How can I get iP4 out of restore mode without updating the baseband?

**jdm.accord** · 07-19-2011, 07:11 PM

Picked up a $50 iPhone 4 today that had a shattered back and had the "iPhone is disable" message on it due to too many failed passcode attempts. I put it in restore mode to see what color the iTunes logo would be before doing a restore and its the older silver CD logo. So I know its running iOS 4.1 or lower. I'm hoping I scored a 4.0.x firmware and can unlock it. Problem is, the phone doesn't have files saved (tried restoring to 4.3.3 using pwnage) and even if I guessed the firmware correctly using redsnow, its disabled because of the passcode issue.

Any ideas how I can do a custom restore to 4.3.4? Will snowbreeze do this yet? I have a MacBook so I'm not up on snowbreeze but if it can get me custom 4.3.4, I can get access to a PC to do it. Help me out ya'll, thanks!

**ihappy** · 07-20-2011, 07:52 AM

If you believe it is 4.1 or lower then you can always try bypassing the passcode screen. However if the device is not yours (which is why the passcode screen would be on is my guess) then more than likely its going to get blacklisted eventually.

The bypass will only work if you're on 4.1 or lower from what I have tested. I tried this on 4.2.1 and 4.3.3 and it didn't work.

Turn the device on and get to the passcode screen
Go the emergency call screen and dial any random number
Hit the call button and immediately hit the power button.
You should now be in the phone dialer keypad screen

**jdm.accord** · 07-20-2011, 08:01 AM

Originally Posted by ihappy

If you believe it is 4.1 or lower then you can always try bypassing the passcode screen. However if the device is not yours (which is why the passcode screen would be on is my guess) then more than likely its going to get blacklisted eventually.

The bypass will only work if you're on 4.1 or lower from what I have tested. I tried this on 4.2.1 and 4.3.3 and it didn't work.

Turn the device on and get to the passcode screen
Go the emergency call screen and dial any random number
Hit the call button and immediately hit the power button.
You should now be in the phone dialer keypad screen

The iTunes logo is the silver CD so I know for a fact its 4.1 or lower. If it was 4.2 or above, the iTunes logo would be blue. Its not my phone originally. Like I said, I paid $50 for it because of its condition. Not sure if that bypass will work but I'll give it shot

**ihappy** · 07-20-2011, 08:04 AM

As far as I know thats the only bypass for the passcode screen. It was a major flaw and Apple had it patched up in the next update after 4.1

**xtacy** · 07-20-2011, 08:15 AM

Download Ifaith
Extract blobs.( this is shud tell u firmware )
Make signed ipsw
Restore.

**ihappy** · 07-20-2011, 09:56 AM

Originally Posted by xtacy

Download Ifaith
Extract blobs.( this is shud tell u firmware )
Make signed ipsw
Restore.

There might be a problem with that. How do we know it has any blobs saved? He bought the phone second hand and stated there are no files saved since he already tried restoring to 4.3.3 using pwnage tool

**xtacy** · 07-20-2011, 10:31 AM

Originally Posted by ihappy

There might be a problem with that. How do we know it has any blobs saved? He bought the phone second hand and stated there are no files saved since he already tried restoring to 4.3.3 using pwnage tool

You might wanna google Ifaith. It's shsh dumper. Dumps blobs of the firmware the phone is running regardless of it being previously saved or not.

**ihappy** · 07-20-2011, 10:40 AM

Originally Posted by xtacy

You might wanna google Ifaith. It's shsh dumper. Dumps blobs of the firmware the phone is running regardless of it being previously saved or not.

It only dumps if there is something to be dumped. As I stated before if the device has no shsh saved either with TU or on Cydia then ifaith is not gonna grab anything.

I'm not denying your post about using ifaith. I am simply stating that ifaith will only pick up what it sees.

**xtacy** · 07-20-2011, 11:19 AM

Ifaith dumps shsh even if they are not on Cydia and tu.
All devices which run x firmware has x blobs. Ifaith is the only software which can dump/extract the blob of the firmware the device is running on even when U are terribly misinformed.
Official statement
iFaith is the first public SHSH Dumper that dumps the SHSH blobs for the current iOS revision running on your iDevice.

I have estracted numerous blobs using it. Adviced many ppl to use it. I know am not wrong :-)
Read this
when your device comes from Apple, it comes with a firmware pre-installed. If Apple is no longer signing that firmware, you wouldn't be able to save the SHSH blobs in the past. With ih8sn0ws new tool, you can dump the SHSH blob directly from your currently installed firmware. The way this works is that Apple has signed image files that show up during the boot sequence with the SHSH blob. iFaith allows you to dump your SHSH key directly from those files.

After you have dumped the files, you then patch the firmware file you are trying to downgrade to with your SHSH key, this firmware file is considered a signed firmware file. Once you have created it, you simply restore it in Pwned-DFU mode just like you would if you were restoring any other custom firmware. iFaith is compatible with mostly all iDevices except for the iPad2 and a few others.

**ihappy** · 07-20-2011, 12:44 PM

You are correct. I understand what you are saying now.

But now am I to believe that after you extract the shsh blobs and create a signed ipsw with the shsh blobs intact using ifaith that it will preserve the baseband as he clearly is trying to do??

**xtacy** · 07-20-2011, 02:12 PM

If he is on 4.1 the baseband won't b unlockable . If he is 4.0 it will be. Baseband won't change

**ihappy** · 07-20-2011, 02:15 PM

Interesting. So basically ifaith not only extracts the shsh blobs of the current fw on the device but it also preserves the current baseband as well. Thanks for that insight.

**xtacy** · 07-20-2011, 02:28 PM

Nopes. Doesn't preserve. But the fact that we don know the current firmware doesn't help. I misquoted my statement.

**ihappy** · 07-20-2011, 02:44 PM

Originally Posted by xtacy

Nopes. Doesn't preserve. But the fact that we don know the current firmware doesn't help.

This is true. But he can still try and extract the shsh blobs and save them correct?
Create a custom fw using pwnage tool or sn0wbreeze to preserve said baseband and still use the extracted shsh blobs to restore??

I'm just brainstorming here. I haven't done this procedure before

**xtacy** · 07-20-2011, 02:58 PM

Yeah

Technically yeah :-)

**jdm.accord** · 07-20-2011, 04:05 PM

Is iFaith osx compatible? The phone could potentially be running 4.1 and thus all of this be in vain since 4.1 has a baseband I can't unlock. I just figured it was worth a shot and maybe I'll get lucky running 4.0.x

**ihappy** · 07-20-2011, 04:10 PM

Originally Posted by jdm.accord

Is iFaith osx compatible?

I just checked and no it is not. Sorry

**jdm.accord** · 07-20-2011, 05:34 PM

Originally Posted by ihappy

I just checked and no it is not. Sorry

Yeah I did the same lol. h8snow has said mac support "coming soon" for over 2 years now. Guess their definition of "soon" is different than mine.

**jdm.accord** · 07-20-2011, 08:31 PM

so I fired up my old PC (07 model running vista) and tried to get iFaith. Every time I download it from any source, the zip file is empty. I have the .NET 2.0 framework or whatever already installed as part of Vista. Any help would be appreciated

**xtacy** · 07-20-2011, 11:32 PM

Try another mirror :-)
Ih8sn0w sux that guy is a rude ***

Thread: How can I get iP4 out of restore mode without updating the baseband?

LinkBack

Thread Tools

Display

How can I get iP4 out of restore mode without updating the baseband?

Posting Permissions