+ Reply
Results 1 to 7 of 7

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: WHy would this not work?

is a discussion within the

Unlocking / Activation

forums, a part of the

iPhone Modding

section;
Ok....I have been trying to figure out different ways to try to get around the new bootloader with the OTB 1.1.2 phones. I am not sure and I am sure
...
  1. #1
    Banned
    Join Date
    Sep 2007
    Location
    Atlanta, GA
    Posts
    460
    Thanks
    17
    Thanked 18 Times in 18 Posts

    Default WHy would this not work?
    Ok....I have been trying to figure out different ways to try to get around the new bootloader with the OTB 1.1.2 phones. I am not sure and I am sure the dev team has tried this...but if the bootlaoder is a file or something....could you take the old bootloader on a 1.1.1 phone and replace the 1.1.2 bootloader with the 1.1.1 bootloader....Then unlock it? It seems like it would work...will somebody tell me why it wouldn't

  2. #2
    iPhone? More like MyPhone chris52204's Avatar
    Join Date
    Nov 2007
    Location
    Washington
    Posts
    192
    Thanks
    10
    Thanked 31 Times in 20 Posts

    I am with you...there should be a way to reflash the bootloader to downgrade it.

  3. #3
    Green Apple
    Join Date
    Sep 2007
    Posts
    73
    Thanks
    7
    Thanked 4 Times in 3 Posts

    yeah, you know like drag n drop. im pretty sure MR.Jobs is a little more smarter than that!

  4. #4
    Banned
    Join Date
    Sep 2007
    Location
    Atlanta, GA
    Posts
    460
    Thanks
    17
    Thanked 18 Times in 18 Posts

    well....im sure mr.jobs didnt intend on people even being able to go into the iPhone interface

  5. #5
    Livin the iPhone Life Eurisko's Avatar
    Join Date
    Aug 2007
    Location
    Toronto, Canada
    Posts
    3,308
    Thanks
    12
    Thanked 562 Times in 483 Posts

    To quote Geohot:

    "They did a lot to remove the really bad signature checking of the old bootloader that IPSF exploited. Although the secpack still has 0x28 bytes of data at the end that isn't checked for normal secpack sigs. The secpack sig is(0x30 header/padding, 0x14 main fw sha, 0x14 secpack sha, 0x28 unchecked padding) So by spoofing the first 0x58 of the RSA, you can set any secpack and main fw sha hash you want. It is very easy in exponent 3 RSA cryptosystems to spoof the first 1/3 of the message bytes. I believe with some clever math and brute force, the whole 0x58 can be spoofed. Any cryptology experts out there?"
    Get "iPod & iTunes for Dummies", it'll change your life.

  6. #6
    Livin the iPhone Life redcard's Avatar
    Join Date
    Oct 2007
    Location
    Scotchland
    Posts
    2,143
    Thanks
    8
    Thanked 204 Times in 184 Posts

    "The bootloader is basically a dead end. Everything that goes into it must be signed, and without Apples 1024-bit RSA private key, this isn't going to happen."

  7. #7
    Banned
    Join Date
    Sep 2007
    Location
    Atlanta, GA
    Posts
    460
    Thanks
    17
    Thanked 18 Times in 18 Posts

    Quote Originally Posted by redcard View Post
    "The bootloader is basically a dead end. Everything that goes into it must be signed, and without Apples 1024-bit RSA private key, this isn't going to happen."
    we will pay the apple emloyees to get the key!

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts