GeoHot just granted the world an insight into his current work project. It is called EDA and it almost looks like IDA (that btw also includes an iPhone debugger), but EDA seems to go a little further in case of simulator/dissassembler terms.
Geohot says the EDA simulator to:
include version control
allow graphical comparision between different versions of code
handle memory location as files
handle instructions as changelists
This concept he explains should make tracing of memory mapped IO processes “super easy”. But as GeoHot says: “Sadly, it’s still a work in progress. Maybe when its done, I’ll look for the 3G unlock.” Means: this tool is not available to the public, sadly.
iRan is a tool that makes use of Geohot’s findings dated last year about the iBoot. He found out that in DFU mode it offers a full interactive shell. But it took almost a year to allow execution of non-signed code. The iPhone Dev Team now used this in their Pwnage Tool 2.0 for expanding privileges in order to perform activation and jailbreak of iPhones.
Geohot provides this tiny tool “to run whatever you want at the DFU level. (..) Pass it a binary file, it will start executing at the start of the file(no file formats to deal with).”
We’ll leave it up to you to find out what you can do with this tool…
Although we didn’t get our hands on a new iPhone 3G yet, things are as expected: the iPhone 3G uses a new bootloader for its baseband modem as confirmed by Geohot.
Bootloader versions from the “old” iPhones
As far as we are aware the there are those 3 different bootloader versions known on old iPhones:
3.8 (very rare)
3.9 (iPhones before november 2007) and
4.6 (iPhones after november 2007).
It is widely known, that exploits for these old bootloaders have been found, that allow to SIM unlock any of these old iPhones. No matter which software revision is running.
No Unlock for iPhone 3G, but for old iPhones
For the new iPhone 3G bootloader, there is no (public) exploit known yet. Although the iPhone Dev Team states they can unlock firmware 2.0 – the unlock is most likely meant to work on “old” iPhones only. The only exploit yet known (in both old and new iPhones) is an iBoot bug. The iPhone Dev Team provided a video showing Pwnage Tool neutering the baseband for firmware 2.0:
Video: Pwnage Tool Bootneuter on firmware 2.0 (on an old iPhone)
The Pwnage Tool 2.0 (and Geohot’s yiPhone) will most likely feature an iBoot bug to jailbreak old and new iPhones. iBoot is needed by iTunes to talk to when restoring firmware. About a year ago, Geohot found out that iBoot provides a full interactive shell. The only problem was, iBoot only allowed signed code to run. The iPhone Dev Team now managed to break the chain of trust from the earliest boot stage. Thus allowing to run unsigned code and in the end jailbreaking old and new iPhones (see video):
George Hotz just modified iPhone’s Bootloader 4.6. With those results:
no signature checks
Secpack update check removed
full write access
But since the original bootloader is legally owned by Apple you will not be able to download this bootloader. But he said he would provide patches… More information to be found here…
deutsch
George Hotz hat den iPhone Bootloader 4.6 modifiziert. Features:
keinerlei Signaturprüfungen mehr enthalten
Secpack Update Abfragen entfernt (vorher wenn “updateversion” <= “currentversion”, dann “update verweigern”
vollen Schreibzugriff
Leider leider ist der originale Bootloader ja urheberrechtlich geschützt durch Apple. Daher wird man den Bootloader in vorbereitet modifizierter Form von Geohot so nicht im Internet finden… oder doch ;-) Auf alle Fälle wird er in den nächsten Tagen einen Patch bereitstellen…
George Hotz – the first one to unlock an iPhone ever (via the highly newbie incompatible hardware testing point method) – did it again. New iPhones being shipped beginning at latest in week 45 can now also become unlocked very comfortable on the software way. More information in George’s own Blog entry. I’d really like to see statistics of sold devices and have these statistics compared to the dates when the public got to know that there are ways for simple unlocking – any correlations?
german:
George Hotz – seines Zeichens der Erste, der den SIM Lock des iPhones entsperrt hatte (damals noch auf kompliziertem Hardware Weg) – hat sich selbst übertroffen. Neue iPhones, die spätestens ab Kalenderwoche 45 hergestellt wurden, können somit einfach und bequem entsperrt werden und mit jedem beliebigen Provider betrieben werden. Details und Downloads finden sich in Georges eigenem Blog (englischsprachig). Ich würde wirklich gerne mal die Statistik der verkauften Geräte sehen und sie mit den Terminen abgleichen, an denen bekannt wurde, dass Unlocks möglich sind. Gibt es da Korrelationen?
Datentarif zu teuer? Für nur 0,09€/min gibt’s Datenverbindung via UMTS/GPRS beicallmobile…