General 1.1.2 Information
From HowardForums Wiki
Please check the iPhone 1.1.2 Status Ticker for the latest info: http://docs.google.com/View?docid=dgzw9xs_0gfhxns
Update on unlocking the New Bootloader:
I have said to everyone that i will keep them updated on the progress being made by us so its only fair you know the full story!!
As many of you, im sure, have already read geohots blog, you may or may not be aware that as it currently stands, we WILL NOT be able to software unlock the 4.6 bootloader iPhone until a new firmware Update is released.
Now, alot of people are having a hard time understanding this and for most people Geo's blog wont make sense so im gonna explain why to you.
Most of you know, that to Unlock the phone, the baseband firware needs to be patched, but to patch a firmware means we need to delete the old one and flash the patched one, this was done with ieraser or anySIM or whatever way you unlock the phone. To erase the baseband firmware, you need to have the secpack, again i am sure most of you are aware of this. With the old bootloader, the 3.9 one, you needed to have the secpack of your current baseband firmware OR the secpack of a newer baseband firmware to allow you to erase the Flash, the problem with the new bootloader is it no longer accepts the current secpack, only a newer one. Therefore, until a new firmeware upgrade comes along, we cannot erase the baseband firmware.
Now, its not ALL gloom and doom, It may be possible that someone will figure out how to bypass the secpack for deletion or another way might be found but as of now, this is where we stand.
Now that we have all that nasty stuff out of the way, i do have some good news!! Firstly, an exploit has been found in the new bootloader that should allow us to run anySIM, this is excellent news as many people where worried if there would be an exploit in this bootloader. So basically, When we get the next firmware update, once the secpack is retrieved, we should have no problem unlocking 1.1.2 with bootloader 4.6, however, after the next firmware comes out, we WILL NOT be able to update to it as we will then need the secpack from the one AFTER THAT to unlock it.
Now, back to OTB 1.1.2 Hardware Unlocks:
TA_Mobile, geohot and myself have found away of harware unlocking 1.1.2 OTB iPhones, the problem is there are very very few people in the world with the skills and equipment needed to do it. It is basically a Hardware bootloader downgrade but involves removing the Intel IC from the Comm board and reflashing the chip. This method will not be useful to most people but once we have it done and completed the first phone, we will post a Turorial for the extremely technically minded!!
Another area being looked at is a Test Point bootloader downgrade, in theory, its possible but as of yet we have no information on this.
And finally for those of you who are going to ask, what about a Test Point unlock, we still need to patch the firmware and have no way of erasing it so at the moment, that is in the sae boat as the software unlock.
As i said guys, a promise is a promise and i will keep you updated!!
Posted by pspsully on hackintosh: http://www.hackint0sh.org/forum/showthread.php?t=17490
Sorry i havnt posted back with an Update. You will all be glad to know that the files containing the new bootloader have been downloaded 1500 times since Saturday, if you take away all the people who just downloaded to have a look, id estimate we have over 300 people now working on the new bootloader. This is great news for everyone.
"Now, what have we found out so far?? By the looks of it, (not confimed yet) the new bootloader sig checks the whole firmware. What does this mean?? Basically everytime the phone starts, it makes sure the Firmware has not been patched, if it has, it wont load it. This is a problem, although im sure, with time, this will be overcome.
On another good note, the RSA keys are still the same as the old bootloader which may open up the door for a patched seczone unlock, something like IPSF did with the lasr bootloader, however, we are sure Apple would of closed that loophole.
So where are we at now?? Currently, there are 3 areas being worked on,
1: TA_Mobile and myself are going to try and reflash the old bootloader onto a new bootloader IC Chip using the same method he used to dump the files, only 0 - 0x20000 needs to be reflashed, the RSA keys are the same and the Flash ID will not be changed so it may work, however, this is a very complicated process and if it does work, not many people will have the skills or equipment to do it.
2: A standard harware Unlock or Bootloader Downgrade. The problem with a hardware unlock is, as i stated earlier, the integrity check done by the bootloader while starting, if we managed to patch the baseband to unlock it, it still wouldnt work! However, a standard hardware bootloader downgrade cannot be ruled out. This is the area geohot is looking into.
3: Both Dev Teams are now working on finding an exploit in the new bootloader that will allow us to run unsigned code, even if this is done, we will need to find a way to stop the integrity check also. However, there are some really really smart people there and im sure, that with time, this will be achieved.
Now, please dont post asking how long do we think it will be before we can unlock 1.1.2 OTB as i honestly do not know, it could be today, it might be next year!! What is needed now, more than ever, is support, if you feel you can donate, then donate, if you cannot, thats ok too as we are not all very financially well off but at least everyone should be able to sleep better knowing that work is bring done and a solution will be found."
Posted by pspsully on hackintosh: http://hackint0sh.org/forum/showpost.php?p=130732&postcount=155
On 11/08/2007, Apple released version 1.1.2 for the iPhone. Do not update to this firmware. Currently, nothing is really known on what this update adds and fixes. What we do know is that it is probably not worth upgrading. Here is what we know:
1) 1.1.2 fixes the .tiff exploit, rendering jailbreakme.com useless.
2) Carnaval and Independence do not work anymore.
3) Reported that Iphonesimfree unlocks are still unlocked. This is currently pointless since you will still need to activate the phone if you are using it on a different carrier. We cannot do that at the moment since there is not a known way to jailbreak 1.1.2.
4) There isn't a clean way to downgrade to 1.1.1 or 1.02 right now. You can force a downgrade to 1.1.1 or 1.02, but it does not downgrade the modem and baseband, which is a problem.
Again, DO NOT UPDATE TO 1.1.2 if you want to keep using 3rd party apps and/or use your iPhone on a different Carrier. Stay tuned for more information and news.
Reports are saying that most applications that works on firmware 1.1.1 work on 1.1.2.
**Note: Unlock method for firmware 1.1.2 will be out soon. GUI 1.1.2 jailbreak, Activator, YouTube Fix can be found here: http://howardforums.com/showthread.php?t=1277768
Here are some information i got doing some tests:
baseband firmware is now 04.02.13_G 1.1.1 was 04.01.13_G
you can enter DFU mode. By holding the home and lock button for 10 seconds. release sleep after screen comes black and release home button after 10 Seconds. itunes will detect an iphone in recovery mode. so you can downgrade to 1.0.2 in DFU.
phone accept to restore to 1.1.1 but at the final seconds it gives an 1015 error.
at 1.1.2, no more lots of languages. just english, french, italian, deutsch. for the brasilians, no more portuguese portugal with brasil regional settings
the rest in menus is the same at least for the first look.
the *#307# still works and the prefs://1F or 1E still working too.
the jailbreakme.com only shows a small blue dot. nothing more.
i will keep posting more informations while I'll be playing with it.
Patched 1.1.2 lockdownd file: http://www.rapidshare.com/files/69246098/lockdownd.zip.html This is working or US iPhones.
Brasuco creater of PACAY and CARNAVAl said "It's just a matter of time before the new version of CARNAVAL comes out"
if they are week 45 (check the 4th a 5th digit of serial number) they have the new bootloader (4.6)... therefore you CAN'T unlock them.. anysim 1.2 won't work, don't even try...
If you want you can jailbreak, but you'll need to downgrade. there is no standard jailbreak for 1.1.2 so far.
But phone sim isn't unlockable yet (for bootloader 4.6), only old phones with old bootladers (3.9) can be upgraded to 1.1.2 and be unlocked (using anysim 1.2)