Iphone 4.6 Baseband new Unlocked
Discussion
http://www.engadget.com/2008/02/08/out-of-the-box-...
Now 8gig and 16 gig phones have a software unlock so any sim can be used in the phone
Now 8gig and 16 gig phones have a software unlock so any sim can be used in the phone
Its all a bit technicated for me.. Also, it looks like its only possible to do this by reverting to the previous software version?
Just got mine yesterday. But running it all by the book on an 02 contract that i'll likely never make the most out of!
All this hackery seems to defeat the object a bit for me. This apple kit is supposed to be painless and fuss free to use. If you have to keep hacking the thing (IE you have to go through it all over again when there is a software update you want to apply) then it no longer becomes painless and fuss free to use surely?
Lovely gadget though
P,
Just got mine yesterday. But running it all by the book on an 02 contract that i'll likely never make the most out of!
All this hackery seems to defeat the object a bit for me. This apple kit is supposed to be painless and fuss free to use. If you have to keep hacking the thing (IE you have to go through it all over again when there is a software update you want to apply) then it no longer becomes painless and fuss free to use surely?
Lovely gadget though
P,
Hacking is for fun, not profit 
If you are hacking the thing just to get it working more cheaply, or to sell on for a profit, then IMO it's the wrong reasons. Hacking *is*, as teh Steve correctly stated, 'a game of cat and mouse' (he should know, being one of the original 'phreakers' using 'blue boxes' to steal long distance phone calls).
If you're not willing to continue playing the game, then don't start. Actually the iPhone is pretty good in that regard - you could have hacked and upgraded only as far as 1.0.2 in the early days (like me) and left the phone like that - it'd still work and was stable. But the new apps require later versions, etc.
I've upgraded my super-hacked 1.0.2 to 1.1.2 and thereon to 1.1.3... painless process, still unlocked, jailbroken (with a special trick of mine to upgrade application space to the entire hard drive) *and* Google Maps locates me using GSM cell towers, the whole shebang works... on Vodafone.
But I'm not doing it because I can't afford an O2 contract, nor because I want to sell the phone at a profit. I do it for fun.
Plenty of money in Russia, China and the rest of Asia for unlocked iPhones though, so there will always be the profit merchants. Most of the bootloader cracking was done by paid insiders IMO (Infineon or ex-Infineon engineers). The rest of the system was hacked by OS X hackers much like me, but the baseband and bootloader stuff is specialist GSM embedded-system code and not the sort of thing average OS hackers have experience of...
If you are hacking the thing just to get it working more cheaply, or to sell on for a profit, then IMO it's the wrong reasons. Hacking *is*, as teh Steve correctly stated, 'a game of cat and mouse' (he should know, being one of the original 'phreakers' using 'blue boxes' to steal long distance phone calls).
If you're not willing to continue playing the game, then don't start. Actually the iPhone is pretty good in that regard - you could have hacked and upgraded only as far as 1.0.2 in the early days (like me) and left the phone like that - it'd still work and was stable. But the new apps require later versions, etc.
I've upgraded my super-hacked 1.0.2 to 1.1.2 and thereon to 1.1.3... painless process, still unlocked, jailbroken (with a special trick of mine to upgrade application space to the entire hard drive) *and* Google Maps locates me using GSM cell towers, the whole shebang works... on Vodafone.
But I'm not doing it because I can't afford an O2 contract, nor because I want to sell the phone at a profit. I do it for fun.
Plenty of money in Russia, China and the rest of Asia for unlocked iPhones though, so there will always be the profit merchants. Most of the bootloader cracking was done by paid insiders IMO (Infineon or ex-Infineon engineers). The rest of the system was hacked by OS X hackers much like me, but the baseband and bootloader stuff is specialist GSM embedded-system code and not the sort of thing average OS hackers have experience of...
spants said:
cyberface
how did you do the application move - was it via the ln command? if you can do a quick walkthrough for a fellow techy that would be great (hackint0sh is so slow atm)
ta
Tony
If it's the same thing I'm thinking of, you move the applications to the Media partition and then create a symbolic link to the new folder called "Applications".how did you do the application move - was it via the ln command? if you can do a quick walkthrough for a fellow techy that would be great (hackint0sh is so slow atm)
ta
Tony
DISCLAIMER : GETTING ANY OF THIS WRONG COULD RESULT IN YOUR PHONE NEEDING TO BE RESTORED - PROCEED AT YOUR OWN RISK (ok, a bit melodramatic but I'm not taking responsibility
)First check your FSTAB to make sure that you don't have the NOEXEC setting on the second partition (otherwise none of the applications will be able to run once you move them);
Using SCP or SFTP, get the file /etc/fstab
Open it in a text editor and look at the contents. If you see;
"/dev/disk0s2 /private/var hfs rw noexec 0 2"
remove the word "noexec ", save the file and copy it back to your phone.
Then perform the move and link.
SSH into your phone and do the following 3 commands;
cp -R /Applications /private/var/root/ROOT_Applications
rm -rf /Applications
ln -s /private/var/root/ROOT_Applications /Applications
Reboot the phone (hold power, slide off, restart)
Alternatively, if you've got Installer installed, add Community Sources to the sources list and install "Boss Tool" - there is a function in that to do the same job but at the press of a finger instead of all that typing.
Just thinking, if you haven't got your phone jailbroken you won't be able to do any of this.
Yup - the Dude has it right. Just shift /Applications to /dev/disk0s2 with ln -s and create the necessary folder on /private/var.
You need it jailbroken i.e. /etc/fstab both rw and without noexec on the second partition.
I also symlinked /opt/iphone off /dev/disk0s1 to the Media partition, since the Ruby install by default puts 2 MB in /opt/iphone on the boot partition which is excessive. It all works perfectly symlinked onto the other partition.
Currently I'm researching logins and passwords - I successfully changed the root password, disabled the mobile password and created my own low-privilege user on the old firmware, but it appears that 1.1.3 is moving away from using root for everything, the mobile user is now important, and changing the root password from the default 'alpine' crashes some apps (Summerboard is a particular problem).
Ideally I'd like both the root and mobile passwords changed to something super-complex to prevent kiddies ssh'ing into my phone when I'm on an open network, and the ability to have my own user like last time. But 1.1.3 has changed some significant parts of the system re: which apps are suid root and what runs as who... Terminal is a problem now as it assumes you want to log in as root, which you may not...
Run all of this shit at your own risk. Remember that I have a *very* early iPhone that's been extensively hacked with very experimental tools and it appears I've ended up with a factory-unlocked configuration - at no point have I been re-locked on any upgrade (been re-jailed though ) The actual unlock process I used involved three different unlocking tools and it was all done on the old 3.09 bootloader. It's unlikely that it will be repeatable on a new phone - especially because of the 4.06 bootloader fix.
You need it jailbroken i.e. /etc/fstab both rw and without noexec on the second partition.
I also symlinked /opt/iphone off /dev/disk0s1 to the Media partition, since the Ruby install by default puts 2 MB in /opt/iphone on the boot partition which is excessive. It all works perfectly symlinked onto the other partition.
Currently I'm researching logins and passwords - I successfully changed the root password, disabled the mobile password and created my own low-privilege user on the old firmware, but it appears that 1.1.3 is moving away from using root for everything, the mobile user is now important, and changing the root password from the default 'alpine' crashes some apps (Summerboard is a particular problem).
Ideally I'd like both the root and mobile passwords changed to something super-complex to prevent kiddies ssh'ing into my phone when I'm on an open network, and the ability to have my own user like last time. But 1.1.3 has changed some significant parts of the system re: which apps are suid root and what runs as who... Terminal is a problem now as it assumes you want to log in as root, which you may not...
Run all of this shit at your own risk. Remember that I have a *very* early iPhone that's been extensively hacked with very experimental tools and it appears I've ended up with a factory-unlocked configuration - at no point have I been re-locked on any upgrade (been re-jailed though
) The actual unlock process I used involved three different unlocking tools and it was all done on the old 3.09 bootloader. It's unlikely that it will be repeatable on a new phone - especially because of the 4.06 bootloader fix.spants said:
thanks for that - play time next week when i have time.
Im running 3.9 BL, 1.1.3 modem and firmware unlocked to vf using anysim 1.3. Everything is working 100% inc google locate :-)
Tony
Similar to me. You'll have no trouble at all (though I had a combination of the 12th Sept leaked iUnlock, the IPSF paid crack, and Anysim 1.3a (or whatever the second version was called)). Google locate works!!! Even on the train, it was hilarious to be speeding down to Kent from Cannon St, hit the locate button and a map came up with a train line in the middle of it. Im running 3.9 BL, 1.1.3 modem and firmware unlocked to vf using anysim 1.3. Everything is working 100% inc google locate :-)
Tony
LocateMe 0.5 is now uninstalled - useless compared with Google's code...
Still not comfortable with the unix user permission setup though - and the fact that many third-party apps break under 1.1.3 if you change the root password. Will post when I've got a solution... my local pub has free Wifi and all it'd take is someone to try the local IP addresses with SSH and the iPhone root password (alpine) and they'd 0wn my iPhone. Not good.
I'm currently trying to get nmap compiled successfully for the iPhone (will be a lot easier with the symlink library trick, since I can put it all in /opt/iphone which is on the second partition) which will make the iPhone a right vicious little tool for all the posers in Starbucks
Especially since they'll all be root/alpine 
cyberface said:
my local pub has free Wifi and all it'd take is someone to try the local IP addresses with SSH and the iPhone root password (alpine) and they'd 0wn my iPhone. Not good.
I'm currently trying to get nmap compiled successfully for the iPhone (will be a lot easier with the symlink library trick, since I can put it all in /opt/iphone which is on the second partition) which will make the iPhone a right vicious little tool for all the posers in Starbucks Especially since they'll all be root/alpine
you could just turn ssh off using the BOSS prefs I'm currently trying to get nmap compiled successfully for the iPhone (will be a lot easier with the symlink library trick, since I can put it all in /opt/iphone which is on the second partition) which will make the iPhone a right vicious little tool for all the posers in Starbucks
Especially since they'll all be root/alpine spants said:
spoke too soon..... installer gives a "Main script execution failed!" message now.....
any ideas
cheers
Tony
Make sure you've got the latest Installer.app. It has a habit of getting into an unstable state if a bad app is loaded (e.g. if you try to install a 1.1.2 'tweak' on a 1.1.3 system, and it says 'you have the wrong firmware' - it then won't install anything after that)... My workaround in the cases I've seen like this is simply to click a random app to install, then hit 'clear queue' and then quit the app (back to Summerboard). Then re-launch Installer.app and things should work again. If there's a duff item in the 'queue' then the Installer.app won't work. Seems to be a problem with the new 'install queue' functionality added in the last version of the Installer.any ideas
cheers
Tony
If you're having real trouble with UI apps then ssh in and check the ownership and permissions of the apps. Since 1.1.3, where more apps are run as mobile rather than all as root, there are a few libraries and apps that are setuid root and group exec perms are more important now. It's becoming more a 'proper' unix system so any flaky behaviour (repeated crashes, etc.) can usually be solved with ownership / perms changes. Assuming you can get in, that is - that's the worst case.
As to your previous tip about using BossPrefs... yup that's what I'm being forced to do. Of course I was using Erica's UIctl for exactly the same purpose back in the old days with Dropbear ssh rather than the full openssh install
BossPrefs is pretty but it ain't no 'Boss' application IMO - overblown - for a start it doesn't work with apache (can't put an on/off switch in for Apache, since launchctl creates instances of httpd when required, and also for some reason BossPrefs can't tell if apache is running (ps x | grep httpd should be easy enough, no?) - also you can't delete a setting without hitting the terminal and removing the config file in the application bundle (which is the WRONG place for config files). Oh well, unless I write one myself I shouldn't bitch, I guess... just give positive feedback to the developer on how to make it better However this isn't ideal - if I'm playing funny buggers in open network areas (pubs, airports, etc. - pubs are especially good if there's some yuppie braying and showing off his iPhone to people... if he's been silly enough to install any services then I could give the guy a surprise
) then I'm totally open to being cracked because everyone knows the root password for the iPhone. In general, I only need ssh running when I'm working on the iPhone (a lot easier to ssh in to a shell with a proper keyboard than try to enter Unix commands using the iPhone 'keyboard' !!!!) - but I'd feel more secure if the root and mobile accounts had passwords of *my* choosing...had everything working fine before moving the apps directory. I have found that it is the old permissions problem - 1.1.3 runs apps as "mobile" rather than root hence installer was failing. This command (after the move and symbolic link) fixes it:
(ssh into your iphone as root/alpine)
chmod ug+s /Applications/Installer.app/Installer
regards
Tony
ps sorry to the OP for the thread hijack
(ssh into your iphone as root/alpine)
chmod ug+s /Applications/Installer.app/Installer
regards
Tony
ps sorry to the OP for the thread hijack
Edited by spants on Monday 11th February 09:42
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff