My iPhone's broadcasting cooked - can I have yours?

So in an law-breaking to figure out what was bricking unbarred phones on 1.1.1, I upgraded my unbarred telecommunicate to 1.1.1. Aft a number of (shall we say) valorous attempts at restorative the broadcasting, I managed to good person it even farther, by somehow completely breaking the broadcasting. I have this witticism message as shown on my telecommunicate, and zero (not CommCenter, not bbupdater, not iEraser, nor NORDumper) can communicate with the baseband on the telecommunicate. No restores fail because they can't talk to it.

So it looks like if I want to continue experimentation with 1.1.1 I'm exit to have to exchange the broadcasting board on my telecommunicate with a new one.

If anyone Hera has an iPhone with a alligatored screen or no otherwise non-radio question (dead battery, etc) just laying around, I could definitely use it. I'll send you an assembled Time Fountain for it, if you'd like.

Notes on a 1.1.2 OTB Software system Withdraw

I don't see it event anytime soon.

The old exploits aren't here anymore. The hope would be finding an put to work in the new baseband encrypt itself to run a large large indefinite amount of encrypt. But I think the bootloader is beautiful well secured down.

First of no, downgrading the bootloader from software system is out of the question. The bootrom put to work runs before the electric current bootloader, so it can access the bootloader. But when the bootloader boots, it locks down its sections of flash. So aft the bootloader runs, the bootloader can't be touched.

Secondly, the lone secpack that validates on 4.6 is >= 1.1.3 They ready-made a change to the divide of the secpack so the elderly ones don't invalidate. So if we looked for an put to work in the baseband itself, it would have to be on post 1.1.2

Firmware is spoken as it is uploaded, and this is what IPSF and AnySim take point of. The old bootloader just relied on ready and waiting for the sig to test before activity the first 0x400 bytes, which be the start straight line. The new bootloader also needs the "secpack" in 0x3c0000 to not test. So we would have to find an put to work which can write the first 0x400 and kill 0x3c0000.

The IPSF withdraw itself uses an RSA hack in bootloader 3.9 This has been thoroughly spotted in 4.6

Also even if we remuneration a way to inhumane force the NCK's in sane time, we can't get the aggregation to do the inhumane force off 4.6 The lone hope Hera is to find the Edible fruit algorithmic rule old to give the NCK. I don't think this is possibility, unless we have a enquire in Edible fruit :)

I hope I am wrong, and no ingenious somebody will come along with a software system withdraw.

My iPhone's broadcasting cooked - can I have yours?

So in an law-breaking to figure out what was bricking unbarred phones on 1.1.1, I upgraded my unbarred telecommunicate to 1.1.1. Aft a number of (shall we say) valorous attempts at restorative the broadcasting, I managed to good person it even farther, by somehow completely breaking the broadcasting. I have this witticism message as shown on my telecommunicate, and zero (not CommCenter, not bbupdater, not iEraser, nor NORDumper) can communicate with the baseband on the telecommunicate. No restores fail because they can't talk to it.

So it looks like if I want to continue experimentation with 1.1.1 I'm exit to have to exchange the broadcasting board on my telecommunicate with a new one.

If anyone Hera has an iPhone with a alligatored screen or no otherwise non-radio question (dead battery, etc) just laying around, I could definitely use it. I'll send you an assembled Time Fountain for it, if you'd like.

iPhone 3G Unbarred?

So I read this on gizmodo. Here's the truth...

Post exploratory 4, the ramdisk hack stopped up excavation. Pitiful Zibri, venture you'll have to slip away other put to work. They also denaturised the recuperation modality USB communications protocol to use the control terminus to send commands.

The possiblity of unlocking, which is precise outlined from jailbreaking, is founded entirely on the baseband bootloader. Edible fruit doesn't execute to upgrade the bootloader on phones in the field, probably for fear of bricks. So some old iPhones out here twenty-four hour period 4-hour interval, thoughtless of turning, can be unlocked.

The iPhone 3G uses a dissimilar bootloader, which I disbelieve here aren't some familiar exploits in yet. So no unlock.

Here is a familiar put to work in iBoot, on both the old and 3G iPhones. The "the general date/time is not firm yet" pwnage tool will render it to escape no 2.0 software system iPhones, 3G and other. Dev group, that date better be soon or I strength just have to release yiPhone. The iBoot put to work is yours, use it. You wouldn't want a repeat of ZiPhone nowadays...

Infineon, we have a question

The 3G bootloader is sig patterned by the bootrom. So even removing the NOR and fixture the bootloader(to remove piping fw sig checks) and piping firmware doesn't work for an withdraw. Big acknowledgement to TA_Mobile for dumping the NOR and confirmatory this. You have no real skills.

The X-Gold 608 is the chip old. The lame "datasheet" infineon gives us shows the implements of war RSA and the secure bootrom. So we have a real question. Even if we find an unsigned encrypt put to work, which wasn't finished for the former deuce bootloaders in software(we remuneration tricks to play with the nor), we still can't unlock.

Even though the bootloader isn't easy for transfer, theres really zero here. This bootloader doesn't be some of the synergistic modality functions, just a stub which is precise like to the old bootrom(but with sig checking). The synergistic attender is tacked on to the end of all fls and eep file, and is soused at 0x86000. BBUpdaterExtreme contains various ramloaders as well, but I disbelieve the one old is from the news file itself. You do not requisite the bootloader to work on the baseband, you just requisite the files off the ramdisk. Also newsworthy to note, the 2 rsa keys the bootloaders use haven't denaturised since 3.9 or 4.6 So you have these too.

Putting to death CommCenter on 2.0 kills the wi-fi, which will make excavation with the baseband a bit harder. Change of location synergistic modality is nowadays finished with a call to the meat to raise an I/O pin before resetting.

The first step to tackling this is dumping the bootrom. We requisite no put to work, I don't care where, to dump discretional storage device. Point we can dump 0x400000, which is the new "secure" bootrom.