Thanks to @ven000m on Twitter, we have been able to successfully run smscl by @MuscleNerd (command line SMS) on the iPhone 4. smscl was designed for iOS 3.1.2-3.2.2, and is not compatible with iOS 4.0+ without the help of Signal by @planetbeing. Signal is $4.99 on the Cydia store. Signal was designed for iOS 4, and contacts /dev/tty.debug in a iOS 4 compatible way, it does this to receive baseband information, one of them being, the exact measurement in dBm. This opens the port to /dev/tty.debug, @MuscleNerd's 3.2 connection method no longer works without the help from another process opening a working connection to /dev/tty.debug. So smscl is pretty much leaching off of Signal. :) You will need to SSH into your iPhone 4 from a Terminal emulator or SSH client on a remote host. Signal must be open to successfully execute the backgrounded AT+CMGS commands.
- Posted using BlogPress from my iPhone
Wednesday, September 22, 2010
Saturday, September 4, 2010
Downgrading the iPhone 4 baseband.
The iPhone 4's baseband has the ability to be downgraded, but also using a stricter signing process than the ECID SHSH method.
http://twitter.com/MuscleNerd/status/18667056119
Some discussion here shows that on every boot up it needs to run that random signature string. We need to cache it, possibly. This would require an iBoot exploit, most likely untethered. The good thing about this is that if you have your SHSH saved for the FW version that has the iBoot exploit, then you can always unlock.
Or, to my understanding, this "signature string", may very well be a security check that is included in the iPhone 4's XMM 6180 baseband chip. The security check requires each thing that accesses it to be signed, (a signature, obviously). The ultrasn0w unlock for 1.59.00 disables this security check, so therefore, you may be able to unlock at any time. Hopefully this randomly generated signature string is the thing that accesses that security check, because if we disable that... we're in. The ultrasn0w unlock must disable the security check FIRST, then initiate the crash and exploit the bug, then upload the traditional unlock command "at+clck", or upload the wild-card unlock command, "at+xlock".
http://theiphonewiki.com/wiki/index.php?title=Talk:XMM_6180#Downgrade
Here is an example of the signature string on boot up.
http://iphwn.org/nonce.txt
Oh and by the way, this process is called "at+nonce". It contacts /dev/tty.debug on every boot up and runs that command, "at+nonce", then iPhone asks for the string, then it generates one randomly, then it passes it on.
--UPDATE--
To downgrade the iPhone 4 baseband, we need to cache the baseband SHSH, for now, to preserve your baseband, update through an edited hosts file.
Subscribe to:
Posts (Atom)