Hi All !
1st Im not a programmer or hacker or analyser, but all I've done, and all experiences I had was cost much of time and money.
Some of them was success. So belive it or not it depend on you but I.
After 3 weeks fighting with devilPhones locked and not locked, with Pwntool and hardware method, I found out a theory myself.
And with the hit of many Mods and Admins in this forum, I decide to talk it out.
Apple after the 1st gen iPhone must had much more experiences on defending hacker. Now they use this "my theory" to
control all the lock state of their device that so much secure but I think the experts here such as Dev team will pass over and come to the real software unlock.
My suppositon is the BB now on 3G is no more locked. Why I think so ??
I did: exchanged the pair X-Gold and Nor of LOCKED phone to the International not lock phone. Both phone are in good condition of physical state with the right IMEI of the pair IC, have wifi. Then what happened ?
- The Locked phone now got the pair of IC not locked: put work sim inside
+ Pwned it: of cause No Service. Call 112, there no signal broadcast. I put the Nor out and dumped this state call State 1.
+ Restore it with original fw and active by iTunes: iTunes said can not active, and the phone must be broght to Apple Service. Still No Service in the top left of the screen. Call 112, there no signal broadcast. I put the Nor out and dumped this state call State 2.
- The Not Locked phone now got the pair of IC locked: put work sim inside
+ Pwned it: of cause No Service. Call 112, there no signal broadcast. I put the Nor out and dumped this state. I put the Nor out and dumped this state call State 3.
+ Restore it with original fw and active by iTunes: iTunes said can not active, and the phone must be broght to Apple Service. Still No Service in the top left of the screen. Call 112, there no signal broadcast. I put the Nor out and dumped this State 4.
- Compare State 1 2 3 4 to each other, all changed in 0xE8 to 0xFC (maybe logs data or whatever). And as we know with the memory map, this area doesnt effect to the LOCK STATE. Maybe just for the Jailbreak state.
After all of this test, I think the whole BB doesnot invole to the lock or not lock carrier. It just recieves the commands from the main firmware to work or not (broadcasting Rx + Tx transmission of the network).
The damn thing is whatever system action you want to act to the phone by iTunes, you must connect to the internet. And Im sure, iTunes collects all the log and force the state of phone in their rules: Activate or not, lock or not, crash the apps or not, etc ....
So my result here is: iTunes server handle all the devices they produces by: MODEL + SERIAL + IMEI (3 of these will be identified the phone belong to which carrier). Each sync action with iTunes, the server with check the database of the Factory (lol) then know this phone will be locked or not and with my damn naughty actions, they decide to BLOCK my phone forever or not
- The iTunes server BLOCKED my International phone cos of it found the MODEL + SERIAL not fit to the IMEI (I changed 1 pair IC of other locked phoned to, then the IMEI is the IMEI of the locked phone) so the server BLACKLIST my phone OUT OF FULL ACTIVATION WITH UNLOCK STATE.
- DEV TEAM must know why and where their Pwntool made the International phone relocked in the OS disk. Maybe they still not know how to resolve it.
Totatly, I can finish my post with the point: 3G BB NO MORE LOCKED - THE LOCKED STATE IS CONTROL BY: ITUNES SERVER + MODEL + SERIAL + IMEI AND IT STAY IN THE OS DISK WHEN THE PHONE SYNC WITH ITUNES. - NO MORE TRYING TO HACK THE X-GOLD.
Monitoring, capturing the transmission of usb and internet from iTunes then decrypt, patch ... will help the unlock process ???
Come on Dev Team, GeoHot, all other expert, let try and give out the soft .
Hoping some day my blocked Inter-phone will work again like it did
I give the thanks to all the good sense post from the one who know what to say event it show that I was stupid
1st Im not a programmer or hacker or analyser, but all I've done, and all experiences I had was cost much of time and money.
Some of them was success. So belive it or not it depend on you but I.
After 3 weeks fighting with devilPhones locked and not locked, with Pwntool and hardware method, I found out a theory myself.
And with the hit of many Mods and Admins in this forum, I decide to talk it out.
Apple after the 1st gen iPhone must had much more experiences on defending hacker. Now they use this "my theory" to
control all the lock state of their device that so much secure but I think the experts here such as Dev team will pass over and come to the real software unlock.
My suppositon is the BB now on 3G is no more locked. Why I think so ??
I did: exchanged the pair X-Gold and Nor of LOCKED phone to the International not lock phone. Both phone are in good condition of physical state with the right IMEI of the pair IC, have wifi. Then what happened ?
- The Locked phone now got the pair of IC not locked: put work sim inside
+ Pwned it: of cause No Service. Call 112, there no signal broadcast. I put the Nor out and dumped this state call State 1.
+ Restore it with original fw and active by iTunes: iTunes said can not active, and the phone must be broght to Apple Service. Still No Service in the top left of the screen. Call 112, there no signal broadcast. I put the Nor out and dumped this state call State 2.
- The Not Locked phone now got the pair of IC locked: put work sim inside
+ Pwned it: of cause No Service. Call 112, there no signal broadcast. I put the Nor out and dumped this state. I put the Nor out and dumped this state call State 3.
+ Restore it with original fw and active by iTunes: iTunes said can not active, and the phone must be broght to Apple Service. Still No Service in the top left of the screen. Call 112, there no signal broadcast. I put the Nor out and dumped this State 4.
- Compare State 1 2 3 4 to each other, all changed in 0xE8 to 0xFC (maybe logs data or whatever). And as we know with the memory map, this area doesnt effect to the LOCK STATE. Maybe just for the Jailbreak state.
After all of this test, I think the whole BB doesnot invole to the lock or not lock carrier. It just recieves the commands from the main firmware to work or not (broadcasting Rx + Tx transmission of the network).
The damn thing is whatever system action you want to act to the phone by iTunes, you must connect to the internet. And Im sure, iTunes collects all the log and force the state of phone in their rules: Activate or not, lock or not, crash the apps or not, etc ....
So my result here is: iTunes server handle all the devices they produces by: MODEL + SERIAL + IMEI (3 of these will be identified the phone belong to which carrier). Each sync action with iTunes, the server with check the database of the Factory (lol) then know this phone will be locked or not and with my damn naughty actions, they decide to BLOCK my phone forever or not
- The iTunes server BLOCKED my International phone cos of it found the MODEL + SERIAL not fit to the IMEI (I changed 1 pair IC of other locked phoned to, then the IMEI is the IMEI of the locked phone) so the server BLACKLIST my phone OUT OF FULL ACTIVATION WITH UNLOCK STATE.
- DEV TEAM must know why and where their Pwntool made the International phone relocked in the OS disk. Maybe they still not know how to resolve it.
Totatly, I can finish my post with the point: 3G BB NO MORE LOCKED - THE LOCKED STATE IS CONTROL BY: ITUNES SERVER + MODEL + SERIAL + IMEI AND IT STAY IN THE OS DISK WHEN THE PHONE SYNC WITH ITUNES. - NO MORE TRYING TO HACK THE X-GOLD.
Monitoring, capturing the transmission of usb and internet from iTunes then decrypt, patch ... will help the unlock process ???
Come on Dev Team, GeoHot, all other expert, let try and give out the soft .
Hoping some day my blocked Inter-phone will work again like it did
I give the thanks to all the good sense post from the one who know what to say event it show that I was stupid