http://twitter.com/MuscleNerd/status/18667056119
Some discussion here shows that on every boot up it needs to run that random signature string. We need to cache it, possibly. This would require an iBoot exploit, most likely untethered. The good thing about this is that if you have your SHSH saved for the FW version that has the iBoot exploit, then you can always unlock.
Or, to my understanding, this "signature string", may very well be a security check that is included in the iPhone 4's XMM 6180 baseband chip. The security check requires each thing that accesses it to be signed, (a signature, obviously). The ultrasn0w unlock for 1.59.00 disables this security check, so therefore, you may be able to unlock at any time. Hopefully this randomly generated signature string is the thing that accesses that security check, because if we disable that... we're in. The ultrasn0w unlock must disable the security check FIRST, then initiate the crash and exploit the bug, then upload the traditional unlock command "at+clck", or upload the wild-card unlock command, "at+xlock".
http://theiphonewiki.com/wiki/index.php?title=Talk:XMM_6180#Downgrade
Here is an example of the signature string on boot up.
http://iphwn.org/nonce.txt
Oh and by the way, this process is called "at+nonce". It contacts /dev/tty.debug on every boot up and runs that command, "at+nonce", then iPhone asks for the string, then it generates one randomly, then it passes it on.
--UPDATE--
To downgrade the iPhone 4 baseband, we need to cache the baseband SHSH, for now, to preserve your baseband, update through an edited hosts file.
No comments:
Post a Comment