In the KBAG section of the img3 files, you’ll find 0×20 bytes after the section header. Decrypt them with the hardware AES engine and get
IV: 29681F625D1F61271EC3116601B8BCDE
KEY: 850AFC271132D15AE6989565567E65BF
(this is the 2.0 ramdisk)”
GeoHot one step closer to iPhone 3G unlock
By Aaron Besson at 19 July, 2008, 9:51 am
GeoHot must have been up all night decrypting and disassembling code because at about 5:30AM or something this morning he managed to decrypt the iPhone 3G RAM Disk.
To most of us, this makes as much sense as chinese arithmetic. Now if you speak chinese and are good at math, then this makes complete sense. To put simply, this is the way in.
This is how the Dev’s get into the boot cycle of the iPhone and are able to write code to the baseband and bootloader by attaching small programs to the decrypted RAM Disk and loading them on the iPhone on start up or recovery. Some of you may remember that this is what Zibri “claimed” that he discovered (and later admitted to stealing/borrowing) or cracked by himself and what led to Ziphone.
GeoHot has done twice already, once when he hardware unlocked the iPhone only a few months after its release, then again with bootloader 4.6 and 1.1.2 after a long night and a couple six packs of Red Bull. So unless the Dev Team already have this ace up their sleeve, YiPhone may be out soon, it’ll probably be command line, very intimidating to anyone unfamiliar with command prompt and using terminal, and it probably will not get installer working or anything else like that, but PWNED should do all of that.
The question is. Will GeoHot release an unlock for iPhone 3G? YiPhone? - OR - will he give it to the Dev Team for them to include with PWNED? OR have the Dev’s already figured all this out and either encountered a problem or maybe have found a solution and will release a 3G baseband unlock with the highly anticpated PWNAGE Tool.
 Print This Post
|
 |
|