Results 1 to 8 of 8

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Firmware hacking?

  1. #1
    My iPhone is a Part of Me mkblade's Avatar
    Join Date
    Nov 2007
    Location
    on Earth
    Posts
    600
    Thanks
    46
    Thanked 112 Times in 66 Posts

    Default Firmware hacking?
    So curious as I am...I decided to play around with the 3GS firmware on my iPhone 2G...
    The first (only) thing I have done so far is renaming the 3GS 018-5302-002.dmg to the 2G 018-5301-002.dmg then simply zipped everything back up and renamed to ipsw...

    Result? Well iphone went about its process of restoring and got like 15% through when it showed up with an error (14)...[not surprised]
    Solution? I think I need to play around more with the "firmware" folder within the 3GS/2G firmwares

    (I do know that the 3GS has a different cpu..and know that it will result in some type of error at one point or another) But what I am hoping to get is using the 3GS firmware to "hex" the files that pertain to the new cpu and changing it to the old cpu, minor tweaking, etc and we have ourselves a hacked-yet-eligible firmware!

    It sounds pointless and intensive--but if every1 were to cooperate I thing we can get certain features onto our iphones that are only available to the 3GS (as of right now)

  2. #2
    I may be wrong about this but I know the ipsw files have some kind of security that was put in place in earlier packages. I remember you could make custom ipsw's on some 1.1.x's but I think it uses some kind of hash-checking resign mechanism now. If you could figure out how to duplicate those hash's it would really open up new opportunities for hackers. I don't know a lot about it, but I remember finding the firmware code signatures zipped up in it somewhere, but seeing as I have no clue how to apply them I deleted them and forgot how to find them but at least you know they're in there.

  3. #3
    My iPhone is a Part of Me mkblade's Avatar
    Join Date
    Nov 2007
    Location
    on Earth
    Posts
    600
    Thanks
    46
    Thanked 112 Times in 66 Posts

    interesting...didnt know too much about this new hash-checking...however looking around with a hex editor, i noticed something in the "fseventsd-uuid" file, for the 2G/3G versions it lists: 77CBAFA3-9870-487D-8A06-6913F7427DA4
    While for the 3GS, it lists B6BD452B-EA59-485F-91CB-6FF5ADE72D2F

    Weird..

    But an update on the firmware hacking, it seems their is something within the "firmware" folder and the kernelchache.release.s518900x of the ipsw...as when I simply just took the 3GS files and renamed it to the 2G type..it kept on hanging on "Preparing iPhone for Restore" but when I replaced those with the original 2G files (undoing what I did earlier) but leaving other 3GS files renamed to the 2G files...it actually got to the restoring process before having an error (14)

  4. #4
    Hmm...try making a small change in the hex (while it's zipped) and use a clean copy of the ipsw to see what all has changed and if you can manage to change everything back and restore...

  5. #5
    Retired Moderator StealthBravo's Avatar
    Join Date
    Jan 2008
    Location
    TX  Follow me @StealthBravo
    Posts
    32,474
    Thanks
    44
    Thanked 5,329 Times in 3,113 Posts


  6. #6
    Something about Stealth's face tells me that I was off. Way off. But I know for sure there's some kind of security on it. I don't know how you ever got it to start restoring tho I've never gotten that far.

  7. #7
    Retired Moderator StealthBravo's Avatar
    Join Date
    Jan 2008
    Location
    TX  Follow me @StealthBravo
    Posts
    32,474
    Thanks
    44
    Thanked 5,329 Times in 3,113 Posts

    Sorry, go about your business

  8. #8
    My iPhone is a Part of Me mkblade's Avatar
    Join Date
    Nov 2007
    Location
    on Earth
    Posts
    600
    Thanks
    46
    Thanked 112 Times in 66 Posts

    Update:

    It seems that in the 3GS firmware, within the "dfu" folder (Firmware>dfu) their are only two dfu files which house important restoring information...
    iBEC.n88ap.RELEASE.dfu & iBSS.n88ap.RELEASE.dfu
    While in the 2G folder, their are four files:
    iBEC.m68ap.RELEASE.dfu & iBSS.m68ap.RELEASE.dfu
    WTF.s5l8900xall.RELEASE.dfu & WTF.m68ap.RELEASE.dfu
    where the "WTF" files house important info...

    The WTF file is also listed in the BuildManifesto.plist of the 2G while the 3GS is obviously absent in it

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •