project sn0wy 0wl
were unknown developments. Were making a tethered hombebrew jailbreak to relieve you people who want a 3Gs jailbreak now. Were a DAY into the project and we have already
patched all sig checked files with a unique ECID
team member Derek and I did this Derek made the method we use
Derek said:
"so i noticed that in the iBSS the "HSHS" string also exists. here's the hex string found in the iBSS, iBoot, and the purplera1nyday file... "48 53 48 53 8C 00 00 00 80 00 00 00". i'm gonna take a look at the other img3s as well.
a few minuetes later he ran a test restore
and said this:
the iBoot i created using the method described above worked for me. the phone is currently restoring... been copying files and progressing for a while now. it's gonna fail because i used a decrypted 018-5302-002.dmg file and when you do this it fails verification with apple at about 50% progress bar (iphone). i guess this means we can "patch" all of the files containing that hex sequence.
Later I made a patched iBoot and sent it to Team member Arthur. It was HIS unique ECID I encoded into iBoot.
For examples of my ECID patched system pieces go to http://www.megaupload.com/?d=EI25M3Y9 it has no jailbreaking data as of yet but we are still working on patching :)
patched all sig checked files with a unique ECID
team member Derek and I did this Derek made the method we use
Derek said:
"so i noticed that in the iBSS the "HSHS" string also exists. here's the hex string found in the iBSS, iBoot, and the purplera1nyday file... "48 53 48 53 8C 00 00 00 80 00 00 00". i'm gonna take a look at the other img3s as well.
a few minuetes later he ran a test restore
and said this:
the iBoot i created using the method described above worked for me. the phone is currently restoring... been copying files and progressing for a while now. it's gonna fail because i used a decrypted 018-5302-002.dmg file and when you do this it fails verification with apple at about 50% progress bar (iphone). i guess this means we can "patch" all of the files containing that hex sequence.
Later I made a patched iBoot and sent it to Team member Arthur. It was HIS unique ECID I encoded into iBoot.
For examples of my ECID patched system pieces go to http://www.megaupload.com/?d=EI25M3Y9 it has no jailbreaking data as of yet but we are still working on patching :)
posted by SpYd0R at
12:03 AM
50 Comments:
whea - yet another blog ;)
good luck guys.. my 3gs is waiting here for your progress
Sn0wy0wl
nice name
thechef
Is there anyway I could help? If I could just let me know. Best of luck!
@mateen110
Well were really trying to get through this asap so if you could make help make bundles that would be cool :)
Great works Keep Continue ^^
Thanks for your support :)
yes, nice name !
iam with you guys, you will make it. but try a little bit to sleep :)
can you post a progressbar in percent? that would be nice!
Being a developer for the iPhone, and then reading through this post, you literally made my BRAIN HURT with the computational INACCURACIES of your statements. But, hey, to each his own. It's just laughable to see people so desperate that they're willing to send their ECIDs to a group of strangers.
we like the product.. thats all..
apple is like cigarettes .. you get addicted really quick - until now it does not cause cancer - but who knows what mobile radiation does really
;)
I never slee...Zzzzz
@schlafenwolf
kkthxbb!
(in germany is 10 AM! :))
Hater #1 hooray!
I may have made some grammer mistakes and for that I'm sorry but I am quite accurate go to geohots blog and read Son...
Ha very funny Maximillian :)
They havnt sent their ECIDs -.- I think you must be an Apple Dev buzz off this is a jailbreaker blog.
Break a leg guys!
Ow my bone broke in my leg :(
I broke a leg :o
xD
...the Italian way to wish good luck not much better: "in bocca al lupo", i.e. in the mouth of the wolf! Anyway, you got my point!
Thanks :)
any updates?
guys if I can help on any way let me know pls
Same thing if i can help i'm here.
you've already done a very good job.
I'm here to package this in an app / installer when you reach that point like I said in IRC. email me @ brad457@gmail.com
So guys I heard you got what we needed from usb dump
and also if even fail on 50% with new iBoot, it means its actually working (new iBoot). But its still just regular iBoot without exploit (only signed with apple cert)
So now goal is to make sence of rsa sigchecks adressed that geohot gave us
I think it's great what you guys are doing. Solving problems when others either won't or can't. Don't let the machine beat you. I am a registered developer, so if you need anything(wink wink) just let me know.
You Guys are doing Great work. Thanks alot for all your hard work.
Ok do NOT upgrade (sorry) 3.1 has a new baseband rendering unltrasn0w useless although we will check iBoot to see if it's exploitable stillexploitable for those who HAVE NOT gotton their purplera1n ECID
Coffee anyone?
Me! :)
@DBDtheAbyss
So i found and error in iBoot you sent me
There are 3 HSHS sections instead of 1
Also we got UsbDump for Derek phone
Zeke if we could get a Beta copy of 3.1 for disassembling that would be very gracious also we NEED an apple datacenter cert for this (could you help?)
I will create chat room again
Ok awesome! We should get to work with Making and applying jailbreaking patches in iBoot and iBss
actually derek sent you usb dump already...so right now i will properly patch iBSS and iBOOT with my ecid and you can look for certificate thing
apply the permissions tags and rsa sigs into iBoot I think that's how you should patch it :)
Kk
Screw it I'll apply georges help :)
@Arthur,
where did you create the chat room? Are you on irc again? I'd like to help out but this blog thing is way to slow to correspond.
Yeah, i have to leave now for like 2-3 hours, getting test 3G phone with my friend. This way we can do pwnage tool and grab some stuff like cydia, openssh and etc
i will create private iRC server so it will be always up and nobody will create duplicate rooms
I was searching some known faqs and wikis and found this "old" information regaring xpwn. I think this could be a solid base we actually could learn from and build uppon because it supports 3G jailbreak. What do you think?
Org Info:
______________
xpwn 0.3 sources are now up
Hey guys,
The development sources for xpwn 0.3, the firmware 2.0 version of our cross-platform jailbreaking library/command-line utility have been pushed onto github. We’ve tested it on Linux, Windows XP, and Windows Vista for both the iPhone 2G and iPhone 3G thus far, but since it uses the same FirmwareBundles files as PwnageTool, and we know those work for the iPod touch, there ought not be any problems.
Being a suite of command-line utilities, this release is meant primarily for developers. While you can certainly jailbreak (both 3G and first-gen) and unlock (first-gen) with it, it’s not really something you want to try without reading the lengthy, detailed README. If you don’t have the patience to do that, this release is not for you.
We’re hoping the community will use this to create useful, easy-to-use jailbreak related applications for all platforms. This is an open source endeavor and you are more than welcome to fork it, fix our bugs, submit patches, etc. Now it’s time for you guys to step up to the plate. :)
all right guys i haver created a Custom iBoot for derek if this works with the phone we will work on the jailbreaking fun part otherwise its back to the drawing board...
-DBDtheAbyss.
-unknown dev.
that really is useless...but interesting. besides xpwn 3.0 isnt out, were talking about the 3gs not the 3g,3gs uses differant hardware so xpwn would need adaptation...
of course it would need adaptation but there is so much to learn from it. It can actually work the phone in dfu-mode, prepare IPSW-Files, Hash them, patch every img3 - file, iboot etc... and has a bunch of patch-files delivered. It may be old but it actually is something to stand on.
We could extend it to include the ECID in IMG3 - Files etc... If it worked for a 3G it could actually be extended to work with our 3GS, right?
Yes but it uses conventional pwnage which the 3gs does NOT understand
hey awesome team.
can you tell us your actual progress in a percent bar or something like that?
that would be awesome, :) thank you, and you will make it!
It's funny how people rush rush rush something that can't be rushed.
abyss is right, this goes beyond flashing in DFU, when you flash the 3GS in dfu and reboot the phone, the boot knows the file is no good and automatically kicks it into recovery mode. In theory, it should work, but it's pretty complex.
Glad to see the unknown team making progress with this, congrats and thank you for the hard work.
I'm back online...
Yes I'm alive :)
Post a Comment
Subscribe to Post Comments [Atom]
<< Home