少年黑客George Hotz(乔治 霍茨) 其个人博客上已经表示,他已经成功利用硬件破解的方式解锁了OTB 1.1.2固件且bootloader版本是4.6。更令人兴奋的是,他已经成功将bootloader 4.6版本降级至bootloader 3.9,这意味着我们将可以重新使用anySIM解锁软件而再也不需要卡贴了。
由于乔治霍茨是利用其自己国家的Sim卡解锁成功的,这并不意味这我们可以使用自己国家的SIM卡,并且这有可能会导致你的iPhone变砖,所以大家请不要升级至1.1.3固件。
最新更新:我们已经获知1.1.2固件且bootloader是4.6版本的解锁软件已经出现了。
一则消息
Friday, January 18, 2008
1.1.2 OTB UNLOCKED
First of all, HUGE thanks to TA_Mobile and IMTH for getting us the secpack from 1.1.3 Also, thanks to psp_sully for giving me a 1.1.2 OTB phone to play with. Without them there would be no unlock, and no blog post.
YOU VERY WELL MAY BRICK YOUR PHONE WITH THIS. Be careful. I have done it sucessfully on two phones, and have never bricked an iPhone in my life.
So lets get down to business. It is a hardware method to downgrade the bootloader, and I am assuming you are familiar with the old hardware method, so I won't repeat steps. You need to have a 1.1.2 4.6 phone for this to work. If you upgraded to 1.1.3, have fun waiting for 1.1.4!
First download this pack, you will need these files. This includes the NEW secpack, a new ieraser, a new testcode.bb, and a new iunlocker.
1. Copy all the files to a directory on your phone. It is imperative you do not shut off the phone after ieraser, or you cannot restore wifi, since the only fls which works on 4.6 is 1.1.3
2. Run ienew. This is ieraser, and it erases your 1.1.2 firmware to allow the testpoint to work.
3. Find an old 3.9 nor dump and create a file called "nor" with the first 0x20000 bytes of the old nor dump. This is the 3.9 bootloader.
4. Copy "nor" into the folder and run iunew. This is iunlocker and runs just like the old one. You will need the A17 testpoint on before running this. See Step 3 for info on this testpoint.
5. The bootloader is now 3.9!!! Run bbupdater or restore phone with the AnySimmable firmware of your choice.
6. Run AnySim and, as usual, enjoy your unlocked iPhone.
PS. Thanks again to TA_Mobile and IMTH. The secpack was the only obstacle to the unlock. And thanks to the girl who pressed the return button while I held the testpoint
Posted by George Hotz at 3:59 AM
28 comments:
Rolandas said...
gz
January 18, 2008 4:13 AM
Eddy Currents said...
Great work guys, and thanks for the details of the method, geohot - you're one the good guys :>) The question now is, to brick or not to brick? Ah what the hell, if I mess up the A17 testpoint, at least I'll have a really nice paper weight...
January 18, 2008 4:14 AM
tall said...
isn't this a great news?Sure it is for me,
January 18, 2008 4:15 AM
love said...
WoW
finally got it
January 18, 2008 4:18 AM
Omar said...
WOW!!!!!
THATS AWESOME!!!!!
mine is already 3.9 but i feel the same happiness as 4.6 owners
January 18, 2008 4:29 AM
esJ said...
Will this secpack allow you to erase 1.1.3 baseband on 3.9 bootloader?
January 18, 2008 4:33 AM
indiekiduk said...
Geo is the MCC MNC lock in the bootloader? I'm wondering if the USA (AT&T) and UK (O2) 4.6 bootloaders are different?
January 18, 2008 4:38 AM
thebo83 said...
I don't think that you can downgrade your baseband with this secpack, since it is a 1.1.2 secpack! As George mentions if you upgraded to 1.1.3 you maybe have to wait for 1.1.4 to be released (when ever this will be
January 18, 2008 4:48 AM
esJ said...
Actually, this should be the 1.1.3 secpack. You need the secpack from a newer baseband version in order to be able to change or erase it on a 4.06 bootloader. 3.9 bootload allows you to change or erase baseband with current or newer secpack. This is what I understand from what has been found out about 4.06 bl
January 18, 2008 4:54 AM
kalifa said...
First of all, congratulations GeoHot and friends.
You should post your method in http://11246unlock.com and win the money guys.
Anyone else has unlock his iPhone with this method?
I don't understand "Brick" concept. In case of error, is it not possible i.e to reinstall the ipsw 1.1.1 and start the unlock process again?
January 18, 2008 4:59 AM
cefd said...
once an iphone is bricked, it is all locked up, not usable
Question: will this lead to a software unlock?? That would be fantastic as i'm not that confident with opening my iphone...
January 18, 2008 5:03 AM
techremarks said...
Congratz everyone.
I guess a software unlock should be out soon with the new secpack that can downgrade the bl as this method relies on the flaw of the old bl (tp A17).
So once you downgrade to the bt 3.9 you should be able to upgrade fw back to 1.1.3 right? Or do you need the secpack from 1.1.4?
January 18, 2008 5:07 AM
Vag said...
GEORGE YOU ARE THE MAN!!!! I just translated to Greek and posted the steps on my blog! Greetz!
January 18, 2008 5:18 AM
freiheit said...
choukran thank you in arabic
merci in french
u are the iphone angel
January 18, 2008 5:30 AM
Bart said...
can you post the nor dump pls?
THanks,
Bart.
January 18, 2008 5:51 AM
iPeter said...
Great News !
it will be possible to make a software unlock or just hardware method ?
January 18, 2008 5:52 AM
J. Ernesto said...
Good work! you磖e the first one!
Buen trabajo!! eres el primero!
January 18, 2008 6:51 AM
francesco_marullo said...
nobody tried this method? if yes, can you leave feedbacks?
January 18, 2008 7:13 AM
crozt said...
George, can you confirm that the secpack delivered in your pack is from 1.1.3? If so, can we use the old iEraser and the new secpack to erase the baseband without downgrading the bootloader?
Or is your hardware unlock and downloading the bootloader currently the only way?
Thanks!
January 18, 2008 7:25 AM
ChINgCHanG said...
Hi! Could you explain this unlocking method in details.
Thx
January 18, 2008 7:33 AM
arnd said...
damn, you guys did a nice work! take care...
January 18, 2008 7:43 AM
solor said...
@crozt
open secpack.bin in any editor and you will see its from 04.03.13
January 18, 2008 7:44 AM
Rok said...
I am wondering. Is this now a hardware unlock or software?? In the procedure there is no mentioning of opening the iph
Has anyone tried it?
January 18, 2008 7:46 AM
Rok said...
When you say copy files into the iphone folder. Which folder do you mean?
Thanks
January 18, 2008 7:49 AM
JavaPosse said...
Hi George,
thanks for the good news.
Would be great if you'd throw up a vid on youtube displaying the process for the brave ones who'd like to do this.
Cheers,
-V
January 18, 2008 8:00 AM
Xserve said...
@rok Did you even bother to read the very first step?
From the comments here of some guys it's obvious you should NEVER touch your iPhone - ALL the questions have been answered - so go back and read again and if you still can't understand then go buy a SIM Unlock from high priced dealer.
January 18, 2008 8:21 AM
Florent Pitoun said...
This sounds great!
I will translate into french if I succeed but there's something I need to understand:
You say "It is a hardware method to downgrade the bootloader, and I am assuming you are familiar with the old hardware method".
Do you mean we have to physically disassemble the iphone and modify some of its hardware parts ?
January 18, 2008 8:29 AM
az1324 said...
DO NOT DO THIS ON FIRMWARE 1.1.2
That's my advice. Even though you can do it in Airplane mode it's still very risky because if the phone decides to go into its baseband guardian lockdown mode and reboot you will lose wifi and possibly worse.
So do this on 1.1.1 or 1.0.2 people!
That being said, it does work reliably so thanks for the method, Geo & Friends.
January 18, 2008 8:40 AM
Post a Comment
Older Post Home
Subscribe to: Post Comments (Atom
ON THE IPHONE
FRIDAY, JANUARY 18, 2008
1.1.2 OTB UNLOCKED
First of all, HUGE thanks to TA_Mobile and IMTH for getting us the secpack from 1.1.3 Also, thanks to psp_sully for giving me a 1.1.2 OTB phone to play with. Without them there would be no unlock, and no blog post.
YOU VERY WELL MAY BRICK YOUR PHONE WITH THIS. Be careful. I have done it sucessfully on two phones, and have never bricked an iPhone in my life.
So lets get down to business. It is a hardware method to downgrade the bootloader, and I am assuming you are familiar with the old hardware method, so I won't repeat steps. You need to have a 1.1.2 4.6 phone for this to work. If you upgraded to 1.1.3, have fun waiting for 1.1.4!
First download this pack, you will need these files. This includes the NEW secpack, a new ieraser, a new testcode.bb, and a new iunlocker.
1. Copy all the files to a directory on your phone. It is imperative you do not shut off the phone after ieraser, or you cannot restore wifi, since the only fls which works on 4.6 is 1.1.3
2. Run ienew. This is ieraser, and it erases your 1.1.2 firmware to allow the testpoint to work.
3. Find an old 3.9 nor dump and create a file called "nor" with the first 0x20000 bytes of the old nor dump. This is the 3.9 bootloader.
4. Copy "nor" into the folder and run iunew. This is iunlocker and runs just like the old one. You will need the A17 testpoint on before running this. See Step 3 for info on this testpoint.
5. The bootloader is now 3.9!!! Run bbupdater or restore phone with the AnySimmable firmware of your choice.
6. Run AnySim and, as usual, enjoy your unlocked iPhone.
PS. Thanks again to TA_Mobile and IMTH. The secpack was the only obstacle to the unlock. And thanks to the girl who pressed the return button while I held the testpoint
POSTED BY GEORGE HOTZ AT 3:59 AM 28 COMMENTS
THURSDAY, JANUARY 3, 2008
由于乔治霍茨是利用其自己国家的Sim卡解锁成功的,这并不意味这我们可以使用自己国家的SIM卡,并且这有可能会导致你的iPhone变砖,所以大家请不要升级至1.1.3固件。
最新更新:我们已经获知1.1.2固件且bootloader是4.6版本的解锁软件已经出现了。
一则消息
Friday, January 18, 2008
1.1.2 OTB UNLOCKED
First of all, HUGE thanks to TA_Mobile and IMTH for getting us the secpack from 1.1.3 Also, thanks to psp_sully for giving me a 1.1.2 OTB phone to play with. Without them there would be no unlock, and no blog post.
YOU VERY WELL MAY BRICK YOUR PHONE WITH THIS. Be careful. I have done it sucessfully on two phones, and have never bricked an iPhone in my life.
So lets get down to business. It is a hardware method to downgrade the bootloader, and I am assuming you are familiar with the old hardware method, so I won't repeat steps. You need to have a 1.1.2 4.6 phone for this to work. If you upgraded to 1.1.3, have fun waiting for 1.1.4!
First download this pack, you will need these files. This includes the NEW secpack, a new ieraser, a new testcode.bb, and a new iunlocker.
1. Copy all the files to a directory on your phone. It is imperative you do not shut off the phone after ieraser, or you cannot restore wifi, since the only fls which works on 4.6 is 1.1.3
2. Run ienew. This is ieraser, and it erases your 1.1.2 firmware to allow the testpoint to work.
3. Find an old 3.9 nor dump and create a file called "nor" with the first 0x20000 bytes of the old nor dump. This is the 3.9 bootloader.
4. Copy "nor" into the folder and run iunew. This is iunlocker and runs just like the old one. You will need the A17 testpoint on before running this. See Step 3 for info on this testpoint.
5. The bootloader is now 3.9!!! Run bbupdater or restore phone with the AnySimmable firmware of your choice.
6. Run AnySim and, as usual, enjoy your unlocked iPhone.
PS. Thanks again to TA_Mobile and IMTH. The secpack was the only obstacle to the unlock. And thanks to the girl who pressed the return button while I held the testpoint
Posted by George Hotz at 3:59 AM
28 comments:
Rolandas said...
gz
January 18, 2008 4:13 AM
Eddy Currents said...
Great work guys, and thanks for the details of the method, geohot - you're one the good guys :>) The question now is, to brick or not to brick? Ah what the hell, if I mess up the A17 testpoint, at least I'll have a really nice paper weight...
January 18, 2008 4:14 AM
tall said...
isn't this a great news?Sure it is for me,
January 18, 2008 4:15 AM
love said...
WoW
finally got it
January 18, 2008 4:18 AM
Omar said...
WOW!!!!!
THATS AWESOME!!!!!
mine is already 3.9 but i feel the same happiness as 4.6 owners
January 18, 2008 4:29 AM
esJ said...
Will this secpack allow you to erase 1.1.3 baseband on 3.9 bootloader?
January 18, 2008 4:33 AM
indiekiduk said...
Geo is the MCC MNC lock in the bootloader? I'm wondering if the USA (AT&T) and UK (O2) 4.6 bootloaders are different?
January 18, 2008 4:38 AM
thebo83 said...
I don't think that you can downgrade your baseband with this secpack, since it is a 1.1.2 secpack! As George mentions if you upgraded to 1.1.3 you maybe have to wait for 1.1.4 to be released (when ever this will be
January 18, 2008 4:48 AM
esJ said...
Actually, this should be the 1.1.3 secpack. You need the secpack from a newer baseband version in order to be able to change or erase it on a 4.06 bootloader. 3.9 bootload allows you to change or erase baseband with current or newer secpack. This is what I understand from what has been found out about 4.06 bl
January 18, 2008 4:54 AM
kalifa said...
First of all, congratulations GeoHot and friends.
You should post your method in http://11246unlock.com and win the money guys.
Anyone else has unlock his iPhone with this method?
I don't understand "Brick" concept. In case of error, is it not possible i.e to reinstall the ipsw 1.1.1 and start the unlock process again?
January 18, 2008 4:59 AM
cefd said...
once an iphone is bricked, it is all locked up, not usable
Question: will this lead to a software unlock?? That would be fantastic as i'm not that confident with opening my iphone...
January 18, 2008 5:03 AM
techremarks said...
Congratz everyone.
I guess a software unlock should be out soon with the new secpack that can downgrade the bl as this method relies on the flaw of the old bl (tp A17).
So once you downgrade to the bt 3.9 you should be able to upgrade fw back to 1.1.3 right? Or do you need the secpack from 1.1.4?
January 18, 2008 5:07 AM
Vag said...
GEORGE YOU ARE THE MAN!!!! I just translated to Greek and posted the steps on my blog! Greetz!
January 18, 2008 5:18 AM
freiheit said...
choukran thank you in arabic
merci in french
u are the iphone angel
January 18, 2008 5:30 AM
Bart said...
can you post the nor dump pls?
THanks,
Bart.
January 18, 2008 5:51 AM
iPeter said...
Great News !
it will be possible to make a software unlock or just hardware method ?
January 18, 2008 5:52 AM
J. Ernesto said...
Good work! you磖e the first one!
Buen trabajo!! eres el primero!
January 18, 2008 6:51 AM
francesco_marullo said...
nobody tried this method? if yes, can you leave feedbacks?
January 18, 2008 7:13 AM
crozt said...
George, can you confirm that the secpack delivered in your pack is from 1.1.3? If so, can we use the old iEraser and the new secpack to erase the baseband without downgrading the bootloader?
Or is your hardware unlock and downloading the bootloader currently the only way?
Thanks!
January 18, 2008 7:25 AM
ChINgCHanG said...
Hi! Could you explain this unlocking method in details.
Thx
January 18, 2008 7:33 AM
arnd said...
damn, you guys did a nice work! take care...
January 18, 2008 7:43 AM
solor said...
@crozt
open secpack.bin in any editor and you will see its from 04.03.13
January 18, 2008 7:44 AM
Rok said...
I am wondering. Is this now a hardware unlock or software?? In the procedure there is no mentioning of opening the iph
Has anyone tried it?
January 18, 2008 7:46 AM
Rok said...
When you say copy files into the iphone folder. Which folder do you mean?
Thanks
January 18, 2008 7:49 AM
JavaPosse said...
Hi George,
thanks for the good news.
Would be great if you'd throw up a vid on youtube displaying the process for the brave ones who'd like to do this.
Cheers,
-V
January 18, 2008 8:00 AM
Xserve said...
@rok Did you even bother to read the very first step?
From the comments here of some guys it's obvious you should NEVER touch your iPhone - ALL the questions have been answered - so go back and read again and if you still can't understand then go buy a SIM Unlock from high priced dealer.
January 18, 2008 8:21 AM
Florent Pitoun said...
This sounds great!
I will translate into french if I succeed but there's something I need to understand:
You say "It is a hardware method to downgrade the bootloader, and I am assuming you are familiar with the old hardware method".
Do you mean we have to physically disassemble the iphone and modify some of its hardware parts ?
January 18, 2008 8:29 AM
az1324 said...
DO NOT DO THIS ON FIRMWARE 1.1.2
That's my advice. Even though you can do it in Airplane mode it's still very risky because if the phone decides to go into its baseband guardian lockdown mode and reboot you will lose wifi and possibly worse.
So do this on 1.1.1 or 1.0.2 people!
That being said, it does work reliably so thanks for the method, Geo & Friends.
January 18, 2008 8:40 AM
Post a Comment
Older Post Home
Subscribe to: Post Comments (Atom
ON THE IPHONE
FRIDAY, JANUARY 18, 2008
1.1.2 OTB UNLOCKED
First of all, HUGE thanks to TA_Mobile and IMTH for getting us the secpack from 1.1.3 Also, thanks to psp_sully for giving me a 1.1.2 OTB phone to play with. Without them there would be no unlock, and no blog post.
YOU VERY WELL MAY BRICK YOUR PHONE WITH THIS. Be careful. I have done it sucessfully on two phones, and have never bricked an iPhone in my life.
So lets get down to business. It is a hardware method to downgrade the bootloader, and I am assuming you are familiar with the old hardware method, so I won't repeat steps. You need to have a 1.1.2 4.6 phone for this to work. If you upgraded to 1.1.3, have fun waiting for 1.1.4!
First download this pack, you will need these files. This includes the NEW secpack, a new ieraser, a new testcode.bb, and a new iunlocker.
1. Copy all the files to a directory on your phone. It is imperative you do not shut off the phone after ieraser, or you cannot restore wifi, since the only fls which works on 4.6 is 1.1.3
2. Run ienew. This is ieraser, and it erases your 1.1.2 firmware to allow the testpoint to work.
3. Find an old 3.9 nor dump and create a file called "nor" with the first 0x20000 bytes of the old nor dump. This is the 3.9 bootloader.
4. Copy "nor" into the folder and run iunew. This is iunlocker and runs just like the old one. You will need the A17 testpoint on before running this. See Step 3 for info on this testpoint.
5. The bootloader is now 3.9!!! Run bbupdater or restore phone with the AnySimmable firmware of your choice.
6. Run AnySim and, as usual, enjoy your unlocked iPhone.
PS. Thanks again to TA_Mobile and IMTH. The secpack was the only obstacle to the unlock. And thanks to the girl who pressed the return button while I held the testpoint
POSTED BY GEORGE HOTZ AT 3:59 AM 28 COMMENTS
THURSDAY, JANUARY 3, 2008