Difference between revisions of "Purplesn0w"

From The iPhone Wiki
Jump to: navigation, search
(New page: Kinda like ultrasn0w but less ultra and more purple. See http://iphonejtag.blogspot.com/)
 
(Copied and pasted info from geohot's blog.)
Line 1: Line 1:
  +
purplesn0w is [[User:geohot|geohot]]'s [[unlock]] which used the [[AT+XLOG Vulnerability]]. Its implementation of the vulnerability differs from [[ultrasn0w]]'s, and requires a legitimately [[Activation|activated]] [[iPhone]].
Kinda like [[ultrasn0w]] but less ultra and more purple. See http://iphonejtag.blogspot.com/
 
  +
  +
==How it works==
  +
purplesn0w copies the page that needs patching to an unused region of memory. It gets patched in RAM. Using the MMU, the flash page is mapped out and the patched memory page is remapped in its place. No new iPhones are really [[unlock]]ed; [[activation]] creates a ticket allowing the baseband to be used with that SIM. The lockstate of the phone really lies on Apple's servers. Being unlocked means all SIMs are authorized, and being locked means only certain carriers' SIMs are authorized (for instance, AT&T). Fortunately, this ticket system provides an easy way to deliver the payload and re-execute the patched code all in one. And since the ticket is already delivered on baseband resets, there's no need to write another daemon to use the battery. Instead the daemon already designed for this, [[lockdownd]], is used. A patch to CommCenter gets it to run the payload on ticket delivery. And a patch to your activation record contains the payload.
  +
  +
==Installation notes==
  +
* Be sure to have a legitimately activated iPhone.
  +
* Disable 3G if you don't have it (like T-Mobile in the US).
  +
* Watch for success output in Cydia (actually do this step)
  +
* Wait for signal, and enjoy your unlocked iPhone (no reboot required)
  +
  +
==Links==
  +
* Cydia repo (http://apt.geohot.com/)
  +
* [http://apt.geohot.com/purplesn0w_source.zip Source code]

Revision as of 05:22, 12 September 2010

purplesn0w is geohot's unlock which used the AT+XLOG Vulnerability. Its implementation of the vulnerability differs from ultrasn0w's, and requires a legitimately activated iPhone.

How it works

purplesn0w copies the page that needs patching to an unused region of memory. It gets patched in RAM. Using the MMU, the flash page is mapped out and the patched memory page is remapped in its place. No new iPhones are really unlocked; activation creates a ticket allowing the baseband to be used with that SIM. The lockstate of the phone really lies on Apple's servers. Being unlocked means all SIMs are authorized, and being locked means only certain carriers' SIMs are authorized (for instance, AT&T). Fortunately, this ticket system provides an easy way to deliver the payload and re-execute the patched code all in one. And since the ticket is already delivered on baseband resets, there's no need to write another daemon to use the battery. Instead the daemon already designed for this, lockdownd, is used. A patch to CommCenter gets it to run the payload on ticket delivery. And a patch to your activation record contains the payload.

Installation notes

  • Be sure to have a legitimately activated iPhone.
  • Disable 3G if you don't have it (like T-Mobile in the US).
  • Watch for success output in Cydia (actually do this step)
  • Wait for signal, and enjoy your unlocked iPhone (no reboot required)

Links