November 28, 2022
GeoHot Posts Entire Source Code for iPhone 3GS Unlock

GeoHot Posts Entire Source Code for iPhone 3GS Unlock

Posted July 14, 2009 at 1:25am by iClarified · 15337 views
GeoHot has posted information on how he executed the iPhone 3GS unlock and also posted the entire source code for PurpleSn0w.

About a year ago today, I found the at+stkprof exploit. Back then, I struggled for 3 days to write a payload. No luck, I just wasn't a good enough reverser. So I stashed the exploit away until December, when I gave it to dev for use in yellowsn0w.

Now a year later, I wrote a payload and delivery system in a day. And it's an awesome payload. Ideally we'd like to patch the lock out of flash, but with the apparently proper sig checks, that isn't going to happen. So purplesn0w is the next best thing. I copy the page I want to patch to an unused region of memory. In memory I patch it. Then, using the MMU, I map the flash page out and remap the patched memory page in it's place.

No new iPhones are really unlocked, activation creates a ticket allowing the baseband to be used with that sim. The lockstate of the phone really lies on apples servers. Unlocked is auth all sims. Locked is auth AT&T sims only. Fortunately this ticket system provides an easy way to deliver the payload and reexecute the patched code all in one. And since the ticket is already delivered on baseband resets, theres no need to write another daemon to hog battery. I use the daemon already designed for this, lockdownd. A patch to commcenter gets it to run the payload on ticket delivery. And a patch to your activation record contains the payload. So using existing apple machinery, I unlock when needed.

In retrospect, I should've just patched commcenter to send the payload. Then hacktivation would work no problem. Oh well, tomorrow is another day.

Here is the source. And I mean all of it.

Read More

GeoHot Posts Entire Source Code for iPhone 3GS Unlock
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
iClarified Icon
Would you like to be notified when we post a new Apple news article or tutorial?
You must login or register to add a comment...
jashsayani - July 15, 2009 at 11:57am
zenrock - July 14, 2009 at 2:05pm
Hey Geohot i'm gonna snatch your code and i'm telling it to your face i'm gonna do it. make my own version and pass it off as my own you put it on the sidewalk that makes it anybodies now you have noclaim on it you just lost all ownership to it idiot. thanks for the expliots to the iphone firmware anything else you wish to release while we're on the subject.
t11chb - July 14, 2009 at 11:57am
What a stupid thing to do! Firstly your gonna get people passing it off as their own, selling unlocks, ripping people off. Secondly, Guaranteed Apple will take a look.
PizzaTheHut - July 14, 2009 at 10:43am
That is not all the source code. The crc32 class is missing.
zenrock - July 14, 2009 at 1:34pm
it doesn't matter why would a iphone jailbreaker ever post all his code so apple can look at it noone ever in there right mind would commit so i'm guess purplerain is gonna be a one hit wonder then because as soon as apple get's it's hands on the code it will no longer work lollllll wow talk about dumb move.
10 More Comments
Recent. Read the latest Apple News.
Tutorials. Help is here.
How to Fix 'No Matching Host Key Type Found' on Mac
Where to Download macOS Ventura
How to Stream the World Cup Using a VPN
AppleTV Firmware Download Locations
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.