Latest News, tutorials and site updates:
New* Killer App- Mac Freeware Review
Current Firmware Version: 2.2.0 **
Hack that iPhone and iTouch: Chat
iPhone:**NEW How to Unlock the iPhone 3G - Mac and Windows **
iPhone: How to Jailbreak Your 2.2.0 3G iPhone (Mac)
iPhone: How to Unlock/Jailbreak Your 2.2.0 2G iPhone Using QuickPwn (Windows)
iPhone: How to Organize Your iPhone Applications Into Folders
iPhone: How to Unlock/Jailbreak Your 2.2.0 2G iPhone (Mac) **
iPhone: How to Jailbreak Your 2.x.x 3G iPhone (Mac) [Updated]
iPhone: How to Jailbreak Your iPhone With QuickPwn [2.1 Firmware]
iPod Touch: How to Jailbreak Your 2.0.1 iPod Touch (Mac)
iPhone: How to Sync Your iPhone With Multiple Computers ( Mac and Windows)
iPhone: How to Trick Your iPhone Into Thinking Its On Wi-Fi
Friday, November 30, 2007
Are you guys ready? Here it comes! GeoHotz was developed some new exploits on the new out of the box 1.1.2 iPhone Firmware. What does that mean? First, we will either have a hardware or a software unlock in the near future. I hope its a software unlock so the warranty does not have to be voided. Please do not try to do any of this on your own this is all theoretical, unless you really understand the inner structure.
For the Hardware Unlock GeoHotz says, " The version check reads from 0xA0021000 and 0xA0021004 to get the version of the main firmware. It then compares the values [0xA0021000]==~[0xA0021004]. If that check fails it ignores the version check. It is also the only bootloader access into high flash. So when A16 goes high, pull any data line high or low. That will cause the check to fail, and hence the version check to be skipped. And they shouldn't be any memory accesses in the bootloader, so it'll be fine."
For the software Unlock GeoHotz says," This exploit is in the the way the secpack signature is padded. They did a lot to remove the really bad signature checking of the old bootloader that IPSF exploited. Although the secpack still has 0x28 bytes of data at the end that isn't checked for normal secpack sigs. The secpack sig is(0x30 header/padding, 0x14 main fw sha, 0x14 secpack sha, 0x28 unchecked padding) So by spoofing the first 0x58 of the RSA, you can set any secpack and main fw sha hash you want. It is very easy in exponent 3 RSA cryptosystems to spoof the first 1/3 of the message bytes. I believe with some clever math and brute force, the whole 0x58 can be spoofed."
If theres any people with ideas, email me and ill pass on the message or you can hit GeoHotz at this JtaG Blogggggg. If not, you can check out cool things like free ringtones, ripping DVDs, unlocking all firmware (including 1.1.2 on already unlocked phones) and much much more. Just check out the blog archive or the site map. To keeps this site running at the pace it is running, i need you guys to donate some money because it is getting harder and harder. I get requests all day long, and i fulfill all of them, but the total donations for this current week was 0, yes ZERO. So please if you find this site usefull please contribute. Thanx :)
Posted by -Administration- at 5:12 PM