Revirginize iPhone (Out-of-date)

October 20, 2007 – 3:10 am | Views: 704 | Spiders: 115 |

UPDATE: For an easier way, please check Revirginize iPhone the Easy Way.

UPDATE: This method was originally announced on IRC by geohot. It no longer works ‘cos the remote server has been shutdown. The seczone fixing source code has been released.

Thanks to gray for reversing the iphone crypto, without him this server wouldn’t work. Thanks to ipsf for writing a really well designed software program and thanks to everyone who gave me seczones to play with — quoted from geohot

All the tools mentioned in this article are included in the bundled package: Revirginization Package

Instructions

NOTE: this method REQUIRES modem version 03.14.08_G, if your phone has a different version, your MUST reflash to version 03.14.08_G before proceeding!

1. Download IPSF, the version doesn’t really matter.

2. Change your DNS server in Wi-Fi settings to 129.21.116.152 (for DNS spoofing)

3. Run IPSF. It won’t work if your modem isn’t original so bbupdate it first if needed (the fw version doesn’t matter).

a. IPSF will say invalid token/error update token, this is normal
b. if IPSF says something else, that isn’t normal

4. After IPSF finishes, go to

http://129.21.116.152:49973/seczones/(your imei).bin

to fetch your fixed seczone.

a. Make sure to use your real imei, not 0049…
b. This file is your restored seczone, the file size is 4096 bytes at the time of writing

5. The original geohotz’s bootloader (gloader) had a bug which prevented it from working. A nice guy at Hackint0sh corrected it and also wrote a simple proggy (geomaker) to generate personal gloader. Use it as “geomaker (your imei).bin”, you will receive “(your imei).bin_loader” - THIS IS YOURS LOADER.

6. Now it’s time to restore seczone. The next steps require you to have BSD Subsystem and OpenSSH installed on your phone, and is FOR 03.14.08_G ONLY!

WinSCP the following files on your phone (better make some dir like /usr/u)

314fls_correct,
314secpack,
eeprom.eep,
bbupdater,
iUnlock,
(your imei).bin_loader (not the .bin file you downloaded, but the generated loader)

SSH into your phone, then:

/bin/launchctl unload /System/Library/LaunchDaemons/com.apple.CommCenter.plist
./iUnlock 314secpack 011245000012345.bin_loader
./bbupdater -v

You will get an error “Can’t ping target”, this is normal! This just triggers our loader to fix the seczone. After it finishes, enter the following commands to reflash the baseband:

./iUnlock 314secpack 314fls_correct ./bbupdater -v

It SHOULD show the correct version 03.14.08_G. Finally, just to be sure:

./bbupdater -e eeprom.eep

That will write correct eeprom. Now start the communication center:

/bin/launchctl load /System/Library/LaunchDaemons/com.apple.CommCenter.plist

or simply reboot your phone - it is VIRGIN and UNLOCKED with gray’s “ignore mnc/mcc” patch (same patch used in anySIM 1.1). Thanks goes to geohot for the server, gray for all the researches and code.

Disclaimer

Your ltoken/seczone are being saved to this server.
These could contain personal information.
This is a test server, and will be taken down and have all the info deleted this Monday
The source of the server will be released then.


This entry was written by George Zhu, posted on at 3:10 am, filed under iPhone and tagged , , , , , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

One Comment

  1. lionel
    Posted January 30, 2008 at 4:23 am | Permalink

    see my phone has no wifi no bluetooth no imei i tried to downgrade pls helpme

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*