Saturday, November 19, 2011

iPhone 4S unlock theoritically till now and low working .....

iPhone 4s had the ios 5 both the ios 5.0 and 5.0.1 both use activation directly from the cellular data .

First use the original sim of iphone and then make a call and end as thus the iphone gets the tmsi from the network and also it gets the use the carrier setting which it gets from its server or it had itself such as apn etc accordingly to the imsi .
When the airplane mode toggled (airplane mode is used otherwise baseband gets reset)with the replaced sim it does not use that tmsi to get the signals (the tmsi is issued by the network at the time of emergency call is dumped on the instance it is ended otherwise it would just die by the simple gevey) and get the imsi from the sim
Accordingly from the imsi it sets the apn number for that and tries to get signal from that sim although it is blocked (use the locked phone and insert other carrier sim and call on it you will hear the ring but phone will not tell you) as the iphone knows that it had the net connectivity of net and can activate the phone via cellular data network (your bad luck if your  imsi does not have the apn).

When we click  "use cellular data" the baseband got crashed
the baseband only accept the tmsi(still waiting for @musclenerd confirmation )which comes in the menu activation connect to wifi networks or itunes or on cellular data network and show the signal of the carrier but the activation screen still comes up and show the activation menu again as baseband and activation are different from each other
but after some of the tries the activation screen too also does not come up you have successfully unlocked iphone 4s

And thus when the sim is put back it gets unlocked automatically.....

Hence at last and least the trick is that "you need to create condition such as activation screen and same time the cellular connection option  with no valid connectivity when we tap it it tries and than it crashes and signal comes up"
@ raikikon

Wednesday, November 9, 2011

GEVEY TRUTH AND HOW DOES APPLE FIXED THAT !!!!!!!

TMSI is the identity published to by the operator of your mobile network having particular imei and contains the location where the phone is located.
IMSI is the identity which is present in the sim card and used by the phone to register on the perticular network (it help it to find the network on which it has to be register )also to lock it to perticular operator.

how does the GEVEY WORKS?
the gevey is a device which could manipulate the imsi which could thus match to which the iphone is locked its actually a devices which uses test imsi like 001016xxxxxxx called more truly as inter-poser(@Musclenerd).
hey !!! gevey has got that imsi but why the network does not come?
the reason is that such the tmsi and imsi the network register tmsi when the imsi(in card) matches to is own, but here the card imsi is changed by the gevey so therefore when (here 2 things can be done)
1.when iphone itself tries to find the signal does not get as it cannot find the network corresponding to that imsi .
2.i forcefully goes to the network setting select manual operator thus does not get it as when i click on suppose example i click on orange but the imsi is of at&t (find by gevey and my phone has the now sim card with the at&t imsi ) thus network will not register as it find that imsi does not match ..(but there are some stupid operator which can gives you signal but are very few was earlier)

why it used 112?
they used 112 as iphone baseband is an stupid..not foolish
as when 112 is called (we call its first when we insert the sim with gevey ,the imsi of the sim is same ie of the original sim and iphone will not accept it )  thus iphone is bounded to connect to the call thus the original imsi of the sim card is used and tmsi is issued by the operator hence its an easy job.
now the airplane mode (as when the call is disconnected and airplane mode is called the iphone baseband is so stupid that it keep remember the last data of the operator thus having tmsi at the network thus when gevey knows that the airplane mode is called its thus changes the imsi and iphone thus accept it and finds the carrier using last tmsi of that network got using the 112 call )

apple fix it lets see how?
1.it can fix it by the matching imsi in the phone and tmsi issued by the network its impossible as on roaming the other network with totally different tmsi gives us service (thus therefore to use data on gevey we use the data roaming on) hence this fails.

2.the network on second registration after a particular disconnect recheck the imsi (not possible machines and loads on them are out of standard apple does not have enough money to change all the operator's machine and standards  )

3.the basebands should forgets its history on airplane mode on and off and re ask  for tmsi from network it works on ios 5 baseband 4.01.08(theoretically for now) .

4.make the ios such that gevey could not detect the state of phone such as it gets imsi from phone and it came to know that phone is now in airplane mode.

real fix : apple bans the test imsi on the phone hence now the test imsi will not be accepted by the locked phone but the sim interposer would be working if it uses the real imsi of the phone ,here a preview


@raikikon











Tuesday, October 18, 2011

iPhone Network Finder/Carrier Detector - iPhone 4 for free

use it on itunes >=10.2 and ios to 4.3.5
First jailbreak your iphone then in cydia add source repo.bingner.com;
then now install SAM;


Now remove any kind of Gevey Sim and insert the sim directly and then open SAM and then goto more information >spoof the real sim to SAM


and go back and connect to wifi connection and goto utilities then deactivated iphone or revert lock down to stock and your iphone will be deactivated (since as you did not have the original iphone sim and thus you must have used the hactivate method of the redsn0w or sn0wbreeze)






use the method auto detect to activated your iphone and connect to itunes connected to internet and your phone will be activated and then you will see that in more info that the wild card activated and at last the imsi and iccid of the sim and operator to which it has been locked .

now go to method and by country and carrier and get the different carrier and till you get the first five digit match with the wildcard imsi.

for advance user you can unlock it by blank sim card with the imsi of wild card and the ki key and iccid of your choice ..............







Sunday, June 26, 2011

Theory of the itunes and possibility to downgrade baseband of iphone 4

what is this ?
this means that the itunes can downgrade your baseband ,as for example if you upfate your iphone to 5.0b1 than your baseband will reach to 4.11.04 but then you again restore to the 4.3.3 than your baseband will again comes to the 4.10.01 .

but what if you save your ssh of the 1.59.00 ie 4.0.x then you start the itunes will first connect to the internet than when it reaches to the baseband then it again connect to the internet to check for the baseband update and cancel it when it already of same version. 

then what is tinyumbrella it means that it cancel the 2nd process of connecting the internet and thus baseband does not upgrade ,and therefore what is the probability that we can downgrade the baseband is that the ssh must be saved in the good manner ie if itunes request the ssh from the tinyumbrella then it should give that one which could even downgrade baseband ie make the itunes that which allows the abseband changing option and thus we can downgrade it from the beta version to the released .



have fun !!!!

Saturday, April 2, 2011

IPHONE NCK UNLOCK PROGRESS

HISTORY
The NCK-key is the key generated by Apple if you’d officially unlock you iPhone, and with officially I mean, via your carrier. This “NCK-unlock” approach is identified over a few years now, really given that geohot started working on unlocking the iPhone 2G. He developed a program that could “crack” this 15 digits lengthy key and distinctive for each device. Geohots NCKBF program could do around 100,000 keys/second which would create a hit in a lot of years, or complete a search in 317 years. To get to a point where this is actually doable we would want a lot of orders of magnitude of improvement. Even if you use a PS3 (would we still want to use this??) or special hardware (inside 1,000 US$ range) you will only get an improvement of 20-100 times.. which doesn’t assist considerably.
Now, luckily, with the exploits they have now, they can’t unlock your baseband, but they *can* capture more details from the baseband to speed up this cracking method. Because the NORID and CHIPID (distinctive for every device) are recognized, you’d apparently only have to check 40 more bits (five digits). A 40 bits key is theoretically crackable on “home hardware” inside a week (24/7). The downside of this approach is that you’ll have to keep your computer turned on, and your iPhone has to be connected. And that is the reason why they never tried it prior to. Please note that this method is completely theoretical and has NOT been tried at all at this moment.

CAPTURE THE ITOKEN FILE OR SECZONE FILE

Overview

IPSF users can probably recover their original seczone token value before IPSF zeroed it out.

Details

Saving the cache

IPSF users should do the following
  • Make sure you have the BSD subsystem on your iPhone
  • Log into your iPhone and type: cp $(find /var/root/Library/Caches/bbsimfree -name "*.cache") /ipsf.cache
    • If you get an error like "missing destination file" then you either have no cache or you typed something wrong
  • Copy that cache off of your iPhone and save it! It contains very valuable data.
The existence of this important file was reported by sh1n1gam1 on the iPhone Elite forums

Using the cache

To recover your token manually, do the following:
  • Using a hex editor, find the LTOKEN1.0 string in the cache and note its starting offset (call this value "a"). In my cache, a=0x1e7.
  • Compute the offset of encrypted seczone, which will be 0x810 bytes after the start of that string: b = a + 0x810. So for my cache, b = 0x9f7
  • Extract the 0x2000 bytes beginning at that offset into a file called "en"
  • Run geohot's deipsf program to produce the "de" file. That is your original seczone.
    • Note that deipsf works only on little-endian architectures like x86 or ARM
    • Sanity check the "de" file. It should begin with 0x100 bytes of "ff", and then non-ff bytes. If you don't see that, then something went wrong...try again.
  • Use the decrypted seczone in a flow like this one: http://rdgaccess.com/iphone-elite/viewtopic.php?t=158


WILL BE BACK WITH MORE AND FULLY WORKING NCK AND LINKS



have fun !!!!