Sign in or 
Share this
iPhone Definitions
Jail:
This is the process by which full excute and write access is obtained on all the partitions of the iPhone. It is done by editting /etc/fstab to make things on disk0s2 executable, and make things on disk0s1 writable. This is entirely different than an unlock.
Unlock:
This is the process by which the iPhone baseband is modified to accept the SIM card of any GSM carrier. This is entirely different than a Jailbreak. Unlocked iPhones may be relocked while updating the baseband firmware.
Baseband:
This is the device in the iPhone that manages all the functions which require an antenna. The GSM phone, as well as the WiFi and bluetooth are all under the control of the baseband processor. The baseband processor has its own RAM and firmware in NOR flash, separate from the ARM core resources. The baseband processor is a resource to the OS.
The iPhone's baseband processor is the S-Gold 2 and the iPhone 3G makes use of the X-Gold 608 chip for this purpose.
Baseband Firmware of iPhone OS 1.1.1 to 1.1.4
For 04.04.05_G (1.1.4)
ICE04.04.05_G.eep http://rapidshare.com/files/133070919/ice040405_geep.zip.html
ICE04.04.05_G.fls http://rapidshare.com/files/133071075/ice040405_gfls.zip.html
For 04.03.13_G (1.1.3)
ICE04.03.13_G.eep http://rapidshare.com/files/133071289/ice040313_geep.zip.html
ICE04.03.13_G.fls http://rapidshare.com/files/133071423/ice040313_gfls.zip.html
For 04.02.13_G (1.1.2)
ICE04.02.13_G.eep http://rapidshare.com/files/133071576/ice040213_geep.zip.html
ICE04.02.13_G.fls http://rapidshare.com/files/133071720/ice040213_gfls.zip.html
For 04.01.13_G (1.1.1)
ICE04.01.13_G.eep http://rapidshare.com/files/133071900/ice040113_geep.zip.html
ICE04.01.13_G.fls http://rapidshare.com/files/133072040/ice040113_gfls.zip.html
Activation:
Lockdownd is always running on the iPhone and is in charge or monitoring the activation status of the device. When the iPhone is first purchased it is unactivated and only the "Emergency Call Screen" is available. The lockdownd patches here (which require a jailbreak) activate your phone and obviate the need to activate legitimately through iTunes with an official carrier.
Lockdownd Patches on Difference Versions
Lockdownd 1.1.2:
Offset Original Patched Reason
0×4B3B 0×1A 0xEA Changed to ignore baseband version.
0×79FC 0xD7 0xFF 0×00 00 Disallows enabling of Voided Warranty.
0×79FE 0xFF 0×1A 0xA0 0xE1 Part of patch at 0×79FC
0×7E0B 0×0A 0xEA Disallows enabling of Voided Warranty.
0xAC73 0×0A 0xEA Disallows enabling of Voided Warranty.
0xBC40 0×01 0×00 Change enable brick mode to disable.
0xC5CC 0×01 0×00 Change enable brick mode to disable.
0xC5D4 0×88 0xEC Change Unactivated to FactoryActivated
0xC614 0×48 0xAC Change Unactivated to FactoryActivated
0xC640 0×1C 0×80 Change Unactivated to FactoryActivated
0xC6F0 0×90 0xD0 Change MissingSIM to FactoryActivated
0xC74C 0×44 0×74 Change MismatchedICCID to FactoryActivated
0xC7DC 0xB4 0xE4 Change MismatchedICCID to FactoryActivated
0xC8AC 0xB0 0×33 0×14 0×34 Change Unactivated to FactoryActivated
0xC904 0×01 0×00 Change enable brick mode to disable.
Lockdownd 1.1.1:
Offset Original Patched Reason
0×482F 0×1A 0xEA Changed to ignore baseband version.
0xAF5C 0×01 0×00 Change enable brick mode to disable.
0xB814 0×24 0×54 Change Unactivated to FactoryActivated
0xB818 0×01 0×00 Change enable brick mode to disable.
0xB838 0×00 0×30 Change Unactivated to FactoryActivated
0xB858 0xE0 0×14 0×10 0×15 Change Unactivated to FactoryActivated
0xB884 0xB4 0xE4 Change Unactivated to FactoryActivated
0xB958 0×00 0×10 Change MismatchedICCID to FactoryActivated
0xB970 0xEC 0xF8 Change MissingSIM to FactoryActivated
0xB9E0 0×58 0×88 Change Unactivated to FactoryActivated
0xBA58 0×01 0×00 Change enable brick mode to disable.
Lockdownd 1.0.2:
Offset Original Patched Reason
0×9184 0×01 0×00 Change enable brick mode to disable.
0×94F0 0×01 0×00 Change enable brick mode to disable.
0×94F4 0×3C 0×68 Change Unactivated to FactoryActivated
0×95C4 0×84 0×98 Change MismatchedIMEI to FactoryActivated
0×9604 0×01 0×00 Change enable brick mode to disable.
0×9624 0×2C 0×38 Change MismatchedICCID to FactoryActivated
0×962C 0×28 0×30 Change MissingSIM to FactoryActivated
0×96A4 0×01 0×00 Change enable brick mode to disable.
Lockdownd 1.0.1:
Offset Original Patched Reason
0×9158 0×01 0×00 Change enable brick mode to disable.
0×94C4 0×01 0×00 Change enable brick mode to disable.
0×94C8 0×3C 0×68 Change Unactivated to FactoryActivated
0×9598 0×84 0×98 Change MismatchedIMEI to FactoryActivated
0×95D8 0×01 0×00 Change enable brick mode to disable.
0×95F8 0×2C 0×38 Change MismatchedICCID to FactoryActivated
0×9600 0×28 0×30 Change MissingSIM to FactoryActivated
0×9678 0×01 0×00 Change enable brick mode to disable.
Lockdownd 1.0.0:
Offset Original Patched Reason
0×8CF8 0×01 0×00 Change enable brick mode to disable
0×90A4 0×01 0×00 Change enable brick mode to disable
0×90A8 0×3C 0×68 Change Unactivated to FactoryActivated
0×9178 0×84 0×98 Change MismatchedIMEI to FactoryActivated
0×91B8 0×01 0×00 Change enable brick mode to disable
0×91D8 0×2C 0×38 Change MismatchedICCID to FactoryActivated
0×91E0 0×28 0×30 Change MissingSIM to FactoryActivate
0×9258 0×01 0×00 Change enable brick mode to disable
All Lockdownd
1.1.4 original http://rapidshare.com/files/133067477/114_lockdownd_original.zip.html
1.1.4 patched http://rapidshare.com/files/133067620/114_lockdownd_patched.zip.html
Details: The lockdownd in firmware 1.1.4 is very similar to the version 1.1.3, so the same patch applied to 1.1.3 also works on 1.1.4. NOTE: You can’t use the old 1.1.3 patched lockdownd because the files are different, you need to apply the patch on the 1.1.4 lockdownd.
Patch details:
Search for differences
1. G:\iPhone Stuffs\Lockdownd\lockdownd_114_original\lockdownd: 1,107,780 bytes
2. G:\iPhone Stuffs\Lockdownd\lockdownd_114_patched\lockdownd: 1,107,780 bytes
Offsets: hexadec.
83AF: 0A EA
AFA3: 0A EA
C4CF: 1A EA
CDB4: 80 04
CDB5: 28 29
CDC0: 01 00
CE08: 2C B0
CE58: DC 60
CE59: 27 28
CF24: 3C 94
CF7C: F4 3C
CF7D: 26 27
D000: 70 B8
D1A8: 8C 10
D1A9: 24 25
D224: 4C 94
D274: 01 00
17 difference(s) found.
1.1.3 original http://rapidshare.com/files/133068021/113_lockdownd_original.zip.html
1.1.3 patched http://rapidshare.com/files/133068133/113_lockdownd_patched.zip.html
Patch details:
Search for differences
1. G:\iPhone Stuffs\Lockdownd\lockdownd_113_original\lockdownd: 1,107,780 bytes
2. G:\iPhone Stuffs\Lockdownd\lockdownd_113_patched\lockdownd: 1,107,780 bytes
Offsets: hexadec.
83AF: 0A EA
AFA3: 0A EA
C4CF: 1A EA
CDB4: 80 04
CDB5: 28 29
CDC0: 01 00
CE08: 2C B0
CE58: DC 60
CE59: 27 28
CF24: 3C 94
CF7C: F4 3C
CF7D: 26 27
D000: 70 B8
D1A8: 8C 10
D1A9: 24 25
D224: 4C 94
D274: 01 00
17 difference(s) found.
1.1.2 original http://rapidshare.com/files/133068455/112_lockdownd_original.zip.html
1.1.2 patched http://rapidshare.com/files/133068558/112_lockdownd_patched.zip.html
Details: This patch uses the same technique as introduced in 1.1.1 patch. With this patch, the 1.1.2 can be factory activated immediately.
The patch details:
Search for differences
1. G:\iPhone Stuffs\lockdownd\lockdownd_112_original\lockdownd: 996,440 bytes
2. G:\iPhone Stuffs\lockdownd\lockdownd_112_patched\lockdownd: 996,440 bytes
Offsets: hexadec.
4B4C: 01 14
4B4E: A0 00
4B4F: E3 EA
C5C1: 00 40
C5C2: 54 A0
C5C8: 04 00
C5CA: 00 A0
C5CB: 1A E1
C5CC: 01 00
C5D4: 88 EC
10 difference(s) found.
Note: the 1.1.2 has a firmware checking routine which will brick phone in case an unexpected version is found. The patch at 4B4C-4B4F fixes it. In case the firmware version causes any problem, the syslog will log the following info
lookup_baseband_info: Not the expected firmware version. Enabling brick mode
but the actual bricking operations will not be run because the patch will force a jump once the syslog is done.
1.1.1 original http://rapidshare.com/files/133068876/111_lockdownd_original.zip.html
1.1.1 patched http://rapidshare.com/files/133068957/111_lockdownd_patched1.zip.html
Details: Patch detail:
Search for differences
1. C:\iPhone\lockdownd\lockdownd_111_original\lockdownd: 819,328 bytes
2. C:\iPhone\lockdownd\lockdownd_111_patched\lockdownd: 819,328 bytes
Offsets: hexadec.
B810: 04 00
B812: 00 A0
B813: 1A E1
B814: 24 54
B818: 01 00
5 difference(s) found.
source: George Zhu's Blog
Bootloader:
The baseband bootloader is the code which runs before the baseband FW, it is responsible for signature checking and updating the baseband. See also bootloader.
3.9
This is the old bootloader from the iPhone/S-Gold 2. It is vulnerable to Minus 0x400 and IPSF
4.6
This is the new bootloader from the iPhone/S-Gold 2. It is vulnerable to Minus 0x20000 with Back Extend Erase
5.8
This is the bootloader from the iPhone 3G/X-Gold 608. Currently it has no known exploits. It is, in contrast to 3.9 and 4.6, sig checked on startup.
This is the process by which full excute and write access is obtained on all the partitions of the iPhone. It is done by editting /etc/fstab to make things on disk0s2 executable, and make things on disk0s1 writable. This is entirely different than an unlock.
Unlock:
This is the process by which the iPhone baseband is modified to accept the SIM card of any GSM carrier. This is entirely different than a Jailbreak. Unlocked iPhones may be relocked while updating the baseband firmware.
Baseband:
This is the device in the iPhone that manages all the functions which require an antenna. The GSM phone, as well as the WiFi and bluetooth are all under the control of the baseband processor. The baseband processor has its own RAM and firmware in NOR flash, separate from the ARM core resources. The baseband processor is a resource to the OS.
The iPhone's baseband processor is the S-Gold 2 and the iPhone 3G makes use of the X-Gold 608 chip for this purpose.
Baseband Firmware of iPhone OS 1.1.1 to 1.1.4
For 04.04.05_G (1.1.4)
ICE04.04.05_G.eep http://rapidshare.com/files/133070919/ice040405_geep.zip.html
ICE04.04.05_G.fls http://rapidshare.com/files/133071075/ice040405_gfls.zip.html
For 04.03.13_G (1.1.3)
ICE04.03.13_G.eep http://rapidshare.com/files/133071289/ice040313_geep.zip.html
ICE04.03.13_G.fls http://rapidshare.com/files/133071423/ice040313_gfls.zip.html
For 04.02.13_G (1.1.2)
ICE04.02.13_G.eep http://rapidshare.com/files/133071576/ice040213_geep.zip.html
ICE04.02.13_G.fls http://rapidshare.com/files/133071720/ice040213_gfls.zip.html
For 04.01.13_G (1.1.1)
ICE04.01.13_G.eep http://rapidshare.com/files/133071900/ice040113_geep.zip.html
ICE04.01.13_G.fls http://rapidshare.com/files/133072040/ice040113_gfls.zip.html
Activation:
Lockdownd is always running on the iPhone and is in charge or monitoring the activation status of the device. When the iPhone is first purchased it is unactivated and only the "Emergency Call Screen" is available. The lockdownd patches here (which require a jailbreak) activate your phone and obviate the need to activate legitimately through iTunes with an official carrier.
Lockdownd Patches on Difference Versions
Lockdownd 1.1.2:
Offset Original Patched Reason
0×4B3B 0×1A 0xEA Changed to ignore baseband version.
0×79FC 0xD7 0xFF 0×00 00 Disallows enabling of Voided Warranty.
0×79FE 0xFF 0×1A 0xA0 0xE1 Part of patch at 0×79FC
0×7E0B 0×0A 0xEA Disallows enabling of Voided Warranty.
0xAC73 0×0A 0xEA Disallows enabling of Voided Warranty.
0xBC40 0×01 0×00 Change enable brick mode to disable.
0xC5CC 0×01 0×00 Change enable brick mode to disable.
0xC5D4 0×88 0xEC Change Unactivated to FactoryActivated
0xC614 0×48 0xAC Change Unactivated to FactoryActivated
0xC640 0×1C 0×80 Change Unactivated to FactoryActivated
0xC6F0 0×90 0xD0 Change MissingSIM to FactoryActivated
0xC74C 0×44 0×74 Change MismatchedICCID to FactoryActivated
0xC7DC 0xB4 0xE4 Change MismatchedICCID to FactoryActivated
0xC8AC 0xB0 0×33 0×14 0×34 Change Unactivated to FactoryActivated
0xC904 0×01 0×00 Change enable brick mode to disable.
Lockdownd 1.1.1:
Offset Original Patched Reason
0×482F 0×1A 0xEA Changed to ignore baseband version.
0xAF5C 0×01 0×00 Change enable brick mode to disable.
0xB814 0×24 0×54 Change Unactivated to FactoryActivated
0xB818 0×01 0×00 Change enable brick mode to disable.
0xB838 0×00 0×30 Change Unactivated to FactoryActivated
0xB858 0xE0 0×14 0×10 0×15 Change Unactivated to FactoryActivated
0xB884 0xB4 0xE4 Change Unactivated to FactoryActivated
0xB958 0×00 0×10 Change MismatchedICCID to FactoryActivated
0xB970 0xEC 0xF8 Change MissingSIM to FactoryActivated
0xB9E0 0×58 0×88 Change Unactivated to FactoryActivated
0xBA58 0×01 0×00 Change enable brick mode to disable.
Lockdownd 1.0.2:
Offset Original Patched Reason
0×9184 0×01 0×00 Change enable brick mode to disable.
0×94F0 0×01 0×00 Change enable brick mode to disable.
0×94F4 0×3C 0×68 Change Unactivated to FactoryActivated
0×95C4 0×84 0×98 Change MismatchedIMEI to FactoryActivated
0×9604 0×01 0×00 Change enable brick mode to disable.
0×9624 0×2C 0×38 Change MismatchedICCID to FactoryActivated
0×962C 0×28 0×30 Change MissingSIM to FactoryActivated
0×96A4 0×01 0×00 Change enable brick mode to disable.
Lockdownd 1.0.1:
Offset Original Patched Reason
0×9158 0×01 0×00 Change enable brick mode to disable.
0×94C4 0×01 0×00 Change enable brick mode to disable.
0×94C8 0×3C 0×68 Change Unactivated to FactoryActivated
0×9598 0×84 0×98 Change MismatchedIMEI to FactoryActivated
0×95D8 0×01 0×00 Change enable brick mode to disable.
0×95F8 0×2C 0×38 Change MismatchedICCID to FactoryActivated
0×9600 0×28 0×30 Change MissingSIM to FactoryActivated
0×9678 0×01 0×00 Change enable brick mode to disable.
Lockdownd 1.0.0:
Offset Original Patched Reason
0×8CF8 0×01 0×00 Change enable brick mode to disable
0×90A4 0×01 0×00 Change enable brick mode to disable
0×90A8 0×3C 0×68 Change Unactivated to FactoryActivated
0×9178 0×84 0×98 Change MismatchedIMEI to FactoryActivated
0×91B8 0×01 0×00 Change enable brick mode to disable
0×91D8 0×2C 0×38 Change MismatchedICCID to FactoryActivated
0×91E0 0×28 0×30 Change MissingSIM to FactoryActivate
0×9258 0×01 0×00 Change enable brick mode to disable
All Lockdownd
1.1.4 original http://rapidshare.com/files/133067477/114_lockdownd_original.zip.html
1.1.4 patched http://rapidshare.com/files/133067620/114_lockdownd_patched.zip.html
Details: The lockdownd in firmware 1.1.4 is very similar to the version 1.1.3, so the same patch applied to 1.1.3 also works on 1.1.4. NOTE: You can’t use the old 1.1.3 patched lockdownd because the files are different, you need to apply the patch on the 1.1.4 lockdownd.
Patch details:
Search for differences
1. G:\iPhone Stuffs\Lockdownd\lockdownd_114_original\lockdownd: 1,107,780 bytes
2. G:\iPhone Stuffs\Lockdownd\lockdownd_114_patched\lockdownd: 1,107,780 bytes
Offsets: hexadec.
83AF: 0A EA
AFA3: 0A EA
C4CF: 1A EA
CDB4: 80 04
CDB5: 28 29
CDC0: 01 00
CE08: 2C B0
CE58: DC 60
CE59: 27 28
CF24: 3C 94
CF7C: F4 3C
CF7D: 26 27
D000: 70 B8
D1A8: 8C 10
D1A9: 24 25
D224: 4C 94
D274: 01 00
17 difference(s) found.
1.1.3 original http://rapidshare.com/files/133068021/113_lockdownd_original.zip.html
1.1.3 patched http://rapidshare.com/files/133068133/113_lockdownd_patched.zip.html
Patch details:
Search for differences
1. G:\iPhone Stuffs\Lockdownd\lockdownd_113_original\lockdownd: 1,107,780 bytes
2. G:\iPhone Stuffs\Lockdownd\lockdownd_113_patched\lockdownd: 1,107,780 bytes
Offsets: hexadec.
83AF: 0A EA
AFA3: 0A EA
C4CF: 1A EA
CDB4: 80 04
CDB5: 28 29
CDC0: 01 00
CE08: 2C B0
CE58: DC 60
CE59: 27 28
CF24: 3C 94
CF7C: F4 3C
CF7D: 26 27
D000: 70 B8
D1A8: 8C 10
D1A9: 24 25
D224: 4C 94
D274: 01 00
17 difference(s) found.
1.1.2 original http://rapidshare.com/files/133068455/112_lockdownd_original.zip.html
1.1.2 patched http://rapidshare.com/files/133068558/112_lockdownd_patched.zip.html
Details: This patch uses the same technique as introduced in 1.1.1 patch. With this patch, the 1.1.2 can be factory activated immediately.
The patch details:
Search for differences
1. G:\iPhone Stuffs\lockdownd\lockdownd_112_original\lockdownd: 996,440 bytes
2. G:\iPhone Stuffs\lockdownd\lockdownd_112_patched\lockdownd: 996,440 bytes
Offsets: hexadec.
4B4C: 01 14
4B4E: A0 00
4B4F: E3 EA
C5C1: 00 40
C5C2: 54 A0
C5C8: 04 00
C5CA: 00 A0
C5CB: 1A E1
C5CC: 01 00
C5D4: 88 EC
10 difference(s) found.
Note: the 1.1.2 has a firmware checking routine which will brick phone in case an unexpected version is found. The patch at 4B4C-4B4F fixes it. In case the firmware version causes any problem, the syslog will log the following info
lookup_baseband_info: Not the expected firmware version. Enabling brick mode
but the actual bricking operations will not be run because the patch will force a jump once the syslog is done.
1.1.1 original http://rapidshare.com/files/133068876/111_lockdownd_original.zip.html
1.1.1 patched http://rapidshare.com/files/133068957/111_lockdownd_patched1.zip.html
Details: Patch detail:
Search for differences
1. C:\iPhone\lockdownd\lockdownd_111_original\lockdownd: 819,328 bytes
2. C:\iPhone\lockdownd\lockdownd_111_patched\lockdownd: 819,328 bytes
Offsets: hexadec.
B810: 04 00
B812: 00 A0
B813: 1A E1
B814: 24 54
B818: 01 00
5 difference(s) found.
source: George Zhu's Blog
Bootloader:
The baseband bootloader is the code which runs before the baseband FW, it is responsible for signature checking and updating the baseband. See also bootloader.
3.9
This is the old bootloader from the iPhone/S-Gold 2. It is vulnerable to Minus 0x400 and IPSF
4.6
This is the new bootloader from the iPhone/S-Gold 2. It is vulnerable to Minus 0x20000 with Back Extend Erase
5.8
This is the bootloader from the iPhone 3G/X-Gold 608. Currently it has no known exploits. It is, in contrast to 3.9 and 4.6, sig checked on startup.
|
softworld |
Latest page update: made by softworld
, Feb 28 2009, 10:03 AM EST
(about this update
About This Update
Edited by softworld
1 word added 1 word deleted view changes - complete history) |
|
Keyword tags:
3g iphone
activation
apple
baseband
bootloader
geohot
iphone
jailbreak
pwned
unlock
More Info: links to this page
|
There are no threads for this page.
Be the first to start a new thread.
