Today’s Unlock Findings

I just unlocked two iphones today, both of which are firmware 1.1.3 OTB, by iPlus2.0b(Download. btw, I removed the included br_kit.tar(for Brazil localization) from payload.zip before i run the iplus batch). So far everything is fine and all functions are working well.

In order to give the Chinese iphone unlockers a basic guide so that they can use their cool toy ASAP, I just made a unlock checklist here. Of course it’s also helpful for those who are not Chinese but still own an iphone and ready to unlock themselves.

One more thing, add http//www.trejan.com/irepo to your installer Source and then install Hardware Info, by which you can get a full report on your iphone’s h/w info, including modem, cpu, baseband etc. You can get more from the author’s site here.

Last but not least, NEVER EVER restore your 3.9FB iphone to firmware 1.1.1 or 1.1.0.’Coz doing so may bring a *strange* 3.8BL to your iphone which is not in the popular hackable software pool. Here’s the announcement from hackint0sh.

On Fully Functional 1.1.4 Now

The reason i decided to update my iphone is as below:

1. the unlock works for sure.
2. the newly updated iCosta 1.1.0 supports 1.1.4 now.
3. of course 1.1.4 has some improvements as well. Personally what i’m interested is the one about cell signal.
And here’s the steps i did. In all, pretty easy and smooth.

1.Use iTunes to sync your iphone and make sure everything backuped. Then Shift+Restore to 1.1.4.
2.Download iPlus 1.2 and International Pack. Credit goes to aviegas.
3.Unzip the iPlus1.2.zip to your local harddisk, say c:\iplus1.2. Rename the existed payload.zip to payload-zip.bak. Then copy the downloaded payload_international.zip to c:\iplus1.2 and rename it as payload.zip.
4. Go to c:/iplus1.2 under command line and then run iplus -u. After couple of reboot and boom, the iphone has been activated, jailbroken and unlocked!!
5. Launch iTunes and restore back all of your original settings. and you are done!!

So for now I’m on 1.1.4 now, both firmware and baseband. And i checked youtube, google maps and Settings as well. All works fine. Last but least, i saw the cell signal. So, are you gonna stay where you are or go to 1.1.4 next?

Tutorial:How To Skip iPhone Activation on Windows

So far most of the hacking tools are based on Mac other than Windows. So something which may be pretty easy, i guess, on Mac, are not so easy at all on Windows,  like copy file from your computer to iPhone, esp for those who are not so skilled people.

OK, back to the topic. Actually iPhone activation has been completely hacked by the talented hackers on iPhone Dev Wiki. See the words from their page:

Once jailbraked, iphone can be patched to skip activations at all.
All you need is to apply the patch below to file /usr/libexec/lockdownd and write it back to phone.
The patch sets ActivationState to FactoryActivated and no more activation requests. You can see iPhoneInterface log:

iPhoneInterface v0.3.1 built on Jul 14 2007
Waiting for phone... established.
iPhone state: FactoryActivated

So, actually, the tutorial is about how to copy files from Windows to your iPhone :)  Anyway, let’s get it started.

Step 1: Download PSCP (an SCP client, i.e. command-line secure file copy) from here. Save it anywhere in your local directory, say “c:\phonedmg”;

Step 2: Setup SSH on iPhone by following the instructions of The first 10 steps to modding the iPhone, except the part about WinSCP now that it won’t works any more.

Step 3: Connect your iPhone to your Windows. No iTuens needed.

Step 4: Download the prepatched file from iPhone Dev Wiki provided link(which also included the tool by which you can edit the binary file, totally 1.94MB) or directly from my hosted here(the prepatched file only,379KB).
Save and extract the file to “c:\phonedmg” and rename ‘lockdownd.hacked’ to ‘lockdownd’.

Step 5: Backup your original ‘lockdownd’ file from iPhone to your computer by running the following command: pscp -scp root@YOURiPhoneIP:/usr/libexec/lockdownd lockdownd.old. You can get YOURiPhoneIP from your iPhone->Settings->Wi-Fi..You can see mine is 192.168.1.100. If you haven’t change your root’s password yet, type “dottie” when your are asked for.

Step 6: Upload the prepatched ‘lockdownd’ to iPhone to replace the old one. Here’s the command: pscp -scp lockdown root@YOURiPhoneIP:/usr/libexec/lockdownd.
Here’s the screenshot(click to enlarge):

Skip iPhone Activation Completely

Step 7: Reboot your iPhone. And you are done. Enjoy.

From the following pictrue you can see the file ‘lockdownd’ has been modified and updated.

iPhone Activation Skipped.

BTW, the SSH client in the above picture is PuTTY. See my last post for details.

Enjoy!

Update(Feb 4th,2008): You can use the elite team’s iPatcher to patch the original lockdownd to skip the activation step(download link) for any firmware version less than 1.1.3. For 1.1.3, check out George’s post for more details.

Don forget to backup your original lockdownd first.

Update(Jun.12,2008): Things have changed a lot. For now please turn to iLiberty+ or iplus to do the activation and other hacking jobs. They both work pretty well.