As promised in their yellowsnow demo, [pytey], [MuscleNerd], and [planetbeing] from the iphone-dev team presented at 25C3 on their work Hacking the iPhone. The team originally formed in 2007 and this is the most comprehensive presentation on how the iPhone was compromised to date. You can find the full talk embedded above.
To appease people waiting for the iPhone 3G unlock, iphone-dev team member [MuscleNerd] did a live video demo this afternoon. The video shows him removing the AT&T SIM and putting in a T-Mobile SIM. After the switch, the phone shows no connectivity. He then runs “yellosn0w” in an SSH session with the phone. The phone then unlocks without needing to be rebooted and the signal bars appear. The final test shows the phone receiving a call.
The target for this release is New Year’s Eve and it doesn’t support the most recent baseband. Well be attending the 25C3 talk hosted by [MuscleNerd] and other team members. The VNC screen you see in the video is thanks to [saurik]’s Veency.
Working as quick as ever, the iphone-dev team have updated the PwnageTool and QuickPwn to work with the new iPhone 2.2 firmware update. The trouble with the new firmware is that it updates the baseband of the phone, which could potentially undo any progress made towards an iPhone 3G unlock in the future. If you don’t care about that, you can use QuickPwn to jailbreak your phone after the upgrade, so you can run any app you want. If a future unlock is important to you, use the PwnageTool to strip the baseband update out of the firmware update.
The iphone-dev team has officially stated “all that remains is implementation“. They’ve developed all the pieces they need to perform a software unlock for the iPhone 3G, now it’s just a matter of putting them together in user friendly fashion. They’ve managed to run unsigned code on the baseband, developed custom AT tools, and are now showing injection of a background task. They will combine all of these techniques to override the carrier lock baseband code. As usual, they warn against performing any official firmware updates to the phone.
Earlier today, the iPhone Dev Team teased that they wouldn’t release their latest Pwnage Tool until Sunday. Since this was yet another in a week long bit of teasing, we were somewhat surprised when a few hours later they posted a rather relaxed Thanks for waiting :) post announcing that Pwnage Tool 2.0 is available. Here’s a direct link to the tool and a mirror courtesy of [_BigBoss_].
According to TUAW, Pwnage Tool 2.0 will activate, jailbreak, and unlock first generation iPhones running any firmware up to and including version 2.0. Unfortunately, it will not unlock an iPhone 3G (at least, not yet). iPhone 3G owners can still use the tool for activation and jailbreaking (so you can run 3rd party apps not supported by Apple and the new iPhone App Store).
So far, skimming through the 1322 comments on their announcement post, I’ve not seen any complaints or death threats about the tool bricking iPhones, but one should still proceed with caution. According to one update to the post, some people either get an error 1600 from iTunes or they notice a “failure to prepare x12220000_4_Recovery.ipsw” in the log. They’ve provided a workaround, however. If this happens to you, simply
mkdir ~/Library/iTunes/Device Support or alternately nuke all the files in that already extant folder and re-run Pwnage Tool.
UPDATE: Image is from Engadget’s iPhone review we covered earlier.