Tag Archives: befreiphone

[iPhone] iTunes 8 detects Pwned iPhone Firmware

Leave a reply

Warning

Firmware 2.1 will be released today. As of now, it cannot be pwned – no matter if you are running QuickPwn or PwnageTool. We recommend not to update until further notice.

Current Status

The iPhone Dev Team reports iTunes tries to countermeasure the exploits the well known Pwnage Tool is using. After having compiled a custom firmware with Pwnage Tool or WinPwn, you need to install it using iTunes. Now, iTunes in version 8.0 refuses to install custom firmware, thus combatting Pwnage’s way into the iPhone or the iPod Touch. The iPhone Dev Team released the photo below indicating the error message from iTunes 8, when trying to install a custom firmware to a (not yet) pwned iPod Touch. As of now, it is unknown if iTunes can also detect an already installed custom firmware. Thus allowing original unmodded updates to install. This would also allow the use QuickPwn. iTunes seems not to be able to detect already pwned iPhones. Forum reports say, iTunes 8 still can install custom firmware to an already pwned iPhone. For those guys of you who are running a device fresh from the factory (means not pwned), use QuickPwn as a workaround for now.

Interim solution to pwn a new device:

  1. Use QuickPwn to jailbreak and then Pwn/unlock your device
  2. if you like you can then use Pwnage Tool to create a recovery custom firmware (imho: you don’t need it, after having QuickPwned your devices

Next Steps

Anyway the Dev Team reports, they are working on a way to trick iTunes, thus forcing iTunes to install custom firmwares even on not pwned devices. The iPhone Dev Team is currently prepping a whole lot of patches for iTunes 8, no matter if you are on Windows or on Mac. Patches will be released during the next week.

» Read the iPhone Dev Team’s article here

itunes8counter.jpg

[iPhone] Status Report for iPhone 3G Unlock Solutions

3 Replies

Abstract

There have been rumors about circumventing that annoying SIM lock. As Geohot stated (read here), modifying the 3G baseband will not be an easy task. Because this task still needs to be solved, some guys thought bypassing simlock by using Proxy SIMs might be a good idea for 3G iPhones as well.

Differences between 2G and 3G iPhones

For 2G iPhones Proxy SIMs worked very good, because only the iPhone checked once at startup, if the SIM is from a supported country and carrier. SIM Proxys faked this first answer only and gave control back to the real SIM card, which has been asked for all details (IMSI, Country Code etc.) again. The then gotten details have been used to transfer to the network and to try to log in.

After investigating in the Proxy SIM possibilities for the 3G iPhone the iPhone Dev Team (namely: _ZF) stated that in contrast to the behaviour with 2G Proxy SIM solutions, the behaviour of 3G basebands is like transferring the first gotten IMSI code to the network. This means: for 3G iPhones the Proxy SIM will fake a test IMSI card and the iPhone will send this test IMSI code to the carrier to log in.

Legal and technical issues with 3G Proxy SIMs

Although applying methods like this in order to unlock the iPhone 3G is most likely illegal in many countries (because it violates contract), members of the Hackint0sh forum have played with Proxy SIMs on different networks in the world.

As expected the results are disappointing. Besides the questionable legal status of those operations there have been heavy technical problems.

  1. First being support for 3G. Currently no Proxy SIM supports it. You can only surf the net and check emails and so on using 2G/EDGE/GPRS technology – means same functions like with a 2G iPhone.
  2. Second being the problem of the IMSI fake ID. At least european carriers seem to have applied security precautions to their networks. After some time you will be logged out of the network. This may take some minutes to some hours.
  3. Third being the problem that people reported the Proxy SIMs are still too thick. Several people broke their trays when trying to release the tray from the iPhone.

Types and Brands of Proxy SIMs

Tested cards include:

Currently none of these Proxy SIMs work reliable (cf. iPhone Wiki). Our recommendation is simple: keep on waiting, the iPhone Dev Team will make it sooner or later. In case you cannot wait, get yourself a factory unlocked iPhone 3G from one of the countries supplying them (see country list here) and save precious life time.

[iPhone] Edit Edge Settings under Firmware 1.1.4 and 2.0

40 Replies

Update 4: (November 27th, 2008): Another formerly fast way of editing has been reported to induce other issues and has thus been removed. Some links for Windows users have been updated.

Update 3: (July 21st, 2008): Pwnage 2.0 tutorial for firmware 2.0 finished (see here). The way to reenable the EDGE settings is still applicable. Please follow part II.)_T_H_E__Z_E_N__W_A_Y_ (scroll down).

I.)_T_h_e___f_a_s_t___w_a_y_

(Outdated article removed)

II.)_T_h_e__z_e_n___w_a_y

The standard iPhone EDGE settings for Germany (means for people with legit T-Mobile iPhone service plans) are:

apn: smartsites.t-mobile
username: t-mobile
password: tm

Those settings cannot be edited and will always be applied to any T-Mobile SIM card. Problem is: customers with a non-iPhone contract cannot use EDGE then since they need different EDGE settings. Most likely those:

apn: internet.t-mobile
username: t-mobile
password: tm
To be able to change these EDGE settings in a pleasant way just do the following (I assume you got OpenSSH installed already):

1. use Cyberduck (Mac), SmartFTP (Windows) or any other SFTP capable client to connect via SFTP into your iPhone

2. go to /System/Library/Carrier Bundles/T-Mobile_Germany.bundle/ and download carrier.plist to your host

3. since you can’t edit this carrier.plist you first need to convert it
3.1. on OS X you can do it by installing the plist editor contained in Apple’s Developer Tools (bundled with XCode) on your Leopard or Tiger Retail installation DVD or available via download here (site requires registration. Btw: do you know Guerrillamail yet?).

3.2. Windows (and lazy OS X) users go here: http://140.124.181.188/~khchung/cgi-bin/plutil.cgi to convert the plist online. (This address seems not to exist anymore). We recommend to give

a try (warning: we did not have the time to test this yet with either one of these tools. Your feedback is highly appreciated, thanks!).

4. Opening in one of these tools above mentioned, It should most likely look like this (click picture to enlarge):

Converted Plist

5. So we need to add those tiny lines to get back EDGE editing capabilities:

<key>AllowEDGEEditing</key>
<true/>

AllowEDGEEditing

6. You will find “EDGE settings” menu under “Settings” » “General” » “Network” » “EDGE”. Enter the approprate APN and you’re done…

BTW: you can also change the APN settings permanently inside this carrier.plist file. Just locate and replace these lines:

<key>apn</key>
<string>smartsites.t-mobile</string>
<key>password</key>
<string>tm</string>
<key>username</key>
<string>t-mobile</string>

with the appropriate APN settings of your contract…

replace standard apn settings

Kudos to Volkspost (Volxpost) for his findings and his initial 1.1.3 tutorial.