Google Website Translator Gadget

 
Home Forum Blogs/News JB & Unlock AppleFirmware (1)  (2)  (3) iTunes (1) (2) iDevices-FAQ Links

Wednesday, August 31, 2011

Redsn0w 0.9.8b7 Released With Added Support To Updated iPad iOS 5 Beta 6 IPSW

A new release of Redsn0w has just been released with added support for the updates ipsw file for iPad 1 iOS 5 Beta 6.

Click here to enlarge
MuscleNerd has posted the new on his twitter account. This minor update comes after Apple updating the IPSW for the iPad 1 on iOS 5 Beta 6 But they didn’t change the version number or the file name for unknown reasons.

Click here to enlarge
This update of Redsn0w can jailbreak both th original and the updated ipsw. Also this update supports iOS 4.3.5 and iOS 4.2.10 which means you won’t have to point Redsn0w to IPSWs of iOS 4.3.4/4.2.9 when using it to jailbreak your device.
Update #7: Apple updated the iPad1 iOS5b6 IPSW without changing its version number or filename, so we’re releasing redsn0w 0.9.8b7 to handle both the original and changed IPSW. We’ve also added explicit support for a tethered 4.3.5/4.2.10 jailbreak (instead of pointing at the 4.3.4/4.2.9 IPSWs) and fixed a 4.2.10 problem.
Here is how to use Redsn0w to jailbreak your device[Tutorial].

Download Redsn0w 0.9.8b7 For [Mac & Windows].

iTunes 10.5 Beta 6.1 Is Now Available For Developers

Yesterday, Apple has seeded the latest Beta of iTunes 10.5, Beta 6.1 with iCloud platform announced in WWDC 2011. iTunes match gives the users the ability to upload tracks to the iCloud service.
iTunes
Here is the Download links for the new Beta:
iTunes 10.5 Beta 6.1 For Windows – Developers – [Download]
iTunes 10.5 Beta 6.1 For Mac – Direct Links – [Download]

Tuesday, August 30, 2011

Apple iPhone Brute force attacks are foiled Why?:

Apple's iPhone is a prime example for a well-engineered netlock protection. To this day, it has been uncracked in principle: the current unlock solutions just patch the firmware running on the baseband modem to the effect that the netlock checks are overriden. These solutions basically inject code into the firmware 'on the fly' by exploiting buffer/heap overflows. A small piece of homebrew software runs on the application processor for just doing that - a jailbreak is therefore a prerequisite for an unlock. The patches can't be permanently applied to the firmware of 3G and later devices because it is signature-checked by the baseband bootloader before it is executed. Whenever Apple decides to update the baseband firmware, they fix the injection holes. Firmware downgrades are blocked, so a way to permanently unlock the baseband has yet to be found for models other than the first iPhone 2G. In a nutshell, the protection works like this:

  • Two identification numbers unique to each device are generated from the NOR flash and baseband CPU serials: the norID and the chipID, 8 respectively 12 bytes in size.
  • The device-specific deviceKey is generated from truncating a SHA1 hash of the concatenated and padded norID and chipID.
  • A supposedly random NCK ('network control key') is SHA1-hashed. With the hashed NCK and the norID and chipID, the second key nckKey is generated. The hashing algorithm uses Tiny Encryption Algorithm (TEA). The nckKey is also device-specific since both the norID and chipID are used.
  • A device-specific RSA signature is generated: two SHA1 hashes are generated from the norID and chipID. The status that the lock has after the correct NCK has been entered is also embedded into this message. The PCKS 1.5 format is used to pad the hashes and the status from (2*160+32) bit to 2048 bit (256 byte).
  • The asymmetric RSA algorithm is used for the encryption of the unlock signature. Keep in mind that the algorithm uses two different keys: a private key for encryption and a public key for decryption. With the private RSA key, the signature is encrypted and stored in protected memory.
  • This signature is encrypted with TEA once again using the device-specific deviceKey in CBC mode.
In pseudo code, it looks like this:
deviceKey = SHA1_hash(norID+chipID)
nckKey = custom_hash(norID, chipID, SHA1_hash(NCK), deviceKey)
rawSignature = generateSignature(SHA1_hash(norID+chipID), SHA1_hash(chipID))
Signature = RSA_encrypt(rawSignature, privateRSAkey)
encryptedSignature = TEA_encrypt_cbc(Signature, nckKey)
 
The encryptedSignature is then saved to a protected memory area - the device has been locked. This happens when Apple issues the AT+CLCK="PN",1,"NCK" command presumably directly after manufacturing the phone.

When testing a network code key, the baseband firmware reads the encryptedSignature, calculates the deviceKey and the nckKey from the entered NCK, decrypts the encryptedSignature with the nckKey using TEA, decrypts it once more with the public RSA key and verifies the signature with the SHA1 hashes of the chipID / norID.

Here's the pseudo code:
deviceKey = SHA1_hash(norID+chipID)
nckKey = custom_hash(norID, chipID, SHA1_hash(NCK), deviceKey)
encryptedSignature = readEncryptedSignature()
Signature = TEA_decrypt_cbc(encryptedSignature, nckKey)
rawSignature = RSA_decrypt(Signature, publicRSAKey)
if ( (rawSignature has correct format) and (rawSignature contains both SHA1_hash(norID+chipID), SHA1_hash(chipID)) and (Lock status byte in rawSignature is OK) )
.. accept every SIM card
else
.. block non-authorized SIMs

If the NCK key is correct, it is stored on the application processor part of device and a flag is set which makes the application firmware (iOS) feed the NCK into the baseband modem during the boot-up. If the decrypted rawSignature passes the check, the baseband unlocks. This is what happens in factory-unlocked devices and iPhones which have been officially unlocked. It remains unknown whether some iPhones can never be unlocked by design even with the knowledge of the correct NCK: in the US, AT&T does not give out NCKs for any iPhone, even for those devices on which the contract has run out. This practice suggests that AT&T iPhones have a permanent barrier.

Various lessons can be learned from this:
  1. The NCK is only stored indirectly on the device in a protected area.
  2. The signature which contains the information about the NCK is directly linked to the device. Hence, replicating a signature from another device will not work.
  3. The NCK is a 15 digit number which is presumably not dependent on the IMEI or any other serial number, but completely random.
  4. Brute force attacks are foiled because a few expensive operations are necessary just to verify the code and the key space is large, e.g. the number of possible key combinations is big.
  5. A valid signature is implicitly required for an unlocked device. Factory-unlocked devices are shipped with such a signature, and during the official unlock process, this signature is generated.
  6. A fake signature for a device with known norID, chipID and NCK can not be generated because the private RSA key is unknown.
  7. Consequent code signing makes permanent firmware patches impossible.
  8. Interestingly, the signature check itself is executed in the bootloader which isn't touched during a firmware upgrade.
As a result, the protection withstands most attacks commonly used for unlocking.


EDIT: Here is the re-implementation in python. 

We welcome all to GUAR FORUM for more input and Testing.

Monday, August 29, 2011

How to Fix iOS 5 Firmware Restore Error 3002, 1604, 1600?



Click here to enlarge

Step 1: Install newest version of iTunes while do not connect your iPhone, iPod or iPad yet.

Step 2: Once installed, run new iTunes for a while then close it.

Step 3: Windows users simply go to folder C:\Documents and Settings\Application Data\Apple Computer\iTunes\iPhone Software Updates. Mac users need to locate it. I don' t really sure where it is.

Step 4: Cut and paste files there to somewhere else.

Do not delete them in case the steps does not work for you, you can still copy them back to the folder. You can find out your username by pressing Ctrl+Alt+Del. Step 5: Put your iPhone into DFU Mode

Step 6: Finally, proceed with iOS 5 restore procedure.

Actually there is another way to fix the error on Windows 64-bit using custom iOS 5 .ipsw created with Sn0wBreeze:

Step 1: Go to C:\Users\userAppDataRoaming\Apple\Computer\iTunesDevice

Step 2: Cut and paste files and paste them somewhere else

Step 3: Take the recently .IPSW file created with snowbreeze and paste it on this folder and rename it to "x12220000_5_Recovery.ipsw".

Step 4: Then, go back to itunes

Step 5: Enter DFU mode >> restore >> hold [Shift] to restore >> select the file on the folder C:\Users\userAppDataRoaming\Apple\Computer\iTunesDevice and it will work out.

If you are still bothered by the same issues, try the 2 ways above, hope it is helpful. If you want to know how to install and jailbreak the iOS 5 beta version, you can refer to the previous articles. Please stay tuned.

Install And Activate IOS Betas On IPhone, IPad And IPod Touch Without Developers Account


Click here to enlarge
EXAMPLE

Step 1: Download iOS 5 Beta 5 for your iDevice.

Step 2: Download iTunes 10.5 beta 5 for Windows and Mac. You need the latest pre-release beta of iTunes so that it sync with iOS 5 beta 5.

Step 3: Install iOS 5 beta 5 on your device using your computer. Don' t actually set up your device on iOS 5 beta as first you need to jailbreak it. Follow this tutorial to jailbreak iOS 5 beta 5 tethered and after that, boot your device tethered.. Keep in mind that this does not work with the iPad 2.

Step 4: Basically, you need to delete a key and string from within the filesystem of your device in order to install iOS 5 beta 5 without developers account. To gain access to the filesystem, you need software. i-Funbox for Windows and iPhone Explorer for Mac are the two most perfect software for this job.

Step 5: Launch the relevant software and go to this path: filesystem/library/coreservices/systemversion.plist. Once you locate the systemversion.plist file, right click on it and then open it in notepad. Once opened, locate and remove: <key>ReleaseType</key> <string>beta</string>. When you remove it, save changes to the file.

Step 6: Once you have done this process, reboot your device. Because it is jailbroken, you will have to boot it tethered. Your device is now running iOS 5 beta 5 without developers account or a UDID activation. No more this device is not registered as part of the iphone developer program errors. If you did this on an iPhone, you shall be able to use cellular services as well.

Note: If you are a unlocked iPhone users, please stay away from the iOS 5 beta 5 in case of losing your unlock. Hope it is helpful. Here we also provide the iOS 5 beta 5 download in the following. If you want to know more, please stay tuned, we will post better information.

Saturday, August 27, 2011

OS X Lion 10.7.2 (11C43), iCloud Beta 9 And iPhoto 9.2 Beta 3 Seeded To Developers

Apple has just seeded new updates to developers. The new updates are Mac OS X Lion 10.7.2 (11C43), iCloud Beta 9 And iPhoto 9.2 Beta 3.

Click here to enlarge OS X Lion 10.7.2 build 11C43 Seed Note
OS X Lion Update 10.7.2 is an update to OS X Lion 10.7.

Installation Instructions
The OS X Lion 10.7.2 Update (Combo) updates
- OS X Lion 10.7 or 10.7.1 GM builds.
- Any earlier seed of Mac OS X v10.7.2 ONLY AFTER installing the included reversioner.
IMPT: If you installed a previous seed of Mac OS X v10.7.2, please run the enclosed Reversioner.pkg, do not restart but install the update immediately after.
The OS X Lion 10.7.2 Update (Delta) updates
- OS X Lion 10.7.1 GM builds.
- Any earlier seed of Mac OS X v10.7.2 ONLY AFTER installing the included reversioner.
IMPT: If you installed a previous seed of Mac OS X v10.7.2, please run the enclosed Reversioner.pkg, do not restart but install the update immediately after.
Please be aware that you will not be able to revert back to your previous system after updating. Please install this update on a system you are prepared to erase if necessary.
As this is a pre-release build, it is not advisable to use this software on a production system with information on it that you depend on for your business.

Known Issues
- None
Focus Areas
- AirPort
- AppKit
- GraphicsDrivers
- iCal
- iChat
- Mac App Store
- Mail
- Spotlight
- Time Machine

Friday, August 26, 2011

HOW TO: Use Lion Recovery Disk Assistant


Built right into OS X Lion, Lion Recovery lets you repair disks or reinstall OS X Lion without the need for a physical disc. The Lion Recovery Disk Assistant lets you create Lion Recovery on an external drive that has all of the same capabilities as the built-in Lion Recovery: reinstall Lion, repair the disk using Disk Utility, restore from a Time Machine backup, or browse the web with Safari.

Note: In order to create an external Lion Recovery using the Lion Recovery Assistant, the Mac must have an existing Recovery HD.
HOW TO:
1. Download Lion Recovery Disk Assistant


2. Double-click on the .dmg file to open it


3. Double-click on the Recovery Disk Assistant icon to open it.

4. Read the software license agreement ( if you’re one of ‘them’ ) and click on ‘Agree’

5. Get your USB drive ( at least 4 gigs ) and plug it in. NOTE: all data on the drive will be erased


6.  Select the drive and click on ‘Continue’

7. Now everything will be done automatically. The only thing you will need to do is input your Mac’s password when prompted. The process takes about 30-50 seconds



8. That’s it, you’re done. To use the recovery disk, restart your computer, press the alt/option key after the chime sound and select the disk

Thursday, August 25, 2011

RedSn0w collection From DEV Team

Below you can find links to download RedSn0w, a tool released by the iPhone Dev-Team to jailbreak the iPhone, iPad, and iPod touch.

How to Downgrade Your iPhone Firmware Using TinyUmbrella (Mac)

These are instructions on how to downgrade your iPhone firmware using TinyUmbrella. In order to follow this tutorial you must already have saved your SHSH Blobs for the firmware you want to restore to.


You can use this tutorial to downgrade to iOS 4.3.3 in order to jailbreak using JailbreakMe. The Windows version of this tutorial is here.

Step One
Download and install TinyUmbrella from here if you haven't already.
Click here to enlarge

Step Two
Download the firmware you want to restore to from here and save it in a Pwnage folder on your desktop. Remember you must have saved your SHSH Blobs for this firmware already.
Click here to enlarge

Step Three
Launch TinyUmbrella from your Applications folder.
Click here to enlarge

Step Four
Connect your device and make sure it lists saved SHSH Blobs for the firmware you are restoring to. If you don't see any blobs you may need click the Save SHSH button to load them from Cydia.
Click here to enlarge

Step Five
Click the Start TSS Server button.
Click here to enlarge

Click here to enlarge
*Do not continue if TinyUmbrella's TSS server is not started successfully.

Step Six
Launch iTunes by clicking its icon in the dock.
Click here to enlarge

Step Seven
Place your iPhone into DFU mode by holding down the Power and Home buttons for 10 seconds then release the Power button and continue holding the Home button for another 10 seconds.

You can find help with DFU mode here.
Click here to enlarge

Step Seven
Select your iPhone from the list of devices on the left, hold down the Option key and click Restore.
Click here to enlarge

Step Eight
Navigate to the Pwnage folder on your desktop, select the ipsw file you downloaded and click the Open button.
Click here to enlarge

Step Nine
iTunes will now restore to the lower firmware version.
Click here to enlarge

Step Ten
If you happen to get an Error 1 or you get stuck in recovery mode, you will need to use FixRecovery to get your device out of recovery mode.
Click here to enlarge

Download FixRecovery from here and save it to the Pwnage folder on your desktop. Double click to extract the archive.
Click here to enlarge

Step Eleven
Place your iPhone into DFU mode by holding down the Power and Home buttons for 10 seconds then release the Power button and continue holding the Home button for another 10 seconds.

You can find help with DFU mode here.
Click here to enlarge

Step Twelve
Double click to launch the fixrecovery43 executable from the fixrecovery-osx folder we just extracted.
Click here to enlarge

Step Thirteen
FixRecovery will perform its magic after which your device will be successfully rebooted.
Click here to enlarge

Click here to enlarge


IMPORTANT:
● If fixrecovery does not work the first time you may need to rerestore to your desired firmware version and try again. Remember to keep the TSS Server running during your second restore as well.

● This tutorial does work to get your from iOS 5 beta back down to iOS 4. Although some have reported less issues with a lower version of iTunes this tutorial was tested to work with iTunes 10.5b77.

How to Downgrade Your iPhone Firmware Using TinyUmbrella (Windows)

These are instructions on how to downgrade your iPhone firmware using TinyUmbrella. In order to follow this tutorial you must already have saved your SHSH Blobs for the firmware you want to restore to.

You can use this tutorial to downgrade to iOS 4.3.3 in order to jailbreak using JailbreakMe. The Mac version of this tutorial is here.

Step One
Download TinyUmbrella from here and save it in a Pwnage folder on your desktop if don't have it already.
Click here to enlarge

Step Two
Download the firmware you want to restore to from here and save it in a Pwnage folder on your desktop. Remember you must have saved your SHSH Blobs for this firmware already.
Click here to enlarge

Step Three
Launch TinyUmbrella by double clicking its icon.
Click here to enlarge

Step Four
Connect your device and make sure it lists saved SHSH Blobs for the firmware you are restoring to. You may need to click Save SHSH to restore your blobs from Cydia if you don't see any listed.
Click here to enlarge

Step Five
Click the Start TSS Server button.
Click here to enlarge

Click here to enlarge
*Do not continue if TinyUmbrella's TSS server is not started successfully.

Step Six
Launch iTunes by clicking its icon in your Start Menu.
Click here to enlarge

Step Seven
Place your iPhone into DFU mode by holding down the Power and Home buttons for 10 seconds then release the Power button and continue holding the Home button for another 10 seconds.

You can find help with DFU mode here.
Click here to enlarge

Step Seven
Select your iPhone from the list of devices on the left, hold down the Shift key and click Restore.
Click here to enlarge

Step Eight
Navigate to the Pwnage folder on your desktop, select the ipsw file you downloaded and click the Open button.
Click here to enlarge

Step Nine
iTunes will now restore to the lower firmware version.
Click here to enlarge

Step Ten
If you happen to get an Error 1 or you get stuck in recovery mode, you will need to use FixRecovery to get your device out of recovery mode.
Click here to enlarge

Download FixRecovery from here and save it to the Pwnage folder on your desktop. Then extract the archive.
Click here to enlarge

Download zlib1.dll from here and save it to the Pwnage folder on your desktop. Then extract the archive.
Click here to enlarge

Step Eleven
Place your iPhone into DFU mode by holding down the Power and Home buttons for 10 seconds then release the Power button and continue holding the Home button for another 10 seconds.

You can find help with DFU mode here.
Click here to enlarge

Step Twelve
Double click to launch the fixrecovery43 executable we just extracted.
Click here to enlarge

Step Thirteen
FixRecovery will perform its magic after which your device will be successfully rebooted.
Click here to enlarge

Click here to enlarge


IMPORTANT:
● If fixrecovery does not work the first time you may need to rerestore to your desired firmware version and try again. Remember to keep the TSS Server running during your second restore as well.

● This tutorial does work to get your from iOS 5 beta back down to iOS 4. Although some have reported less issues with a lower version of iTunes this tutorial was tested to work with iTunes 10.5.0.77.
Related Posts Plugin for WordPress, Blogger...

Posted Threads