Page 1 of 8 123 ... LastLast
Results 1 to 20 of 160

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Let's put our minds together on this 3GS 3.1.3 New Bootrom Issue

  1. #1
    Green Apple
    Join Date
    Sep 2009
    Location
    West Virginia
    Posts
    80
    Thanks
    1
    Thanked 83 Times in 14 Posts

    Default Let's put our minds together on this 3GS 3.1.3 New Bootrom Issue
    I, like many others, just recently purchased my first 3G[S]. I had a 3G prior to my purchase and like all 3G jail breakers, never had to worry about storing my SHSH file on cydia's servers. The 2 issues that plague this particular group of people are as follows:

    1. If you don't have your 3.1.2 SHSH file stored on cydia's server you cannot downgrade your device, opening up the ability to then jailbreak it.

    and

    2. Even if you were to use Snowbreeze to create a custom 3.1.3 ispw, iTunes will not allow you to restore to that custom firmware unless you are already jailbroken, which we aren't.

    So...issue #1 seems like what everyone in this situation is depending on. However, we know there is talk about not wanting to release, the now existing, 3.1.3 jailbreak because it also happens to be a jailbreak for 4.0. If it was released pre 4.0 just to help out the 3.1.3 people then they would risk Apple figuring out their own error and patching it. This would not be good for the jailbreak community once 4.0 is officially released because the exploit would be patched and we would all be complaining about how it was a waste to release it on measly 3.1.3 I always say..."Hope for the best but expect the worse". I think we all should expect never to see a jailbreak solely release for 3.1.3 I believe the next jailbreak that is officially release will be for 4.0 so we can forget about getting this accomplished that way.

    Now this brings us to issue #2. Snowbreeze WILL make a custom Ispw for firmware 3.1.3 which is great. Like I said earlier though, unless you are currently jailbroken at the moment (which people in this situation aren't) iTunes will give a 16XX error if you try to SHIFT+Restore to the custom .ispw that snowbreeze creates. I think THIS is where we need to start looking for a resolution. Not in waiting for a jailbreak to be released because honestly I don't see them releasing it until 4.0 comes out. As much as I want to jailbreak my 3G[S] 3.1.3 NEW Bootrom, I would be upset if they pushed it out to us and Apple caught on and screwed up the chances at having a 4.0 jailbreak. Now I consider myself a computer "power user" but this issue is a little too deep for me. Does anyone know what is going on behind the scenes in iTunes that makes it kick out a 16XX error when a 3G[S] official 3.1.3 New Bootrom tries to restore to a custom 3.1.3 firmware file. To those of you who understand the iphone and itunes really well, this may sound like a stupid question. To me, however, I dont get why it kicks the error out when it's the same firmware version that is currently on the phone. Is there any patch...or....software....or anything that someone could develope that would make iTunes give the "go a head!" in this particular situation? Maybe one of you could explain what is going on in the background that makes iTunes give that error. Does iTunes know that the file you are restoring to has been modified. In my head, I would have just assumed that it would act like you were just restoring to the exact same firmware that was currently on the phone.

    I know one if not more of the experts on here can provide some answers. I didn't want to make yet another "Help me jailbreak my 3G[S] 3.1.3 New Bootrom" thread but I was just thinking that if we looked at it in another direction maybe we could figure some stuff out. If when you read this, I have made myself look stupid to you, please offer constructive criticism. Don't act like a little kid by bad mouthing me. I do not claim to know a lot about the topic. I know just enough to help me get by. I am just simply asking a question so as to educate myself a little more. Thanks for reading and I welcome all replies!

  2. #2
    A NEW iBoot (bootrom) will not allow you to load custom firmware even if you are jailbroken currently.

    CFW's apply only to the OLD iBoot 3GS's, new iBoots do not allow custom firmware to load at all.

    [EDIT] And the reason you can not do so is that the new bootroms (iBoot version 359.3.2) no longer contains the 24Kpwn exploit, which, as far as I know, has been used to make every untethered jailbreak released to this point.
    Last edited by BumbleBeez; 2010-04-16 at 02:38 PM.

  3. #3
    Green Apple
    Join Date
    Sep 2009
    Location
    West Virginia
    Posts
    80
    Thanks
    1
    Thanked 83 Times in 14 Posts

    Ok I'm understanding. So basically what is happening when you try to restore to a cfw is, the phone looks at the cfw file and says "hey something has been changed. I can't restore to a firmware unless it matches exactly what I'm looking for."?

  4. #4
    Green Apple
    Join Date
    Mar 2010
    Location
    Europe, Lithuania
    Posts
    57
    Thanks
    3
    Thanked 8 Times in 8 Posts

    OK, I have iPhone 3GS 3.1.3 MC model. Just like many of us I purchased iPhone with 3.1.3 firmware. After that I stored 3.1.3 shsh to Saurik's server. After that I edited hosts file and added this:
    74.208.10.249 gs.apple.com
    After that I tried to restore iPhone with costum firmware wich was build by snowbreeze. Firmware was jailbroken. iPhone was restored, but it wasn't jailbroken. It was the same, as original 3.1.3 firmware. What's the problem? I don't know. But as Phillip said, new bootrom won't allow that.

  5. #5
    Green Apple
    Join Date
    Sep 2009
    Location
    West Virginia
    Posts
    80
    Thanks
    1
    Thanked 83 Times in 14 Posts

    I wonder if some sort of "swap" method could be used. Obviously it would probably have to be done via software that would have to be created but couldn't that work in theory? For example:

    Start the restore process out with the official 3.1.3 firmware. The iPhone 3G[S] does whatever it does behind the scenes to verifiy that it is a legitimate firmware. Then, could a piece of software be used to "swap" the official firmware with the custom 3.1.3 firmware? Basically keeping the iPhone 3G[S] in the state of thinking it has just verified the correct firmware and has given the "go a head" to restore. Thus opening itself up for the custom firmware to be used.

    I'm thinking along the same lines as the "Swap Magic" disk for the PS2 for those of you familiar with that. Get it to the point where it's vulnerable, freeze it in that state and make the swap.

    I guess this method would only work in theory if the verification process was a single event and not multiple checks back and forth during the restoration process.

  6. The Following User Says Thank You to Phillip84 For This Useful Post:

    Myplagu3 (2010-04-16)

  7. #6
    Green Apple
    Join Date
    Mar 2010
    Location
    Europe, Lithuania
    Posts
    57
    Thanks
    3
    Thanked 8 Times in 8 Posts

    Yeah, it sounds good, but too good to be true. I think it's only theory. I try faking many times and it's always fail.

  8. #7
    Retired Moderator iYeow's Avatar
    Join Date
    Feb 2008
    Location
    Vancouver, Canada
    Posts
    13,996
    Thanks
    76
    Thanked 2,764 Times in 2,652 Posts

    Maybe someone can think of an idea of flashing the new bootrom, like the way we hack on PSP
    Last edited by iYeow; 2010-04-17 at 02:03 AM.

  9. #8
    The issue of no JB for new bootrom being released is simply to save for the OS 4 official release.

    Why???? Because it uses a different exploit than what is publically used. So if they release , beta 2 may block JB and they will need to spend time to find new one, thus holding back 4 JB.

    But 3G has one...... The 3G is different in many ways to the 3GS, but most importantly an old public xploit still works on it, thats what 3.1.3 and 4 can be JB on 3G

  10. #9
    Retired Moderator z3r01's Avatar
    Join Date
    Jul 2007
    Location
    Brooklyn
    Posts
    5,697
    Thanks
    83
    Thanked 886 Times in 557 Posts

    ok i got an idea, how about you wait for a jailbreak to come out instead of posting theories of previous versions that will not work.....as for the JB on 4.0, they are tethered so it will not affect the untethered JB that are being held for future release...serious , unless ur an elite hacker and find your own exploit, all these threads on theories using old techniques and rambling about why they should release it are a waste of time...

  11. #10
    Green Apple
    Join Date
    Sep 2009
    Location
    West Virginia
    Posts
    80
    Thanks
    1
    Thanked 83 Times in 14 Posts

    Quote Originally Posted by z3r01 View Post
    ok i got an idea, how about you wait for a jailbreak to come out instead of posting theories of previous versions that will not work.....as for the JB on 4.0, they are tethered so it will not affect the untethered JB that are being held for future release...serious , unless ur an elite hacker and find your own exploit, all these threads on theories using old techniques and rambling about why they should release it are a waste of time...
    So what you are basically saying is that it is a waste of time for people to collaborate on ideas. I apologize that I've mentioned ideas that have been covered before but if everyone kept their mouth shut, how would new ideas get created?

  12. #11
    Retired Moderator z3r01's Avatar
    Join Date
    Jul 2007
    Location
    Brooklyn
    Posts
    5,697
    Thanks
    83
    Thanked 886 Times in 557 Posts

    No don't get me wrong, i understand your whole movement but, this requires more then just simple ideas, their is a lot involved in finding exploits to work. It's not just a jailbreak , it's finding an exploit then creating a jailbreak on that exploit. And finding an exploit is something that is very difficult to do. Dimple restores and such is not finding an exploit to run a jailbreak

    For instance, your iTunes idea..in orderr for that to work , we need to figure out how apple signs things in order to create a utility that would do just that
    Last edited by z3r01; 2010-04-17 at 05:13 PM. Reason: Automerged Doublepost

  13. #12
    hey frienz i have iphone 3gs which was 3.1.2 jailbreakable but it stuck in itune and when i use blackra1n then it reastarts so i upgrade to 3.1.3 now its stucks in emergency call....any any one hackers thelme how can i jailbreak my iphone and unlock or if you cant then i am going to modify the iphone software but please help me how can i view .dmg file boz its in last process i have found the security code they have used to accept only 3.1.3 firmware . if you do knw any thing abt the .DMG file opener ill be the one to crack their software **** this DEV group who are sleeping in the bed without doing any thing.and keeping the US in trouble he is not our friend lets built our self ......ill do it within this week i promise you alll my name is Virus ill crack those software trust me......

  14. #13
    Retired Moderator z3r01's Avatar
    Join Date
    Jul 2007
    Location
    Brooklyn
    Posts
    5,697
    Thanks
    83
    Thanked 886 Times in 557 Posts

    Ok if u can't jailbreak a phone or let alone troubleshoot your own problem, the only thing you will be able to crack is your screen.lol , how do go abou asking for help on your device but say your gonna crack the software ? Lmao

  15. #14
    Green Apple
    Join Date
    Sep 2009
    Location
    West Virginia
    Posts
    80
    Thanks
    1
    Thanked 83 Times in 14 Posts

    Quote Originally Posted by z3r01 View Post
    Ok if u can't jailbreak a phone or let alone troubleshoot your own problem, the only thing you will be able to crack is your screen.lol , how do go abou asking for help on your device but say your gonna crack the software ? Lmao
    lol SEE, all I'm trying to do is maybe spark an idea in an experts mind. At least im not boasting claims of being able to crack the software. DMG files are to Mac's like EXE's are to windows. He claims to be a hacker and didn't even know that? wow.

  16. #15
    Default I agree with you
    I totally agree with you, we should brainstorm to maybe find a new out of the box idea to fix this once and for all.

    I know many people have tested and thought of many ideas, but who says that we can't come up with something new.

    I think we should start by documenting what we can gather from differet forms and experts on how iTunes talks to Apple gs server and how that impacts the information sent to the iphone.

    I know there is a signing process, and that the firmware is modified depending on the ECID and the SHSH codes sent by apple; but can anyone elaborate more on how this actually works, what happens, who signs what with which keys, are these keys imbeded in the iPhone, can we not change them, spoof them, replace them ?

  17. #16
    I looked at the 3.1.3 SHSH file, I received from Apple. This is basically an XML file which has binary data in there from a database. I searched for my ECID in the file there and I could not find it. Now if I had a 3.1.3 and 3.1.2 SHSH from a device, then we could find what was the difference and then construct a 3.1.2 SHSH file for any ECID. Actually I need the 3.1.3 and 3.1.2 SHSH from couple of phones atleast. Otherwise there is no way to find the difference. Once we can downgrade then JB will be easy as there are tools available.

    Cheers

  18. #17
    Green Apple
    Join Date
    Sep 2009
    Location
    West Virginia
    Posts
    80
    Thanks
    1
    Thanked 83 Times in 14 Posts

    Quote Originally Posted by romman View Post
    I looked at the 3.1.3 SHSH file, I received from Apple. This is basically an XML file which has binary data in there from a database. I searched for my ECID in the file there and I could not find it. Now if I had a 3.1.3 and 3.1.2 SHSH from a device, then we could find what was the difference and then construct a 3.1.2 SHSH file for any ECID. Actually I need the 3.1.3 and 3.1.2 SHSH from couple of phones atleast. Otherwise there is no way to find the difference. Once we can downgrade then JB will be easy as there are tools available.

    Cheers
    Yes! I had that same idea last night before I fell asleep. I wonder if we could get someone to send us a copy of both their 3.1.3 and 3.1.2 SHSH file. Hopefully that file doesn't contain any personal info or info that would keep someone from donating it so we could compare them. Does anyone reading this, who has both their 3.1.3 and 3.1.2 SHSH file care to share them?

    Quote Originally Posted by pheroah View Post
    I totally agree with you, we should brainstorm to maybe find a new out of the box idea to fix this once and for all.

    I know many people have tested and thought of many ideas, but who says that we can't come up with something new.

    I think we should start by documenting what we can gather from differet forms and experts on how iTunes talks to Apple gs server and how that impacts the information sent to the iphone.

    I know there is a signing process, and that the firmware is modified depending on the ECID and the SHSH codes sent by apple; but can anyone elaborate more on how this actually works, what happens, who signs what with which keys, are these keys imbeded in the iPhone, can we not change them, spoof them, replace them ?
    Thanks for supporting this. We, or at least I, am far from a "Hacker" but this is how people learn stuff. We may not get anywhere with this but, if nothing else, I'm sure we can learn some very useful things a long the way. I'm all about learning new stuff!
    Last edited by Phillip84; 2010-04-19 at 01:36 PM. Reason: Automerged Doublepost

  19. #18
    Retired Moderator z3r01's Avatar
    Join Date
    Jul 2007
    Location
    Brooklyn
    Posts
    5,697
    Thanks
    83
    Thanked 886 Times in 557 Posts

    do you kno about decrypting and using tools to look at these files? using a hex editor or something? remember these things are signed by apple not itunes, itunes just sends info...learning how apple signs these things is a very looooooooooooong mission

    its not just opening them up on notepad and comparing the letters

  20. #19
    Green Apple
    Join Date
    Sep 2009
    Location
    West Virginia
    Posts
    80
    Thanks
    1
    Thanked 83 Times in 14 Posts

    Quote Originally Posted by z3r01 View Post
    do you kno about decrypting and using tools to look at these files? using a hex editor or something? remember these things are signed by apple not itunes, itunes just sends info...learning how apple signs these things is a very looooooooooooong mission

    its not just opening them up on notepad and comparing the letters
    To be honest...no, but I am willing to research and try to learn. Hey got a question. Lets say, in a perfect world, a 3.1.2 shsh file could be user created based on knowing what a 3.1.3 shsh file looks like and altering it to make it seem as though it is a 3.1.2 shsh file. Could a person (in theory) redirect iTunes to a server that they created? Just like what cydia is doing when you edit your host file. Example: Say we found out the difference between the two shsh files and made a 3.1.2 shsh file on our own. Could I set up a server, edit my host file to MY server rather than apples or cydia's, and have it look there instead?

  21. #20
    Retired Moderator z3r01's Avatar
    Join Date
    Jul 2007
    Location
    Brooklyn
    Posts
    5,697
    Thanks
    83
    Thanked 886 Times in 557 Posts

    yes this is already possible with sauriks server as he stores shsh files there...only thing is that they are generated by apple...now if a way of creating shsh files are found, then that would definitly make it easier to downgrade to any firmware on the 3GS...but once this is achieved , apple can change things around in a flash

Page 1 of 8 123 ... LastLast
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •