About a year ago today, I found the at+stkprof exploit. Back then, I struggled for 3 days to write a payload. No luck, I just wasn't a good enough reverser. So I stashed the exploit away until December, when I gave it to dev for use in yellowsn0w.
Now a year later, I wrote a payload and delivery system in a day. And it's an awesome payload. Ideally we'd like to patch the lock out of flash, but with the apparently proper sig checks, that isn't going to happen. So purplesn0w is the next best thing. I copy the page I want to patch to an unused region of memory. In memory I patch it. Then, using the MMU, I map the flash page out and remap the patched memory page in it's place.
No new iPhones are really unlocked, activation creates a ticket allowing the baseband to be used with that sim. The lockstate of the phone really lies on apples servers. Unlocked is auth all sims. Locked is auth AT&T sims only. Fortunately this ticket system provides an easy way to deliver the payload and reexecute the patched code all in one. And since the ticket is already delivered on baseband resets, theres no need to write another daemon to hog battery. I use the daemon already designed for this, lockdownd. A patch to commcenter gets it to run the payload on ticket delivery. And a patch to your activation record contains the payload. So using existing apple machinery, I unlock when needed.
In retrospect, I should've just patched commcenter to send the payload. Then hacktivation would work no problem. Oh well, tomorrow is another day. I'll add hacktivation support then.
Here is the source. And I mean all of it.
Tuesday, July 14, 2009
Subscribe to:
Post Comments (Atom)
70 comments:
Thank you for the source code!
No, seriously, I'm going to be up all night studying it
Studying. Ha.
Discecting more like.
Great work. Since this uses existing daemons will using this unlock translate to better battery life? Also is this just for 3gs owners?
Yes on both counts.
doesn't look like it will work if you used redsn0w. don't use redsn0w!
i hope this fixes a few problems i had with edge on ultrasn0w... it was going a lot slower than my 2g.
GeoHot, PLEASE ANSWER SOME SMALL QUESTIONS FOR US UNKNOWING PEOPLE. Does this work for 3G as well? If it does, is it a problem that I jailbroke with redsnow? same for 3GS, is it a problem if I jailbroke with redsnow?
THANK YOU!!!
Thanks for all of your hard work GeoHot...get some sleep now.
BTW, I'm not having any problems with ultrasn0w right now, but I legit activated to avoid tons of issues like Push, etc. Do you think using a legit AT&T sim is still the best way to activate, or will YOUR soon-to-be-released "new and improved" hacktivation be just as good as activating via Apple?
Releasing the source for Apple to freely examine and see what and how the exploit is utilized and injected is a stupid move. Nice going.
Amazing!
@iphonelvr: I'd like to point out that the exploit used for purplesn0w has been disclosed publicly for quite some time now, and not just by geohot but by those unstoppable asshats NitroKey.
I'd like to point out further that purplesn0w is less a new exploit than it is a new payload for the currently existing exploit. So really, the only harm that can come from it is if Apple manages to somehow find a way to disable the MMU or at least prevent it from allowing his code to function properly. In which case a new payload will probably be written. Whatever.
Please to be reading the source before you say such things kthx
Trust me. Apple can reverse engineer the code quite easily. And Geo writes such nice compact code it is even easier. Lack of source, having source, the difference is a day or so. I occasionally do computer forensics and the right tools make it oh so much easier than you'd think. Compared to some complex multiple loadable library systems that cross 32 and 64 bit execution boundaries the iPhone is a nice simple platform. And some of us appreciate the code!
You're amazing!!! Keep up the great work.
Hello Mr. GEOHOT 1st of all ... thanks so much for the rain now for the sn0w. I would like to know if you please. would your purplesn0w fix the problem with the losing signal? i unlock my iphone 3gs with ultrasn0w but the signal goes out or it said searching or no simcard. i had asked you before and you stated that it was Ultrasn0w causing that... so would i have the same problems if i re-unlock the phn with purplesn0w????
thanks for the work and the source.
Still doing a great job. TY
george thanks so much for purplesnow u are a monster fpr unlock of iphone very good work
excellent
function all boot the next version 3.1 ??
Thank you for your efforts G!
i installed the unlock on 3Gs iPhone after JB with purplera1n,unfortunately it doesn't work on 3G mode, only works on 2G :(
(tested on 2 networks - israel)
Will the purplesn0w unlock work on the 3G as well? or on the 3GS only?
Also I have a problem. My G/F lives in Malaysia and shes using an unlocked with yellowsn0w ATT iphone 3G & she wants to update to 3.0 from 2.2 is it possible to update and some how activate with out ATT sim card? like update to 3.0 then JB with redsn0w or something and install Unlock or that wont work? please let me know..
Thanks alot in advanced for who ever can help me that has knowlege in this.
Nice, thanks for the mention :)
Very nice implementation, old patch, just in the RAM :) Without messing with Nucleus and stuff. Oh, and thanks for the source.
By the way, how can you be sure that 0x43000000-0x43100000 isn't currently in use?
Another thing, it works only for 3GS just because CommCenter has a different binary (and the patch has to be ported) or am I missing something else?
wow!
Thanks,
For info after downgrade a 3GS from 3.1 Purplera1n is not working , the other tool worked ... I don't know why
I just tried this unlock .. I had untrasn0w .. I uninstalled it … then installed this one … but it does not work … when I insert my other SIM I get a sim failed message … then it shows signal bars with no signal … but does not see a carrier and the carrier tab in settings is not there .. i even tried making calls but nothing … also if I try to turn off 3g or edge I get invalid sim message …. any ideas why it didnt work?
No need to unlock, but I just want to tell you what a joy it has been to watch your "evolution" as an iPhone hacker. I hate to even use the term "hack" as you write such clean code. Cheers!
Hi,
Been a big fan of you since day one, and I've actually talked with you on #iphone-dev back in the old days.
Since this unlock rely on the at-bug that nav-etc found, it will be closed when Apple release 3.1 or whatever version is next? Or am I wrong?
Thanks mate
Hi,
Been a big fan of you since day one, and I've actually talked with you on #iphone-dev back in the old days.
Since this unlock rely on the at-bug that nav-etc found, it will be closed when Apple release 3.1 or whatever version is next? Or am I wrong?
Thanks mate
George - once again, very nice work. Just to collect some of the details about purplesn0w unlock that are included in your OP and the comments above:
1. Only for iPhone GS w/ 3.0 firmware
2. Works only with purplera1n RC2 jailbreak, not dev team jailbreak.
3. Phone must have official activation (e.g., AT&T sim and account in U.S.) - no hacktivation available (yet)
4. Turn off 3G before installing purplesn0w
Do all that and it works beautifully. Thanks again, geohot. Time to make a donation.
Doesn't work well. Purplera1n + purplesn0w.
Works for a moment, but later "no service",iPhone becomes very slow, no wi-fi. With perplera1n + ultrasn0w everyting was OK.
very sick work here geohot, a true prodigy you are. thanks.
Using a TLB entry to map a single page of RAM with a copy from FLASH and a patched conditional over the original is brilliantly simple. Better still, a very clean generic tool and written in wonderfully clean code (read: reusable code, for similar exploits... provided an injection vector is found).
I now tried to restore the phone from scratch ... then jailbroke using purplera1n .. then installed cydia and purplesn0w ... now my phone does not recognize any networks ... with original sim or other sim ... and when I insert a sim card I lose all network connectivity even to wifi ... I dont know what is wrong .. previously I had redsn0w jailbreak then ultrasn0w but i thought a complete firmare restore then data restore from before jailbreak should clean everything up back to original state ... can anyone advise what is wrong?
sorry about that, uninstall purplesn0w and wait for RC2. i have some ideas whats wrong
thanks for ur quick reply ... waiting for new updates ... :D
After reading msgs between Geohot and Musclenerd, and other dev-team members, it seems that there is no batt life difference. Is there any difference from USING (not code implementation) between ultrasn0w and purplesn0w, or is it the same thing?
Thanks.
http://www.prizerebel.com/index.php?r=1410017
Hello,
Several unfortunate experiences with this new tool signaled on French forums : http://www.iphon.fr/post/2009/07/14/Purplesn0w-le-desimlock-facon-GeoHot#comments
At best, the Iphone gets real slow, loses network and wifi. At worst, it's stuck on the boot screen and a restore is needed.
And that's exactly what happened to me (Iphone 3GS 32Go, jailbroken with Purplerain)
Have you ever thought of setting up a CafePress shop? I would LOVE to buy a "Pruplera1n" bumpersticker, or "I Make it Ra1n". That would be awesome.
Also... Dude, the iPhone-Sim-Unlock.com.... You know, people like me, who work in the technology industry and for whom the jailbroken phone is an INVALUBLE tool… you’ve actually had a profound effect on us.
I can’t begin to imagine what it must be like to see jerks profiting off your work, stealing it, taking credit. But the people who most need to know who did this – those of us who benefit the most, we know! Don’t let those bastards get you down. You are the man! You can only be responsible for yourself, and I’d rather be you than them any day of the week.
Thank you!
Yea, the restore issue happens on purplera1n RC1. You don't really have to restore, just enter recovery and ra1n RC2.
Working on signal issues right now. It's even simpler than last time, only one file is patched. And activation isn't required :-)
What the? can't understand hehe
ChikaBebe
You de man... Waiting for the hactivated one....
i just restored to a fresh 3.0 (on my 3gs) and ran purplera1n on vista. worked fine. i hacktivated using the lockdownd file and that worked too. i then installed cydia then purplesn0w but it isnt picking up my carrier.. im using an optus prepaid sim card.
any ideas why?
Thx 3GS jail worked well! Waiting for 3G jail
regards http://iphone4ever.eu
Hi,
is possible to have source code to jailbreak & unlock iphone first generation with fw3.0?
Hi,
is possible to have the source code about jailbreak & unlock an iphone first generation with fw3.0?
Thanks
geohot ... anyway you can link us to a syntax dictionary for this or perhaps have someone post line by line comments to the code on the iphone wiki?
It would really help a lot of us new to the iPhone scene
I've just tried it and everything worked on my first try, once again geohot comes throught, heres my video tutorial http://www.youtube.com/watch?v=urjt4AOzuwc
Dear Geohot
I think there is still problem with the battery life. When i don't use the phone, i check the usage and i say something is running almost 80% of the time and my batter run down really fast. But when i use the plane mode, that something running in the background seems to go and my battery is much better. I don't think it is the wireless because i try to turn off or on the wireless already. If we can turn that something off, the battery is much better
On my 3GS I used purple rain to jailbreak. I have both an ATT sim and a european sim which I use the unlock for.
Anyways...I had ultrasnow installed and it worked fine. I uninstalled ultrasnow and installed purplesnow. It would not pick up signal not even search for it. I rebooted, turned off 3g, reset network settings all that jazz.
I then uninstalled purplesnow and rebooted and now my phone will not boot up. It constantly reboots itself at the apple logo.
FYI Geo
Others have also reported the same problems....see post by WickedEvo124
http://www.modmyi.com/forums/iphone-news/675951-geohot-makes-sn0w-now-new-soft-unlock-iphone-3gs-7.html
Very nice :P
I'm pretty new to iPhone. Few questions. Suppose I have an iPhone 3GS; brand new; not activated. Can I still jail-break (and unlock) it? What I do not understand is; if the iPhone is not activated and doesnt have network connection (unless there is one via USB), how Cydia gets downloaded? Where's the starting point?
yes Mr.Snow it can be done via usb.
Download iPhone browser.. jailbreak ur iphone (even if you only see the activation screen) and then in iPhone browser you can hacktivate the phone by replacing the lockdownd file...
http://www.ilikemyiphone.com/2009/07/04/how-to-hacktivate-your-iphone-3gs-after-geohots-purplera1n-jailbreakunlock/
Change your life-long film, as long as their opportunity to learn about the
Low investment business opportunities network, learn more watch video Description:
http://www.kuante.ws/en
wow great ,with that just add this i found last week This is an unlocking website. Please view the website to get more info unlocker.
This website provides a complete knowledge base on mobile phone unlocking instructions
and guides. It has unlocking instructions for more than 5000 mobile phone models.
visit my site
thanx for this blog and please let me take a copy to my site
البورصة المصرية
منتديات البورصة المصرية
منتدى البورصة السعودية | سوق الأسهم السعودى
تجارة عملات | فوركس | تجارة العملات | تداول عملات | Forex
Thanks for the follow! I also have my own website. Come visit me at
more template Click quick
dude u are a pimp man thank you man..
"... theres no need to write another daemon to hog battery. I use the daemon already designed for this, lockdownd."
Rereading some old posts and I just realized what a classic quote that is (albeit out of context).
i wanna unlock and jailbreak my iphone 3g for tmobile but i am runnin on 3.1.2 wat should i do
i wanna jailbreak and unlock my iphone but i wanna run it on tmobile wat do i do is there a system that will help me soon ???
please bear with me...... i'm a long time att iphone 3g user trying to get more out of my phone. is there a way to jail break my 3g to 3gs?
ps i've NEVER jailbroken anything in my life
please help
is there any upteade for the unlock on the new purplesn0w for the baseband
Blackrain is not working for all ipod touch 2nd gen users
Great work. Thr was a news today abt the latest unlock on this website...
http://www.prweb.com/releases/2009/10/prweb3104894.htm
Do u think, its good or fake...
wow
Free Mobile
Phone Unlocking solutions
Post a Comment