from the dev team, so be careful who you give credit to.

Yes, the impossible has been done. This has absolutely *nothing* to do with JerrySim or any elite/dev/zibri etc project. I'll start with a little story. Yesterday I was really pissed off. So I figured I'd channel my anger toward something productive; I don't know, something like a 1.1.2 software unlock. I knew the odds were against me, but I'd figured I try anyway. At about 1 last night, I hardware "upgraded" a 3.9 phone to 4.6 with the bootrom locations blank, the read command patched to work, and a 0x102 read arbitrary memory command.

The first exploit I found, at around 4 AM last night, was the -0x20000 exploit. Just like the -0x400 exploit, but -0x20000. Go figure. I guess Apple thought big numbers were harder to guess. I was really pumped, hence the blog post. But that wasn't even half the battle.

Like I said in the "impossible" post, 0x3C0000 can't have a valid secpack to allow booting. I spent the next 16 hours finding a way to do this. I can already write unsigned to the main fw section, all I need is a way to erase the secpack. My first idea was the eeprom secpack; upload the eeprom, endpack it, and the secpack is erased because the eeprom is "clean". But you can't upload a eeprom secpack until the 0x3C0000 is blank. My next idea was that the bl must erase the secpack before writing it. So a simple timing attack should do it. It turns out that no secpacks, even the same one, will write.

I finally found a working exploit about 23 hours into my search for the software unlock. The explicit addresses 0xA03D0000-0xA03F0000 will always erase. This exploit relied on two things, the secaddrs are copied before the secpack is validated(stupid), and the erase command extends the range to whatever is in the secpack. So I tell it to erase 0xA03D0000-0xA03F0000, the erase command sees 0xA03C0000 to 0xA03F0000 in the secpack; BOOM secpack erased.

The third minor concern was the full range check of 1.1.3. So use 1.1.2 :) This allows full unsigned code execution, it is a relatively simple matter of patching the bootloader to skip the range check. And while you are at it, patch the bootloader to validate all tokens. IPSF style unlock w/o touching the seczone.

So, thats 24hrs to a software unlock; with about 3hrs of sleep in two segments. I am disappointed in the elite/dev team for not finding this; or even looking here. I know not everyone in elite/dev is so closed, and I feel bad for those people. Why don't we all just share everything? Apple will patch it anyway. They always have the upper hand. And whetever happened to the dev wiki?

If you were giving money to the "dev team" for this software unlock, why not give it to the guy who actually found the exploits and exploited them?

664 comments:

«Oldest ‹Older 1 – 200 of 664 Newer› Newest»

William said...: you are one slick son of a gun! My hat goes off to you sir. and I will defiantly be donating! good job good job good job!; February 8, 2008 2:10 AM
MuscleNerd said...: Congratulations geohot!!!!

This is so great for community.; February 8, 2008 2:11 AM
Johnnie said...: simply the best....

i'll try today...; February 8, 2008 2:15 AM
Shade.sh said...: Geo u made it! Thanks very much! You are the men!! Yea Muscle this _IS_ great for community.; February 8, 2008 2:17 AM
bco said...: Let's Go Geo !
You win the SuperUnlock !

Say Hello to 1.1.2 !

Greetings from Paris; February 8, 2008 2:17 AM
Sebas said...: Dude, you're amazing!! Congratulations. We will surely donate to the only person that put out things cristal clear!; February 8, 2008 2:19 AM
Q said...: Nice work.; February 8, 2008 2:21 AM
Wes Garner said...: wow! will this work on 1.1.3 OTB?; February 8, 2008 2:21 AM
Bart said...: Congratulations ,I'm happy to see it actually happening. Good work; February 8, 2008 2:24 AM
ih8mispace said...: hey george i had a 1.1.2 OTB and it was updated through itunes to 1.1.3 with the baseband 04.03.14G will this still work? thx; February 8, 2008 2:25 AM
Alex said...: Top notch geo, congratulations.; February 8, 2008 2:25 AM
Stranger said...: Donations won't take long, I promise!!

The same question, will it work on 1.1.3?

And you're the True Wizard, guy! (-:; February 8, 2008 2:25 AM
Oliver said...: I've been around since your first hardware unlock (did two) and have been waiting for months to unlock a pile of 4.6 phones. I just bought some needles and was about to suck it up and do the hardware bootloader downgrade, but lo and behold you've done it again, man.

You're a fucking god. I love your attitude, your blog, and your solutions. I'll Paypal you in a bit, thank you so much for making my life easier.; February 8, 2008 2:25 AM
felipe said...: Hi, whith this the 1.1.3 unlock can be more fast ? becouse the bootloader is the same. Sory for my bad english. Thank verry much !!!!!!!!!!; February 8, 2008 2:26 AM
kimsti said...: congratulations geo!!
ur da man!your goal is knowledge (made 2 B share).but other people alwayz try to make money.; February 8, 2008 2:27 AM
ih8mispace said...: ehhh im really eager on how it would turn out for the new baseband? is there any way to downgrade the baseband of 04.03.13 with 4.6 bl; February 8, 2008 2:31 AM
Johnnie said...: Hello,

Downgrade your phone to 1.0.2. See all the great tutorials online to do this.
Your baseband won't be downgraded, this is normal.
This will probably work on other versions too, but 1.1.2 doesn't lose wifi on bb access.

do i need to download to 1.0.2? or is a typing mistake?; February 8, 2008 2:31 AM
i_max2k2 said...: Congrats geo,
have been reading your posts since they started! and I guess there nothing much to say!
thank you very much!; February 8, 2008 2:32 AM
game4587 said...: you are the best
congratulations geo
now to enjoy
my iphone and
make so much calls
jajaja; February 8, 2008 2:32 AM
Stranger said...: Confirmation number: 03M31008A3542382Y

am i the first? ((-:; February 8, 2008 2:32 AM
JACF said...: Dude, you've got a donation comming to you (as soon as I get payed).
You're like...I don't know...I might hang a poster of you on my wall, or perhaps I'll set your picture as my iPhone wallpaper.
No, I'll just donate, I'll thank you a lot, and tell you and everyone that you're great and smart and I wish I had half your intelligence to pass my college exams.
THANKS DUDE!; February 8, 2008 2:38 AM
badhillcrest said...: hey george. do you think we could get something like this for 3.9? so we would not touch the seczone? or to soft upgrade our bootloader to 4.6 and run this unlock?; February 8, 2008 2:42 AM
crypto said...: How cool is this? Geo, many many thanks for the gunlock and the excellent explanation/source.

You are a discoverer, you sailed for new lands and you found it.; February 8, 2008 2:45 AM
drh said...: Amazing Geo, I guess you've learned from several months ago when it was discovered how ipsf worked without needing h/w address but previously everyone thought the door was closed there nut no-one actually checked, that sometimes its best to try everything and take peoples assumptions as gospel!

Congratulations.; February 8, 2008 2:54 AM
David said...: I'm new a this things and I got a 1.1.2 otb, can anyone try to explain me or give me some address where I can explain what George is trying to say :P; February 8, 2008 2:58 AM
JACF said...: By the way, you're the winner of a couple thousand dollars. 1124unlock.com or something like that has been saving some donation money for whomever unlocked it by software first. Jackpot man! (Do not spend it on more iPhones though, take a trip to Curaçao and enjoy your current status of GOD, or come to where I am so I can shake your hand! You can have my bed, I'll sleep on the couch); February 8, 2008 2:59 AM
Hirosh said...: you r great geo; February 8, 2008 2:59 AM
Abner said...: all we need now is the tutorial or video tutorial on youtube (for dummies) :) *yeah for me....the dummy.... unless someone can simplify it here on the blog...thanks Geo you are the greatest...; February 8, 2008 3:00 AM
Ian said...: Damn... Impressive stuff. Kudos to plugging away at this and clearly investigating areas that had previously been ignored.

I hope the donations come throught by the bucket load, it's deserved.

Good work fella!; February 8, 2008 3:01 AM
kreiselkreisch said...: You are the master! I will donate some bucks for you instead of buying *** sim!; February 8, 2008 3:04 AM
Iphone said...: This post has been removed by the author.; February 8, 2008 3:05 AM
Iphone said...: hey george thaxs a million.... i do 't have apaypal a/c so can't pay..all i can offer is my thanxs to u mate... see u in MIT hehee; February 8, 2008 3:06 AM
FCA said...: again...thanks for this geo, you know you rock, and God may bless you because of this hard work that only the real mad "crazy ones" do, so, congrats and thanks!!!; February 8, 2008 3:08 AM
zrr said...: Well done, we love you all!

Best
Zeno; February 8, 2008 3:10 AM
drifter said...: so how will this work for 1.1.3 otb? if i´m getting it done, i´ll donate for sure :) been waiting so long now...; February 8, 2008 3:12 AM
Oliver Tepner said...: thank you so much...you're fucking great guy!!!

greets from germany ;-); February 8, 2008 3:13 AM
3axap said...: you are da Man!; February 8, 2008 3:13 AM
Abner said...: How do I run gunlock someone? and what is CommCenter Geo says to kill CommCenter and all that, can anyone simplify this?; February 8, 2008 3:15 AM
Giuseppe said...: Hello, first I wan`t to thank for these unlock!

but I got a few questions:

- is this a Mac-Version only?
- What is a Commcenter
- Where do I have to put these files to? Maybe with SCP on root folder?

Thanks for your Help!; February 8, 2008 3:17 AM
Jeremie said...: Lets see what zibri will think about that lol; February 8, 2008 3:18 AM
Hou Tianze said...: Nothing more to say, but you just ROCK.

Will donate after I successfully unlock my 112otb iphone.; February 8, 2008 3:18 AM
Abner said...: someone please post if you successfully unlocked your otb 1.1.2 iphone, and if you did, tell us how in easy terms because i dont know what gunlock is nor commcenter..; February 8, 2008 3:23 AM
stchinchilla said...: Have some body did it?,,,, not yet some else?; February 8, 2008 3:23 AM
Mike said...: Donation for that great job, 20$; February 8, 2008 3:30 AM
Abner said...: Hey GeoHotz,

is there anyway that you could simplify your instructions for us dummies, I am really anxious to unlock my 1.1.2 iphone I have been waiting since before Christmas. Please Geo, I have no idea what CommCenter is nor gunlock. where to run those progrmas with or anything...; February 8, 2008 3:30 AM
kalifa said...: Geohot, you're simply the BEST!!! (like the song).
I only can say, thanks, thanks, and thanks.
I will donate for you, because you are the only that put the things clear, the only we can trust.
At the moment I have 1.1.3 because I had a corrupt baseband (No imei, repair needed, etc). I'll try to follow your instructions and downgrade to 1.0.2.
BTW, don't forget to publish your method in http://11246unlock.com/index.asp that money is for you.
Thanks a million,

Kalifa; February 8, 2008 3:30 AM
Rascov said...: Congratulations to GeoHot !

This is just the moment I've been waiting for a long time :-)

I appreciate if someone can write an easier instructio for dummies like me :P; February 8, 2008 3:31 AM
George said...: greetings from brazil dude,

change your blog title to
"I am a Legend"
please will ya/; February 8, 2008 3:35 AM
Stuart said...: Someone has already done ?.... Someone that give faith that works?; February 8, 2008 3:35 AM
Dustin said...: congratulations geohot!

greetings from the Philippines!; February 8, 2008 3:40 AM
drh said...: Amazing geohot, just tried it and it took me 25 mins from unsealing a box to getting unlocked baseband, thank god I kept all my old files , patched 102 lockdown etc. Just going to update the phone o/s now and job done.

This really is amazing!!

Wrote: 0x0 0x302400
Sending secpack... 02 00 04 02 06 00 01 00 00 00 00 08 13 02 03 00
End Secpack 02 00 05 02 02 00 00 00 07 02 03 00
Erasing: 0xA03D0000-0xA03F0000 02 00 05 08 02 00 00 00 07 08 03 00
Waiting for erase to finish...
02 00 06 08 06 00 01 00 00 3F A0 00 EC 08 03 00
Enjoy your unlocked iPhone...

:-) :-) :-); February 8, 2008 3:42 AM
n0witzness said...: damn! :D; February 8, 2008 3:44 AM
Stuart said...: ok, i see it works,, then someone do it a dummies way!!!! no everyone here are a genius on this...; February 8, 2008 3:44 AM
Danil said...: You're the best!! Thanks from Russia!!! (%; February 8, 2008 3:45 AM
Ståle said...: Unbelivable, you'r just not human : )

The thing is, we don't need DEV TEAM, nor Elite team, the only thing we need is some scumbags pretending to be devs, critiziting gehot, so he gets angry - wolla. new exploit. Gehot you rock :); February 8, 2008 3:48 AM
Александр said...: GEOHOT IS A PRESIDENT IN RUSSIA!
WE LIKE YOU!; February 8, 2008 3:48 AM
zibri said...: geohot I am VERY disappointed in you. I TOLD you about this idea yesterday and now you claim it is YOURS?!?!; February 8, 2008 3:52 AM
Moritz said...: to kill the commcenter do this:
launchctl
unload /System/Library/LaunchDaemons/com.apple.CommCenter.plist

to relaunch it do this:
launchctl
load -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist; February 8, 2008 3:53 AM
tommyoeun said...: is this method suppose to be run on mac? because i dont understand how i s can Kill CommCenter and run "gunlock secpack ICE04.02.13_G.fls"

Reload CommCenter.

and also is this able to unlock 1.1.3 OTB?; February 8, 2008 3:54 AM
Moritz said...: This post has been removed by the author.; February 8, 2008 3:54 AM
NiKu said...: is there any other place to download the sec files couse the page thats on instructions tells me cannot connect to database; February 8, 2008 3:59 AM
NiKu said...: GREAT

but

is there any other site to download the 4.02.13 fls cose the page thats on instructions its telling me cannot connect to database

THNX; February 8, 2008 4:02 AM
112OTBusr said...: Its not that I dont know how to do it I just dont want to screwitup!!! TUTORIAL PLEASE

PS
Cant find the 4.02.13 fls... Where can I find it ??? Please help; February 8, 2008 4:03 AM
Duwde said...: Geohot,

I think there is a typo on your instructions.txt, you said "1.1.2 doesn't loose wifi ..." but isn't it supposed to be 1.0.2 ??; February 8, 2008 4:03 AM
Da Pimp said...: cheers!! you just made half the world happy!; February 8, 2008 4:04 AM
yousf said...: http://rapidshare.com/files/90087423/_Baseband.zip.html

good job george ;); February 8, 2008 4:05 AM
Kai said...: Y O U A R E T H E M A N!!!! Hope someone or u will write a tutorial thats understandable for those who didn't graduate from MIT. ;) Thanx a lot, donation coming to you, catch some sleep, greetings from berlin....; February 8, 2008 4:05 AM
Achal Aggarwal said...: http://www.iphonefix.de/filebase/index.php?dir=Firmware%20Baseband/; February 8, 2008 4:05 AM
Aleksey said...: Hi All.
Can anybody share of give us the
(4.02.13 fls) file.
After we can share it too.
Of coz , if author will not blame us...; February 8, 2008 4:06 AM
George said...: UN FUNKING BELIAVEBLE IT WORKS!!; February 8, 2008 4:08 AM
Cosmin Batica said...: GREAT JOB !
Geo,
Can i run this on 1.1.2 OTB Activated an jailbreaked or downgraded to 1.1.1? Because my 48 week iphone can't be downgraded to 1.0.2

Thanks a lot in advance,

Cosmin; February 8, 2008 4:10 AM
Giuseppe said...: fine, now please tell us how (simple tutorial) and the ruble will roll :); February 8, 2008 4:12 AM
<b>Minister of Melancholia</b> said...: HEy, great job man! Kudos to you

Also, could someone who understands this make a little tutorial on how to go about doing this...I'm quite the noob,

like where to input the commands, where to put the files, basically from staring at my iphone to starung at an unlocked one, much appreciated :); February 8, 2008 4:13 AM
Ian said...: Hello, Ian here from Freeit4Less. Great job! It may sound sort of silly, but if the enormous number of requests for GUnlock brings your host down like what waas happening to Ste Packaging until we and Polar Bear Farm chipped in, we have a bit of bandwidth lying around on which we can put your little marvel.

Keep it up! The iPhone deseves to be free, and you're just the one to make that happen. Here's hoping you get plastered all over the news again...unless you don't want that to happen...:); February 8, 2008 4:13 AM
az1324 said...: Bravo!

Now how about modding your ipsf loader to reflash the bootloader to 3.9?; February 8, 2008 4:14 AM
Roy Chang said...: what can i say anymore? everyone said the same thing LOL; February 8, 2008 4:17 AM
Frank said...: Windows version? And how to begin lol? Don't even know how to start:(; February 8, 2008 4:18 AM
nairow said...: Good Work Geohot !!; February 8, 2008 4:19 AM
stefannn said...: damn, i will name my future babye geohot. i will vote u for president. PEOPLE paypal DONATE TO geohot@gmail.com .; February 8, 2008 4:23 AM
Rodrigo said...: Congrats!!!!

U are my master!!!!! This software unlock solution my problem of lost BB on 1.1.2 OTB

To many Regards from Brazil; February 8, 2008 4:30 AM
El Paulini said...: As far as i understand this, the baseband will be 04.02.13_G after the unlock, right? So no advanced features in the 1.1.3 Maps application? Or is this unlock also working with an upgraded baseband 4.03.13_G?; February 8, 2008 4:31 AM
Aakash Bapna said...: congrats man, you atlast got it to erase...; February 8, 2008 4:34 AM
JOSE said...: Dude, you're amazing!! Congratulations.
thank you very much!
greetings from Mexico city!

este wey es el mas chingon de todos
a qui en mexico eres el mejor
gracias; February 8, 2008 4:35 AM
Pinky's Brain said...: Art in Motion .
Keep up the good work, i'll write up a detailed tutorial on my blog soon for all the new people.
pinkysbrain.wordpress.com; February 8, 2008 4:36 AM
osgdish said...: Geo, cash on the way!
4CR26948N1786592T

Greetings from Sweden; February 8, 2008 4:37 AM
TS said...: Great job mate ;); February 8, 2008 4:39 AM
LowDrag said...: I went to this link (1 of 2 posted on EG) to get whatever it is i need as a newb to open a phone. but the link doesnt open... r u down ? cna u give me a brief on what I should od? I just also got gunlock rar.; February 8, 2008 4:41 AM
LowDrag said...: and thanks to u and all btw. U r good ppl; February 8, 2008 4:41 AM
Mao Lolo et Arno said...: felicitation from TBC and his wife who waiting this for a long time ;-)
REUNION ISLAND
INDIAN OCEAN; February 8, 2008 4:43 AM
t-muh said...: you are the man! :)

10 USD on the way.

greetings from germany!; February 8, 2008 4:45 AM
CosminB said...: very important !!!

Is this method upgrade resistant ? (eg. like your excelent ipsf method); February 8, 2008 4:46 AM
<b>Minister of Melancholia</b> said...: thanks Pinky! eagerly awaiting your tutorial...

if you can maybe add a little part on how to downgrade to 1.0.2? having trouble with getting the yellow rtiangle etc? ..

cheers; February 8, 2008 4:50 AM
Rebecca said...: thanks geo, you are the man.

can someone confirm\deny OTB 1.1.3 with this? Thanks.; February 8, 2008 4:52 AM
CosminB said...: GREAT JOB !
Geo,
Can i run this on 1.1.2 OTB Activated an jailbreaked or downgraded to 1.1.1? Because my 48 week iphone can't be downgraded to 1.0.2

Thanks a lot in advance,

Cosmin; February 8, 2008 4:52 AM
Mehdi said...: @ Zibri the clown in wonderbra :

if you had the idea before G, once again, why didn't you post it before him ?
you are so pathetic... no pride ?; February 8, 2008 4:52 AM
Paolo Meschi said...: Thanks you!!!

You are the best!; February 8, 2008 4:54 AM
Dren said...: Youre da man :)

I've tried it on a 112 OTB updated to 113 (with itunes). I've downgraded to 102 and did all of the commands from terminal and it worked like a charm...
Some people reported that you dont have to downgrade for example from 112 to 102 just put the iphone in airplane mode (after youve uploaded the files) then with the terminal on iphone execute the commands and it should work.; February 8, 2008 4:55 AM
Benjamin said...: You are the BEST!!!!
or a BEAST?!?!

A donated you 20 bugs, i know thats not enough for this GREAT work but maybe you'll get more...; February 8, 2008 4:58 AM
Rebecca said...: dren you had a legit upgraded 1.1.3 4.6 BL phone and it worked? I just wanna confirm this so i can sleep :D; February 8, 2008 4:59 AM
Flavio said...: Tutorial:

1. Downgrade your iPhone to 1.0.2
2. Jailbreak with AppTapp installer
3. Install BSD Subsystem and Open SSH
4. Copy the files to /usr/bin in you iphone directory
5. Open a SSH connection with PuTTY
6. Kill CommCenter: launchctl unload /System/Library/LaunchDaemons/com.apple.CommCenter.plist
7. cd /usr/bin/
8. gunlock secpack ICE04.02.13_G.fls (for ootb1.1.3 Phones us the ICE04.03.13_G.fls file)
9. Drink a coffee
10. Reload CommCenter: launchctl load /System/Library/LaunchDaemons/com.apple.CommCenter.plist
11. Jailbreak you iPhone to 1.1.2 using OktoPrep

Enjoy your unlocked iPhone; February 8, 2008 5:03 AM
NiKu said...: This post has been removed by the author.; February 8, 2008 5:06 AM
Shraz said...: quick question.. what exactly does this do? does it downgrade the baseband and unlock or just unlock it?? by the way ur a genius!!!; February 8, 2008 5:10 AM
Eddy Currents said...: "Geohot: when you absolutely, positively got to unlock every motherf**king iphone in the room, accept no substitutes". Geo - I'm genuinely delighted you got this across the line first. To my mind, you're the only one who has truly embraced the spirit of community and openness from day one. Please accept a donation of $113.46 as a token of my appreciation :>)); February 8, 2008 5:12 AM
DiabboVerdde said...: you did man! and I'll donate for sure. You deserve.; February 8, 2008 5:15 AM
Dren said...: @Rebecca: I had a 112 OTB upgraded to 113 with iTunes then downgraded to 102 (with ibrickr and iTunes) but the baseband was 4.03.13_G and it worked so dont worry I guess 113 OTB will work too if everything is the same there :); February 8, 2008 5:15 AM
p-J said...: So this work on 1.1.3 OTB too??; February 8, 2008 5:15 AM
Rebecca said...: This post has been removed by the author.; February 8, 2008 5:17 AM
Rebecca said...: @dren thanks a lot for the quick response. I'm going to bed now :D; February 8, 2008 5:17 AM
Morphey said...: Hello!
i don't have WIFI.
can i still pull this off?
and what about gui?; February 8, 2008 5:18 AM
Dren said...: Morphey: probably... I didnt use wifi at all... I've downgraded to 102 then with ibrickr uploaded the files and installed terminal and it was finished. Upgrade to 111 then jailbreak blla blla you know the rest :); February 8, 2008 5:22 AM
Q said...: Can this vector be used to patch the bootloader or is the test point still necessary for that to work?; February 8, 2008 5:22 AM
Dren said...: Well it wouldnt be an unlock if it wouldnt downgrade the bootloader right?
Or youre saying that geohot is uploading an already cracked baseband, but I dont believe that because he is saying that then you have to use IPSF to unlock :); February 8, 2008 5:25 AM
Morphey said...: Thx for the quick response Dren! but i will need WIFI to upgrade to 1.1.1 \ 1.1.2.....should i upgrade anyway?; February 8, 2008 5:28 AM
Dren said...: First of all why you dont have WIFI and in what FW are you?
When you do the unlock the baseband will be 4.02.13_G and I guess it will fix the WiFi. So just try it (downgrade to 102, you must download manually pxl files (bsd subsystem and terminal from this link: http://iphone.exploit.org/pxl/index2.html)) and then just upload the files with ibrickr and after the unlock it should work...; February 8, 2008 5:31 AM
Javier said...: f*ck zibri, just ignore him

btw geohot good job!!!!!!!!!!!!!!

pp coming soon ;); February 8, 2008 5:33 AM
zrr said...: Ok, I accidentaly upgraded my iPhone to 1.1.3 and with this method of GeoHot, everything is OK again! No StealthSIM, SuperSIM Shit, etc. I am curious what I need to do now to upgrade back to 1.1.3. Can I now just upgrade via iTunes? Or do I need to do a NatTrue or Official-Dev-Team-Updgrade? Thank you for your Feedback.

Sorry for the stupid question.

Best
Zeno; February 8, 2008 5:35 AM
Morphey said...: i don't have WIFI at home lol XD....i'm using 1.1.2 FW, 4.6 BL, so i'm currently downgrading to 1.0.2, JBing, uploading the files using iPhoneList (i don't have any other good program...), unloading the commcenter, and running, right? :)
it wrote brfore that it doesnt have permissions - do i need to connect via sftp and change the permissions (with my friend's wifi XD)? THX ALOT!; February 8, 2008 5:37 AM
guy said...: You are the Best!!

Guys, Please let us Ifools know as soon as there is a step-by step Tutorial.

I am not capable yet of doing this, since I dont even know the meaning of all words you are using; February 8, 2008 5:37 AM
Friend said...: Hi folks, could someone pubblish a guide for people that have a 1.1.2 OOTB already jailbroken?

Thanks; February 8, 2008 5:38 AM
LowDrag said...: @flavio

if that was directed at me and is all i need to know I thank u and will maybe go and buy one tomorrow. anything else.. just let me know

THANKS U; February 8, 2008 5:39 AM
Dren said...: if you have a terminal go to the folder where the files are, type
chmod 777 *
chmod -x gunlock
and then type the command how its wroten in the readme; February 8, 2008 5:39 AM
Lattugafresca said...: Hey george, thanks a lot for your work. I think i unlock my 4.6 today :D . greetings from italy....; February 8, 2008 5:40 AM
FerSoft said...: YOU IS THE GUY!!!!!

CONGRATULATIONS!!!!!!; February 8, 2008 5:40 AM
adrian boioglu said...: u made my day! this is the news that we've all been waiting for.

congrats geo, keep up the good work
i'm using a next sim and i recommended it to everybody. now your method will be my recommendation for everybody!

thank you; February 8, 2008 5:46 AM
ibi said...: Congratulations man. I'm happy for the rest of the people that are still waiting for it bcz I did unlocked here in my country using turbo sim and I payied 60€ for that :(. I have been waiting since November, got tired of that and that's why I did it even though I was sure that you're gonna do it but didn't know when.
Keep going man.........; February 8, 2008 5:49 AM
Matias said...: So great job!!!! I will try asap and the same for donation.
As the web for downling baseband needed file is off-line temporary, can any one share those files for 1.1.2 and 1.1.3, please.

Thanks in advance.

------
'This month I wrote two lines of code,
one of them did not work and other was a comment'; February 8, 2008 5:50 AM
Gerald said...: Thank you!

Send me the bootloader and I will rapidshare it.

My email address is geraldino.10 AT gmail dot com.

Thanks!!!!!!!!!; February 8, 2008 5:51 AM
acker said...: great job....but please: HOW can I read this? it's a .rar-format and I don't find a way to see the information in a file... please help...thank you :-); February 8, 2008 5:52 AM
Mancuso said...: Thanks from Spain!!!!!!!!! I have donated 10 $ GREAT JOB supermega machine!; February 8, 2008 5:57 AM
gblogger said...: i told u were gonna find the software unlock geohotz.. Remember...i prayed u find it before zibree....wow how ironic...zibri said he would find it but u freakin found a hardware and software unlock.... dude I will donate...thanks a lot, been waiting since Nov....2007...u are a genius. Can i pls refer u for an internship or a FT job???? i know u are in school...let me know!.; February 8, 2008 6:00 AM
Giuseppe said...: Server with .fls files down. I got the 04.02.13_G and 04.03.13_G. If someone needs them, I will give an access to my ftp.

write to info@my-music.ch.; February 8, 2008 6:01 AM
Frank said...: Rapidshare links for the baseband files:
1.1.1 baseband file not included tho. Don't think you need it?

http://rapidshare.com/files/90109080/4.6unlock.rar; February 8, 2008 6:02 AM
RyDeR said...: That's really good!

Thank you.; February 8, 2008 6:07 AM
Matias said...: Frank, Thanks!!!

------
'This month I wrote two lines of code,
one of them did not work and other was a comment'; February 8, 2008 6:10 AM
Frank said...: no problem. You could help me by guiding me through this process though :D

If anyone would like to help me

add me on msn frado2005 @ yahoo.com

or
irc: Quakenet #9lives.mac

I hope someone can guide me through!; February 8, 2008 6:12 AM
NiKu said...: hello

i downgrade to 102 when i clicked on ibrick to jailbreak it it started to somethings and it now just restarts and showing those whoole things its just when i connect it with USB. when not it stays in DFU mode what shouild i do ???; February 8, 2008 6:13 AM
Igor said...: Acker, you must download winrar. Google it.

Geohot, on behalf of Brazil THX DUDE! I was about to open my iphone for hardware unlock! =)

I'm a C/C++ programmer, i wish i know more about the iphone to help you guys. Thx.; February 8, 2008 6:17 AM
Frank said...: didn't you have to unlock with apptap after restoring to 1.0.2?; February 8, 2008 6:18 AM
visik said...: can I run gunlock from 1.1.3Jb ? (from the internal Term-vt100) ???
is there any side effects ?; February 8, 2008 6:20 AM
NiKu said...: no; February 8, 2008 6:20 AM
Simon said...: Good god, geohot you are a genius indeed!

I just used your method to bring a 1.1.2 OOTB phone upgraded to 1.1.3 by mistake back to life!

Thank you so much!; February 8, 2008 6:20 AM
visik said...: no I can't or no there isn't any side effects ?; February 8, 2008 6:22 AM
JACF said...: Dude, GeoHot...it worked man.
I had some trouble at first with soem "zsh: bus" error, but I found the way to fix it, if anyone has problems with that.

You will receive money from me in no time man, now my phone is finally free, for real, without stupid chips that didn't feel right and made it 0.05 grams heavier!!; February 8, 2008 6:24 AM
Dhawal said...: Greetings from India..

Thanks for the find GeoHot.

Now only if some one could bring out a tutorial so that lame asses like me could unlock my OTB 1.1.2 (4.6 BL, 04.02.13_G) iPhone that i've been using as a very expensive iPod Touch for a few weeks now.; February 8, 2008 6:24 AM
NiKu said...: is there a irc server + room to join and ask someone ???; February 8, 2008 6:26 AM
guarroman said...: Dren said: "Some people reported that you dont have to downgrade for example from 112 to 102 just put the iphone in airplane mode (after youve uploaded the files) then with the terminal on iphone execute the commands and it should work"

Is this true???
Has anyone checked if it's possible to gunlock in 1.1.2 jailbreaked (airplane mode)???; February 8, 2008 6:28 AM
Jerome said...: Hey Just seen the news....Man you're the best.
Je te tire mon chapeau. Bravo.
I think all the Frenchy will agree with me.
You just won the iPhone Unlock Award.; February 8, 2008 6:29 AM
amigafan said...: Hmm, just get "bus errors"; February 8, 2008 6:29 AM
leonardoscutti said...: Hi. First tks for you amazing discovery. My doubt is. I have an OTB 1.1.2 (week 47) but to make it work as an Itouch I did the downgrade method to 1.1.1 and I did not updated to 1.1.2 again. What should I do? Will your software work anyway? Tks.; February 8, 2008 6:31 AM
Jimbo said...: Thank you!!! You are great!; February 8, 2008 6:31 AM
Loris said...: Sorry for the stupid question, with your steps you basically downgrade the baseband too? Having 04.03.13_G on BL 46 a donation and a statue will be prepared for you my friend!; February 8, 2008 6:32 AM
Coelho said...: man, YOU R THE KING!!!
it's amazingly wonderful how u play with it and how u share it... pls, keep up this nice and truly inspiring work... we count on u...

cheers from brazil!

PS: donation is on its way...; February 8, 2008 6:34 AM
Cory said...: thank you geo. you are a genius; February 8, 2008 6:36 AM
Dhawal said...: Now GeoHot only if you could post a simple tutorial for people like me to put to use the FIND OF THE YEAR...; February 8, 2008 6:39 AM
adrian boioglu said...: you can do this with Installer. easy and painless.
instructions are here: http://www.boioglu.ro/iphone-112-113-software-unlock/

scroll down at the end of the post and click the link.; February 8, 2008 6:40 AM
suman said...: sweet you rock; February 8, 2008 6:41 AM
Dhawal said...: will this brick my iphone??; February 8, 2008 6:42 AM
Dhawal said...: Adrain..

no offence to you..

but do these instructions with the write up above and below come in english?

Also will this brick my phone? Can I use a Mac to do the same?; February 8, 2008 6:44 AM
Anthony said...: Rehosted files: http://www.geohot.iphoneunlockaustralia.com

Thanks George! Donations coming your way very soon :)

:D Hope you get some sleep!; February 8, 2008 6:50 AM
Q said...: Geo, I think you might have confused some of the neophytes about what this actually does with your description of how you discovered it.

For those that don't know what is going on, this is basically a Super-Anysim, it patches the firmware with the same changes that anysim 1.2 does, but it does it in a way that works on BL 4.6. It doesn't touch the firmware, bootloader or seczone. It's not a IPSF unlock, it's a modified anysim baseband patcher.; February 8, 2008 6:53 AM
adrian boioglu said...: @dhawal: the main post at the above address is in romanian, but the instructions for Installer at the end of the post are in english!; February 8, 2008 6:56 AM
gblogger said...: pls quick question...can i upgrade my iphone to 1.1.3 and execute this unlock??? will it work??? cause i have 1.1.2 right now BL4.6; February 8, 2008 6:58 AM
Dhawal said...: Adrian:

Thanks for the reply, I found that between posting and coming back to tell you that I found the directions in English.

Only one question.

you have instruction no. 7 before 6
could you clarify on that.

Also, do you have help for some one using a MAC and will this brick my phone if I mess it up?

I have already jail broken my OTB 1.1.2 to 1.1.1, can i just downgrade furhter?; February 8, 2008 6:59 AM
Hannes said...: After getting a bus error notification at gunlock. i tried to start from new and now i get an error:
16 (Resource busy)

please help me?!; February 8, 2008 7:00 AM
ih8mispace said...: is the installer version confirmed with the baseband 04.03.13?; February 8, 2008 7:02 AM
ih8mispace said...: is the installer version confirmed with the baseband 04.03.13?; February 8, 2008 7:02 AM
adrian boioglu said...: @dhaval: sorry, i'm just doing a service to all of you. i thought it would be good to have it out there for everybody.

as you can see at the end of the document, this is a translation of a german tutorial.; February 8, 2008 7:05 AM
Dhawal said...: Adrian:

I understand and none the less thanks a lot for the document.; February 8, 2008 7:07 AM
NiKu said...: i m jailbreaking my 102 iphone with apptapp but its taking long to boot in recovery mode (stage 2 - 4) can anyone tell me how long does it takes ???

thnx; February 8, 2008 7:11 AM
Leonardo Nahoum said...: Guys, I just performed GeoHotz solution on my Iphone WITHOUT downgrading it to 1.0.2. So, again, I did it to my 1.1.2 OTB Bl 4.6 without the 1.0.2 downgrande step and IT WORKED PERFECTLY.

Already sent US$ 30 your way, George!

WAY TO GO !!!!!!!!!!!!!; February 8, 2008 7:13 AM
Cards Of Johnston said...: You just earned $20...
Thanks!; February 8, 2008 7:13 AM
Mike said...: How do you downgrade a OTB 1.1.2 to 1.0.2? It always gets stuck at "waiting for iphone". I'm using a g4 mac mini and a AMD pc.; February 8, 2008 7:14 AM
Marwan said...: Well done , and thanks for shutting up all the people who were starting rumors on you ........; February 8, 2008 7:17 AM
Philo said...: Download to 04.02.13_G (1.1.2) is down :(; February 8, 2008 7:19 AM
NeO said...: Just One thing : THANK YOU

You're the best and you only work for the community : what else :)

Congratulation !!!!!!!; February 8, 2008 7:20 AM
Friend said...: Hi Leonardo Nahoum, please explain step by step how you did. I also have a 1.1.2 OOTB already jailbroken.

Thanks; February 8, 2008 7:21 AM
Frank said...: @leonardo: have 1.1.2 to atm, but can't kill comcenter b ecause that file is not there? How did you do that then?
Give us some steps please;); February 8, 2008 7:22 AM
Don said...: I do not understand all that he said, and you know what. I could not care less. This guy is the "effing real deal". I already have an unlocked (TurboSim) iPhone but I am donating anyway. Geohot is the frigging man. PERIOD, POINT, BLANK.; February 8, 2008 7:24 AM
ih8mispace said...: can someone plz tell me this works on 04.03.13G baseband? also does it work with that installer one?; February 8, 2008 7:28 AM
Dren said...: here is the ICE04.02.13_G.fls
http://www.mediafire.com/?bnuj1jcjtyn; February 8, 2008 7:32 AM
Leonardo Nahoum said...: This post has been removed by the author.; February 8, 2008 7:32 AM
CosminB said...: Automatic procedure (STILL BETA)- must have WiFi Internet Access (It will work on any firmware with bootloader 4.6.):

1. In Installer add source http://www.sendowski.de/iphone
2. Set Auto-lock to Never
3. Do refresh sources, then find Gunlock at Recent Packages
4. Install, then reboot and enjoy !; February 8, 2008 7:34 AM
Hannes said...: i did the guide on 1.1.1 but now i stuck.

i get on gunlock: 16(resource busy) error.

what should i do?; February 8, 2008 7:34 AM
Leonardo Nahoum said...: Friends, I just followed the small tutorial posted at Hackint0sh forum (http://www.hackint0sh.org/forum/showthread.php?t=28441&page=29) by iphone12 (copy-pasted below):

---------------------------------
1. Open Instller on your jailbroken 1.1.2 OTB and install OpenSSH and Term-vt100 (under System)
2. Connect via WiFi to your iPhone using WinSCP
3. Copy all the files (gunlock, ICE04.02.13_G.fls and secpac) to /usr/bin
4. Set permissions of gunlock to 0755 in WinSCP
5. Put iPhone in Airplane mode (IMPORTANT!)
6. Execute the following commands in Terminal:

launchctl unload -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist

cd /usr/bin

./gunlock secpack ICE04.02.13_G.fls

launchctl load -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist

7. Restart iPhone
---------------------------------
There are NO typos or errors above.

The Iphone didn´t brick or anything. Reeeeally smooth process.

The baseband file you can find in this rapidshare address, already posted above by iusf: http://rapidshare.com/files/90087423/_Baseband.zip.html

In this zipfile, you will find all baseband files. Use only the one you need (unzip it a second time to get the one you need, I mean).; February 8, 2008 7:35 AM
t-muh said...: can confirm this:
had a 1.1.2ootb phone, first downgraded to 1.1.1 then upgraded to 1.1.2, jailbroken. I used it a few days with NextSim. Minutes ago i used gunlock on my 1.1.2(!!!) jailbroken iPhone. No need to downgrade to 1.0.2 first! Only thing i had to do was chmod u+x gunmod, because it gave me "permission denied". Now my 1.1.2ootb is fully unlocked. My nextsim has just become useless :)

Thank you!

(german here, so dont expect much english-skills ;)); February 8, 2008 7:35 AM
gblogger said...: there have been reports that some people are getting BUS ERRORS when running the gunlock program,....usually this means accessing memory the wrong way....i personally wont try this software yet until people find bugs...and the bugs get corrected; February 8, 2008 7:37 AM
letof3101 said...: GEO IS MY HERO!!!!
Congratulations and thank you so much for this great great job geo.

France loves you!!!; February 8, 2008 7:37 AM
t-muh said...: i meant "chmod u+x gunlock", sry for that mistake..; February 8, 2008 7:37 AM
Frank said...: and afterwards, can you update to 1.1.3? If yes: via that softupdate from Installer, or something else? And if done, do I need to unlock it again?; February 8, 2008 7:39 AM
Vadim said...: Thanks for full disclosure. Can't believe that you're using IDA less than a year. Thanks!; February 8, 2008 7:41 AM
Hannes said...: if i am on 1.1.1(112 OOTB) i have to use baseband of 1.1.1?

with ICE04.01.13G.fls at the bin folder?

can somebody confirm this?; February 8, 2008 7:45 AM
Frank said...: help me out:
usr/bin/BASEBANDFILE
usr/bin/gunlock/ 2 GUNLOCK FILES / CHMOD FOLDER 755
usr/bin/SECPACKFILE

Correct? Or do I have to keep the secpack in the gunlock folder; February 8, 2008 7:46 AM
solor said...: geo compile this:

http://solor.fortegaming.com/gunlock040313.c

and add to you package "should" work, was not tested tho; February 8, 2008 7:48 AM
Omar said...: n00b guide
http://www.hackint0sh.org/forum/showthread.php?t=28481

George please confirm if this will work on 3.9 BL or not??
coz this sounds better than old IPSF unlock style coz it doesnt touch the seczone; February 8, 2008 7:48 AM
NiKu said...: what if i stop apptapp trying to boot in recovery mode can i do a restore than ???; February 8, 2008 7:51 AM
Fly said...: Thanks :-)

http://osx.kbot.de
http://osx86.kbot.de
http://touch.kbot.de; February 8, 2008 8:15 AM
Mark said...: THANK YOU!!
I really appreciate your work! Thanks!; February 8, 2008 8:16 AM
7 said...: i made a post yesterday asking why another exploit could not be snooped the same way the first one was when you were h/w hacking the iphone... well, clearly you spent the last 24 hours looking, and that's what it took! congratulations once again geohot, truly deserving. and zibri, public opinion of you has spiraled out of control, and you keep making it worse by merely opening your mouth/typing your words. i would suggest a dose of humility and some apologetic words here and there(sincere), instead of antagonistic ones.

Eric Jarvies; February 8, 2008 8:16 AM
guarroman said...: You are GREAT!!!
My donation is on the way.
My situation:
1.1.2 jb BL4.6 BB 4.02.13_g

Winscp all the files
Airplane mode
vt-100 -> kill commcenter
gunlock
start commcenter
reset...
and stelthsim in the drawer!!!

juajuajua

Saludos desde españa

Con dos cojones chaval!; February 8, 2008 8:26 AM
Ninety said...: Geohot,

can I assume this exploit can be used to downgrade the 4.6 bootloader to 3.9?

just seems like 3.9 is better (more holes) I want to use the IPSf unlock.; February 8, 2008 8:34 AM

«Oldest ‹Older 1 – 200 of 664 Newer› Newest»

On the iPhone

Friday, February 8, 2008

11246unlock, good enough for the prize

664 comments:

Blog Archive

Downloads

About Me