Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.
Thread: WHy would this not work?
12-03-2007, 08:08 PM #1WHy would this not work?
Ok....I have been trying to figure out different ways to try to get around the new bootloader with the OTB 1.1.2 phones. I am not sure and I am sure the dev team has tried this...but if the bootlaoder is a file or something....could you take the old bootloader on a 1.1.1 phone and replace the 1.1.2 bootloader with the 1.1.1 bootloader....Then unlock it? It seems like it would work...will somebody tell me why it wouldn't
12-04-2007, 11:53 PM #2
I am with you...there should be a way to reflash the bootloader to downgrade it.
12-05-2007, 12:37 AM #3
yeah, you know like drag n drop. im pretty sure MR.Jobs is a little more smarter than that!
12-05-2007, 11:31 AM #4
well....im sure mr.jobs didnt intend on people even being able to go into the iPhone interface
12-05-2007, 11:35 AM #5
To quote Geohot:
"They did a lot to remove the really bad signature checking of the old bootloader that IPSF exploited. Although the secpack still has 0x28 bytes of data at the end that isn't checked for normal secpack sigs. The secpack sig is(0x30 header/padding, 0x14 main fw sha, 0x14 secpack sha, 0x28 unchecked padding) So by spoofing the first 0x58 of the RSA, you can set any secpack and main fw sha hash you want. It is very easy in exponent 3 RSA cryptosystems to spoof the first 1/3 of the message bytes. I believe with some clever math and brute force, the whole 0x58 can be spoofed. Any cryptology experts out there?"Get "iPod & iTunes for Dummies", it'll change your life.
12-05-2007, 11:35 AM #6
"The bootloader is basically a dead end. Everything that goes into it must be signed, and without Apples 1024-bit RSA private key, this isn't going to happen."
12-05-2007, 11:49 AM #7