* 3G(the network speed) issues fixed
* Now only patches one file, CommCenter
* Leaves no traces on your baseband after it runs. 0 bytes of RAM
* Much more clean and reliable.
Be sure to have legit activated 3GS
Disable 3G if you don't have it(like T-Mobile).
Add apt.geohot.com to Cydia
Install(or Update) com.geohot.purplesn0w
Watch for success output in Cydia(actually do this step)
Wait for signal, and enjoy your unlocked iPhone(no reboot required)
Follow @geohot on twitter
Wednesday, July 15, 2009
Monday, July 13, 2009
purplesn0w technicals
About a year ago today, I found the at+stkprof exploit. Back then, I struggled for 3 days to write a payload. No luck, I just wasn't a good enough reverser. So I stashed the exploit away until December, when I gave it to dev for use in yellowsn0w.
Now a year later, I wrote a payload and delivery system in a day. And it's an awesome payload. Ideally we'd like to patch the lock out of flash, but with the apparently proper sig checks, that isn't going to happen. So purplesn0w is the next best thing. I copy the page I want to patch to an unused region of memory. In memory I patch it. Then, using the MMU, I map the flash page out and remap the patched memory page in it's place.
No new iPhones are really unlocked, activation creates a ticket allowing the baseband to be used with that sim. The lockstate of the phone really lies on apples servers. Unlocked is auth all sims. Locked is auth AT&T sims only. Fortunately this ticket system provides an easy way to deliver the payload and reexecute the patched code all in one. And since the ticket is already delivered on baseband resets, theres no need to write another daemon to hog battery. I use the daemon already designed for this, lockdownd. A patch to commcenter gets it to run the payload on ticket delivery. And a patch to your activation record contains the payload. So using existing apple machinery, I unlock when needed.
In retrospect, I should've just patched commcenter to send the payload. Then hacktivation would work no problem. Oh well, tomorrow is another day. I'll add hacktivation support then.
Here is the source. And I mean all of it.
Now a year later, I wrote a payload and delivery system in a day. And it's an awesome payload. Ideally we'd like to patch the lock out of flash, but with the apparently proper sig checks, that isn't going to happen. So purplesn0w is the next best thing. I copy the page I want to patch to an unused region of memory. In memory I patch it. Then, using the MMU, I map the flash page out and remap the patched memory page in it's place.
No new iPhones are really unlocked, activation creates a ticket allowing the baseband to be used with that sim. The lockstate of the phone really lies on apples servers. Unlocked is auth all sims. Locked is auth AT&T sims only. Fortunately this ticket system provides an easy way to deliver the payload and reexecute the patched code all in one. And since the ticket is already delivered on baseband resets, theres no need to write another daemon to hog battery. I use the daemon already designed for this, lockdownd. A patch to commcenter gets it to run the payload on ticket delivery. And a patch to your activation record contains the payload. So using existing apple machinery, I unlock when needed.
In retrospect, I should've just patched commcenter to send the payload. Then hacktivation would work no problem. Oh well, tomorrow is another day. I'll add hacktivation support then.
Here is the source. And I mean all of it.
Make it ra1n, I'm makin' it sn0w
Wifi fails? Battery fails? Unlock fails? You need purplesn0w, the geohot 3GS unlock solution. Now I know you here a lot about different colors of sn0w, but I'm here to tell you why purplesn0w is the best. First off, what is purplesn0w? It's a soft unlock for your 3GS that I'd actually use day to day. It's not a daemon that takes any resources, and it doesn't add a task to your baseband. It's very close to a true unlock. All it does is patch three files, CommCenter, lockdownd, and your wildcard activation plist(which you need, activate w at&t sim first, no hacktivation support yet). That's it, no other files are installed. Props to Oranav for the at+xlog exploit!
A full explanation is coming soon, but I think you clever reversers out there will see what it does, and see why it's so pristine :-) The payload is radically different from other varieties of sn0w. beta as usual, back up first.
A full explanation is coming soon, but I think you clever reversers out there will see what it does, and see why it's so pristine :-) The payload is radically different from other varieties of sn0w. beta as usual, back up first.
Sunday, July 5, 2009
purplera1n...for mac
You asked for it, and we delivered. I'm not a mac coder, so AriX and westbaer stepped up to do it. Check out AriX's blog here. Download link on purplera1n.com, and thank AriX and westbaer next time you see them!
Also, some more payload stability improvements were made, and the windows version was updated to RC2a. There is no reason to run RC2a if you already have RC2 installed.
Also, some more payload stability improvements were made, and the windows version was updated to RC2a. There is no reason to run RC2a if you already have RC2 installed.
Saturday, July 4, 2009
purplera1n RC2
Vista, Windows 7, International, 64-bit support
Less flakiness in the payload
Cydia tar cleaned up
Improved logging with slightly more useful errors
New kernel patches, codesign errors gone. Props posixninja
Added vm_map +x, passed vm_check
No winterboard yet, but now that ball is in Saurik's court :-)
Still in beta, use caution
purplera1n
Happy 4th everyone!!!
Less flakiness in the payload
Cydia tar cleaned up
Improved logging with slightly more useful errors
New kernel patches, codesign errors gone. Props posixninja
Added vm_map +x, passed vm_check
No winterboard yet, but now that ball is in Saurik's court :-)
Still in beta, use caution
purplera1n
Happy 4th everyone!!!
Thursday, July 2, 2009
I make it ra1n
Yes, this is what you've all been waiting for. A jailbreak for the iPhone 3GS. And it's awesome. To get started right now, go to purplera1n.com. Download it. Make sure you have windows(but not 7), the latest iTunes installed, and an iPhone 3GS with 3.0 firmware. Connect your iPhone normally. Click "make it ra1n". Wait. On bootup, run Freeze, the purplera1n installer app. Hopefully you'll figure out what to do from there. Best tutorial gets linked to from purplera1n site. This tool is beta. Make sure to have everything backed up before running. Also if Cydia doesn't show up after running Freeze, reboot.
If you need help email purplera1n.support at gmail and attach your purplera1n.log file. Or call the purplera1n support hotline @ (650) 265-1210 Mac version is coming shortly.
Normally I don't make tools for the general public, and rather wait for the dev team to do it. But guys, whats up with waiting until 3.1? That isn't how the game is played. We release, Apple fixes, we find new holes. It isn't worth waiting because you might have the "last" hole in the iPhone. What last hole...this isn't golf. I'll find a new one next week. Also your purplera1nyday files ensure that you can always get back to a jailbroken state, so if you have it it's just a matter of tools.
Props to chronic dev for their help, and to kroo for writing v2 of Freeze. And props to Saurik for making an awesome package set. Note the binary size of purplera1n, it's smaller than C++ hello world. No 20MB thing that needs to be torrented. And no IPSW to download. This is how jailbreak should be!
Follow me on twitter @ geohot
If you need help email purplera1n.support at gmail and attach your purplera1n.log file. Or call the purplera1n support hotline @ (650) 265-1210 Mac version is coming shortly.
Normally I don't make tools for the general public, and rather wait for the dev team to do it. But guys, whats up with waiting until 3.1? That isn't how the game is played. We release, Apple fixes, we find new holes. It isn't worth waiting because you might have the "last" hole in the iPhone. What last hole...this isn't golf. I'll find a new one next week. Also your purplera1nyday files ensure that you can always get back to a jailbroken state, so if you have it it's just a matter of tools.
Props to chronic dev for their help, and to kroo for writing v2 of Freeze. And props to Saurik for making an awesome package set. Note the binary size of purplera1n, it's smaller than C++ hello world. No 20MB thing that needs to be torrented. And no IPSW to download. This is how jailbreak should be!
Follow me on twitter @ geohot
Subscribe to:
Posts (Atom)