… by the iPhone Dev Team. You guys really rock. The unlock tool requires a jailbroken iPhone 3G and either Cydia or the Installer installed to download the unlock program called “yellowsn0w” from the Dev Team’s repository.
The tool gets distributed for free. Anyway some code-thieves are obviously already selling it by saying it is their work. Find further information about yellowsn0w on the Dev Team’s blog.
And yes: happy new year guys. We’re back from vacation and Berlin is full of “white snow” :-))
The release of the 3G unlock software (currently going under the name yellosn0w) is due to december 31., 2008. The unlock will currently only available for baseband version 2.11.07 or lower.
Between Chrismas and new year’s eve members of the team (planetbeing, MuscleNerd and pytey) will be giving a lecture about the security systems in both the iPhone 2G and 3G on the Chaos Computer Conference 2008.
Welcome to Berlin, guys. Enjoy the most interesting and inconsistent town in Europe, today :-)
The iPhone Dev Team posted some news during the last days. First of all they show us they are able to run a modified 3G baseband, although it fails integrity checks (see picture). And obviously they coded a baseband tool that allows execution of custom commands on the baseband.
Their silent and evolving works seems to be succesfull. Both these steps are major steps into a custom unlock. Anyway we don’t have information how long it will take until the final unlock, but we expect it to be aired before Chrismas.
This is a short HowTo since all of you by now know how to use QuickPwn, don’t you? in short: QuickPwn is an Après-Tool. Means: you let iTunes 8 do the update process and use QuickPwn afterwards to “open” your device. Note:
2G iPhones can be jailbroken and unlocked
3G iPhones can be jailbroken, but not unlocked
iPod Touch 1st generation can be jailbroken
iPod Touch 2nd generation can not be jailbroken
Our article will not cover the iPod Touch, but the iPhone.
II. Requirements
iPhone 2G or 3G
PC/Laptop running Microsoft Windows XP or Vista
QuickPwn 2.1 (download here or here) (sha1= f8124d0e8f31f64ef3272de8fbc679e1dd1f93a7)
Jailbreaking and unlocking is illegal to be performed with iPhone devices that are part of a current agreement (mostly 12 or 24 months). You would violate your contract by jailbreaking and unlocking! Don’t do it.
If you’re updating: all your Cydia and Installer.app based applications will be lost and need to be installed again!
Make sure you make a backup of your data!
IV. Update iPhone firmware
connect your iPhone with your PC
start iTunes 8
choose your iPhone (under devices)
hold the shift-key (on your keyboard) and do a mouse-click on the Update Button – a file-open window will pop up like this:
locate the downloaded firmware 2.1 (named: iPhone1,1_2.1_5F136_Restore.ipsw) and open it
iTunes will begin to update your iPhone automatically
After having updated the iPhone will reboot. If you are using an already Pwned iPhone it will remain activated and unlocked, you only need to jailbreak.
IV. QuickPwning it :-)
Let your iPhone plugged to your computer
Close iTunes
Start QuickPwn 2.1-1
You will be greeted with the Device Detection screen, click the right-arrow to proceed:
on the next window, click the Browse button to locate your iPhone1,1_2.1_5F136_Restore.ipsw firmware:
QuickPwn will check if the firmware matches the version currently running on your iPhone and will allow you to proceed (click the right-arrow):
the next windows allows you to select, what you want to install. We recommend to install both Cydia and Installer.app. If your iPhone has not been unlocked until now, here you can also choose to simunlock it. As we are quite conservative: we never change the boot logos, but this seems to be a matter of taste. After having selected, click the right-arrow button to proceed.
For safety reasons, QuickPwn will remind you to leave your iPhone plugged to your computer, click the right-arrow button to proceed
Read and follow the instruction on this window very carefully! QuickPwn will help you counting!
After that, QuickPwn will take control and perform the following actions automatically:
When all the tasks have been completed, QuickPwn has finished.
Your iPhone will perform some more actions for the next few minutes. It will show it is changing the NOR and so on and will reboot then.
After having rebooted your iPhone will be perfectly jailbroken and unlocked
V. Final words
Guys, we hope we could clarify some more things here than others did. We appreciate your comments on this. Kudos to all of you and remember to consider our sponsors, they really got the coolest offers ;-) Kudos fly out to the iPhone Dev Team! Live long and prosper, guys.
Eventually the iPhone Dev Team released QuickPwn 2.1 for Windows. They really don’t seem to sleep never. It supports firmware 2.1. It jailbreaks, activates and unlocks iPhone 2G devices and jailbreaks iPhone 3G. It sadly still does not unlock iPhone 3G. Using is very straightforward. Kudos to the Dev Team :-)
We read all over the net and found some solutions to the most common issues that occurred. If you are kinda conservative user, we’d recommend not to update to firmware 2.1 and wait until a PwnageTool and QuickPwn update has been released. Since the iPhone Dev Team is reacting very fast, this should take only some days.
Known Workarounds:
Error 1600 and Error 6: restore with stock firmware 2.1, then QuickPwn (you may then put into restore mode and install custom IPSW, but it’s not necessary- credits to “HomeGrown”).
Error 1600: when Pwnage asks, if already pwned your device, answer NO, no matter if you pwned if before or not (credits to “Maurofoto”)
Error 1600: let iTunes download firmware 2.1 again (you may delete it from the local folder if you already downloaded it via iTunes. Folder on a Mac: ~/Library/iTunes/iPhone Software Update/), then exit iTunes, prep a custom IPSW using Pwnage, delete the iTunes downloaded firmware from the above mentioned folder again and copy your custom IPSW to that folder, but name it exactly as the original firmware was named (credits to “Markat”)
Apple made their promises come true. Firmware 2.1 is out now. If you are using a pwned iPhone – don’t update now, as it is unclear at the moment, if the iPhone remains unlocked. According to Apple firmware 2.1 should:
Decrease dropped calls
improve battery life
reduce backup time
improve email reliability (POP and Exchange)
allow faster installation of 3rd party apps
reduce hangs and crashes for users with lots of third party applications (we don’t know either what exactly does “lots” mean?)
improve performance in text messaging
allow faster loading and searching of contacts
improve accuracy of the 3G signal strength display
and some more…
Rumors say updating the iPhone to 2.1 and using QuickPwn with firmware 2.0.2 in order to jailbreak should work. We can’t confirm this and moreover: we definitely recommend not to try this. iPod Touch may want to visit QuickPwn to find further instructions for dealing with 2.1.
As conservative users: wait a couple of days. The iPhone Dev Team is most likely on their marks…
Firmware 2.1 will be released today. As of now, it cannot be pwned – no matter if you are running QuickPwn or PwnageTool. We recommend not to update until further notice.
Current Status
The iPhone Dev Team reports iTunes tries to countermeasure the exploits the well known Pwnage Tool is using. After having compiled a custom firmware with Pwnage Tool or WinPwn, you need to install it using iTunes. Now, iTunes in version 8.0 refuses to install custom firmware, thus combatting Pwnage’s way into the iPhone or the iPod Touch. The iPhone Dev Team released the photo below indicating the error message from iTunes 8, when trying to install a custom firmware to a (not yet) pwned iPod Touch. As of now, it is unknown if iTunes can also detect an already installed custom firmware. Thus allowing original unmodded updates to install. This would also allow the use QuickPwn. iTunes seems not to be able to detect already pwned iPhones. Forum reports say, iTunes 8 still can install custom firmware to an already pwned iPhone. For those guys of you who are running a device fresh from the factory (means not pwned), use QuickPwn as a workaround for now.
Interim solution to pwn a new device:
Use QuickPwn to jailbreak and then Pwn/unlock your device
if you like you can then use Pwnage Tool to create a recovery custom firmware (imho: you don’t need it, after having QuickPwned your devices
Next Steps
Anyway the Dev Team reports, they are working on a way to trick iTunes, thus forcing iTunes to install custom firmwares even on not pwned devices. The iPhone Dev Team is currently prepping a whole lot of patches for iTunes 8, no matter if you are on Windows or on Mac. Patches will be released during the next week.
Firmware 2.1 is already available for iPod Touch customers. If you are already using firmware 2.0 this update will be free of charge. If you are running a firmware revision below 2.0 an upgrade fee will apply. iPhone users need to wait a little longer. Apple will begin seeding firmware 2.1 on friday, 12th of september. As always: for iPhone customers this upgrade is free of charge. Why buying an iPod Touch anyway?
Apple announced this upgrade will:
fix connection terminations
fix system hang ups
prolong battery time
accelerate iTunes backup synchronisation
improve 3G connections
iPhone Dev Team: get on your marks. 6million iPhone users are expecting your help tomorrow :-)
Although we didn’t get our hands on a new iPhone 3G yet, things are as expected: the iPhone 3G uses a new bootloader for its baseband modem as confirmed by Geohot.
Bootloader versions from the “old” iPhones
As far as we are aware the there are those 3 different bootloader versions known on old iPhones:
3.8 (very rare)
3.9 (iPhones before november 2007) and
4.6 (iPhones after november 2007).
It is widely known, that exploits for these old bootloaders have been found, that allow to SIM unlock any of these old iPhones. No matter which software revision is running.
No Unlock for iPhone 3G, but for old iPhones
For the new iPhone 3G bootloader, there is no (public) exploit known yet. Although the iPhone Dev Team states they can unlock firmware 2.0 – the unlock is most likely meant to work on “old” iPhones only. The only exploit yet known (in both old and new iPhones) is an iBoot bug. The iPhone Dev Team provided a video showing Pwnage Tool neutering the baseband for firmware 2.0:
Video: Pwnage Tool Bootneuter on firmware 2.0 (on an old iPhone)
The Pwnage Tool 2.0 (and Geohot’s yiPhone) will most likely feature an iBoot bug to jailbreak old and new iPhones. iBoot is needed by iTunes to talk to when restoring firmware. About a year ago, Geohot found out that iBoot provides a full interactive shell. The only problem was, iBoot only allowed signed code to run. The iPhone Dev Team now managed to break the chain of trust from the earliest boot stage. Thus allowing to run unsigned code and in the end jailbreaking old and new iPhones (see video):
Loading ...