Sun, 24 Feb 2008

getting an Iphone?

UPDATE3: Nice explanation of what the baseband is, here.

UPDATE2: The Ziphone guys got it all together. Is it possible to unlock an iphone with just one click? We'll have to try it. here. Amazing people out there. A macosx version exists. Awesome. It seems that they integrated geohot's work on their software.

UPDATE: It seems this is another method to unlock 1.1.3.

I am considering getting an iphone. I kind of want to make it work with t-mobile. I don't want a pay 70US to att and get stuck in a two years contract.

Before getting one I have to be sure apple won't release a new version or reduce the price of this cult device. After that, I want to read about the software unlocking methods out there to try to get an idea how they work before I actually get one.

There is a lot of information on the Internet, unfortunately it already assume you have some previous knowledge. That's bad. First thing first, go ahead and read this. It will explain you some terms and concepts you have to know prior to reading other documents.

After reading that we should stop in the iphone status page which nicely shows what is the status of the unlocking process for the different versions of the iphone. If you read that, you'll find there is a very promising update in orange basically saying someone (Geohot) has released a software method to unlock 1.1.2 OTB (Out of the box). In the status overview there is an entry to Geohot's blog.

Once there, you can download his work and read the instructions txt file. That file was kind of my starting point and I am going over it here. This is just a method for me to try to understand what we are doing here:

geohot's 1.1.2 software unlock
yes, this is what you have all been waiting for
now fixed to support 1.1.3
and a little more idiot proof

Ok, pretty awesome, it seems to even works with 1.1.3. Again, 1.1.3 is the latest firmware that runs in the iphone.

1. Download these:
gunlock and the secpack from http://iphonejtag.blogspot.com/ or the blog :)
the 4.02.13 fls from around the internet

Umm.. hang on.. two much information here.

• Gunlock: is the piece of code that does all the magic. It's written in c and already compiled and ready to be run under macosx.
• Secpack: Not sure what it is, but it comes in the tarball you previously downloaded from geohot's blog. --TODO-- What's secpack
• 4.02.13 fls: This seems to be baseband firmware. Which is the bit of software that controls the GSM stuff. The phone capabilities of the iphone. Where the F... do we download that? You can get that file here.

Ok, so we seem to have everything that gunlock requires. And more or less understand what's are each of these files. Next please:

2. Downgrade your phone to 1.0.2. See all the great tutorials online to do this. 
Your baseband won't be downgraded, this is normal.
This will probably work on other versions too, but 1.0.2 doesn't lose wifi on bb access.

Let's review this for a sec. We have to downgrade to an earlier version of the firmware. Makes sense, I guess it was easier to hack the device with that older firmware. The downgrade process is explained here. Notice something here: It seems that downgrading the general firmware won't downgrade the baseband firmware. GeoHot warns us about it.

At these point that's what I have in my working directory:

drwxr-xr-x  11 drio  staff       374 Feb 24 11:15 .
drwxr-xr-x   8 drio  staff       272 Feb 24 09:58 ..
-rwxr-xr-x   1 drio  staff   3157412 Feb 24 10:46 ICE04.02.13_G.fls
drwxr-xr-x   6 drio  staff       204 Feb 24 11:16 bricktool
-rw-r--r--@  1 drio  staff      4176 Feb 24 11:15 bricktool.zip
-rw-r--r--   1 drio  staff     19704 Feb 24 09:58 gunlock
-rw-r--r--   1 drio  staff     10733 Feb 24 09:58 gunlock.c
-rw-r--r--@  1 drio  staff  95627324 Feb 24 10:56 iPhone1,1_1.0.2_1C28_Restore.ipsw
-rw-r--r--   1 drio  staff      1124 Feb 24 09:58 instructions.txt
-rw-r--r--   1 drio  staff       279 Feb 24 09:58 runme.sh
-rw-r--r--   1 drio  staff      2048 Feb 24 09:58 secpack

Next,

3. Make sure you have secpack and ICE04.02.13_G.fls in the folder you are in.

4. chmod +x runme.sh

5. ./runme.sh

This is pretty "straightforward". He wrote a shell script that actually runs the final gunlock. He does something before and after, don't know exactly why. --TODO: why is he doing that? Next,

6. For some reason my phone was in brick mode. Use the elite team bricktool to get out.

7. Also run iWorld on 1.1.2

These are some tools that fix some of the problems you get after running the gunlock software. You can find them here and here. TODO -- Find out more about these tools.

And that's suppose to be everything. Here the guy said you'll get a 1.1.2 or 1.1.3 unlocked. I am not sure how that is possible if we started with a 1.0.2 version.

So to sum up:

• 1. get gunlock software + the baseband firmware (4.02.13 fls)
• 2. Downgrade to 1.0.2.
• 3. run the gunlock software.
• 4. run the bricktool and iworld.

Still a lot of stuff to read.

posted at: 13:13 | path: /apple | permanent link to this entry