Tutorial:Re-Provisioning iPhone 4 using file system (Incomplete)

From The iPhone Wiki
Revision as of 09:28, 18 February 2014 by IAdam1n (talk | contribs)
Jump to: navigation, search
PRL

Prerequisites

You need:

  • Jailbroken iPhone 4 (iPhone3,3) with OpenSSH installed.
  • SSH client.
  • pList Editor
  • In order to obtain EVDO/MMS on iPhone 4 (iPhone3,3), the Carrier and PRI Signatures must be bypassed either by patching the commcenter or in other methods. As of right now the 4.2.6 Firmware for iPhone 4 (iPhone3,3) Commcenter has been patched to bypass Carrier Signatures. Still looking/figuring out how to bypass the PRI Signature.
  • To BE clear Re-provisioning your iPhone is in NO WAY illegal. Since you do NOT have to rewrite/modify/change the MEID on the phone because carriers such as, Cricket, MetroPCS, Pageplus, Pocket and a few other carriers. AGAIN TO BE CLEAR IT IS 100% LEGAL TO RE-PROVISION iPhone 4 (iPhone3,3) TO OTHER CARRIERS AS LONG AS YOUR CARRIER IS WILLING TO ACCEPT THE iPhone's MEID.
  • I DO NOT condone illegal rewriting/modifying/changing of any ESN/MEID on any phone, this post WILL NOT teach you how to do that, and WILL NOT ever get you close to doing anything of the sort. If that is your intentions then you have come to the wrong place. This posting is 100% for legal unlocking of iPhone 4 (iPhone3,3) for carrier's willing to accept the iPhone's ESN/MEID into their database.

Setting Up

Windows

  1. Download WINSCP, PUTTY, or Tunnelier.
  2. In order to connect via SSH you must have a Wi-Fi connection setup. Turn on your phone and your phone's Wi-Fi by going to Settings, Wi-Fi, and connect to your networks Wi-Fi connection.
  3. Once connected you will have the Wi-Fi icon in the status bar at the top. Click on the blue > icon to show details about the connection. Write down or remember the "IP Address". Your IP address should be 192.168.*.*.
  4. Install the SSH client and launch it.
    Username: root
    Password: alpine
  5. Press the login button, and you will be presented with one or two new windows.
  6. You are now connected to the iPhone 4 (iPhone3,3) using Tunnelier and SSH.

Macintosh

Follow the steps above but use Cyberduck.

Manually Updating PRL

  1. Using the explorer window in Tunnelier browse to /System/Library/Carrier Bundles/iPhone/Zeppelin_US.bundle.
File Contents / Size
carrier.plist   ***bytes
ERI.plist       ***bytes
info.plist      ***bytes
Other Files     ***bytes
  1. Backup all the files to your HDD and make another backup of them. This is so you don't have to restore the phone in case something goes wrong.
  2. To manually update the PRL to your new carrier's PRL. Get or obtain your carriers PRL from google. In this example I will be using the Cricket_42500.prl
  3. Rename your PRL to 310VZW.prl and upload it to "/System/Library/Carrier Bundles/iPhone/Zeppelin_US.bundle" making sure to overwrite the original 310VZW.prl
  4. Open carrier.plist in a pList editor. For Windows I use "pList Editor" Look for "PRL Push Flag" and enable "True".
Normally
<key>PrlPushFlag</key>
<false/>
Switch to True
<key>PrlPushFlag</key>
<true/>
  1. Save the newly edited "carrier.plist" MAKE SURE NOT TO CHANGE ANYTHING ELSE. You will break the sign if you do. After you save upload and overwrite the old "carrier.plist" found in "/System/Library/Carrier Bundles/iPhone/Zeppelin_US.bundle". Reboot your phone.
  2. Once the phone completes rebooting you "WILL NOT" have service. Thats normal. You will now need to "SSH" back into the phone and edit the "carrier.plist" boolean to say "false" like it originally was.
  3. After you have uploaded the new "carrier.plist" with the boolean as "false" this time. Reboot the phone again.
  4. Once your phone powers on check the PRL version by dailing *#5005*4357#, send. Your carriers new PRL should now be installed.
  5. After the new PRL is loaded you must contact your carrier to add the phone to your account. As of right now there is no know method to manually program the MDN, MIN or SYSID into the phone like most other CDMA phones. So you must do a OTA activation to program these features. Please NOTE: if OTA does not work in your area even after manually loading the PRL you will not be able to currently program the iPhone onto your plan until a method for writing the MDN and MIN at least has been found.

Modifying The PRI

First thing's first. As of right now the PRI needs to be signed. There is no way of getting the phone to write the PRI back to the phone until the signature is either figured out or bypassed.

You can open the PRI using a "pList" editor. In my case for windows I use "pList Editor". The PRI contains information about the carriers, ERI, EVDO, NAM, OTA Features, and Other Misc stuff.

  • Will write more.
  1. For those wondering after they edit the PRI you need to incremint it in "carrier.plist" by 1. Where it shows "PRI Version".
Original 
<key>PriVersion</key>
<string>00.01.023</string>

New
<key>PriVersion</key>
<string>00.01.024</string>
  1. Once you change file version to 1 number higher, just restart the phone. You check that it tries to write by enabling "syslog". Problem is because it needs to be signed. It just currently crashes the baseband untill you revert the PRI version back to the 00.01.023.

Modifying The ERI

Hidden Dialer Codes

  1. *#5005*4357#, Send [4357 = help]
    Displays the PRL and PRI verison
  2. *#5005*74663#, Send [74663 = phone]
    Displays your current MDN
  3. *#5005*25327#, Send [Unknown]
    Just flashes the screen
  4. *#5005*274#, Send [Unknown]
    Displays nothing but has a dismiss button.
  5. *#5005*7828#, Send [Unknown]
    Just flashes the screen
  6. *#5005*78283#, Send [Unknown]
    Looks like debugging log.
  7. ##2539, Send [2539 = Akey]
    SPC Password = 0's. Allows you to enter a new Akey.
  8. *#5005*342444#, Send [342444 = Diag mybe]
    Displays, Enabled: Flase, Enabled During Sleep: Flase, History: 131072KB
  9. *#5005*3424255#, Send [3424255 = Diag All]
    Displays, Enabled: Flase, Enabled During Sleep: Flase, History: 131072KB
  10. *#5005*3424#, Send [3424 = Diag]
    Displays, Enabled: Flase, Enabled During Sleep: Flase, History: 131072KB
  11. *#5005*5667#, Send [5667 = Loop]
    Displays LoopBack Call UI Enabled=false

Possible other codes, unable to figure out how to get them to work.

 74663*
 62255*
 62*
 22*
 7672*
 86*
 75337278#
 7533762#
 778#
 2267#
 5264#
 22#
 7672#
 86#
 2673#
 27844#
 278255#
 278#
 6244#
 62255#
 62#