iPhone "reviriginizer" method for Windows posted

It get's more confusing day by day...:)

I used Erica's «unlock.app» for unlocking my iPhone.
Does this method kill the baseband as well?

I did have some issues with anySim. It just wouldn't unlock the iPhone, so I decided to try Erica's app - which took a little longer to proceed but finally did the job.

Somehow, I'm not sure whether I had 1.1.1 installed alreday. But I guess this must've been the case, since after the first jailbreak, I could access german umlauts, which didn't work after I «downgraded» to 1.0.2.

So - in any case - is there a way to determine, whether my baseband is flashed/useless and if I'd be on the safe side to do the update or not?

And - If I'd go and buy the IPSF-thingy (having an already unlocked 1.0.2) would this method work?

Thanks for reply 'n help!

According to GeoHot (the guy who unlocked the first iPhone) "...to clear something up, revirginizing and new anysim is, in my opinion, the best way to unlock your phone. The new anysim patches out the MNC check, so although xlock still shows 1 it doesn't matter, because the MNC check is patched. This patch has the advantage of touching nothing besides the firmware, so there's no way your phone will be bricked on the next update. Relocked, sure. But bricked, no..."

This tool wasn't really made for the general user. the Patch it's self was devised based on information gained from IPSF process. the Uploader to write the patch was rushed together in less than 2hr's and meant for a method for the guys in the forum to play with, if this spills out into the "good to go" crowd and they mess and break things I have little sympothy.

I've modified the Seczone of three phones that where originally modified with Iunlock/Anysim and then upgraded to 1.1.1 and used the latest anysim without Issues. I used a nor dumper and checked through each secpac comparing. This method is a valid way to repair damage caused by the original Anysim and IPSF(bootloader). Also its very easy and obviously to point out the guys begging for the loader to be rushed out and amazed when it was done in a short time seem, to be now the ones complaining thats its not a lamens tool and may cause damage. honestly they shouldn't hang out in such a devopment environment with such attitudes. Now it seems the community has once again suffered because people are lucky enough to have access to things they maybe shouldn't see. pls if your hanging out and really don't understand what's beign made available to you please don't play unless it's officialy marked released.

Where is the proof that the seczone is being filled with zero's? Some users on the forums have already dumped their seczones after the re-virginization and reported that nothing is zero'd out.

http://www.hackint0sh.org/forum/showthread.php?t=12336&page=6

Oops, sure didn't mean to post that again.

"Thats how the theory goes - and it sounds convincing to me." - geejay101.

Thanks for the well written and thought out explanation. It is much clearer now.

That said, when an official, verified, Dev Team method does get released, I don't see any reason it couldn't be applied to a phone patched/"virginized" by the method being discussed in this post. It seems to me that what/if something that truly "virginizes" an iPhone is released, said application will still be able to operate and rewrite/overwrite the baseband and/or lock table, etc.

Or, am I off base here?

"Could someone please explain the "bad things and 0's are going to happen to your seczone" position/theory in more detail, without fear of confusing NOOB's"

According to dev-team elite the story is:

Simplified speaking there are three things involved:
The baseband code, the lockstate table and the encryption token (the public RSA key, the private key is only known to Apple). The lockstate table is the same for all phones but encrypted individually, also the token is individual to each phone.

The lockstate table states whether the phone is locked or not.

Theoretically there are two ways to unlock: Hacking the code so that the phone believes it is unlocked (basically the check of the lockstate table is skipped by the hack) or changing the lockstate table and token so it verifies unlocked with the original firmware. As the encryption cannot be broken the IPSF people zeroed out the original token, introduced their own token and created a new lockstate table. Due to a bug in the RSA algorithm that works.

The dev team people though did with anysim 1.0.2 a dirty hack of the firmware code which due to sloppy programming caused the firmware to alter the lockstate table. That causes the bricked firmware on upgrade as the altered lockstate table doesnt verify. The anysim 1.1.1 though doesnt cause the firmware to alter the lockstate table.

What the musclenerd, geohot method does is reverting the lockstate table back to its original state.

The problem with the IPSF method is that the original token has been zeroed out. So if Infineon ever changes the RSA code and closes the bug the lockstate table will not verify, causing a bricked baseband.

However a revirginised 1.02 phone unlocked with anysim 1.1.1 and upgraded to firmware 1.1.1 is again a 1.1.1 virgin as the baseband has been overwritten. So it can be unlocked again with anysim 1.1.1

Thats how the theory goes - and it sounds convincing to me.

The IPSF process doesnt work anything like the real IPSF process.

The IPSF sim unlocks the phone, in this process it doesnt, its only used to send data to their server to create you a new secpakc

Could someone please explain the "bad things and 0's are going to happen to your seczone" position/theory in more detail, without fear of confusing NOOB's (as we're not all at that level.) Keep in mind that this process is using IPSF, during the step-by-step. Now, the DNS is re-routed so as to *not* actually use the IPSF servers to generate the unlock code/key, but the process is using the IPSF application none-the-less.

Considering that the original 1.0.2 unlock's caused problems with the 1.1.1 update, I would hope that anyone trying these things (a.k.a hacking their iPhone) does so with a mind that it is absolutely likely that future updates could cause problems. It kind of goes with out saying, or at least it should. The act of hacking a device, any device, brings with it certain levels of risk: namely, potential void of warranties (unless your really lucky or really clever should that time ever come) and the potential for damage to the hacked device.

As noted by another posted, do you expect Apple to *manipulate* the seczone with future updates? If they needed to, wouldn't they just *overwrite* it completely instead of jacking with certain bits... unless of course, another round of iBrick'ing is the goal, in which case any unlock/re-virginize method is susceptible... even IPSF got jacked up with the 1.1.1 release.

Either way and even if the worse were to come with the next update, my iPhone is current, unlocked, and fully functional on the 1.1.1 release as a result of following this process. And, I am smart enough to keep my iPhone this way until long after any future update is released... at least, long enough to know exactly what to expect by reading the outcomes of the less-than-smart-upgrader's who don't wait.

Common sense? Yeah, and the exact same approach taken to avoid the entire 1.0.2 -> 1.1.1 update iBricking snafu/fiasco.

@18 LurkingEngadgeteer

I wouldn't blame the Dev Team. This has been, from the get go, a "hack" and if you look up the definition for "hack"... well we shouldn't have expected anything more or less than what we got.

With that said, I do think this should give everyone some perspective.

1st, as you said, AnySIM unlocking was inherently dangerous and destructive, and it was idiotic to put the blame on Apple for intentionally "bricking" hacked iPhones with 1.1.1.

2nd, the claims by some people that it should have been "easy" for Apple to provide a safe 1.1.1 updater, which would have magically erased and rewritten the baseband (and seczone and whatever the heck else needs to get fixed) before the update is pure BS. I mean, if it's so *easy*, where's our fix? The Dev Team has had a month to work on this and still, has provided us with nada. iPSF and now this method finally have been able to "fix" the issue, but apparently, both of them are problematic. Fixing what AnySIM (and similar unlocks) did obviously is anything BUT a simple matter.