The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Purplesn0w"
(Categories.) |
(→How it works) |
||
Line 2: | Line 2: | ||
==How it works== |
==How it works== |
||
− | purplesn0w copies the page that needs patching to an unused region of memory. It gets patched in RAM. Using the MMU, the flash page is mapped out and the patched memory page is remapped in its place. No new iPhones are really [[unlock]]ed; [[activation]] creates a ticket allowing the baseband to be used with that SIM. The lockstate of the phone really lies on Apple's servers. Being unlocked means all SIMs are authorized, and being locked means only certain carriers' SIMs are authorized (for instance, AT&T). Fortunately, this ticket system provides an easy way to deliver the payload and re-execute the patched code all in one. And since the ticket is already delivered on baseband resets, there's no need to write another daemon to use the battery. Instead the daemon already designed for this, [[lockdownd]], is used. A patch to CommCenter gets it to run the payload on ticket delivery. And a patch to your activation record contains the payload. |
+ | purplesn0w copies the page that needs patching to an unused region of memory. It gets patched in RAM. Using the MMU, the flash page is mapped out and the patched memory page is remapped in its place. No new iPhones are really [[unlock]]ed; [[activation]] creates a [[WildcardTicket|ticket]] allowing the baseband to be used with that SIM. The lockstate of the phone really lies on Apple's servers. Being unlocked means all SIMs are authorized, and being locked means only certain carriers' SIMs are authorized (for instance, AT&T). Fortunately, this ticket system provides an easy way to deliver the payload and re-execute the patched code all in one. And since the ticket is already delivered on baseband resets, there's no need to write another daemon to use the battery. Instead the daemon already designed for this, [[lockdownd]], is used. A patch to CommCenter gets it to run the payload on ticket delivery. And a patch to your activation record contains the payload. |
+ | |||
+ | [[Category:Baseband]] |
||
==Installation notes== |
==Installation notes== |
Revision as of 20:48, 17 September 2010
purplesn0w is geohot's unlock which used the AT+XLOG Vulnerability. Its implementation of the vulnerability differs from ultrasn0w's, and requires a legitimately activated iPhone.
How it works
purplesn0w copies the page that needs patching to an unused region of memory. It gets patched in RAM. Using the MMU, the flash page is mapped out and the patched memory page is remapped in its place. No new iPhones are really unlocked; activation creates a ticket allowing the baseband to be used with that SIM. The lockstate of the phone really lies on Apple's servers. Being unlocked means all SIMs are authorized, and being locked means only certain carriers' SIMs are authorized (for instance, AT&T). Fortunately, this ticket system provides an easy way to deliver the payload and re-execute the patched code all in one. And since the ticket is already delivered on baseband resets, there's no need to write another daemon to use the battery. Instead the daemon already designed for this, lockdownd, is used. A patch to CommCenter gets it to run the payload on ticket delivery. And a patch to your activation record contains the payload.
Installation notes
- Be sure to have a legitimately activated iPhone.
- Disable 3G if you don't have it (like T-Mobile in the US).
- Watch for success output in Cydia (actually do this step)
- Wait for signal, and enjoy your unlocked iPhone (no reboot required)
Links
- Cydia repo (http://apt.geohot.com/)
- Source code