Share:

iPhone Firmware 1.1.3 and 1.1.2 Officially Unlocked via Hardware!

Share:

Jeez, we’re still waiting patiently for a 1.1.2 unlock, and then Apple springs the 1.1.3 firmware update on us. Forget about unlocking 1.1.2, let’s focus on 1.1.3 for today! A user from Vietnam has posted on the GSM forums that he has unlocked his 1.1.3 iPhone via a HARDWARE unlock! Yes, I said hardware–that means opening up your precious iPhone! Here’s an image for you…

113_done-small.jpg

Want to read more? Check out the chatter on the Hackint0sh forums

Also, iPhone “enthusiast” George Hotz has managed to unlock a 1.1.2 OTB iPhone using this method as above. Check out Unlock.no as they have posted a tutorial on how to downgrade your 1.1.2 baseband!

Read up about what Engadget has to say about the 1.1.2 software unlock that could be coming around the corner…

The chatter on the forums is that the 1.1.2 software unlock should be coming our way soon…so let’s keep our fingers crossed that this time and hope it comes soon! This is great news!

If you enjoyed this post, please subscribe to my RSS feed, so you won’t miss any updates!Β 

Share:

  • Dusty

    This is damn good news! haha πŸ™‚ I will try to post some more info. as I find some new stuff… πŸ˜›
    For some previous news on this, check this link http://www.iphoneincanada.ca/how-to/how-to-downgrade-firmware-113-to-112/#comments
    Thanks iPhone Fan, keep up the great work!

    1.1.2OTB Software unlock, I can feel it coming anytime now! lol

    Dusty

  • Dusty

    This is damn good news! haha πŸ™‚ I will try to post some more info. as I find some new stuff… πŸ˜›
    For some previous news on this, check this link http://www.iphoneincanada.ca/how-to/how-to-downgrade-firmware-113-to-112/#comments
    Thanks iPhone Fan, keep up the great work!

    1.1.2OTB Software unlock, I can feel it coming anytime now! lol

    Dusty

  • Dusty

    This is damn good news! haha πŸ™‚ I will try to post some more info. as I find some new stuff… πŸ˜›
    For some previous news on this, check this link http://www.iphoneincanada.ca/how-to/how-to-downgrade-firmware-113-to-112/#comments
    Thanks iPhone Fan, keep up the great work!

    1.1.2OTB Software unlock, I can feel it coming anytime now! lol

    Dusty

  • Dusty

    Well guys I came across some sad news…

    Notes on a 1.1.2 OTB Software Unlock

    I don’t see it happening.

    First of all, downgrading the bootloader from software is out of the question. The bootrom exploit runs before the current bootloader, so it can access the bootloader. But when the bootloader boots, it locks down its sections of flash. So after the bootloader runs, the bootloader can’t be touched.

    Secondly, the only secpack that validates on 4.6 is >= 1.1.3 They made a change to the format of the secpack so the older ones don’t validate. So if we looked for an exploit in the baseband itself, it would have to be on post 1.1.2

    Firmware is written as it is uploaded, and this is what IPSF and AnySim take advantage of. The old bootloader just relied on waiting for the sig to verify before writing the first 0x400 bytes, which contain the start vector. The new bootloader also needs the “secpack” in 0x3c0000 to not verify. So we would have to find an exploit which can write the first 0x400 and erase 0x3c0000.

    The IPSF unlock itself uses an RSA hack in bootloader 3.9 This has been thoroughly patched in 4.6

    Also even if we found a way to brute force the NCK’s in reasonable time, we can’t get the information to do the brute force off 4.6 The only hope here is to find the Apple algorithm used to generate the NCK. I don’t think this is possible, unless we have a spy in Apple πŸ™‚

    I hope I am wrong, and some clever person will come along with a software unlock.

    http://iphonejtag.blogspot.com/

  • Dusty

    Well guys I came across some sad news…

    Notes on a 1.1.2 OTB Software Unlock

    I don’t see it happening.

    First of all, downgrading the bootloader from software is out of the question. The bootrom exploit runs before the current bootloader, so it can access the bootloader. But when the bootloader boots, it locks down its sections of flash. So after the bootloader runs, the bootloader can’t be touched.

    Secondly, the only secpack that validates on 4.6 is >= 1.1.3 They made a change to the format of the secpack so the older ones don’t validate. So if we looked for an exploit in the baseband itself, it would have to be on post 1.1.2

    Firmware is written as it is uploaded, and this is what IPSF and AnySim take advantage of. The old bootloader just relied on waiting for the sig to verify before writing the first 0x400 bytes, which contain the start vector. The new bootloader also needs the “secpack” in 0x3c0000 to not verify. So we would have to find an exploit which can write the first 0x400 and erase 0x3c0000.

    The IPSF unlock itself uses an RSA hack in bootloader 3.9 This has been thoroughly patched in 4.6

    Also even if we found a way to brute force the NCK’s in reasonable time, we can’t get the information to do the brute force off 4.6 The only hope here is to find the Apple algorithm used to generate the NCK. I don’t think this is possible, unless we have a spy in Apple πŸ™‚

    I hope I am wrong, and some clever person will come along with a software unlock.

    http://iphonejtag.blogspot.com/

  • Pingback: 1.1.2 OTB Unlock Update » iPhone in Canada: Tips, Tricks, and News for Canadian iPhone Users()

Deals