April 15, 2024
iPhone Dev-Team Updates UltraSn0w Unlock, Discusses PurpleSn0w

iPhone Dev-Team Updates UltraSn0w Unlock, Discusses PurpleSn0w

Posted July 16, 2009 at 4:03am by iClarified
The iPhone Dev-Team has updated the UltraSn0w unlock to use some of the good ideas from PurpleSn0w. They have also provided a very detailed explanation of how PurpleSn0w and UltraSn0w work.

The day before yesterday, some fellow named geohot released a program called "purplesn0w" which claims to be a better unlock than our ultrasn0w solution. He was kind enough to provide source, which we naturally took apart to try to validate his claims. ;) We've found he had come up with some pretty neat ideas, including patching the actual text of the baseband code by copying it over to RAM and then using the MMU and page tables to have the baseband pretend it is part of the original bootrom. Of course, like yellowsn0w and ultrasn0w, this code has to be reloaded with every reboot of the baseband. However, the advantage of this is that developing unlocking payloads is a lot simpler - in fact, geohot used the same payload in AnySim and BootNeuter. We kicked around this idea ourselves before, but eventually found a work-around for the same problem with the yellowsn0w/ultrasn0w payload. The two pieces of code have the exact same effect on the baseband - with the difference that geohot's exploit overwrites an arbitrary block of memory one megabyte in size. The baseband has a total of eight megabytes of memory and every bit of it is earmarked for use (except for 485212 bytes of it which we haven't accounted for yet, but that's still less than 1 MB). This means that eventually the area of memory geohot is using will be corrupted and 1 MB of baseband code will be corrupted (until the next reboot). How soon will this happen? Will it even matter in day-to-day use? We don't know, because we haven't spent much time looking. However, why take the risk when the yellowsn0w/ultrasn0w payload accomplishes the same job with no corruption?

The second new idea he had was to patch CommCenter rather than use a daemon. At first, this idea seemed pretty distasteful to us. Binary patches are messy and difficult to maintain (we figure it's partly why he only made a version for 3G S and not 3G as well). In addition, the stated reason of reduced battery life with a daemon is factually incorrect, since any computer science student who's taken a course in operating systems will tell you that a sleeping task takes up exactly NO CPU resources and NO power (it's merely skipped over during context switches). That's right: not "only a little" power, but absolutely NO power. However, ultrasn0w 0.6 did have a problem where the STK refresh command it used crashed the baseband in 3G S. This caused the baseband to continually come up and then restart. That DOES take power and so may explain the issues that people have been seeing. ultrasn0w 0.8 was supposed to have fixed this issue, but perhaps not completely. This is because the STK refreshes we used are inherently unreliable - but we thought they were necessary to avoid people having to reinsert their SIM. Turns out we were wrong on that score. geohot's method shows that we can perform the unlock before CommCenter polls for lock state. When we do it before (instead of after), the STK refreshs are no longer necessary! The only way to do it before the polling, however, is to modify CommCenter. We've tried to make the best of a bad situation by using MobileSubstrate to perform the modification. This lets us modify the behavior of CommCenter without touching the actual binary. We also used a method to dynamically locate the patch location so that it should work on both 3G and 3G S (and should need to be updated less frequently). We also do it in a different way so that hactivated phones will work with the unlock (unlike purplesn0w). You'll find that this update is now available through Cydia as ultrasn0w 0.9 We thank geohot for contributing to the scene once again. We don't think purplesn0w is the right path, but it has certainly helped us improve ultrasn0w!

P.S. geohot, seriously, stop dicking around and look at the bootrom instead kthx. =P

You can find instructions on how to unlock your iPhone using UltraSn0w here.

iPhone Dev-Team Updates UltraSn0w Unlock, Discusses PurpleSn0w
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
iClarified Icon
Would you like to be notified when we post a new Apple news article or tutorial?
Comments (11)
You must login or register to add a comment...
luisj23 - July 22, 2009 at 12:24am
Had been doin great with 2G untill last week; got mugged and lost phone. Have 3G and had a hard time to jailbreak, finally pwaned it and then ran the Ultra9-1, this gave me carrier signal but my battery doesn't last that much. Anyone??
arvin - July 16, 2009 at 7:44pm
The purplesn0w screwed my iphone 3GS twice!!! It just freezes iphone. I think Dev-Team's ultrasnow is great. Long live Dev-team. Arvin
ivens - July 16, 2009 at 2:30pm
Does this new ultrasn0w also change the startup boot logo from it's original apple to the pwnapple?
zenrock - July 16, 2009 at 1:47pm
It's good to see both parties working together to fix both of their programs by sharing what they found just one thing keep it between you guys and not posted in a public.Because by releasing jailbreaking code to everyone you do realize just as we see it so do the people at apple and they will go look at their program and start looking alot closer at it for holes and bugs so they can close the iphone off to you and have a better firmware to which will take alot longer if anyway at all to jailbreak so to which we all must keep that kinda info from them at all times that's how this cat and mouse game is played let's not forget that must important rule in the community.
Steve Jobs
Steve Jobs - July 16, 2009 at 10:54am
My congratulations to these guys they are really doing a nice work with iPhone unlocking they have good ideas to solve problems colaborating together.... keep going kids !!
Ramses - July 16, 2009 at 5:19am
People like Geohot brought back faith and trust in America open computing for others to follow ;-)
David - July 16, 2009 at 4:58am
I gotta say for a guy who is not completely coherent in computing and programming, what you guys do is thrilling and genius and makes a lot of people thankful and happy - so thanks you guys and all the other people smart enough to do this kind of stuff. It all adds up to lots of happy phone users and a stick it to the (ATT/APPLE) man
attnck - July 16, 2009 at 4:19am
Geohots idea is really very intelligent, and has give me a few ideas for other projects, it's too bad about the issue with corruption...but at least it has resulted in an improvement in UltraSn0w ^.^
Jorge silva
Jorge silva - July 16, 2009 at 4:14am
What about the push notification problem on 2G phones, any news?
David Scott
David Scott - July 16, 2009 at 6:49am
It looks like the newly seeded 3.1 addresses that issue. Hoepfully we will see an improvement in overall performance too. I'm not sure about anyone else but my 2g really lacks in speed after a fresh sync (probably becasue of the indexing process for spotlight) and can take up to 5hours before it is back to normal. I wonder if apple are taking notice?
eserunsalan - July 16, 2009 at 12:07pm
3.1..? The future Apple update?? U sure...?
Recent. Read the latest Apple News.
Tutorials. Help is here.
Where to Download macOS Monterey
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.