The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Ultrasn0w
The first iPhone 3G unlock. Released on 01/01/09. [1]
A demo (of a console-only version of the app though) can be seen at http://qik.com/video/729275.
Credit
geohot (injection exploit), MuscleNerd, and The dev team (payload).
Exploit
Relies on an unsigned code exploit.
The actual unlock works by a daemon patching the baseband's RAM on-the-fly, overriding the carrier lock code. It is not permanent because of the signature checks - the bootloader has to pass the sigchecks and the baseband has to pass them too, so any change to the baseband/bootloader cannot be made.
The exploit itself is a buffer overflow in the at+stkprof cmd that devteam used to patch out the carrier checks in RAM.
Source Code
The source code for yellowsn0w is now live [2]