Tuesday, August 28, 2007

How to get your iPhone to work on all networks ?

Want to use your iPhone on a network other than AT&T ?

George Hotz has come up with a solution : http://iphonejtag.blogspot.com/

Here's how he describes it. I have taken the liberty of presenting it in a straight sequential order rather than the reverse order it appeared on his blog. If you are crazy enough risking breaking your iPhone trying to do this, blame George :-) . He got a car for his efforts, all you may end up with is a broken iPhone:

Step 1
First, I would like to say thanks again to gray, iProof, dinopio, lazyc0der, anonymous, the dev team, nightwatch, and everyone who donated. Without them, there would be no unlock today, and I surely wouldn't be up at 8AM.Second, you may brick your iPhone using this tutorial. YOU ARE WARNED.Okay on to the actual step. Remove the black part, the three screws, and the aluminum case. Disconnect the wire connecting the phone to the case. Do not remove anything else. Comment on these posts if you are with me so far. Once we get a good number of comments I'll move on.

Step 2
Also remove the metal cover over the comm board. This is all the disassembly you have to do. If you feel like being safe, desolder the battery red lead. I didn't :)

Step 3
The red line is covering the A17 trace. In order to trick the chip into thinking the flash is erased in the correct section, you will need to pull this high. Scrape away at the trace with something like a multimeter probe. Then solder a very thin wire to it. Be very careful. Only scrape away at that solder mask above that one trace. YOU DO NOT WANT TO BREAK THE TRACE. This is the hardest step in the whole process; the rest is cake. Also solder a wire to the 1.8v line. Connect to wire coming from the trace and the wire coming from the 1.8v to your unlock switch. Be careful, you only get one chance to do this right. Thanks again to Nick Chernyy for the picture.

Step 4
Ok, time to test what you just soldered. First use the continuity check on a multimeter to make sure the wires aren't shorting to ground or to each other. Make sure your switch is in the off position. Power up your iPhone. Hopefully it didn't smoke :) Now go into minicom to tty.baseband and send a few commands, AT a few times will do. It should respond OK. Now flip your switch, the baseband should stop responding. Even when you flip it back, the baseband still shouldn't respond. Be sure your switch is off, then open another ssh and run "bbupdater -v" You can get bbupdater off the ramdisk. This should reset the baseband, and minicom should start working again. If it did this, your soldering is most likely good, and you are ready to actually start unlocking your phone!!!

Step 5
If it passed the checks in step 4, congratulate yourself. You are a pro solderer. Go eat lunch. If not, don't worry yet. I must've thought I bricked my phone 100 times. First of all, to power up your phone you don't need to reconnect the case with the power button. Just connect it with USB, it'll power itself up. Secondly, don't waste time compiling minicom. Download the binary here, and termcap here.

Step 6
Now, with the switch off, your baseband should be working perfectly. Here you should take a NOR dump of your phone. The dev team's NORDumper is a great way to do this. This is good to have in case something goes wrong. You can extract the firmware from this as well, which we'll get to later.

Step 7
So here is the first tool release, iEraser. This erases the current firmware on your modem. Don't worry, you can always put it back with bbupdater. Here how the bootrom check works; it reads from 0xA0000030 0xA000A5A0 0xA0015C58 0xA0017370 and all these addresses must read as blank, or 0xFFFFFFFF. When you erase flash, it becoms 0xFFFFFFFF. But you can't erase those locations, because they are in the bootloader. So thats where the testpoint comes in. Pulling A17 high hardware OR's the address bus with 0x00040000(offset one because data bus is 16 bit) So the bootrom instead checks locations 0xA0040030 0xA004A5A0 0xA0045C58 0xA0047370, which are in the main firmware and can be erased. Pretty genius :)To use this tool, you need the secpack from your modems version. The erase of this section is protected. Check the modem version in Settings->About. It'll either be 3.12(1.0) or 3.14(1.0.1 and 1.0.2). You need the ramdisk which cooresponds to your version. Then go into "/usr/local/standalone/firmware" and get the ICE*.fls file. Extract 0x1a4-0x9a4 and save it in a file called secpack and place it in the same directory as the ieraser tool. Run ieraser. This should erase the modem firmware and leave you one more step on your way to unlocking.

Step 8
Now its time to patch the firmware. Thanks to gray for finding these patches, this required some very complicated reversing. First, you need to extract the firmware from your nor dump. The range you need is 0x20000-0x304000. Save this file as "nor". The patches you need to apply are as follows. These are offsets from the begininning of the file to saved as "nor". Choose your version, and patch.3.12: (213740): 04 00 a0 e1 -> 00 00 a0 e33.14: (215148): 04 00 a0 e1 -> 00 00 a0 e3Resave the file nor, you'll need it soon...

Step 9
The final tool is iUnlocker. This tool uploads a small program, "testcode.bb", to the baseband using the bootrom exploit. This program needs to be in a dir with "nor", the file you obtained in the last step. You need to have the switch on when running this program. This will download and run the code in "testcode.bb" Then the program will stop and ask to to turn off the switch. Do so. You type any character then hit enter. The nor download starts right away. When the counter reaches 0x2E4000, it is done. Run "bbupdater -v". Hopefully it will return the xgendata. If is does, the nor upload was successful.

Step 10: The Last One
minicom into /dev/tty.baseband. If you already used up your attempt counter, the phone should already be unlocked. If not just run 'AT+CLCK="PN",0,"00000000". That will unlock the phone for sure. Run 'AT+CLCK="PN",2'. It should finally return 0!!!Your phone is now unlocked. Exit minicom and copy the CommCenter plist back to its place. Reboot. iASign. And enjoy your unlocked iPhone.

Monday, August 20, 2007

India, U.S. are pursuing same dream

An article by me published in the Rochester Democrat and Chronicle today.


India, U.S. are pursuing same dream
Deepak SethGuest essayist

Post Comment

(August 20, 2007) — Aug. 15 marked India's 60th Independence Day and hence the 60th anniversary of Indo-U.S. relations — a journey marked with lots of interesting twists and turns.
It started off on a high note with the U.S, Constitution inspiring the framers of India's constitution. But then, India veered onto a socialistic path with state control of enterprises and alignment, albeit loosely, with the Soviet Union during the Cold War. The United States also aligned itself with India's then-arch-rival Pakistan.

Since then, much water has flown down the Ganges and the Potomac. The United States now values India as a strategic partner. India has liberalized its economy. The two countries are on the brink of ratifying a nuclear collaboration treaty signed a couple of years ago. Some think this is due to India's growing economic clout as a nuclear power while others think it is a manifestation of America's desire to prop up India as a potential check to China's aspirations as a global superpower.

Trade between India and the United States is booming. A big chunk of Boeing's current order book comes from India. Immigrants from India founded more engineering and technology companies in the United States from 1995 to 2005 than immigrants from the United Kingdom, China, Taiwan and Japan combined. Of all immigrant-founded companies, 26 percent have Indian founders. Locally, in Rochester, India-born entrepreneurs including I.C. Shah (ICS Telecom), Dilip Vellodi (The Sutherland Group), Bal Dixit (Fireproof materials), Ram Shrivastava (Larsen Engineers) and Makhan Singh (restaurateur) have created hundreds of jobs and contributed significantly to the local economy. Indian doctors are strong pillars of the local health care system. As they have worked hard to realize their "American Dream," they have enhanced the prosperity of their adopted land. More than 2.5 million people from India now call America home.

In this era of globalization, the American Dream has become the Indian Dream. The American Dream has spread to all corners of the world due to the selfless actions of the thousands of U.S. volunteers helping with education, health care and disaster relief; the veterans who fought or gave their lives during the world wars to rid the world of oppression and tyranny; the writings of American thinkers and philosophers; American media; the American tourist and explorer who trudge the farthest reaches of the globe; the American researcher and inventor whose discoveries benefit all mankind; U.S. universities, which are a global magnet for students; and, yes, the U.S. corporation that has made the likes of McDonald's and Starbucks global icons.
India faces challenges of elephantine proportions in its march toward economic prosperity for all its citizens, but the world's largest democracy is living up to the dreams of 1947. And it is doing so in close alignment with a country that has championed democracy and freedom for more than 200 years: the United States.

Seth, of Brighton, is a native of India and member, Board of Contributors.

Search Google


Site Meter