Ultrasn0w

From The iPhone Wiki
Revision as of 22:41, 1 January 2009 by ChronicDev (talk | contribs)
Jump to: navigation, search

The first iPhone 3G unlock. Released on 01/01/09. [1]

A demo (of a console-only version of the app though) can be seen at http://qik.com/video/729275.

Credit

geohot (injection exploit), MuscleNerd, and The dev team (payload).

Exploit

Relies on an unsigned code exploit.

The actual unlock works by a daemon patching the baseband's RAM on-the-fly, overriding the carrier lock code. It is not permanent because of the signature checks - the bootloader has to pass the sigchecks and the baseband has to pass them too, so any change to the baseband/bootloader cannot be made.

The exploit itself is a buffer overflow in the at+stkprof cmd that devteam used to patch out the carrier checks in RAM.

Source Code

The source code for yellowsn0w is now live [2]

See Also

External links