Let's actually unlock the iPhone

[geohot]

All current claims to people owning an unlocked iPhone are false. To this date no one I am aware of has successfully unlocked an iPhone. I purchased an iPhone at 6 yesterday with the sole purpose of unlocking it. I have T-Mobile and have zero intention of switching to AT&T. So, I'm looking for the community who is currently trying to unlock it. I was involved in the uncrippling the V710 project and was impressed by the people I met.

I'm hoping we could get a sticky thread going with all the current progress made. Maybe this thread :-)

Here is the progress I have made so far. My friend purchased an iPhone as well yesterday and let me run a USB sniffer while he was activating it. Here is that log. You can view it with SnoopyPro. Currently, I cannot even get my iPhone off the main screen saying I need to activate it. That is the first step towards an unlock. I'm surprised no one has really started hacking it yet; where are the firmware dumps, does it have seems, where is the unlocked status stored? Post whatever you can find out. My sn is "imgeohot". If this community is as good as the V710 community, we can have this thing unlocked in a week.

The iPhone is an amazing device, let's bring it to the AT&T free masses. I am looking for the "they" people claim will unlock the iPhone and actually will work on it.

This is a crosspost from HoFo

[Catgofire]

You know that the iPhone won't work on T-Mobile's network even if you do unlock it, right? And that your T-Mobile SIM chip won't work in your iPhone?

[fowler.]

Quote:

Originally Posted by Catgofire

You know that the iPhone won't work on T-Mobile's network even if you do unlock it, right? And that your T-Mobile SIM chip won't work in your iPhone?

not saying this isn't true, but how can we know until someone has unlocked the phone and inserted a t-mobile sim?

i just saw this site pop up..

iphoneunlocking.com/

[vivniko]

you should check out this post on Gizmodo.

[mcl]

Quote:

Originally Posted by geohot

All current claims to people owning an unlocked iPhone are false. To this date no one I am aware of has successfully unlocked an iPhone. I purchased an iPhone at 6 yesterday with the sole purpose of unlocking it. I have T-Mobile and have zero intention of switching to AT&T. So, I'm looking for the community who is currently trying to unlock it. I was involved in the uncrippling the V710 project and was impressed by the people I met.

I'm hoping we could get a sticky thread going with all the current progress made. Maybe this thread :-)

Here is the progress I have made so far. My friend purchased an iPhone as well yesterday and let me run a USB sniffer while he was activating it. Here is that log. You can view it with SnoopyPro. Currently, I cannot even get my iPhone off the main screen saying I need to activate it. That is the first step towards an unlock. I'm surprised no one has really started hacking it yet; where are the firmware dumps, does it have seems, where is the unlocked status stored? Post whatever you can find out. My sn is "imgeohot". If this community is as good as the V710 community, we can have this thing unlocked in a week.

The iPhone is an amazing device, let's bring it to the AT&T free masses. I am looking for the "they" people claim will unlock the iPhone and actually will work on it.

This is a crosspost from HoFo

Looks like it's using SSL.

By the way, that capture log contains your friend's computer's host cert and host private key, which means anyone could forge an SSL connection and pretend to be using your friend's computer. Asymmetric public-key cryptography isn't quite so secure when the private keys get leaked.

Interestingly, the root cert and root private key being used are in there as well.

However, the device private key is missing, as would be expected, because it's stored on the phone and not communicated.

So, you did a marvelous job capturing an encrypted SSL session.

Without the iPhone's private key (which is probably randomly-generated on the phone when first powered up during factory testing), decrypting it is going to be problematic.

[geohot]

Quote:

Originally Posted by mcl

Looks like it's using SSL.

How do you know this? And why would a private key ever be sent over any communications channel?

[geohot]

Quote:

Originally Posted by Catgofire

You know that the iPhone won't work on T-Mobile's network even if you do unlock it, right? And that your T-Mobile SIM chip won't work in your iPhone?

I mean fully unlock the phone. And theres no reason it won't work on T-Mobile. All iPhone unlock sites are scams, because if it has been unlocked people would have posted pictures.

But first I must get past that first activation screen...

[besalva]

Quote:

Originally Posted by geohot

All current claims to people owning an unlocked iPhone are false. To this date no one I am aware of has successfully unlocked an iPhone. I purchased an iPhone at 6 yesterday with the sole purpose of unlocking it. I have T-Mobile and have zero intention of switching to AT&T. So, I'm looking for the community who is currently trying to unlock it. I was involved in the uncrippling the V710 project and was impressed by the people I met.

I'm hoping we could get a sticky thread going with all the current progress made. Maybe this thread :-)

Here is the progress I have made so far. My friend purchased an iPhone as well yesterday and let me run a USB sniffer while he was activating it. Here is that log. You can view it with SnoopyPro. Currently, I cannot even get my iPhone off the main screen saying I need to activate it. That is the first step towards an unlock. I'm surprised no one has really started hacking it yet; where are the firmware dumps, does it have seems, where is the unlocked status stored? Post whatever you can find out. My sn is "imgeohot". If this community is as good as the V710 community, we can have this thing unlocked in a week.

The iPhone is an amazing device, let's bring it to the AT&T free masses. I am looking for the "they" people claim will unlock the iPhone and actually will work on it.

This is a crosspost from HoFo

You should try this forum: http://www.hackint0sh.org/forum/
They are making some progress

[mcl]

Quote:

Originally Posted by geohot

How do you know this? And why would a private key ever be sent over any communications channel?

It's trivial to run the log through strings and examine the DTDs and data fields. The EnableSessionSSL key was a bit of a giveaway.

You ran the capture software on your friend's computer during the unlocking process. The two private keys on your friend's computer were thrown into the DTDs for the XML used as part of that process.

Why that occurred is something you'd have to ask the Apple software engineers. Rather idiotic if you ask me, but I guess they assumed a short cable between your computer and your phone was a secure channel, and thus there would be no harm in putting it on the wire. Not something I'd ever recommend (inductive taps, anyone?), but it wasn't my call to make.

If you're bored, cd to the directory where you stored the iphoneunlock.usblog file, and strings iphoneunlock.usblog | more.

[geohot]

Quote:

Originally Posted by mcl

If you're bored, cd to the directory where you stored the iphoneunlock.usblog file, and strings iphoneunlock.usblog | more.

Nice. I was just viewing it with SnoopyPro and I couldn't really get the whole picture. So a packet by packet retransmit won't work. And without the private key of the phone I can't think of any way to decrypt it. Can you?

Over here they found a program that iTunes calls to send data to the iPhone. I'm assuming data is passed to this program unencrypted. So what if we sniff these pipes during activation?

[mcl]

Quote:

Originally Posted by geohot

Nice. I was just viewing it with SnoopyPro and I couldn't really get the whole picture. So a packet by packet retransmit won't work. And without the private key of the phone I can't think of any way to decrypt it. Can you?

Over here they found a program that iTunes calls to send data to the iPhone. I'm assuming data is passed to this program unencrypted. So what if we sniff these ports during activation?

It'll probably be easier to just use the functionality in the firmware to activate it directly without trying to spoof it. I'm fairly certain iTunes will recognize an already-activated iPhone.

[Draythor]

I don't claim to be an expert on this but it seems that there are only two ways about this:
Fooling the iPhone into to thinking that it has an AT&T sim in it
or
skipping activation entirely

Just my two cents

[MacDonaldsd]

I suppose its down to how it was programmed. Even if iTunes thinks its a AT&T sim doesn't necessarily mean the iPhone will be fooled.

[biturbomunkie]

i wonder if iTS would check for att subscription every time when syncing.

if someone can figure out a workaround, then i might get an iphone as well.

[maxlee]

Interesting. I went over to the forum. Read the threads, saw some guy wanting a iPhone and asking for money for it. I sent money by Paypal and
1 hour later Paypal calls up saying I did something wrong and I shouldn't be doing it.

Hmmmm. The darkside of Apple is growing strong. Beware.

Quote:

Originally Posted by besalva

You should try this forum: http://www.hackint0sh.org/forum/
They are making some progress

[tem07]

i just gave sam 300 usd so they can buy the iphone 4gb.
hopefully will be there on thursday, like mine
on the hackint0sh irc #iphone they have already discovered many things
iphone hopefully will be cracked this week.

[skubish]

Don't worry guys, if its possible some Apple employee will leak it onto the net. With this ATT exclusive, I am pretty sure they have the iPhone locked down tight.

[mcl]

Quote:

Originally Posted by tem07

i just gave sam 300 usd so they can buy the iphone 4gb.
hopefully will be there on thursday, like mine
on the hackint0sh irc #iphone they have already discovered many things
iphone hopefully will be cracked this week.

Such as?

[alana22]

Quote:

Originally Posted by skubish

Don't worry guys, if its possible some Apple employee will leak it onto the net. With this ATT exclusive, I am pretty sure they have the iPhone locked down tight.

Hehe, I think that's what the record labels said when they started their disc protection, only to realize a simple mark on the underside of the CD with a Sharpie would override it.

Never underestimate the hackers, they are among the smartest people out there.

[one1]

Apple paid a team of engineers big bucks to make this thing lock down so it is not going to be an easy task.

Fortunately the team of people working to unlock it is much larger

If I were apple, I'd do something unexpected. They've been working with windblows so much lately the trick is likely some hybrid crossover of dos, linux LOL!

It is supposed to be based on the Leopard OS though......

[appleii2mac]

Quote:

Originally Posted by alana22

Hehe, I think that's what the record labels said when they started their disc protection, only to realize a simple mark on the underside of the CD with a Sharpie would override it.

Never underestimate the hackers, they are among the smartest people out there.

Funny thing that you never hear of anyone breaking DES except through a brute force attack.

[mkrishnan]

I wonder if this will attract a community donation cash prize the way that some other recent projects, like OS X on Windows, etc, have?

[br-]

Quote:

Originally Posted by tem07

i just gave sam 300 usd so they can buy the iphone 4gb.
hopefully will be there on thursday, like mine
on the hackint0sh irc #iphone they have already discovered many things
iphone hopefully will be cracked this week.

Awesome. That's very generous.

[mcl]

Quote:

Originally Posted by one1

Apple paid a team of engineers big bucks to make this thing lock down so it is not going to be an easy task.

Fortunately the team of people working to unlock it is much larger

If I were apple, I'd do something unexpected. They've been working with windblows so much lately the trick is likely some hybrid crossover of dos, linux LOL!

It is supposed to be based on the Leopard OS though......

You'd be surprised. In the firmware, there's this:

DISK VOLUME 254
A 002 HELLO



Recognize it? No? AppleDOS. From the Apple ][ days. I should know; I've got a working //e on my desk right now (LCD monitor, Ethernet card, IDE and CF interface, etc.)

[Counterfit]

Well, if if you do manage to get it on T-Mobile, you won't have the visual voicemail.