最简单的IPHONE 102恢复原厂直升111系统教程！！

[伤城]

使用本文的方法后，可以使IPHONE恢复原厂，并且可以直接升级111，然后进行直接破解！操作需要小心谨慎！

這個工具是用來修復AnySIM 1.0x、iUnlock（Unlock）破壞的seczone！
這個版本還不夠傻瓜...雖然已經簡化不少...
但還是期待有人可以寫出跟AnySIM一樣具有UI介面的修復工具！
这版本不需要安装假simfree和下载bin文件,

首先必须具备WIFI环境，并且要在电脑中安装putty及Winscp

（一）
使用WinSCP把六個檔案都放到iPhone的root的revirgin(需新建)資料夾下面！
a) bbupdater
b) iUnlock
c) norz
d) ICE03.14.08_G.fls
e) ICE03.14.08_G.eep
f) eliteloader.bin

（二）
為bbupdater、norz跟iUnlock加上執行權限
浏览附件3.jpg

（三）備份seczone 使用Putty
輸入指令： cd /.后再输入ls看根目录,看到根目录有revirgin文件夹后再输入cd /revirgin然后再打下面代码

launchctl unload -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist

./norz seczone.backup 0x3FA000 0x2000

PS:这一步一般可能会过不去，您可以不用打。

你會看見下面畫面...

geohot's nor dumper
all your norz are belong to us
super fast...just the way i like it
Dumping: A03FA000-A03FC000
Waiting for data...
Got Header: 77 0b cc
Increasing baud rate...
02 00 82 00 04 00 00 10 0E 00 A4 00 03 00
02 00 01 08 14 00 00 00 00 00 A4 00 03 00 09 00
00 00 33 2E 39 5F 4D 33 53 32 C3 0A 03 00
02 00 84 00 00 01 01 00 00 00 89 00 00 00 62 88
00 00 03 00 00 00 00 00 00 00 01 00 00 00 02 00
00 00 00 00 40 00 3F 00 00 00 00 00 01 00 08 00
00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 A6 03 03 00
02 00 85 00 02 00 FF FF 85 02 03 00
02 00 02 08 06 00 00 00 01 02 03 00 0E 08 03 00
Wrote: 0xa03fa000
Wrote: 0xa03fb000
Dumped
resetbaseband

然後把seczone.backup的檔案，用WinSCP傳回電腦備份起來！

（四）修復
接著同樣在Putty裡面，輸入下面指令：

cd /revirgin

./iUnlock ICE03.14.08_G.fls eliteloader.bin

你會看見下面畫面...

iUnlock v42.PROPER -- Copyright 2007 The dev team


Credits: Daeken, Darkmen, guest184, gray, iZsh, pytey, roxfan, Sam, uns, Zappaz, Zf

* Leet Hax not for commercial uses
Punishment: Monkeys coming out of your ass Bruce Almighty style.

Sending Begin Secpack command
Sending Erase command
Waiting For Erase Completion...
Sending Write command
00%
05%
15%
25%
35%
45%
55%
65%
75%
80%
90%
Sending End Secpack command
Validating the write command
FW are equal!
Completed.
Enjoy!

之後再輸入下面指令

./bbupdater -v

你會看到下面畫面...

Resetting target...
pinging the baseband...
baseband unresponsive to pinging
Done

修復seczone完畢！

（五）重寫BaseBand
接著輸入：

./bbupdater -f ICE03.14.08_G.fls -e ICE03.14.08_G.eep

你會看見下面內容...

Preparing to flash using /dev/tty.baseband at 750000 baud
Please reset target
Resetting target...
ProcessDetailUpdated: Boot-loader is active
ProcessDetailUpdated: EBL version: 3.9_M3S2 3..9
ProcessDetailUpdated: Boot mode is: CC
ProcessDetailUpdated: Baud rate set to 750000
ProcessDetailUpdated: Get flash id.
ProcessDetailUpdated: CFI stage 1
ProcessDetailUpdated: Flash ID is: 88620089
ProcessDetailUpdated: CFI stage 2
ProcessDetailUpdated: Boot process finished
ProcessOutlineUpdated: Reading SW version data
ProcessDetailUpdated: Receiving data.
ProgressUpdated: 100
ProcessDetailUpdated: Upload OK
ProcessOutlineUpdated: Process time was 133 msec.
Upgrade from to
Downloading EEP
ProcessOutlineUpdated: Start downloading from file ICE03.14.08_G.eep.
ProcessDetailUpdated: Sending sec-pack.
ProcessDetailUpdated: Load region 0
ProcessDetailUpdated: Sending end-pack.
ProcessDetailUpdated: Checksum OK.
ProcessDetailUpdated: Verify OK
ProcessOutlineUpdated: Process time was 1795 msec.
Downloading FLS
ProcessOutlineUpdated: Start downloading from file ICE03.14.08_G.fls.
ProcessDetailUpdated: Erasing the dynamic eeprom area
ProgressUpdated: 100
ProcessDetailUpdated: Sending sec-pack.
ProcessDetailUpdated: Load region 0
ProcessDetailUpdated: Sending data.
ProgressUpdated: 0
ProgressUpdated: 2
ProgressUpdated: 4
ProgressUpdated: 5
ProgressUpdated: 7
ProgressUpdated: 8
ProgressUpdated: 10
ProgressUpdated: 11
ProgressUpdated: 13
ProgressUpdated: 15
ProgressUpdated: 16
ProgressUpdated: 18
ProgressUpdated: 19
ProgressUpdated: 21
ProgressUpdated: 22
ProgressUpdated: 24
ProgressUpdated: 25
ProgressUpdated: 27
ProgressUpdated: 29
ProgressUpdated: 30
ProgressUpdated: 32
ProgressUpdated: 33
ProgressUpdated: 35
ProgressUpdated: 36
ProgressUpdated: 38
ProgressUpdated: 40
ProgressUpdated: 41
ProgressUpdated: 43
ProgressUpdated: 44
ProgressUpdated: 46
ProgressUpdated: 47
ProgressUpdated: 49
ProgressUpdated: 50
ProgressUpdated: 52
ProgressUpdated: 54
ProgressUpdated: 55
ProgressUpdated: 57
ProgressUpdated: 58
ProgressUpdated: 60
ProgressUpdated: 61
ProgressUpdated: 63
ProgressUpdated: 65
ProgressUpdated: 66
ProgressUpdated: 68
ProgressUpdated: 69
ProgressUpdated: 71
ProgressUpdated: 72
ProgressUpdated: 74
ProgressUpdated: 75
ProgressUpdated: 77
ProgressUpdated: 79
ProgressUpdated: 80
ProgressUpdated: 82
ProgressUpdated: 83
ProgressUpdated: 85
ProgressUpdated: 86
ProgressUpdated: 88
ProgressUpdated: 90
ProgressUpdated: 91
ProgressUpdated: 93
ProgressUpdated: 94
ProgressUpdated: 96
ProgressUpdated: 97
ProgressUpdated: 99
ProgressUpdated: 100
ProcessDetailUpdated: Load region 1
ProcessDetailUpdated: Sending data.
ProgressUpdated: 0
ProgressUpdated: 1
ProgressUpdated: 2
ProgressUpdated: 3
ProgressUpdated: 4
ProgressUpdated: 5
ProgressUpdated: 6
ProgressUpdated: 7
ProgressUpdated: 8
ProgressUpdated: 9
ProgressUpdated: 10
ProgressUpdated: 11
ProgressUpdated: 12
ProgressUpdated: 13
ProgressUpdated: 14
ProgressUpdated: 15
ProgressUpdated: 16
ProgressUpdated: 17
ProgressUpdated: 18
ProgressUpdated: 19
ProgressUpdated: 20
ProgressUpdated: 21
ProgressUpdated: 22
ProgressUpdated: 23
ProgressUpdated: 24
ProgressUpdated: 25
ProgressUpdated: 26
ProgressUpdated: 27
ProgressUpdated: 28
ProgressUpdated: 29
ProgressUpdated: 30
ProgressUpdated: 31
ProgressUpdated: 32
ProgressUpdated: 33
ProgressUpdated: 34
ProgressUpdated: 35
ProgressUpdated: 36
ProgressUpdated: 37
ProgressUpdated: 38
ProgressUpdated: 39
ProgressUpdated: 40
ProgressUpdated: 41
ProgressUpdated: 42
ProgressUpdated: 43
ProgressUpdated: 44
ProgressUpdated: 45
ProgressUpdated: 46
ProgressUpdated: 47
ProgressUpdated: 48
ProgressUpdated: 49
ProgressUpdated: 50
ProgressUpdated: 51
ProgressUpdated: 52
ProgressUpdated: 53
ProgressUpdated: 54
ProgressUpdated: 55
ProgressUpdated: 56
ProgressUpdated: 57
ProgressUpdated: 58
ProgressUpdated: 59
ProgressUpdated: 60
ProgressUpdated: 61
ProgressUpdated: 62
ProgressUpdated: 63
ProgressUpdated: 64
ProgressUpdated: 65
ProgressUpdated: 66
ProgressUpdated: 67
ProgressUpdated: 68
ProgressUpdated: 69
ProgressUpdated: 70
ProgressUpdated: 71
ProgressUpdated: 72
ProgressUpdated: 73
ProgressUpdated: 74
ProgressUpdated: 75
ProgressUpdated: 76
ProgressUpdated: 77
ProgressUpdated: 78
ProgressUpdated: 79
ProgressUpdated: 80
ProgressUpdated: 81
ProgressUpdated: 82
ProgressUpdated: 83
ProgressUpdated: 84
ProgressUpdated: 85
ProgressUpdated: 86
ProgressUpdated: 87
ProgressUpdated: 88
ProgressUpdated: 89
ProgressUpdated: 90
ProgressUpdated: 91
ProgressUpdated: 92
ProgressUpdated: 93
ProgressUpdated: 94
ProgressUpdated: 95
ProgressUpdated: 96
ProgressUpdated: 97
ProgressUpdated: 98
ProgressUpdated: 99
ProgressUpdated: 100
ProcessDetailUpdated: Sending end-pack.
ProcessDetailUpdated: Checksum OK.
ProcessDetailUpdated: Verify OK
ProcessOutlineUpdated: Process time was 1 min 52 sec.
Resetting target...
pinging the baseband...
issuing +cpwroff...
Done

然後再輸入一次

./bbupdater -v

你會看見下面內容

Resetting target...
pinging the baseband...
issuing +xgendata...
firmware: DEV_ICE_MODEM_03.14.08_G
eep version: EEP_VERSION:207
eep revision: EEP_REVISION:7
bootloader: BOOTLOADER_VERSION:3.9_M3S2
Done

上面重寫BaseBand完畢！
接著輸入最後的指令...

launchctl load -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist

接著返回桌面...重開機你的iPhone！
整個revirgin的動作就完成了！！

本文涉及到的6个文件下载！
[hide]浏览附件revirgintoolpack.part1.rar
浏览附件revirgintoolpack.part2.rar [/hide]

 

[fengyawei]

谢谢楼主分享 收藏了 [s:59]

 

[netsailor]

怎么看我的IPhone是否使用了anysim1.0.x 版本破解呢？

升级到iphone 1.1.1版本有何好处啊？

 

[伤城]

引用第2楼netsailor于2007-10-28 00:11发表的 :
怎么看我的IPhone是否使用了anysim1.0.x 版本破解呢？

升级到iphone 1.1.1版本有何好处啊？

看是看不出。111版本解决了102的漏字问题~反映速度更快。内置了国际语言，包括简体中文，等等。。

 

[netsailor]

噢，谢谢啊

我的是102，但是这样升级有没有问题？如何通过winscp连接iphone呢?

引用第3楼伤城于2007-10-28 00:18发表的 :

看是看不出。111版本解决了102的漏字问题~反映速度更快。内置了国际语言，包括简体中文，等等。。

 

[伤城]

引用第4楼netsailor于2007-10-28 00:40发表的 :
噢，谢谢啊

我的是102，但是这样升级有没有问题？如何通过winscp连接iphone呢?

102系统如果破解过,一定要先恢复原厂后才能升级111,使用winscp连接IPHONE,必须有WIFI环境,及IPHONE里必须安装BSD和OPENSSH

 

[netsailor]

今晚通宵尝试了，非常危险

1、在 waiting for data里死掉，没有回应，不管是SSH还是Terminal。
2、不要备份后继续执行后面的步骤，显示都正常。
3、重启机器说SIM卡不能使用，使用系统信息查看，什么都没有变化（modem和系统版本），反倒是WIFI都只能看到不能连接了。
4、多亏之前还有anySIM，点击后，显示是anySIM 1.1，于是再破解一次。
5、目前又走回102的破解系统。

问题：

1、看来我的是anySIM 1.1破解的系统，如何升级到1.1.1？
2、最新的 061-3883.20070927.in76t/iphone1,1_1.1.1_3a109a_restore.ipsw 能否使用anySIM1.1破解？

 

[jiajia8115]

谢谢楼主分享

 

[wei8210]

hao!!!!!!! [s:76]

 

[dukun]

好东西，支持你

 

[mimiliang]

有机会要试试．

 

[ly7281]

XP 下能行吗?

 

[jackeyqiu]

thanks~~~~~

 

[lowaiwai]

[s:88] [s:76] thanks ...!!!!

 

[kelvin_ll]

xie xie!!!!!!!!!!!!!!!!!!

 

[jiajia8115]

楼主辛苦了 ....

 

[energy222]

终于可以用中文了

 

[zhangjun168]

非常不错的,谢谢了,顶啊

 

[fanxin133]

学习了。。 [s:72]

 

[酷爱手机]

谢谢楼主分享 [s:72] [s:72]