Difference between revisions of "IPSF"

From The iPhone Wiki
Jump to: navigation, search
(i guess people don't like to be creditted for their work. whatever. suit yourself. IMO if you create an unlock you can charge however much you want)
m (Reverted edits by ChronicDev (Talk); changed back to last version by MuscleNerd)
Line 1: Line 1:
IPSF, or iPhone SIM Free, was the first software [[unlock]] available for the iPhone. It relied on two exploits, which weren't understood until much later. Both of these were only in [[Bootloader 3.9]]
+
IPSF, or iPhone SIM Free, created by a few key [[Devteam]] members (according to a few people that were around at the time, but explicitly denied by the devteam), was the first software [[unlock]] available for the iPhone. It relied on two exploits, which weren't understood until much later. Both of these were only in [[Bootloader 3.9]]
   
 
==RSA cube root==
 
==RSA cube root==

Revision as of 01:13, 31 July 2008

IPSF, or iPhone SIM Free, created by a few key Devteam members (according to a few people that were around at the time, but explicitly denied by the devteam), was the first software unlock available for the iPhone. It relied on two exploits, which weren't understood until much later. Both of these were only in Bootloader 3.9

RSA cube root

The first exploit discovered was an exploit in the parsing of decrypted RSA. The padding length just needed to be greater than 0xA. Since the decryption was done using exponent 3, you could create a plaintext message and take the cube root of it. The first 0x28 bytes would decrypt properly, enough to generate a valid token for 3.9.

SHA1 zero

If the last 4 bytes in the SHA1 hash of the uploaded data were zero, the endpack would validate and the first 0x400 bytes would be written. This is a brilliant exploit since it isn't findable by reversing the IPSF software.

Implementations