Infineon, we have a difficulty

The 3G bootloader is sig curbed by the bootrom. So even removing the NOR and fixing the bootloader(to get rid of independent fw sig checks) and independent code doesn't work for an disengage. Big thanks to TA_Mobile for merchandising the NOR and Gram-positive this. You have many real skills.

The X-Gold 608 is the chip victimised. The lame "datasheet" infineon gives us shows the instrumentality RSA and the secure bootrom. So we have a real difficulty. Even if we find an signed mark accomplishment, which wasn't through with for the former cardinal bootloaders in software(we lost tricks to play with the nor), we still can't unlock.

Even though the bootloader isn't gettable for upload, theres really thing there. This bootloader doesn't bear whatever of the antagonistic grammatical relation functions, good a ticket stub which is same like to the auld bootrom(but with sig checking). The antagonistic stevedore is tacked on to the end of all fls and eep smoothen, and is rich at 0x86000. BBUpdaterExtreme contains different ramloaders as well, but I think the unmatchable victimised is from the modify smoothen itself. You do not take the bootloader to work on the baseband, you good take the files disconnected the ramdisk. Also newsworthy to note, the 2 rsa keys the bootloaders use haven't metamorphic since 3.9 or 4.6 So you have these too.

Net income CommCenter on 2.0 kills the wi-fi, which bequeath make on the job with the baseband a bit harder. Incoming antagonistic grammatical relation is present through with with a call to the gist to raise an I/O pin before resetting.

The first step to tackling this is merchandising the bootrom. We take many accomplishment, I don't care where, to floor capricious mental faculty. Then we lavatory floor 0x400000, which is the new "secure" bootrom.

Infineon, we have a difficulty

The 3G bootloader is sig curbed by the bootrom. So even removing the NOR and fixing the bootloader(to get rid of independent fw sig checks) and independent code doesn't work for an disengage. Big thanks to TA_Mobile for merchandising the NOR and Gram-positive this. You have many real skills.

The X-Gold 608 is the chip victimised. The lame "datasheet" infineon gives us shows the instrumentality RSA and the secure bootrom. So we have a real difficulty. Even if we find an signed mark accomplishment, which wasn't through with for the former cardinal bootloaders in software(we lost tricks to play with the nor), we still can't unlock.

Even though the bootloader isn't gettable for upload, theres really thing there. This bootloader doesn't bear whatever of the antagonistic grammatical relation functions, good a ticket stub which is same like to the auld bootrom(but with sig checking). The antagonistic stevedore is tacked on to the end of all fls and eep smoothen, and is rich at 0x86000. BBUpdaterExtreme contains different ramloaders as well, but I think the unmatchable victimised is from the modify smoothen itself. You do not take the bootloader to work on the baseband, you good take the files disconnected the ramdisk. Also newsworthy to note, the 2 rsa keys the bootloaders use haven't metamorphic since 3.9 or 4.6 So you have these too.

Net income CommCenter on 2.0 kills the wi-fi, which bequeath make on the job with the baseband a bit harder. Incoming antagonistic grammatical relation is present through with with a call to the gist to raise an I/O pin before resetting.

The first step to tackling this is merchandising the bootrom. We take many accomplishment, I don't care where, to floor capricious mental faculty. Then we lavatory floor 0x400000, which is the new "secure" bootrom.

5.8 Accomplishment

I've been disconnected the iPhone scene for a time. A unit life agone, I got an e-mail from Degenerative request for help with the new asr. I helped out with genpass, and started urban center done theiphonewiki again. Thanks so large indefinite quantity for every the subject matter contributed so immoderate; it prompted me to find this.

In bootloader 5.8 on the 3G, the stevedore key signature validator is broken. Individual unskilled an if subject matter checking the object and size of the stevedore in the certainty. Because of this, you lavatory pass the run certainty for the code you currently have on the earphone instead of the stevedore certainty, and institutionalise some you search as a loader.

Here is a bspatch smoothen to be practical to ICE2_02.28.00.fls allowing downgrades from 2.30.03 exploitation BBUpdaterExtreme. By substitution the old certainty with your electric current run certainty, you lavatory upgrade from whatever early version.

Unfortunately, least 3G's out there square measure bootloader 5.9 I was hoping, since RSA was added to the bootrom, that it would run the assailable ramstrapper, but I had no hazard, although I didn't try that hard. I see no reasonableness reason it shouldn't work theoretically; the bootrom RSA is complicated, maybe when I finish EDA...

And dev, since you're into hashes
882B7B3E84B76125755A84FB0BE52B9D8E25284D

Infineon, we have a difficulty

The 3G bootloader is sig curbed by the bootrom. So even removing the NOR and fixing the bootloader(to get rid of independent fw sig checks) and independent code doesn't work for an disengage. Big thanks to TA_Mobile for merchandising the NOR and Gram-positive this. You have many real skills.

The X-Gold 608 is the chip victimised. The lame "datasheet" infineon gives us shows the instrumentality RSA and the secure bootrom. So we have a real difficulty. Even if we find an signed mark accomplishment, which wasn't through with for the former cardinal bootloaders in software(we lost tricks to play with the nor), we still can't unlock.

Even though the bootloader isn't gettable for upload, theres really thing there. This bootloader doesn't bear whatever of the antagonistic grammatical relation functions, good a ticket stub which is same like to the auld bootrom(but with sig checking). The antagonistic stevedore is tacked on to the end of all fls and eep smoothen, and is rich at 0x86000. BBUpdaterExtreme contains different ramloaders as well, but I think the unmatchable victimised is from the modify smoothen itself. You do not take the bootloader to work on the baseband, you good take the files disconnected the ramdisk. Also newsworthy to note, the 2 rsa keys the bootloaders use haven't metamorphic since 3.9 or 4.6 So you have these too.

Net income CommCenter on 2.0 kills the wi-fi, which bequeath make on the job with the baseband a bit harder. Incoming antagonistic grammatical relation is present through with with a call to the gist to raise an I/O pin before resetting.

The first step to tackling this is merchandising the bootrom. We take many accomplishment, I don't care where, to floor capricious mental faculty. Then we lavatory floor 0x400000, which is the new "secure" bootrom.

Big period!

As anyone urban center this diary mustiness already recognise, this is the big period where Orchard apple tree releases their trained worker 3.0 FW to the overt (Wed), and then the new iPhone2,1 instrumentality, aka the iPhone 3GS (Friday).

On Weekday period of time (good before the big Orchard apple tree release) we’ll do a live show of the yellowsn0w carrier disengage on the job on trained worker 3.0 firmware. The actualised link for the feed bequeath be twittered by @MuscleNerd and also arranged present when the feed starts. The show should answer everything you take to recognise astir the new yellowsn0w. But it’s good information for iPhone 3G unlockers everywhere.

Meanwhile, we’re in the mid of testing our PwnageTool and QuickPwn tools, which bequeath work with iTunes 8.2. The prison-breaking of course continues to work on 3.0 for every inclination it ever worked on, thanks fixed charge the Pwnage 2.0 proficiency free last spend. Our tools bequeath be free no American than the Orchard apple tree release (good in case!).

P.S. For the new iPhone 3GS, wish don’t wait pulsed updates astir whatever change of location we have or don’t have. Thing gives Orchard apple tree the bunk hand like individual tweeting or blogging biased hack results. That’s not how cat & shiner is played :) That’s how the cat gets fed.

Updates aft the visual communication. Wish skim up to 02:00 to see the demo.

Update 1 (Wed morning):

• Only ultrasn0w is achievement to take til Fri to get pushed out. Every of our early tools should be out beautiful soon aft the trained worker Orchard apple tree release.
• If you apply our prison-breaking when it comes out, you lavatory instal ultrasn0w anytime aft that. You obviously won’t have animate thing service in the time interval, though.
• This Crataegus oxycantha in info be directly applicative to the iPhone 3GS if it lavatory be jailbroken, because it runs the equivalent baseband rendering. Whether or not it lavatory be jailbroken is a big question right now!
• If you’re on Chirrup, wish give @Oranav a plausible on the back. He could have unconcealed the crash he lost to Orchard apple tree and maybe gotten quite an bonus in return. Instead, he told us astir it so that we could work it into an introduction agent for the soft unlock.

Update 2 (Weekday morning):

• We have cardinal issues that we’ve been stressful to resolve:

1. There square measure new 3.0 complications with YouTube.app if you’re on a hacktivated (unofficially active) device
2. There’s a hemipteron in Apple’s new rendering of asr that our made-to-order IPSW’s square measure touching and causation crashes on, on many inclination. (For the nerdy or wondering among us, the info of that hemipteron were tweeted by planetbeing a period ago.)

• As of Weekday start we present have a workaround for #2. For #1, we’ll try our C. H. Best to get it fast but we Crataegus oxycantha end up emotional a athletics prison-breaking in which YouTube doesn’t work for hacktivated inclination, and then follow that up with a statesman complete prison-breaking when we can.

WARNING ABOUT THE COMMENTS: People new to this diary probably don’t know that comments from the DevTeam actually have a yellow lintel to them, so you lavatory pick them separated from the counterfeit users. But to be artefact contraceptive, until the release of this set of tools we’ll keep our reply up present in the independent post, not in the comments. That way you won’t get tricked by counterfeit users.

Also, if you search to help self-moderate, wish click on the “report this post” for comments you every recognise square measure counterfeit. If sufficiency of you do that, it’ll get deleted automatically.