How does PwnageTool for 2.1 firmware works?

[The Joker]

I've been looking into this just out of curiosity.

I believe that the previous version of PwnageTool created a file (x12220000_4_Recovery.ipsw), in the "Device Support" folder, that fooled iTunes in thinking the custom firmware was legit.

I tried jailbreaking a clean iPhone 3G with a custom firmware built in PwnageTool. If I close PwnageTool after it is done building the custom firmware, but before it guides me into putting the phone in DFU mode, when I put the phone in DFU and try to restore in iTunes I get Error 1600. Also, iTunes create the x12220000_4_Recovery.ipsw file. Obviously this file is not the right one for the custom firmware, hence the Error 1600.

If I keep PwnageTool open and use the guide to put the phone in DFU mode and I close it after, then the restore goes well in iTunes. And my iPhone is jailbreaked. In this method, the x12220000_4_Recovery.ipsw file is also created when iTunes recognizes my iPhone in DFU and it's the exact same as in the other method.

I also tried deleting the file just after it is created, and before going for the restore. What ever method 1, or method 2, I get the same result: Error 1600 in Method 1, successful jailbreak in Method 2.

I've also tried to copy the custom firmware created by PwnageTool and the x12220000_4_Recovery.ipsw file and using those files on another computer. The result was always Error 1600, with or without the x12220000_4_Recovery.ipsw.

I've also tried all of this with another x12220000_4_Recovery.ipsw file I found on the internet, that I believe was used for firmware 2.0. No success: Error 1600.

Why is this happening? What is PwnageTool doing just after it's done building the custom firmware or while putting the phone in DFU?

Would anyone have a x12220000_4_Recovery.ipsw file that allows a custom firmware restore without the use of PwnageTool or QuickPwn?

[cpjr]

Its not what Pwnage is doing to Itunes.

Its what Pwnage is doing to the iphone. You can also close Pwn/quickpwn for example right after it starts (when the iphone screen is white) and the iphone screen will remain white.

Then go to Itunes and it will restore a custom firmware file no problem. I use this method for ever iphone 2.1 I unlock (I am WinPC, therefore no Winpwn yet, only quickpwn - which doesnt activate).

[dlogiudice]

Thank both for the information posted!; I have the some problem described here and would like to try your way of unlock an Iphone 2.1, but I am not sure if this works for a 3G Iphone with the 2.1 Firmware.
Is it feaseable in a 3G or just in a first gen Iphone??

Thanks again for the info!

Its not what Pwnage is doing to Itunes.

Its what Pwnage is doing to the iphone. You can also close Pwn/quickpwn for example right after it starts (when the iphone screen is white) and the iphone screen will remain white.

Then go to Itunes and it will restore a custom firmware file no problem. I use this method for ever iphone 2.1 I unlock (I am WinPC, therefore no Winpwn yet, only quickpwn - which doesnt activate).

[sziklassy]

going a little more in detail to what cpjr has said... it basically puts your phone into a "special" DFU allowing it to accpet a custom IPSW file

[dlogiudice]

I my god!!, I am Soooo happy.., I'd been trying to unlock my phone for more than 14 hours thru two days without any luck and there is light at the end of the tunnel!!
I will try to downgrade it to 2.02 to able to use an " unlocked" 2.02 firmware ISW file.
I will let you know if it works....

ok, I was able to put the 2.02 firmware with the error code 1013, that as I've researched, is only a warning that the baseband is for a different firmware, and that if you kick it off from the recovery mode (the one that shows the image: the USB --> iTunes), into normal mode it would start working; The thing is that I've tried to use iLiberty+ v1.3.0 but the option to put it back in normal mode is grayed out since the program doesn't seem to recognize de damn phone... do you have any idea wich other program has the functionality to kick it back into normal mode??
I think that Ilberty and ziphone (at least the versions I've found...), are for First Gen Phones...
Any help would be really aprecciated.