October 5, 2024
GeoHot Posts Entire Source Code for iPhone 3GS Unlock

GeoHot Posts Entire Source Code for iPhone 3GS Unlock

Posted July 14, 2009 at 1:25am by iClarified
GeoHot has posted information on how he executed the iPhone 3GS unlock and also posted the entire source code for PurpleSn0w.

-----
About a year ago today, I found the at+stkprof exploit. Back then, I struggled for 3 days to write a payload. No luck, I just wasn't a good enough reverser. So I stashed the exploit away until December, when I gave it to dev for use in yellowsn0w.

Now a year later, I wrote a payload and delivery system in a day. And it's an awesome payload. Ideally we'd like to patch the lock out of flash, but with the apparently proper sig checks, that isn't going to happen. So purplesn0w is the next best thing. I copy the page I want to patch to an unused region of memory. In memory I patch it. Then, using the MMU, I map the flash page out and remap the patched memory page in it's place.


No new iPhones are really unlocked, activation creates a ticket allowing the baseband to be used with that sim. The lockstate of the phone really lies on apples servers. Unlocked is auth all sims. Locked is auth AT&T sims only. Fortunately this ticket system provides an easy way to deliver the payload and reexecute the patched code all in one. And since the ticket is already delivered on baseband resets, theres no need to write another daemon to hog battery. I use the daemon already designed for this, lockdownd. A patch to commcenter gets it to run the payload on ticket delivery. And a patch to your activation record contains the payload. So using existing apple machinery, I unlock when needed.

In retrospect, I should've just patched commcenter to send the payload. Then hacktivation would work no problem. Oh well, tomorrow is another day.

Here is the source. And I mean all of it.
----

Read More



GeoHot Posts Entire Source Code for iPhone 3GS Unlock
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (12)
You must login or register to add a comment...
jashsayani
jashsayani - July 15, 2009 at 11:57am
TO ICLARIFIED: WHEN YOU LINK TO DIRECT FILES (ZIP) - PLEASE MENTION IN THE F***ING POST. EXAMPLE: Here (zip)
t11chb
t11chb - July 14, 2009 at 11:57am
What a stupid thing to do! Firstly your gonna get people passing it off as their own, selling unlocks, ripping people off. Secondly, Guaranteed Apple will take a look.
PizzaTheHut
PizzaTheHut - July 14, 2009 at 10:43am
That is not all the source code. The crc32 class is missing.
zenrock
zenrock - July 14, 2009 at 1:34pm
it doesn't matter why would a iphone jailbreaker ever post all his code so apple can look at it noone ever in there right mind would commit so i'm guess purplerain is gonna be a one hit wonder then because as soon as apple get's it's hands on the code it will no longer work lollllll wow talk about dumb move.
Nicolai
Nicolai - July 14, 2009 at 4:06am
Anybody know if it works with iPhone 3G? with FW3.0? Thanks
nicolai
nicolai - July 14, 2009 at 5:52am
ppl, I tried to iPhone 3G FW3.0 and nothing! not unlock
Nicolai
Nicolai - July 14, 2009 at 7:41am
I am not of your level! low level
Kyle Flanagan
Kyle Flanagan - July 14, 2009 at 7:47am
Nicolai: No, this won't work for 3G. You're better off with ultrasn0w.
Kyle Flanagan
Kyle Flanagan - July 14, 2009 at 3:04am
Hat tip to Geohot and The Dev Team that allow us to use our iPhones be they 2G, 3G or 3GS any which way we want.
mr.sudoku
mr.sudoku - July 14, 2009 at 2:44am
It's a cat & mouse game. Why's everyone blame GeoHotz, he's good. let's enjoy & see what's Apple would do next. GeoHotz, you're the MAN. Well done
iphonemod dot net
iphonemod dot net - July 14, 2009 at 5:24am
i think so, will should think that this is another way to unlock tools this is a good news
Lusu
Lusu - July 14, 2009 at 8:38pm
You all forget one thing: Apple does not need any source code. They can simply reverse engineer the binaries. "Decompilers" those days produce nearly 100% identical source code... So no, he did not offered them the hole on a plate... they already had it... one way or another. I bet that they can't close the hole easy anyway, because it will be closed in the upcoming, already seeded to developers 3.1 version...
Recent. Read the latest Apple News.
RECENT
Tutorials. Help is here.
TUTORIALS
Where to Download macOS Sequoia
Where to Download iPod touch Firmware Files From
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.
DEALS