Unlock iPhone 4 Baseband 04.11.08 Using SAM!!!!!!!

Posted on April 22, 2012 by JoeSolutions

A Chinese hacker Loktar_Sun, who discovered vulnerability in ICCID was able to unlock iPhone 4 and iPhone 4S using SAM (Subscriber Artificial Module). The method posted by him successfully unlocks iPhone 4 and iPhone 4S on all basebands. Those who have been waiting for 04.11.08 iPhone 4 unlock, this is certainly good news.

Requirements:

  • Jailbroken iPhone 4S, iPhone 4, or iPhone 3GS that can be activated in iTunes (that is, not officially blacklisted) on iOS 5.0 and above.
  • The latest iTunes software installed on your computer with internet connected.
  • You must know the carrier that your iPhone is locked to.

The method to unlock iPhone is a bit cumbersome for rookies, but SAM (Subscriber Artificial Module) developer Sam Bingner has confirmed to release a SAM update that would make the process much simpler and easier to follow.

INSTRUCTIONS: SAM Unlock

Step 1: Install Sam Bingner’s SAM package from repo.bingner.com.

Step 2: Enter SAM by either going through the settings menu or find the SAMPrefs icon on your springboard. You will need to have the SIM card you intend to use in your iPhone.

Step 3: Navigate to utilities and select “De-Activate iPhone”, your ActivationState under “More Information” should now be “Unactivated”

Step 4: With SAM enabled, choose “By Country and Carrier” in “Method”; find your carrier, for some carriers operating more than one Carrier ID you may need to select “SIM ID”. Chose wisely and if you pick the incorrect the method will won’t work.

Step 5: Navigate to “More Information”, copy or write down the IMSI in “SAM Details”, then tap “Spoof Real SIM to SAM”.

Step 6: Navigate back to the main SAM screen and change your “Method” to manual. Paste or enter the IMSI string we saved in Step 5.

Step 7: Connect your iPhone to your computer and allow iTunes to activate it, double click “Phone Number” parameter at the main device screen and make sure that the ICCID matches that of your SIM card. If not you need to start over from Step 1.

Step 8: Unplug your iPhone and close the iTunes.

Step 9: Disable SAM.

Step 10: Connect your phone to iTunes again; you should get an error saying that your iPhone cannot be activated. This is normal. Just close iTunes and open it again.

Step 11: You should see signal bars in a short time, congratulations.

Step 12: Push notifications may stop working after this procedure but can be easily restored by “clear push” utility in SAM followed by connecting to iTunes.

unocked 4.11.08 baseband

Your iPhone 4 on baseband 04.11.08 has now been unlocked successfully. We are receiving reports from multiple users who were able to unlock their iPhone running baseband 02.10.04, 04.10.01, 04.12.01, 1.0.13, 1.0.14, and 1.0.11.

Posted in iPhone | Tagged , , , , , , , , , , , , | 2 Comments

One Step Closer To iOS 5.1 Untethered Jailbreak!

Posted on April 20, 2012 by JoeSolutions

Voila! The long cherished jailbreak is around the corner. Pod2g has finally bypassed the ASLR at bootup which was lurking the release of iPhone 4S, iPad 3 (the new iPad) and iPad 2 untethered iOS 5.1 jailbreak. Cyril (aka Pod2g) confirmed few minutes back via twitter – “ASLR seems bypassed! Weird machines FTW. Time to ROP the payload”.

The ROP (Return Oriented Programming) payload actually abuses vulnerability in IOSurface.framework. This vulnerability allows a normal process to have access to kernel memory with write privileges. By his tweet we can assume that technical hurdles for iOS 5.1 untethered jailbreak have been ironed out completely.

Release Date?
Though this doesn’t mean we’ll see a jailbreak in the next few days or so, it does mean @pod2g is heading toward a perfect jailbreak. After rigorous testing, pod2g will likely package the exploit into greenpois0n Absinthe which might take few more days before it is ready for public release. We, therefore, request you to stay calm since no precise ETA has been shared.

Warning: Apple might release iOS 5.2 or an incremental iOS 5.1.1 software update within a week or two. Be sure you hold off on upgrading to any upcoming iOS update until pod2g release its jailbreak.

Stay tuned for updates as they happen!

Posted in iPad, iPhone, iPod | Tagged , , , , , , | Leave a comment

Pod2g Discovers All Exploits for a New iOS 5.1 Untethered Jailbreak!

Posted on April 18, 2012 by JoeSolutions

iOS hacker pod2g has collated all missing pieces of exploits required for the new iOS 5.1 untethered jailbreak on all A5/A5X iOS devices which includes the new iPad (iPad 3), iPad 2 and iPhone 4S. Pod2g is currently exploring a way to bypass ASLR security at Bootup. The confirmation came via his official twitter account. Those who accidentally updated their iPhone 4S and iPad 2 device to iOS 5.1 without paying heed to our warnings, will soon be able to jailbreak their iOS device.

What is ASLR?

ASLR (Address Space Layout Randomization) was introduced by Apple in iOS 4.3 which randomize data on the RAM to help prevent exploits from taking control of the system. To know more about ASLR technique, you may read the slides presented by hacker Stefan Esser at POC 2010.

Those who are unaware, pod2g was responsible for discovering the A5 jailbreak vulnerability which led to a successful untethered iOS 5.0/iOS 5.0.1 Jailbreak using Redsn0w (for A4 Devices), Corona (A4 Devices) and Absinthe (for iPad 2 and iPhone 4S) jailbreak tools.

The new iOS 5.1 Jailbreak Release Date?

Hacker chpwn, who is close to the internals of the jailbreak scene, claims that just because all the exploits are found doesn’t mean that a jailbreak exists – it’s likely months away from first working at all. Moreover, pod2g hasn’t given any ETA, details about the exploit being discovered or the tool onto which it will be packaged – greenpois0n or redsn0w or Absinthe.

Plausibly, he will hold back the release till Apple pushes iOS 5.2 or an incremental iOS 5.1.1 software update. And if you want to keep your hopes alive, have patience and hold off on upgrading to any incremental update until pod2g jailbreak is publicly available.

Stay tuned for more info as it happens about iOS 5.1 untethered jailbreak.

Posted in iPad, iPhone, iPod | Tagged , , , , | Leave a comment

Downgrade A5 Devices Possible!

Posted on March 25, 2012 by JoeSolutions

Sn0wbreeze jailbreak and iFaith developer iH8sn0w has finally cracked the hard nut. The hacker has discovered a loophole in Apple’s APTicket system that will assist you to downgrade from iOS 5.1 to iOS 5.0.1 on iPad 2 and iPhone 4S. He is pretty much confident that the method he has devised will also work on A5X processor based iPad 3. But since Apple has yet to release updated iOS for the new iPad, he hasn’t ‘actually’ tested it on the iPad 3. Finally, it will now be possible to restore to any firmware you want on A5 devices, as long as you have the SHSH blobs saved.

Till now saving SHSH blobs with TinyUmbrella wasn’t working for both iPad 2 and iPhone 4S since iOS 5 has new SHSH mechanism (with APTicket). iOS firmware downgrade was only possible from iOS 5.x to iOS 4.x (however, you must have saved SHSH blobs for iOS 4.x) using TinyUmbrella but the tool doesn’t work for downgrading between versions of iOS 5.x (for instance, iOS 5.1 to iOS 5.0.1).

For iPhone 4, iPhone 3GS, iPad G, iPod touch 4G, you can use either iFaith or redsn0w for downgrade between iOS 5.x firmware. Redsn0w is probably the most convenient method for downgrading the non-A5 devices. It actually stitches 5.x blobs to a custom firmware file and use that file to restore to iOS device. We have already posted a guide in detail on how to save APTickets and SHSH Blobs using Redsn0w. You can use it and let us know if you have any issues.

Those who haven’t saved the SHSH blobs for iOS 5.0.1 or iOS 5.0 will not be able to downgrade their A5 based iPhone 4S and iPad 2. Yes, SHSH blobs will ‘always’ be required unless someone finds an untethered bootrom exploit.

Steven hasn’t shared as to when he will be patching or updating his iFaith tool which can then be used to restore iPad 2 or iPhone 4S to 5.0.1 from 5.1 IPSW. We assume that once the jailbreak for iOS 5.1 on A5 based device is achieved, updated iFaith tool will be released to the public.

Posted in iPad, iPhone | Tagged , | Leave a comment

How to Save APTickets / SHSH Blobs iOS 5.0.1 with Redsn0w for Downgrade

Posted on March 25, 2012 by JoeSolutions

Since Apple has killed the battery-zapping bugs in soon-to-be released iOS 5.1, many users will update their iPhone, iPad or iPod touch with the latest mobile operating system without acquainted with the fact that they will lose the untethered jailbreak on 5.0.1. In order to protect your jailbreak, you will have to save your SHSH blobs.

Note: I would like to re-iterate here that none of the tools – Corona 5.0.1 untether, Redsn0w 0.9.10b4 or  Greenpois0n’s Absinthe jailbreak are currently compatible with iOS 5.1, so many of us have to choose between an improvement in the battery or keeping jailbroken device alive. If jailbroken device is not your priority then probably this article is not for you.

If you are a new user, you must understand the concept of SHSH. These blob certificate file act as a life saver to downgrade your firmware.

Since iOS 5.x accommodates APTickets, saving SHSH files is bit tricky. I have used redsn0w 0.9 here to save SHSH for my iPod touch 4G since it also supports saving SHSH+APTickets and these APTickets are crypto-verified before submitting to Cydia, just like the main blobs. Right now Cydia server can’t send back theAPTickets, so we’ll use stitched IPSWs for 5.x.

Here’s the tutorial that you must follow to take the backup of SHSH blobs and APTickets for successful downgrade in future (say, from iOS 5.1 to 5.0.1).

Instructions to Save SHSH Blobs, APTickets

Step 1: Launch the latest release of redsnow (currently 0.9.10b6, if you don’t have it, there is a direct link to it in a previous post).

Step 2: Select ‘SHSH blobs’

Step 3: Place your iDevice in DFU mode. If you are a newbie, here’s the DFU mode video demo.

  • While iDevice is connected to the computer, turn off the device.
  • Prepare to press the POWER + HOME button for 5 seconds.
  • Then while holding down the power button, press the Home button for 10 seconds.
  • Release Power button while holding down the HOME for 10 seconds .Your screen is completely black

Step 4: Click the Fetch button and let them work. This will now start fetching the SHSH blobs stored in the device and then send them to Cydia server. If you have already sent SHSH blobs you will get message saying – Cydia server already has a full set of blobs for this configuration.

After this process, your iDevice restarts automatically and a plist file will be created in redsn0w directory on your computer. It is very important for you to keep this file in safe place.

Step 5: Now its time to send the signed and APTicket SHSH backup on the server Saurik. To do so – click on Submit and then specify the SHSH.plist file.

Step 6: Next step is to create a firmware with this file SHSH.plist / APTicket.

Click on Stich -> IPSW

Step 7: Enter the iOS firmware you signed SHSH with and save the APTicket.

Step 8: Click ‘Local’ button and then specify the file SHSH.plist previously created. It will start loading kernel cache and stitching the blobs. It will automatically add APTickets, patch iBSS and iBEC in the background.

You will get a popup windows saying – ‘Blob stitching done’. Your iOS 5.x personalized firmware is created and available on your computer. The windows will display the path of the customized IPSW. This custom IPSW can be used with iTunes and TinyUmbrella to restore iOS device to iOS 5.0.1.

And there you have it, you’ve saved SHSH blobs and APTickets.

Restoring a Customized iOS

Make sure that ‘#’ is added in front 74.208.10.249 gs.apple.com in your host file. Now, before you run the iTunes to restore your customized iOS, you must place your iOS device in Special DFU mode: Pwned DFU. To do so, launch the Redsn0w 0.9.9 and go to “Extras” menu and then “Pwned DFU”.

Place your iDevice in DFU mode and then click on Pwned DFU. Launch iTunes then simply indicate the firmware created earlier (with signed and APTicket SHSH). Click

  • Mac: ALT (keyboard) + Restore button (iTunes)
  • Win: SHIFT (keyboard) + Restore button (iTunes)

Can I use TinyUmbrella to backup SHSH blobs /Apticket ?

Saving SHSH blobs with TinyUmbrella will not going to work since iOS 5 has new SHSH mechanism (with APTicket). You can downgrade from iOS 5.x to iOS 4.x (however, you must have saved SHSH blobs for iOS 4.x) using TinyUmbrella but the tool doesn’t work for downgrading between versions of iOS 5.x (for instance, iOS 5.1 to iOS 5.0.1).

We only have one method – that is redsn0w – that stitches 5.x blobs to a custom firmware file and use that file to restore to iOS device. Here, it is important to keep in mind that as of today, redsn0w is not yet compatible with iPad 2 and iPhone 4S. There is no way you can downgrade from iOS 5.1 to 5.0.1 for A5 device.

Perhaps, developer @notcom has added tentative 5.0.1 support that allows you to save shsh blobs but as of now you will not be able to use them fully while restoring on your iPhone 4S.

Can I downgrade iPhone 4 or iPad 2 from iOS 5 to iOS 4.x?

TinyCFW has been tested for downgrading iPhone 4 and iPad 2 running iOS 5.0.1 to iOS 4.3.3 without getting stuck in a 1015 recovery loop. But the tool only works if you have already saved 4.3.3 SHSH blobs else you are out of luck.

Posted in iPad, iPhone, iPod | Tagged , , | 1 Comment

iPad 2 Running iOS 5.1: JAILBROKEN! ;)

Posted on March 15, 2012 by JoeSolutions

The hacker Stefan Esser, aka i0nic, has succeeded in creating a successful jailbreak of iOS  5.1 on the iPad 2 and has just released some photos showing jailbroken iPad 2 running iOS 5.1 through his twitter account. This is an amazingly fast achievement!

pod2g had already announced that he is working on finding vulnerabilities in iOS 5.1, the iPhone Hacker i0n1c has surprised us with these photos.

The photos of iPad 2 jailbreak on iOS 5.1 indicate that we are very close from seeing a release. It is probably a matter of days or few weeks until i0n1c performs his tests for stability and packaging and releases it to the public!

What about iPhone 4S? Dont worry, any progress on the iPad 2 means progress for the iPhone 4S (since they share the same processor :D)

Posted in iPad | Tagged , , , , , , , , | Leave a comment

Apple’s New iPad Confirmed To Sport 1GB of RAM and 1 GHz CPU

Posted on March 13, 2012 by JoeSolutions

A couple of hours ago, The New iPad got unboxed by Vietnamese people. Now we have got some more good news. The hardware specs have been verified. Of course the results were great as it has confirmed that right now The New iPad sports 1GB of RAM and a 1 GHz CPU.

 According to these results the New iPad scored a score of 756, which is on par with what the iPad 2 scored and that’s not all also the folks at MacRumors said that those benchmarks only take into account processor and memory performances, without putting graphics capabilities to the test, which really is all the meat of the new A5X chip.

Posted in iPad | Tagged , , , , , , | Leave a comment

How To Unlock iOS 5.1 On iPhone 4 / iPhone 3GS using Ultrasn0w Fixer for 5.1

Posted on March 12, 2012 by JoeSolutions

iPhone Dev Team’s Redsn0w 0.9.10b6 conveniently  jailbreaks iOS 5.1 firmware but does not support unlocking iPhone 4 and iPhone 3GS (on old basebands) using Ultrasn0w 1.2.5. Till the time hackers pushes out ultrasn0w unlock for iOS 5.1 compatibility, you can install Ultrasn0w Fixer Patch for iOS 5.1.

The package, “ultrasn0w fixer for 5.1,” patches the iPhone Dev-Team’s ultrasn0w unlock, to work with iOS 5.1 jailbroken iPhone. Developed by msftguy and zmaster, ultrasn0w fixer for 5.1 can be downloaded by adding the repo: http://repo.iparelhos.com. Supported modem basebands are listed below. Everything else is NOT supported.

  • 01.59.00 (iPhone 4)
  • 04.26.08 (iPhone 3GS)
  • 05.11.07 (iPhone 3GS)
  • 05.12.01 (iPhone 3GS)
  • 05.13.04 (iPhone 3GS)
  • 06.15.00 (iPhone 3GS)

ultrasn0w fixer for 5.1

Instructions to unlock iOS 5.1 using UltraSn0w Fixer for 5.1

Step 1: You must first Jailbreak iOS 5.1 firmware using Redsn0w 0.9.0b6. In order to proceed, be sure to preserve your baseband from being upgraded. To do so, create custom IPSW iOS 5.1. iPhone 4 and iPhone 3GS owners can use redsn0w’s “Custom IPSW” button to create a NO_BB_* version of the 5.1 IPSW and restore to that instead of the stock one. If you try restoring your iPhone to a stock Apple IPSW, your iPhone will be locked. If you are already running iPhone with preserved baseband, skip this step and hop to Step 2.

Steps to create custom 5.1 iOS firmware to preserve Baseband

  • Launch Redsn0w, select “Extras”, and then select “Custom IPSW”.
  • Locate your iOS 5.1 Stock firmware then the Redsn0w will run a number of background processes to create custom IPSW which is pre-jailbroken with preserved baseband.
  • Navigate to Extras > Pwned DFU and restore to your custom iOS 5.1 firmware (created in step 2) using iTunes.

Step 2: After you have successfully jailbroken your device, launch Cydia from your iPhone Springboard.

Step 3: Go to the “Manage” tab, then tap “Sources”
Step 4: Tap Edit, then Add, you should get a dialog asking for a URL
Step 5: Enter this URL: http://repo.iparelhos.com and then press ‘Add Source’.

Step 6: After the repository has refreshed and finished loading sources, Tap on the iParelhos repo to see Ultrasn0w Fixer utility.

Step 7: Select the Fixer utility, and tap on the ‘Install’ in the top right hand corner.

Step 8: Once installation is complete, go ahead and install ultrasn0w 1.2.5.

Step 9: Reboot your iPhone and your iPhone should be unlocked on latest iOS 5.1 IPSW mobile operating system.

Posted in iPhone | Tagged , , , , | 1 Comment

How To Jailbreak iOS 5.1 iPhone, iPad and iPod Touch

Posted on March 12, 2012 by JoeSolutions

Soon after Apple released iOS 5.1, we all heard that hackers warned users not to update their devices to iOS 5.1. Unfortunately, it seems not every user read the warning in time so now users on iOS 5.1 have lost their untethered jailbreak. Fortunately for owners of non-A5 devices (all devices except iPhone 4S and iPad 2), you can now semitether your device!


iPhone Dev Team released Redsn0w 0.9.10b6 for those Apple users who upgraded to iOS 5.1 but remember this is just a Tethered jailbreak not untethered one.. But also that’s not all also the BigBoss updated “SemiTether” jailbreak tweak to work on iOS 5.1. So before we began our little and easy guide there is a lot of important notes you should read it before entering the guide:

  • This jailbreak is tethered jailbreak which means you’ll need to connect your device to computer everytime it reboots. You’ll need to do a tethered boot.
  • If you rely on unlock, don’t follow this guide. We’ll post a guide shortly on how to preserve baseband and keep the unlock.
  • The jailbreak is not meant for A5 devices, i.e. iPad 2, iPad 3 (“new iPad”) and iPhone 4S.

How To Tethered Jailbreak iOS 5.1 iPhone, iPad and iPod Touch Using Redsn0w 0.9.10b6 [Guide]

STEP 1Download iTunes 10.6 for Windows/ Mac OS X, Download iOS 5.1 IPSW.

STEP 2: Download Redsn0w 0.9.10b6 Tethered jailbreak [Mac users][Windows users]

STEP 3: Now simply back up your iPhone and then restore your device using iOS 5.1 ipsw. (If you are already on iOS 5.1, just ignore this step and go to step 4)

STEP 4: Now open Redsn0w 0.9.10b6 from your desktop and press on “Jailbreak” button then “Install Cydia” and follow on-screen instructions to put your device into DFU mode.


STEP 5: Now you are having Redsn0w tethered jailbreak on your device which means every-time when you download a tweak or anything else you will have to  launch Redsn0w, select “Extras” then”Just Boot” and put your device in DFU mode to get it rebooted and working.

STEP 6: This step is optional as instead of downloading Redsn0w and doing the steps above you have the ability to download a tweak called “Semi Tether” which can be found in Cydia store via BigBoss repo.. here’s the repo http://thebigboss.org/semitether.

Posted in iPad, iPhone, iPod | Tagged , , , , | Leave a comment

Hacker i0n1c to Jailbreak “The New iPad” on March 17th??

Posted on March 12, 2012 by JoeSolutions

This just in (and it looks to be the “surprise” that pod2g talked about before): The new iPad (aka, iPad 3) will be Jailbroken on its arrival day. Stefan Esser, better known as i0n1c in the jailbreak community, has confirmed by tweeting – 5 more days until I will have a jailbroken “the new iPad”. This could mean that the hacker has working exploit in hand that will jailbreak A5X based “The New iPad” as soon as he receive the latest tablet in hand (on March 17th).
It all started in January when pod2g’s latest blog post hinted that i0n1c has discovered a new exploit in LC_SEGMENT64 and a way to authenticate the binary using loader and that we could see it in action in the 5.1 jailbreak. Details are thin whether it’s a bootrom or userland exploit but the tweet suggests that the exploit is full-blown and not just half-cooked untested vulnerability. In addition to jailbreak iPad 3 on iOS 5.1, the exploit could support jailbreaking A5-based iPhone 4S and iPad 2 too.

iPad 3 jailbreak

Fearing possible leak, i0n1c never divulged details about 5.1 untethered jailbreak exploit, but I can only expect that this release will be made public when the time is appropriate, maybe after successfully testing the vulnerability on latest iPad (if A5X don’t break the exploit, of course).

Posted in iPad | Tagged , , , , , , , , , , , | Leave a comment