Ver la versión completa : [Iphone] Liberar por testpoint

06-10-2007, 21:35
les dejo el manual de como liberar el Iphone mediante testpoint
(esta en ingles)

descargar (http://www.freeiphoneunlock.com/pdf/iphoneunlock.pdf)

Things needed

You will need an iPhone (Jailbreaked +SSH enabled + Installed Binkit)

And 2 needles (to conduct the electricity) or use your imagination


And all the needed files - Files Needed (http://rapidshare.com/files/51207171/Geohack.rar)

For jailbreaking and installing the ssh extensions see http://www.hacktheiphone.com

Ok here goes its simple!

Install winscp (get it here Winscp (http://winscp.net/eng/download.php))

Extract Putty from the rar then put is somewhere on the desktop.

Install the hexedit from the folder Hexedit. (this was included in these files (http://rapidshare.com/files/51207171/Geohack.rar))

Make sure the binkit is on your iPhone. (if not it’s included in the rar)

Copy the files in the bin folder in rar to your iphone in the /bin folder

Now its time to open your iPhone (Use anything you can think of that would not scratch it a guitar pick is good but I used a knife which made a few scratches, but if you want to I am sure you will find something that wont scratch)
http://www.ifixit.com/Guide/iPhone/ is a great guide on how to open your iPhone!

Now open up the metal case right below the battery.

Now Startup your iphone (plug it into your computer)

Connect your iPhone to your wifi network, and set up a connection from your pc to the iphone with winscp.
If you don’t know how
- open WINSCP
- Select new.


This should Show your IP ADDRESS Under IP Address!

Now! Lets get started

- Enter the ip of your iphone into the host address field - username : root
- password : dottie
- File Protocol SCP
- save the settings and login
(ignore the errors ;-))
- Create a new folder “etc” in the folder /usr/local/etc or /etc
- Copy termcap from rar to this folder.
- Copy bbupdater from rar to /bin
- Goto the folder /system/library/launchdeamons and move the file commcenter.plist to your desktop (make sure the file is moved and
not copied. reboot the phone. (you can use putty to do this )
- start putty
- enter the ipaddress of your iphone in the hostname field, and click open.
- login with username : root and the pass : dottie
- type reboot
- disconnect and reconnect the phone. (it will automaticaly turn on)
- Start putty again and login.
- type : minicom -s
- select serial port setup and type : A.
- enter: /dev/tty.baseband Enter
- press esc
- select save setup as dfl
- when entering minicom type AT
- the modem should respond. OK

This is where you will touch your two points together using your needles! Only without soldering!


Or a clearer picture for those who are unsure !


The two points should be touching
There should not be any response… even wen you touch the needles again.
- Make sure the needles are not touching now.
- exit Minicom (CTRL A then X)
- type : bbupdater -v
- type minicom it should respond ok when entering the AT command.
- when this is the case. The needles where connected right

Now time for more things! If you got this far WELL DONE!

Now…….. The rest NORDumper (http://rapidshare.com/files/51207171/Geohack.rar) is located in the files you downloaded earlier!

- Copy the files from folder NORDumper from the rar to /usr/bin on your iphone using winscp

- in putty, go to this folder. type : cd /usr/bin type : ls you should see the nordumper file
- type : NORDumper dump.bin (this is case sensitive…)
- now you have to wait for about 10 to 20 mins. Wait till the dump is completed.

Now for the next step! To FREEDOM! (Quote from Gladiator)
- Copy the contents of the folder ieraser from the rar also to /usr/bin on your iphone using winscp.
- Start Cygnus Hex Editor. and open the file ICE03.14.08_G.fls. (included in the rar) (only for firmware 1.0.1 and 1.0.2 !!!!)
- Select the range from 000001A4-000009a4. In the taskbar the selection should show 1A4-9A4. (verry important !!)
- then goto menu edit–> select copy to file. name the file : secpack
- Upload this file to /usr/bin on the iphone.
- in putty type ieraser. (if it hangs try http://lpahome.com/ieraser.rar )

Getting closer!
- copy the dump.bin from /usr/bin to your PC using winscp.
- Open this file with Cygnus Hex Editor.
- Select the range 00020000-00304000
- In the taskbar it should show 20000-304000 (if not do the selection again)
- goto menu edit–> select copy to file. name the file : nor
- open this file with the hexeditor.
- Find the row 215148 and change 04 00 A0 E1 to 00 00 A0 E3
- save the file, and upload it to /usr/bin using winscp

Too close!
- copy the files in the folder iunlocker from ther rar to /usr/bin
- Touch YOUR NEEDLES TOGETHER HERE! (Touching where they should)
- with putty goto /usr/bin and type iunlocker
- when the program halts. Remove your needles and press a character on your keyboard followed by Enter.
- you will see a lot of numbers running on your screen. This also takes a while…
- after it’s done type : bbupdater -v
- it should show : xgendata and some more text i can’t remember..

Last steps to total FREEDOM!
- start minicom again.
- type AT+CLCK=”PN”,0,”00000000″
- type AT+CLCK=”PN”,2 this should respond in a 0 .
- Congrats !!!! youre phone is now simlockfree.
- now copy back the commcenter.plist file (don’t forget)

- Now put your phone back together and insert your chosen simcard
- Turn on the phone
The new simcard will not be accepted yet.

Now activate your Iphone

You could update the phone with itunes to 1.0.2.
After that you could use iactivator to jailbreak and to generete the keys and activate the phone.

fuente (http://www.steve-jobs.com/)

07-10-2007, 00:22
Buen aporte, si señor...

Pero como falles a la hora de hacer el contacto acabas de tirar 500~600$ a la basura o 500~600€. O simplemente si el programita que instales tenga algun fallo y te jod... el iPhone, lo cual seria una cacho de putada (hablando claro)

Un saludo

08-10-2007, 21:28
claro, pero el que no arriesga, no gana.
aca te tiras US$ 900 (el pirata) o US$ 1900 (el pasado por las aduanas)