CMW – the developer of the Microsoft Windows version of Pwnage tool announced that WinPwn is about to be released. On http://www.winpwn.com he writes: “Expect a release within the next few days!”.
That sounds like a release on the weekend. Windows users help is on its way. In the meantime scroll the Apple pages and consider buying a Mac :-)
Article is outdated. Find newest Jailbreak and Unlock HowTo for iPhone Firmware 3.0 here.
Note
We need to stress: respect the laws of the country you live in. For instance as german citizen with a T-Mobile Germany plan and iPhone you are not allowed to jailbreak or unlock your iPhone. T-Mobile is not kidding in this topic, as we’ve all seen with the sipgate sue (we reported here). This tutorial is in no way meant as an invitation to do things that are in violation of your contracts. We cannot be held responsible for bricking your devices. You do everything at your own risk and responsibility. Thanks.
I. Abstract
Pwnage Tool 2.0 is the newest tool to unlock and jailbreak “old” iPhones (iPhone 2G) and jailbreak “new” iPhones (iPhone 3G). It is developed, maintained and provided for free by the iPhone Dev Team. The Dev Team already provided Pwnage Tool 1.0 (see recent tutorial here).
This tutorial is for Mac users only who previously activated and unlocked their iPhones using Pwnage Tool 1.0. The release of Pwnage Tool 2.0 has been delayed in the last few days because of several bugfixes and issues that occurred during latest test. As we’ve used Pwnage Tool 2.0 in the last hours on some old iPhones, we can say: in contrast to Pwnage Tool 1.0, we encountered some problems with Pwnage Tool 2.0. Keeping that in mind it is your own risk to prolly brick your iPhone. We cannot be held responsible for your actions.
II. Preparations
A Microsoft Windows version of Pwnage 2.0 has not yet been released. Get yourself a Mac, it really is time to switch :-)
You need to download and install a couple of programs
III. Fasten your seatbelts
Before taking off, we highly recommend to do the following preparations on your iPhone:
In case you didnot, we highly recommend you read our tutorial about activating and unlocking iPhones with firmware 1.1.4 (see here).
IV. Take off
…into the wide open world of unlocked and jailbroken iPhones.
click OK.
Expert Mode
click the blue arrow
Note: we encountered errors when browsing for the IPSW firmware that we manually downloaded several times:
We circumvented this error by letting iTunes download the firmware. But be careful let iTunes only download the firmware. Don’t choose download and install!!!
Cydia packages. We even leave the pictures the same.
OpenSSH, Cydia Installer, and Cydia's Source Set. These files will automatically become downloaded in the background.
Select packages you can check them, in case the packages are not pre-chosen for including into your custom IPSW. Then click the blue arrow again.
choose new logos. We recommend to leave these as they are and click the blue arrow again.
blue arrow again and can already smell the pwrn.
clicking No to search the web for them (we only show the 4.6 bootloader question, in fact there will be same question for the 3.9 bootloader).
save the custom IPSW file. It will show a picture similar to this:
After having chosen the target filename and folder, Pwnage will submissively begin its work.
At a specific point of work, Pwnage will require your admin password. This is due to a limitation of access to the filesystem.
wants to be quitted:
V. Approach for Landing
start iTunes (we have our iPhones connected!). And we choose the iPhone menu in iTunes (looks like this picture:)
hold the ALT key and press Restore Button. We will get a dialog, where we can choose our custom firmware:
VI. Baggage Claim Area
choose to restore your old settings (like eMail-accounts, calendar, photos, muzaq, and videos):
Continue you will see this picture. It depends on how many things you had saved on your iPhone and how much space it’s got. Our 4GB testmodel only took about 5 minutes to get all settings restored:
VII. Final words
Congratulations. You’re finished now. In case any of you got questions, don’t hesitate to ask below in our comments section. We hope you enjoyed this tutorial. Thanks for your attention. Big shouts fly out to the iPhone Dev Team. You guys simply rock our hearts…
[Update] Aug/25th/2008: read here, everything you gotta know about Proxy SIM solutions.
The Bladox Team has released an application for their Turbo SIM (see here how proxy SIMs work) that is obviously able to bypass the SIM lock of 3G iPhones – means unlocking it. The application is still beta and might not work on the entire planet, but it obviously does in the U.K. The name of the app is zerog-0.95.tar.gz, but for legal reasons we will not directly link it.
See this video:
It takes ages until it is logged it, but anyway it documents the current status quite well…
[Update] Aug/25th/2008: read here, everything you gotta know about Proxy SIM solutions.
The Brazilian based company DesbloqueioBr.com.br claims to have unlocked the 3G iPhone. The whole procedure is like a deja-vu. It is said it works almost the same like with TurboSIM for the “old” iPhone. The difference is they say they make use of a faked IMSI test card, while Bladox’ TurboSIM solution emulated an AT&T card.
The Theory behind
The guys at DesbloqueioBr claim that the iPhone 3G only checks on first card detection (means after hot-swapping or after reboot) for the type of SIM. It is said it checks the IMSI code. During card-detection, the IMSI test card emulation now returns that it is a test card. The next requests to the card will then be answered by the normal SIM card. Same working like with the TurboSIM, except that the TurboSIM was coded to emulate an AT&T card during card detection stage.
Empiricism
Since this has not been confirmed on forums and the video provided (see below) doesn’t show the unlock procedure, this is likely to be a rip-off. Anyway for proving the theory the iPhone Dev Team already provided a sample application for the TurboSIM, that does exactly what the theory requires: emulating a test IMSI at card detection stage. As of now there is no feedback. For legal reasons we cannot link the application, as we are located in Germany. During the next 24 hours google will index the page that contains the link, search for lamesaft-0.1.zip then.
Limitations
The video provided does not clarify how the unlock is performed. It simply shows a call being made from one iPhone to the other. It does not show the SIM adapter to be taken out. Moreover you still need to have the iPhone 3G activated. Currently there is no application available to do this. People on forums report that the DesbloqueioBr guys seem not to be willing to answer concrete questions.
Since there is no prove: we currently classify the DesbloqueioBr SIM adapter as SCAM. Update: at 00:29 the video shows the model as MB046LL, which could be identified as a U.S. american AT&T locked iPhone 3G (see model list here). This model obviously works with a different carrier (not AT&T, but TIM) in a different country (not the US, but Brazil).
Here’s the video that shows calls being made from one iPhone to another. The guy is talking portuguese, a translation is not available.
empty line for distance to the text.
Although we didn’t get our hands on a new iPhone 3G yet, things are as expected: the iPhone 3G uses a new bootloader for its baseband modem as confirmed by Geohot.
Bootloader versions from the “old” iPhones
As far as we are aware the there are those 3 different bootloader versions known on old iPhones:
It is widely known, that exploits for these old bootloaders have been found, that allow to SIM unlock any of these old iPhones. No matter which software revision is running.
No Unlock for iPhone 3G, but for old iPhones
For the new iPhone 3G bootloader, there is no (public) exploit known yet. Although the iPhone Dev Team states they can unlock firmware 2.0 – the unlock is most likely meant to work on “old” iPhones only. The only exploit yet known (in both old and new iPhones) is an iBoot bug. The iPhone Dev Team provided a video showing Pwnage Tool neutering the baseband for firmware 2.0:
Video: Pwnage Tool Bootneuter on firmware 2.0 (on an old iPhone)
Bootneuter 2.0 from iphonedev on Vimeo.
A new jailbreak for iPhone 3G and old iPhones
The Pwnage Tool 2.0 (and Geohot’s yiPhone) will most likely feature an iBoot bug to jailbreak old and new iPhones. iBoot is needed by iTunes to talk to when restoring firmware. About a year ago, Geohot found out that iBoot provides a full interactive shell. The only problem was, iBoot only allowed signed code to run. The iPhone Dev Team now managed to break the chain of trust from the earliest boot stage. Thus allowing to run unsigned code and in the end jailbreaking old and new iPhones (see video):
Video: Talking to iBoot unsigned
Talking to iBoot? from iphonedev on Vimeo.
Both videos are provided by iPhone Dev Team. Kudos to you guys.
It has been confirmed by early buyers from Hong Kong that the iPhone 3G is not SIM locked over there. However you need to sign a 24 months agreement with the carrier Hutchison Telecommunications to get hold of the iPhone and you need to activate in store.
iClarified just released a manual for jailbreaking, activating and unlocking firmware 1.1.4. Bootloader 3.9 seems to be required. They use a modified version of ZiPhone. I expect Zibri not to be happy with this. However this is not updating but recovering to 1.1.4 therefore I strongly recommend to do like iTunes recommends: to save the configuration of your iPhone automatically (means: contacts, calendar entries, text-messages, network configuration, weather etc.). I reinstalled those save configuration settings afterZiPhone activated the phone and before the unlock.
However I can confirm the howto (Mac version) works flawlessly. There is also a howto for Windows users – not tested though…
Die Jungens von iClarified haben eine nette klar verständliche Anleitung verfasst, wie man Firmware 1.1.4 bearbeiten muss. Diese Anleitung benötigt Bootloader 3.9. Zum Einsatz kommt eine modifizierte Version von Zibris ZiPhone. Genau genommen ist der Prozess kein Updaten, sondern ein Recovern auf die Firmware 1.1.4. iTunes bietet deshalb vor dem Recovery-Prozess auch an, die Einstellungen zu sichern. Wenn Ihr das nicht macht, sind die Kontakte, Kalender Einträge, SMS Einträge, WLan Einstellungen, Wetter Einstellungen nach dem Recovern natürlich im Eimer. Meine Empfehlung daher, nach dem ZiPhone das Telefon aktiviert hat, könnt Ihr die gesicherten Einstellungen noch vor dem Unlock wieder in das Telefon zurückspielen…
Ihr findet das englischsprachige HowTo für Mac hier – es funktioniert einwandfrei. Eine Windows Variante gibt es ebenfalls, die ich jedoch nicht getestet habe…
iNdependence 1.4 beta 5 has been released (Mac only). It now supports unlocking (gunlock method by GeoHot). You can get it here. However, the author of “Windows-Mobiles” has had some shocking bad experiences with updating and unlocking using iNdependence 1.4b5. You can read his article here. So prolly stick with whatever firm you got working right now and come back regularly. We’re gonna release a tutorial when everything has become foolproof…
iNdependence 1.4 beta 5 wurde soeben veröffentlicht (nur Mac OSX). Es beinhaltet nun auch die Möglichkeit zu unlocken mittels gunlock Methode von GeoHot. Download hier. Dummerweise findet sich auf “Windows-Mobiles” ein Artikel, in dem recht schlechte Erlebnisse mit dieser neuen iNdependence Version beschrieben werden. Updaten also weiterhin auf eigenene Gefahr. Wir empfehlen noch ein wenig zu warten. Sobald es eine Möglichkeit gibt zu aktivieren und zu unlocken, die wir als foolproof einstufen, wird sie hier als HowTo veröffentlicht…