Friday, December 19, 2008

New year gift: Software unlock for 3G

Iphone-dev team has an exciting new year gift. Its going to release software unlock method for 3G iphone on new year eve. They had been working hard on this project under the codename 'yellowsn0w'. It is in the final phases of packing in a user friendly user interface. They are going to release a video demo of the same on around Christmas time. See their blog about this update. There are a two pre-conditions on which you can unlock your phone. It should have a baseband of version 2.11.07 or prior. It should be jailbroken. Jailbroken phone is a requirement because the 3G unlock software is distributed using the cydia installer which is available only on jailbroken phones.

Happy Christmas and New Year


Update: See the video demo of software unlock of 3G iphone

Friday, December 12, 2008

iphone screen output on TV

iphonehacks is running an article where it pointed out that the famous developer Erica Sadun has discovered that the recently released iphone firmware2.2 SDK offers an option to export video-out live to a connected TV screen. This is an undocumented feature in the SDK.

There is already a working prototype to prove that this thing works in real. See this video where the live camera is projected on a TV screen.


It does not stop here. Greg Hartstein developed an impressive prototype with on-screen controls where he can extend the iphone desktop to the tv screen. i.e you can use the tv-screen as additional space of your iphone. This is like extending the display of computer output to more than one monitors. Laptop users with windows operating system might be familiar how to extend their laptop screen to a standalone monitor. See this video which demonstrates the feature that I am talking about. Please be patient, it comes towards the end after showing some other interesting possibilites.

Wednesday, December 3, 2008

Linux on iphone

Like iphone ? Love linux ? Want both of them together ? Then your answer is here. A new project named "iphoneLinux" is going to achieve this. The project is in very infant stage right now. Currently, it provides only a command line interface to interact with the iphone sub-system. You can connect to a terminal over USB connection. The best part of this project is that your iphone becomes a dual boot system (like having windows and linux on the same system). At the boot time you can choose which OS you want to boot into.

For me, the enormous potential in this project is obvious. Speaking at a technical level, currently they have support for access to screen, serial driver, serial over USB driver, Interrupts, MMU, clocks etc. But all the special features of iphone are yet to be brought under the hood. Currently there is no support for wireless networking, touchscreen, sound, accelerometer, baseband etc. Do no slam it down saying that this is useless. It is just about matter of time when they will be supported.

BTW, they are recruiting people for the project. If you are good at kernel hacking and type of guy who figures out things on you own, you can put your head in it. Keep track of their informal blog to get updates about the project.

See this video which shows the boot options and commands in linux terminal.

iPhone Linux Demonstration Video from planetbeing on Vimeo.

Vietnamese hacker unlocks 3G iphone using hardware method

A quick round up before going into the details. There is no software method to unlock the 3G iphone yet. The iphone-dev team is working hard and getting closer day-by-day. They were successful in replacing the baseband on the 3G iphones, but it seems that the procedure had some problems. They want to release a robust solution as a software method to unlock 3G iphones. See their team blog for updates.

There is a SIM-based solution also to unlock the 3G iphone. Many people call this hardware method, but I would like to call it SIM-based solution as this approach does not involve opening the iphone and playing with the chips/circuits. This is first done by Brazilian hackers. It involves a wafer-thin card that piggybacks on your SIM and fooling the iphone into thinking that it is a test SIM thereby allowing any carrier. But they are selling this solution at a very premium price of $250-$350.

Coming to the main topic of this post, iphonehacks is running an article which says that a vietnamese hacker is able to unlock 3G iphones using a pure hardware method. It involves removing the baseband chip from the motherboard, reading the contents of it, reprogramming the chip with modified data, and then putting it back on the motherboard. Sounds exciting, isn't it ? I feel that he is generous because he charge only $80 for the whole process which takes about an hour.

The above two solutions (SIM-based and hardware method) does not work with the 2.2 firmware on 3G iphones because the firmware upgrades the baseband. This creates one more challenge to the hackers and puts apple ahead in the cat-and-mouse game. The upgrade of baseband with the 2.2 firmware happens only on 3G iphones. I seems that there is no way to downgrade the baseband once it gets upgraded. So, think twice before upgrading your 3G iphones to the latest 2.2 firmware.

Wednesday, November 19, 2008

Voice search app for iphone from google

Before going into the details of the application, it will be interesting to know some funny things that happened with it. Google launched the application on Friday, 14-Nov-2008. But the application did not appear in the apple store even on monday. Apple forgot to add the application to their app store. There are also reports that the delay is because of the apple's strict review process. But this should definitely have been coordinated better for the launch.

Talking about the application, as is obvious from the name, it searches the web based on voice commands. No need to type into those tiny keyboard offered by mobile phones. Just ask the question. Added to this, the application exploits the GPS in the phone to provide location based services. So, you can ask "Where is the nearest Starbucks coffee shop?". Interesting, isn't it ? The results that you get are text results but optimized for mobile phone display. The phone numbers etc stand out explicitly so that you can use them to dail out.

As with other google products, this application is also free. The initial hands-on reports on this application says that the application is awesome and accurate. Accurate both in terms of recognizing the voice and the results. This application cannot be used for any other phone functions like dailing your contacts etc. This application is purely meant for search.

Saturday, November 1, 2008

Forget the touch. Just talk.

There is no doubt that apple, with its touch technology, has raised the bar very high for the mobile phone industry. I am sure many of it competitors are still spending sleepless nights. Other players like HTC & LG had come up with their version of touch technology but definitely not surpassing apple. Ofcourse, apple will always have the early bird advantage.

It seems that people are exploring ways other than touch to impress customers. That is what Microsoft exactly did. They come up with a voice command interface to control the mobile phone. While this is not new to the mobile phone industry, the set of features offered by this new software are much more superior to what was already seen.

Earlier, many mobile phone vendors offered what is commonly known as "voice dialing". To be able to do that, a voice tag has to be associated with a particular contact. Then only one would be able to dial that contact using voice. But now, with Microsoft’s "voice command" software, there is no need to tag each contact. You just say the name. The software identifies the corresponding contact and asks you for confirmation before dialing. If you say “yes” it would dail that number or else if you say “no” it would try to find the next closest match. It uses something called speaker independent phonetic speech recognition and text-to-speech technology.

This is nothing compared to hell lot of others features offered by this software. It can be used for e-mail notifications, spoken caller ID, controlling media player, controlling utilities, calendar lookup etc. It can be used to quickly check the time, date, and battery level also. See this link from Microsoft to see the feature list or even better, see the software in action in this video.

Monday, October 20, 2008

Now, hack your ipod

I realize that I have been writing more and more articles about firmware hacking and related stuff. It  makes me more and more excited to learn how to play with your gadgets. Especially playing with their core. Now this article is about putting custom firmware on your ipod and many other personal music players. But first let me warn you that doing this will void your warranty.

Rockbox is an open source firmware written for personal music players. It supports wide range of players like apple ipod, iriver, sandisk sansa etc. The latest 3.0 version of the frimware is released in sept-08. The question anyone would ask first is "Why should I upgrade ?". I guess the answer is simple "Because it has loads of features that your vendor would not have provided"

Take apple ipod for example. It supports very limited codecs (file formats). But with this rockbox firmware, your same ipod can play upto 15 different codecs including ogg/vorbis, wma, realaudio-cook format etc. You can have themes for the user interface. Can you believe that you can play "doom" on ipod ? yes, doom. It has plugin support where you can add games, applications. In case of ipods, this firmware is supported for ipods right from the 1st gen ones. So,  you can breath new life into your otherwise obsolete ones.

Thursday, September 25, 2008

Operate your computer with wii controller

Lifehacker is running an article on how one can operate the computer with a wii controller.  This technique exploits the bluetooth capabilties of the wii controller (including the balance board of wii fit). Once you have a wii console, all you need is a PC/laptop with a bluetooth capability. If you do not have on in-built you can purchase an external bluetooh adapter/dongle for almost nothing. 

Pairing up of the wii controller with the computer is more or less like pairing any other bluetooth device(Read the lifehacker article for detailed info). Once the device is paired up, you need to use a software named "GlovePIE". This software is used to map the signals given by the wii controller into computer movements like mouse buttons and arrow keys.

What else ? Sit back and control you pc with your wii controller. 

Wednesday, September 17, 2008

Wall-E iphone ringtone

I became a big fan of Wall-E movie. I was scouting for a Wall-E ringtone for my iphone. Though I got a few ringtones from a blog, I was looking for something more. I wanted a ringtone which has Wall-E name and some music associated with it. When I searched more I found an MP3 file which has it. I converted it to iphone ringtone. I want to share it for the sake of other fans.

You can download it from here.

Wednesday, September 10, 2008

HTC Diamond: Rotate the phone to lock and unlock

HTC Diamond is one the new mobile handsets from HTC. Few people are aware the HTC is the actual manufracturer behind popular brands like O2, Imate, Dopod etc. Now HTC has entered the market directly. It is brining out interesting models with innovative new features. The cube technology in the HTC touch is a challenger for iphone. Though I personally am not impressed with the cube feature, its pretty good. It does not have multi touch capability. May be I am biased because I am an iphone user. 

Anyway, coming to the main point, the new model of HTC touch which is named "Diamond", has a host of interesting features. Its fast. Its supports touch gestures (but still single touch). One of the features that I feel stands out of the lot is the way the screen can be locked and unlocked. You just rotate the phone to lock the screen. You rotate the phone on the other direction to unlock the screen. May be time taking but vey different. See this video for a demonstration

Monday, August 11, 2008

Multi-touch 3D holographic projection system

This is simply mind blowing. We are going closer and closer to the "minority report" style of user interface. Engadget is running an article about a 3D holographic projection system developed by a company called "Obscura digital". They developed a technology where you control the projected objects in thin air with hand gestures. Really hats off them. You should see the video to appreciate it.

Wednesday, August 6, 2008

Iphone 2.0.1 firmware updates 3G baseband

There seems to be lot of confusion around the latest 2.0.1 firmware from apple in relation to unlocking. It seems that this firmware updates the baseband only on 3G phones and not on 2G phones. However, both the 2G & 3G iphones cannot be unlocked(as of now) with the latest pwnage 2.0.1 tool.

What this means is that you cannot unlock the 2G/3G iphone with the existing tools if you upgrade firmware to the latest 2.0.1. Apple released this firmware fixing the bugs in 2.0 firmware and making some performance improvements. The 2.0 firmware does not upgrade the baseband even on 3G phones. Firmware 2.0 on 2G iphones can be unlocked using the latest pwnage 2.0.1 tool, but 3G iphones on 2.0 firmware cannot be unlocked yet. See the blog of iphone-dev team which have clarification on the above confusion.

The earlier vulnerabilities exploited by the tools like ziphone, pwnage etc will be fixed in the new baseband. So, apple threw one more challenge to the hackers keeping itself ahead in the catch-up game. The hackers need to find new vulnerabilities to hack the latest 3G baseband in 2.0.1 firmware.

What can you expect ?
- For 2G iphones, hackers will shortly release unlock tools for 2.0.1 firmware
- For 3G iphones, hackers will shortly release unlock tools for 2.0 firmware(not 2.0.1)
- For 3G iphones, hackers will take some time to release unlock tools for 2.0.1 firmware

Monday, August 4, 2008

Iriver spinn: music player with touch screen and spin wheel

It seems that touch screen for gadgets is becoming standard after iphone showed it to the world. Engadget is running an article about the new music player from iriver named spinn. It has a cool user interface sporting a touch screen and a spin wheel. See the video that recently surfaced giving a demo of this cool gadget.

Besides the common features, it has bluetooth capability, TV, picture browser etc. This is not yet available world wide. It is going to be released in south korea shortly. Moreover, this is not going to be easy on the pocket. Pre-order pricing indicates that an 8GB model costs $299, which is same as 8G ipod touch model.

Tuesday, July 22, 2008

Pwnage 2.0 : Unlock 2.0 firmware on non-3G phones

iphone 2.0 is the latest firmware that is released by apple. Apparently, this is the same firmware that runs on the newly released 3G phones also. This new firmware brings a bunch of new features. Some of them include: push email, support for microsoft exchange server, better email, contact search, scientific calculator, additional languages, support more email attachments like powerpoint etc.

Now the good news is that you can upgrade your non-3G phone to this firmware and can jailbreak+activate+unlock it. Iphone dev team, has release their new Pwnage 2.0.1 tool for public consumption. This pwnage 2.0.1 was released immediately after fixing some problems found in pwnage 2.0. Obviously, one should use the latest tool to unlock their 2.0 firmwares. There is a bad news also. This tool is currently available only for mac users. However, windows users need not get disappointed as there are other ways to unlock the phones.

Naturally, all the community is out there to help you in the upgrade + unlock process. See the pwnage discussion forums at hackintosh.com. In case you do not know, hackintosh is the home for the Iphone dev team which released this pwnage tool. So you might be able get help from the authors. Here is the full tutorial with scree shots of pwnage 2.0 for mac users. Here is the step-by-step instructions from iphonehacks for windows users. Here is one more tutorial for windows users from iunlocked.

Friday, July 18, 2008

iphone 3G unlocked using sim based solution

Apparently, this is the worlds first unlocking solution available for the 3G model. This came from a brazilian hacker within 2 days after the official launch. The hack is a hardware method of building a sim adapter. It will trick the iphone to believe that the inserted sim is a test sim and it allows all the operations from that sim. See the report from iphonehacks about this. You can visit the original authors page also (It is in portugese).

This technique does not need any software/hardware hacking. You need not jailbreak the firmware also. But unfortunately this is going to be a costly affair. It seems that they are charging around $250 for their solution. See this article about the pricing.

On a related note, iphone dev team announced that they are able to jailbreak the iphone 3G model. Yet another worlds first. They will be releasing the new pawnage tool 2.0 shortly, after some testing. See the report on this from iphonehacks.

May be we should recap a little bit of history. It is announced that iphone 3G runs the 2.0 version of the firmware. The 2.o firmware had been released earlier to the launch of 3G phones. 2.0 version can be used on the older non-3G phones also. As per the confirmations, the 2.0 firmware on non-3G phones can be jailbroken and unlocked. There is no confirmation for this on the 3G models.

Saturday, July 5, 2008

GPS for the old non-GPS iphones

If you are an early adopter of iphone which did not have the GPS capablity and if you wish that you also had GPS, you are not left far behind. You can shell out some money and can get an add-on for your iphone and make it GPS-enabled.

Holux is one of the makers of GPS receiver devices. You can use its device (M1000b/M1200b) to pick the GPS location and feed it into the iphone. The best parts is that it can be integrated into the maps application provided by default. To do that you need to install an application named "GPS Live" which can read the GPS location input from the external GPS device and point the map to the exact location.

The whole package of Holux GPS device + connecting cable costs around $100. If you already have a Holux GPS receiver, the connecting cable costs only $16. It can be ordered from here.
The "GPS Live" application can continiously update your current location on the map. To see the device in action, see this video on youtube. See the instruction to download "GPS Live"

It is important to acknowledge the very first efforts on bringing the GPS to iphone. It is by an application called "xGPS" (link here). They found a way to integrate the input data to the Maps.app application. This the gateway to feed the GPS location input from the external GPS device to the default maps application.

Friday, June 20, 2008

Music player that dances to the music

Do not have a dance partner when you wanted to dance ? Take a look at this new cute and compact sony music player named "Rolly" that can dance to the music. It has some cool features built into it.
- Ofcourse the first thing is that it plays music
- It generates motion according to the music
- It has builtin sensors to detect and avoid obstacles.
- It can be controlled with a bluetooth remote
- It can be used as a wireless speaker over bluetooth(including mobile phone)
- Customizable motion

It is not yet available for the worldwide consumers. Its is going to be released only in japan in setptember this year. You have to see this video to appreciate the grace in its dance. An official video is also available, but it is a little bit boring. You may want to take a look at the google-transalted english page. Try browsing around the japanese links to see more details.

Monday, June 16, 2008

Using Canon S2IS digital camera as webcam

Here are the two links that I found on this subject. One is the Cam4you and the other is Softcam.

cam4you is a freeware. I tried cam4you and realized that there is a big catch. After googling, I confirmed that my understading about the catch is true. Here is a nice tutorial on using cam4you and the tutorial's author confirming the catch. Do not confuse this with Cam4you-remote, which the application author confirmed that it cannot be used as webcam.

The big catch is that you cannot use the camera as a webcam which can be used for video conferencing. In other words, the digital camera cannot be mimicked as a webcam which can be used with your yahoo/MSN messenger. What you can do is to upload the pictures to a location on the web, which gets refreshed. So, your viewers have to refresh their page every time they want to see the latest image (Note that some browsers like opera have the built-in capability to auto-refresh at a chosen frequency. You also can get addons firefox & IE which can do this).

It seems that this limitation is not there in softcam, which can grab any piece of your screen and provide that as a feed from the webcam. The feed can be used in chat clients like Yahoo/MSN.
It is a licensed software. Though a shareware version is available, I did not try it out. I will try it out and will update this post later

Friday, June 6, 2008

Copy music from iphone to PC

Copying music from PC to iphone is very obvious. I am sure that many people would like to copy the music from their iphone(or ipod touch) back to the computer. This link gives a nice tutorial on how to copy the music from you iphone. If you are having a mac, there is a graphical tool called "Senuti" that can automatically get the music. Or else if you use windows/linux, you have to use some sftp utility to download the music from the iphone. The only catch is that the filenames will be gibberish. You need to rename your music files once you get them on your PC.

Monday, June 2, 2008

Logitech quick cam messenger works with old drivers

I had problems getting my logitech quickcam messeger webcam to work. I tried installing the latest drivers meant for this webcam i.e., quickcam v11.5. I did not have the original driver CD that I got with my webcam. So, I downloaded the latest drivers from logitech webpage. I have windows XP with service pack 2. After installing the drivers the installer asks to connect the usb of the webcam. But the webcam is not detected. Disconnecting and reconnecting, or rebooting and rebooting and rebooting also did not help.

When I googled for it, I found that many people faced this problem. But most of the discussions ended without any solution. Some solutions suggested to replace some set of files in the drivers which did not work for me. Even manually picking the .inf files also did not help me in getting the webcam to work.

Finally, in one post which was giving a workaround for similar problem in windows vista, I found a link to the old drivers (quickcam v8.4.8). That did the magic for me. Before installing the old drivers, I had to clean up the old mess that I left around. I uninstalled logitech usb webcam hardware through the device manager. And I uninstalled the driver pack and the logitech application software via the add/remove programs.

After cleaning up all the mess, I installed the 8.4.8 package. It asked me to reboot the PC. After rebooting, the installation software asked me to plug in the usb of the webcam. There was a big pause and I was holding my breath. Finally, the webcam is detected thus ending the week long battle. Once the webcam is detected everything became a piece of cake!

Monday, May 26, 2008

Added CHDK firmware. Could not tune motion detection

After a row with vendor of card reader from ebay, and after some hiccups, I was finally successful in loading the CHDK firmware into my canon S2IS camera. Loading the CHDK firmware is easy once you follow the instructions carefully. I tried to be smart by not reading the manual fully and guessing the remaining.

I realized lately that the memory card should be kept in locked state for the firmware to load. If the card is not put in locked state, the CHDK firmware would not load. The camera will continue to work with the default firmware(by canon). The interesting thing to note here is that the pictures can still be recorded in the memory card even if it is locked. Till now, I thought that the lock physically protects the card from writing. But now, I understand that it is just a logical protection. i.e., The software has to respect the lock on the reader. I can write a software that will not honor the lock and will write it into the memory card even if it is locked.

I experimented a little with the new firmware and enhanced capabilities. I liked the RGB histograms etc stuff. I still need to explore lot of new functionality. The most interesting thing that drove me to upgrade to CHDK firmware is the motion-triggered photography, especially the lightening photography. But I am not much successful with it. There are a bunch of scripts on motion detection and others that one can explore.

The problem with the motion triggered photography is that there are a bunch of parameters in each script, which needs to be tuned. I am not able to tune those parameters to quickly take a photograph after motion is detected. The camera takes a lot of time after the motion happened. Added those parameters, the camera settings also should be tuned well. I was able to improve somewhat by setting the manual focus mode, and continuous shooting mode. Another problem is that the picture is not taken even if there is motion. I guess we need to tune the "threshold" parameter properly.

I will write one more post if I am satisfied with my experiments on motion triggered photography.

Thursday, May 8, 2008

Hack your canon powershot camera

Incidentally, this is my first post on gadget other than iphone. I will try to do more justice to my blogname "gadgetsandyou"(not "iphoneandyou") by trying to write more about other gadgets too. Technically, the following is not really hacking, but just upgrading the fimware in a twisted way.

Do you know that you can power up you canon powershot camera with enhanced capabilities. All you need to do is to install an add-on firmware to the existing firmware. The best part of this exercise is that the original firmware from canon does not get erased or overwritten.

This is the article that I first came across related to this topic. It finally lead me to the home page of the CHDK project. With this you can enhance your cameras which has DigicII/DigicIII processors. This is the list of supported cameras.

Some of the cool additional features that you would get are as follows
- Enhanced Image Capture
- Additional display information
- Additional Settings
- Support for custom scripts (I am exited about it)
- Continuous display of battery charge
- RGB Histograms
- Motion-detection triggered photography
- Additional applications like calendar and games.

The above is just a tip of the iceberg. There are lot of major and minor enhancements. I am going to try this out this weekend. I will post my experience.

Sunday, April 20, 2008

Showtime: video recording for iphone

Showtime is a native application that can be installed on a jailbroken phone. It brings video recording capability to iphone which I think is one of the basic functionality of any high-end phone. Initially, I was surprized when apple did not offer video recording capability on iphone. I had to reconsider my decision of buying iphone. Finally, I bought iphone expecting that the future software updates will bring the capability.

On a jailbroken phone, in the installer, you can find "showtime" in the "multimedia" category. But there is a catch to this. The current free version records only 5 secs of video. You need to donate to get a license key which do not have any limitations. Currently, the software is just in its bare bones. There is no capability to delete the recorded videos, which I think is very odd. I am sure that they will add this capability in the future releases.

Update:
I am wrong in saying that there is no capability to delete recorded videos. If you swipe across the filename, it will give an option to delete the file. Also, the recorded videos are kept in /var/root/Media/PBFVideo/ (/var/mobile/Media/PBFVideo on 1.1.3 phones). You can use SSH/SFTP to transfer videos on and off the iPhone. Go here for more detailed information. It has information about the current features and the upcoming features.

Thursday, April 17, 2008

Fring for iphone: Use VOIP

Fring, a software gives VOIP and chat functionality for mobile phones released an evaluation version of its software for iphone. It is a native application. Currently, you need to jailbreak your
iphone to install this application. For detailed procedure of installation on a jailbroken phone, visit this link from fring.

This software brings together different IM services like MSN, google talk, skype etc. First you need to register with fring and then subscribe for the services that you use. Fring maintains your other accounts. i.e. Fring automatically logs you into gtalk/skype once you provide your credentials. You can even do SkypeOut calls using fring. It supports SIP accounts also. In short, its a wonderful software that you cannot miss.

I learnt(from here) that you can use this VOIP functionality on ipod touch also if you have an addon hardware. ipod touch do not have a microphone by default and hence the limitation. You need to have touchmods doc connector microphone.

Apple is against VOIP applications on iphone. I think this is because it will loose the revenue share from its telecom partners if people start using VOIP services which are way cheaper than the telecom services.

Thursday, February 28, 2008

Iphone firmware 1.1.4 released and also hacked

Iphone's lastest firmware, 1.1.4, is released a few days back. And the good news is that it is already hacked. Currently the hack is only for 3.9 bootloaders. So, all the people who dared to do hardware hacking has a reason to be proud. I am sure this hack will be available soon for the 4.6 bootlloader also. With 3.9 bootloader, currently you can activate + jailbreak + unlock your phone. There are more than one tutorials on how to hack the new firmware. Here you go. Tutorial1, Tutorial2, MacTutorial.

If your phone is already on 1.1.3, need not rush for 1.1.4. Because the 1.1.4 firmware do not have any new features its just bug fixes. If your bootloader is 4.6, you need not really wait. There is method to downgrade you 4.6 bootloader to 3.9. Here is a tutorial on how to downgrade your 4.6 bootloader using ziphone.

Be careful about the fake versions of ziphone making rounds, which claim that they can unlock 1.1.4. I would download it only from ziphone.org. Zibri, the guy behind the ziphone, is yet to release the new version of ziphone which can hack 1.1.4. He is doing the testing. Keep looking at ziphone.org

Update: Ziphone 2.5 is released. It is one step solution to unlocking 1.1.4 . visit www.ziphone.org
I restored to 1.1.4 and unlocked mine.

Thursday, February 21, 2008

How to share internet connection on PC with iphone

This is a tutorial on how to share the internet connection available on your ethernet port(LAN cable) or dial-up connection with your iphone, if you have a wireless network adapter in your PC/Laptop. This will be helpful for the people who do not have wireless modems in their home, but have other means of connecting to the internet like broadband, dial-up etc. However, the PC need to have wireless adapter which support 802.11 adhoc networking protocol. Most of today's network adapters support this. You can buy a USB based wireless network adapter which are widely available. This tutorial can also be used just to setup an adhoc network between a PC and the iphone. Enough of marketing, lets get started...

I am assuming that you are using windows XP or Vista. I am assuming that your ethernet is already configured properly for accessing internet. We first need to make your PC/laptop capable of talking to the iphone and viceversa. Follow the below steps to setup an adhoc network between the PC and the iphone.

1. Go to control panel -> network connections.
2. Right click on "Wireless network connection" and choose properties
3. Choose "Wireless Networks" tab.
4. Click the "Add" button, in "Preferred networks" section.
5. Give "iphone-net" as SSID (you can choose any other name)
6. Select "Open" for "network authentication"
7. Select "Disabled" for "data encryption"
8. Tick the checkbox saying "This is a computer-to-computer(ad hoc) network..."
9. You need not change anything else in the other two tabs.
10. Save your settings, by pressing OK in all the places.

If everything goes fine, in your iphone, you will be able to see "iphone-net" as one of the available wi-fi networks when you turn on the wi-fi in the iphone. Do not connect to it yet. The procedure ahead is very simple if you have DHCP available on your ethernet. i.e if you automatically get an IP when you connect the LAN cable. Most of the ADSL broadband modems have this functionality. They assign an IP to the PC, when the LAN cable is connected. If you are not a geek you mostly would use this feature to get an IP for your PC.

For now, let us assume that you have DHCP available on your ethernet, where you have internet connection. (If you do not have DHCP, you should follow some extra steps that I mentioned at the end of this tutorial). Follow the steps to create a network bridge.

1. You will have at-least have two entries in your network connections.
2. One will be of the ethernet, and another will be of the wireless network.
3. Select the two connections (by doing ctrl+left click).
4. While both the connections are selected, right click and select "bridge connections"
5. It will take a little while to bridge connections.
6. You will get one more entry in network connections with name "Network Bridge"

You are almost ready to go. Do your routine exercise whichever you follow to be able to access the internet on your PC. For e.g starting your ADSL modem, and/or connecting the LAN cable etc. Once you are able to access internet on your PC, do the following on your iphone.

1. Turn on the wifi
2. Select iphone-net that will be shown in the available networks.
3. Click the small blue round arrow on the right
4. It will give more details about the connection.
5. You should see the IP that is in the same range as that of your PC.
6. Open the safari browser, and open some website. It should work.
Enjoy!!

(I am bored now, I will write later on how to access internet if there is no DHCP on the ethernet. For the knowledgeable, its obvious that we need give static IP in both the PC and iphone in the same range. I will explain it later)

One big and irritating problem that I face is that, the network connection keeps dropping very frequently. It gets disconnected every 10 mins or so. The wifi signal indicator does not become grey, but internet access will cease. I do not know a permanent solution to this. If you know, please help me. The workaround is to turn-off the wifi and turn it on again.

See the following tutorial about network bridges for general idea. This network bridge is available only on windows XP and vista. This technique is very simple. I couldn't succeed to share the internet using the ICS(Internet connection sharing) feature. I did not try much. Also, I am not sure if we can create a bridge with a dail-up connection. I do not have first-hand experience but by quick googling it seems that it is possible.

Monday, February 18, 2008

Software unlock for 4.6 bootloader released

Geohot found a flaw in the new 4.6 bootloader. This a very good news for all the people having 1.1.2OOTB & 1.1.3OOTB phones and waiting for software unlock. This is also a good news for some people who bricked their 1.1.2 OOTB phones. They can upgrade to 1.1.3 version to unbrick their phone and unlock it. See the details about the exploit from geohot's blog.

Zibree developed a nice easy to use GUI based application that can unlock the phones. It is called ziphone. This application is a conglomerate of different tools one has to use to perform this software unlocks. So, one need not bothering about collecting all the needed files from different sites. This application performs other tasks also besides performing the unlock. It can jailbreak and activate the phones also. It also has the capability to downgrade or erase the bootloader.

Sunday, February 10, 2008

1.1.2 OOTB Hardware Unlocking: Restoring baseband & Unlocking

After you successfully downgraded your bootloader to 3.9, everything else is a piece of cake. Immediately after downgrading the bootloader to 3.9, using iunew, your baseband will be in an unusable state. The tutorial at unlock.no, suggests to use the bbupdater command to reflash the baseband with 1.1.1 version. But I would recommend you to simply use itunes and restore the firmware to 1.1.2 version. This is less geeky way of restoring the baseband, but a little time consuming process. You can restore to 1.1.2 irrespective of which baseband (1.0.2 or 1.1.1) you were in when you downgraded the bootloader. You can see that you got your wifi back.

Now, we have to activate and jailbreak your phone. For that, restore it back to 1.1.1 firmware usingn itunes. Now, jailbreak & activate your phone using the www.jailbreakme.com technique. Follow the detailed explanation for this at unlock.no. Now you have to run oktoprep. Download it from the 1.1.1 tweaks sections of your installer. This will prepare your phone to be upgraded to 1.1.2. (If you are from outside US, install an application named "phone # to name fix" from the "unlocking tools" section of the installer and run it. Read last paragraph for more details). Now perform an upgrade your phone to 1.1.2. Remember that you have to choose "upgrade" and not "restore" this time. You can select which version of firmware to upgrade but clicking the "upgrade" button while holding the shift key.

After the upgrade to 1.1.2 is over, you phone will be locked again. Now, you have to use 112jailbreak application to jailbreak & activate your 1.1.2 firmware. Download the application from here and unzip it. Run the application by clicking "windows.bat" file. In the application window, choose to install SSH and then click the "Jailbreak" button. The jailbreak process will take some and you phone will reboot a couple of times. At the end it will say "Slide to unlock". You will not have access to spring board. Also all your applications installed in 1.1.1 version and the settings will still be there. This is because you upgraded to 1.1.2 and not restored to 1.1.2. Remember this for future. It will be handy.

You are just one step away from the unlock step. You have to download the Anysim1.2.1u application. It will be found in "Utilities" section of your installer. Download it, but do not run it yet. First go to settings and turn ON the airplane mode. Remove the AT&T sim and put the new sim that you are going to use. Now, run the newly installed anysim 1.2.1u application. Read through the instructions and slide to start the unlocking process. During the process the airplane symbol will go away. Do not worry, just ignore it. At the end, you will get a message saying that the unlock is successful. Turn off the airplane mode and you should see signal with your carriers name. You have completed the unlock process. Congratulate yourself!!

People staying out of US, need to do one more step before making calls. You have to download iworld application and run it. If this application is not installed the phone will keep soft-resetting everytime you try to dial a number or when you try to read SMS. You can find this application in the "Tweaks 1.1.2" section. After downloading, run the application and choose the country where you are using the phone.

One more problem with iphone is that it does not match the incoming numbers correctly with the number stored in the contacts. Incoming numbers might come with the country/local code prefixed to the actual number stored in the contact. By default, iphone does not match them properly. For e.g. If you store a contact number of a person as 985062374853, and if the incoming number comes as +91 985062374853, the phone will not show the corresponding contact. One technique people use as a workaround for this is to store both the number for the contact. But this is a tedious process for all the contact. This problem can be fixed by installing an application named "Phone # to name fix" in the "Unlocking tools" section of the installer. The catch here is that, this application works on 1.1.1. So, you have to install this application before upgrading to 1.1.2.


Enjoy your fully functional, unlocked iphone.
(PS: Consider donating to the hackers)

Previous Step: Bootloader downgrade

Thursday, February 7, 2008

1.1.2 OOTB Hardware Unlocking: Bootloader downgrade

Now you are done with the hardware changes for the hack. Now we will use a combination of software and hardware to downgrade the bootloader. The software part will involve running the commands ienew & iunew. The hardware part is to connect the testpoints while you run the iunew command. Lets go step by step. Even if you have wifi I would recommend you to run all the following commands from your iphone only.

The necessary files in this step are the following. I gave the source of them in my earlier post.
- toolpack provided by geohot(ienew, secpack...etc)
- nor file of 3.9 bootloader
- bbupdater (optional)
You have to put all these files into a directory something like /usr/bin or /112ootb or something else. If you have wifi you can transfer them with psftp or any other ftp-over-ssh utility. If you do not have wifi, use ibrickr to place files on the iphone. Once you kept all the files on the iphone, you have to give executable permission for all the files using the "chmod +x" command.

Now we have to run ienew. ienew is the new version of ieraser for 1.1.2ootb phones. Before running ienew, you should unload the commcenter with -w option. The -w option is very important. The exact command is "launchctl unload -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist". Instead of typing the command in terminal, you can use an application named 'UICtl' to start, unload, and stop different services in the iphone. Now run the ienew command as "./ienew", while you are in the directory where other files from the toolpack are located. If the command ran successfully, you will see some hex strings getting printed. At the end you will get a message saying
Hopefully the main flash was erased, wait for the next step...
This command will modify the baseband in a controlled manner, for the testpoint to downgrade the bootloader. Mostly you will loose your wifi after this command. Do not panic. You will get your wifi back, when we restore to 1.1.2. You can now proceed to run iunew from the mobile terminal.

But not everyone is successfully able to run ienew. I see lot of complains on the forums. Most common of them are...
1. Command hanging at "Waiting for data.."
2. bus error
3. Error saying "Can't write"
For (1), retry the command. Also make sure that you unloaded the commcenter. Sometimes it hanged for me. But I was successful when I re-ran the command. Dont know any specific reason.
For(2), most probably, the place from where you are running is not same as the location where the rest of the files from the toolpack is located. Execute the command from appropriate directory. The testcode.bb file should be in the same directory from where the ienew command is run.
For(3), try stopping the lockdown service. Remember, it is stopping and not unloading. The exact command is "launchctl stop /System/Library/LaunchDaemons/com.apple.mobile.lockdown". This is not gauranteed to work in all the cases, but try your luck. Repeatedly try the ienew command a few times. You can also try rebooting the device. I used to get this "can't write" error. One day I did some changes and suddenly it worked. I dont remember what exactly did I change before running the command. But I am sure that I did stop lockdown service. You can use the 'UICtl' application to stop the service.

Now you are ready to run iunew. iunew is the new version of iunlocker for 1.1.2ootb phones. Before running iunew, you have to make sure that ienew ran successfully atleast once. iunew uses data in some areas written by ienew. So, it is necessary that ienew successfully ran once, for the iunew to work. Also make sure that you are running the command from a location where the other files from the toolpack are present. You have to connect the two testpoints while the iunew command is run. If you have a friend, you two people can co-ordinate to run the command exactly when the testpoint was connected. Or else, induce a delay before running iunew, using the sleep command. The command will look something like "sleep 20; ./iunew", where 20 represents the delay in seconds. After issuing the command you can turnonver the phone and connect the testpoints. Take a deep breath and have a stable hand when you connect the testpoint. It is enough to hold for about 5 seconds, after the actual iunew command ran. If the testpoint was held connected at the required time, you will get a message saying
TESTPOINT WORKS: 55
Press any char, then hit enter after testpoint has been disconnected


Now you can remove the connecting wire. Type any character and press any key to proceed. You will see some more messages flowing after this. At the end you will get a message saying
run bbupdater -v and pray
if it worked, enjoy your unlocked iPhone!!!
But if you run "bbupdater -v" at this stage, it will fail. Do not worry. You succeeded in downgrading the bootloader. Everything else is a piece of cake going forward.

The iunew command might throw an error saying...
Please connect the testpoint
This means the testpoint was not held connected when required. It is quite likely that you moved you hand a bit and the testpoint got disconnected. Try over multiple times. I did not succeed in first attempt. After trying a few times, if you are sure that you are holding the testpoint correctly, check other things.
- Make sure that you scratched the A17 line enough. You might have left some plastic coating over it which is acting as insulation. Scratch a little more to expose the gold line properly. Be careful not to overdo the scratching and snap the line. Then you will be in big trouble.
- Make sure the connecting wire is insulated properly, especially over the place when you hold the wire. Or else, the power coming from the capacitor will be grounded through your body.

One more problem which lot of people faced is that the iunew command hangs at "Spamming AT, waiting for a response". You can try killing the command and then retrying the same. This worked for lot of people. If nothing works, try rebooting your phone and then retrying this comamnd.

At the end of this whole process, your bootloader will be downgraded to 3.9 version. But your baseband will be in unusable stage. So, you will not have any wifi. You cannot make calls yet. The next step is to correct your baseband.

Next Step: Restore baseband & unlock
Previous Step: Scratching A17 line

Wednesday, February 6, 2008

1.1.2 OOTB Hardware Unlocking: Scratch A17 line

As I said in my earlier post, you will be surprised to know the place where you need to scratch. Atleast, I was surprized even after reading about it on the web. It is very tiny. Initially, I was a bit nervous to do it, but finally did it. See the pictures below to understand how small the area is. The first picture is zoomed around 10 times to show the testpoint area in the second picture. The area which is zoomed out is also marked in the first picture. The second picture shows the two points which should be connected using a conducting wire. The two points are called testpoints.
The first thing I did after seeing the testpoint area is to go and buy a magnifying glass. Luckily I found a magnifying glass which has a big 5x glass and a small 10x glass. 10x glass is really useful. You can clearly see what you are doing. You should make sure that you are not scratching the adjacent lines by mistake. Also with 10x glass you will know how much of the insulation is scratched.

For scratching, you need a pointed device with a sharp tip so that you have full control of where you are scratching. I looked around for a small blade, but later got the idea of a surgical needle which is used for injections. It was very helpful for me. The picture below shows the line that you have to scratch. This line is called A17 line. Take extreme care that you do not scratch it too much. You just need to expose the gold material beneath. The gold line is soft. If you scracth it hard you might break it. Its better to be conservative while scratching. The picture below shows me scratching the A17 line with the surgical needle.

Some other people followed techniques where they did not scratch the A17 line. Instead they used a pointed pin and sticked directly into the line. I never tried that and dont know the details of it. So lets settle for this scratching business. Once you do enough scratching, prepare a conducting wire to connect the two testpoints. Make sure that you have proper insulation over the wire, especially over the place where you are going to catch it. This is to ensure that the 1.8V power coming from the capacitor is not grounded through your body. Some people complained on the forums that the testpoint is not working, but were later able to do after changing their connecting wire. Below is my connecting wire with proper insulation. I did that by connecting two headpins with a normal conducing wire, and then insulating it properly with a tape.

The following are my tools to open the iphone body and to scratch the A17 line. Screw set, magnifying glass, surgical needle, and kitchen knife.


Next Step: Bootloader Downgrade
Previous Step: Disassemble Iphone

Monday, February 4, 2008

1.1.2 OOTB Hardware Unlocking: Disassemble Iphone

I guess this is one of the hardest steps in the whole process. You will have to struggle to open the phone if you do not have ipod opening toolkit. If you do not have the ipod opening toolkit, be prepared to have some scratches on your cute device. All you need in this process is patience. I took 4-5 hrs to open my first iphone. Here is a tutorial from ifixit to open the body. Follow only till page-5 in this tutorial, where you completely remove the back cover.

If you do not have ipod opening toolkit, you can use some sharp object to poke into the slit of the black atenna cover and the metal back cover. I used a small kitcen knife to poke into the slits. Ofcourse, you will get scratches because of this. People around the world used different techniques to open the box. Some of them are using guitar picks, credit cards etc. There are some youtube videos to help you in this regard. Be very careful when you poke stuff near the battery. It can puncture you battery and your iphone can blow up.


Once you open the covers, your iphone will look like this. Articles from the web says that we need to open the metal cover. But I was confused which metal cover to open. The metal cover that needs to be opened is indicated in the above picture. The metal cover is glued to the pcb is some places, as shown in the pictures below.

Scrape the glue lightly so that you can easily open the metal cover. Once you scrape the glue, it becomes easier to lift off the metal cover which is held by small tabs.
The tabs are located on all the sides of the metal case. A gentle force is enough to release the tabs. Use some pointed device to release the tabs. I used my kitchen knife to do it.

It will look like this once you open the metal cover. (I blackened the numbers on the chips not to reveal the identity). If you are still wondering where to do the testpointing by scratching the A17 line, it is in the small circle towards the lower right corner. I was surprized to realise that it is so small. Even after looking the testpoint pictures on the web, I could not believe that I am going to make a scratch over those tiny lines. It took me a little time to map that images given on the web to the real pcb infront of me. That is why I highlighted the area for easily finding the testpoint location.



Next Step: Scratching A17 line
Previous Step: Gathering Resources

1.1.2 OOTB Hardware Unlocking: Gathering resources

This step will involve gathering your weapons for hardware unlocking. The following applications should be installed before attempting to downgrade the bootloader.
- BSD base, extra & subsystem
- Mobile Terminal (Optional if you have wifi, but strongly recommended)
- UIctl (Optional. GUI version of launchctl)

If you have wifi & installer, you can directly install these applications. Instead if you do not have wifi, ibrickr is your savior. With ibrickr you first needs to install PXL daemon which will be used to install other applications using .pxl files. Go to applications section in ibrickr and it will ask you to install PXL daemon. You need to reboot the iphone twice in the process. Once you are ready to install applications, you need to download the corresponding pxl files of the necessary applications. A good repository of pxl files is located at exploit.org. If the files come with .zip extension, rename them to .pxl extention. Install the downloaded applications using ibrickr.

You also need the following files to downgrade the bootloader.
- Bootloader downgrade tool pack by geohot. Get it from here.
- nor dump of 3.9 bootloader. Get the rar file from binarytrade and extract it.
- bbupdater (optional. google for it)

If you have wifi, you can copy the file using any ftp-over-ssh(scp) tools like psftp. If you do not have wifi, use ibrickr to copy the files to desired location(like /usr/bin). After copying the files to your phone give executable permission to all the files by doing "chmod +x"

To be sure that you have 4.6 bootloader and 04.02.13 baseband firmware version, you have to use bbupdater. Issue the following commands in the given sequence

- launchctl unload -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist (or use UIctl to unload the commcenter)
- bbupdater -v

If your baseband is not 04.02.13. Do not proceed. If you baseband is 04.03.13, you are having a 1.1.3 baseband firmware, which cannot be erased at the moment. This is because we need a 1.1.4 secpack to erase it. The secpack included in the kit is that of 1.1.3. So, we can erase only 1.1.2 baseband firmware(04.02.13).


Next Step: Disassemble iphone
Previous Step: Downgrading 1.1.2 firmware

Sunday, February 3, 2008

1.1.2 OOTB Hardware Unlocking: Downgrading 1.1.2 firmware

You have two choices here
1. Downgrade to 1.1.1
2. Downgrade to 1.0.2

If you choose (1), be prepared to loose wifi. i.e. You should install mobile terminal before running the commands for bootloader downgrade. But this process is simple and very straight forward. Instead if you choose (2), you will not loose wifi. You can run the commands from you PC, while connected to the phone over wifi. But you might or might not succeed in downgrading your firmware to 1.0.2. There is no harm even if you fail downgrading to 1.0.2. You can try option (1) anytime.

Option-1: Downgrade to 1.1.1
First put your phone in recovery mode(DFU mode) by holding the home and power key simultaneously for a while and then releasing only the power key after the phone starts rebooting. itunes will detect that your phone is in recovery mode. In itunes, press restore while holding shift key. You will be allowed to select the firmware to restore. Choose 1.1.1 firmware(you should download it first). At the end of the process itunes will give an error, which you can ignore. Your phone will still be in recovery mode(DFU mode). Kick it out of recovery mode using iphuc or 1.1.2 jailbreak application. Now your phone will show the activation screen. Follow the standard procedure for activation & jailbreaking using jailbreakme.com. You can follow this tutorial.

Option-2: Downgrade to 1.0.2
This is not a straight forward process and also you might not fully succed to downgrade to 1.0.2. If you failed in this process, go to option-1. Many people claimed that they were easily able to downgrade to 1.0.2 using iTunes7.4 software. I, myself, was able to downgrade to 1.0.2. Actually, I first downgraded to 1.1.1 and then downgraded to 1.0.2. You can also try AppTappInstaller to downgrade to 1.0.2. One might wonder why would anyone what to go this route. Remeber that there are poor souls like me. I screwed my baseband and lost my wifi when I am on 1.1.2. I am not aware of techniques to jailbreak+activate in 1.1.1 without wifi.

Follow the initial steps mentioned in option-1, to put iphone in recovery mode. In itunes, choose to restore 1.0.2 firmware(you should download it first). It will give an error saying that it cannot downgrade the firmware. Now, you have to use ibrickr to prepare the phone to downgrade to 1.0.2. Rename the 1.0.2 firmware file to 1.0.2.ipsw and copy it into the folder of ibrickr. Else ibrickr will itself download the 1.0.2 firmware. Now start ibrickr and select to downgrade to 1.0.2. ibrickr will only prepare the phone to be downgraded. After that you have to use itunes and choose to restore to 1.0.2. This time itunes will start the downgrade process. Many people complained that this process hangs at "Waiting for iphone". If it finishes successfully it will give an error at the end, which you can ignore. In the iphone, if you see a yellow triangle with some warning message, that means you downgraded your firmware to 1.0.2. Pat yourself lucky.

Now, you should use ibrickr to proceed. In ibrickr, choose the option to solve the yellow triangle state. If the background turns red, that means ibrickr is proceeding successfully. You will see lot of messages scrolling on the screen. The phone might reboot a copule of times during the process. This process will take time, be patient. In this process ibrickr will also jailbreak the 1.0.2 firmware, but it will not activate it.

To activate the 1.0.2 firmware, you have to replace the lockdownd file with a cracked version(try this, or search for it on the web). This file will be located in your iphone at /usr/libexec/lockdownd. After you replaced the file with a cracked copy, you have to reboot your phone. Upon reboot your phone will not ask for activation. You will have access to the springboard. There are other techniques to activate 1.0.2. Google around if you are interested.

Next Step: Gathering resources
Previous Step: Summary

Saturday, February 2, 2008

Hardware unlocked my 1.1.2 OOTB iphone

Ye! I finally unlocked my 1.1.2 OOTB phone last week. I guess I did all possible mistakes that I could in the process. But the good thing is that I have a happy ending. Now my phone is fully functional.

The most stupid mistake that I did is to run baseband downgrader (from i.unlock.no) when I am on 1.1.2. When I downloaded the package using installer, it asked if I am ready to run it. I accidentally pressed continue. Bang !! At the end of the process it gave some error and then rebooted the phone. I lost my wifi after that. Having no wifi is really painful to proceed. You cannot direcly install the necessary applications for hacking.

To go into more technical details..., the baseband downgrader would use ieraser to erase the baseband. Since the 1.1.2 OOTB phones has 4.6 bootloader, which has higher security restrictions, ieraser messes with the baseband. This will make you loose your wifi also. Ideally, one should use a newer version of ieraser named 'ienew', when on a 4.6 bootloader. It erases the baseband in a controlled way for the hardware hacking to happen(prepares for testpointing).

Once things are messed up, we will have to go via a hard way of fixing things. The steps in brief are as follows.
- Downgrade to 1.0.2 (Use ibrickr to downgrade if needed)
- Once downgraded, use ibrickr to jailbreak it.
- Replace /usr/libexec/lockdownd file, to activate 1.0.2.
- Install necessary applications like mobileterminal using ibrickr
- Upload the files needed for bootloader downgrade
(ienew, secpack, 3.9nor...) using ibrickr
- Open up the iphone (Do not underestimate this step)
- Scratch the A17 line to be used for testpointing.
- run ienew + iunew with testpoint.
This will donwgrade the bootloader to 3.9.
- Restore to 1.1.2 firmware using itunes.
You will get back your wifi. (Go and celebrate!)
- Restore to 1.1.1
- Activate + Jailbreak using jailbreakme.com
- Run oktoprep on 1.1.1
- Update to 1.1.2
- Use the java application to activate & jailbreak 1.1.2
- Show off your unlocked 1.1.2 OOTB!!

Here I am just listing steps, I will post more detailed process in a series of posts.

Next Step: Downgrading 1.1.2 firmware

Thursday, January 31, 2008

1.1.3 OOTB iphone hardware unlocked by hackers

Credit goes to TA_Mobile, IMTH & others. Hails to them. Here is the link.

They are able to unlock the 1.1.3 OOTB iphones which comes with 04.03.13 baseband firmware. After unlocking the phone will work with the default (04.03.13) firmware. When the unlock was attempted, the main firmware used to tbe 1.1.2 to activate and jailbreak. But with the recent hack to activate and jailbreak the 1.1.3 firmware, the phone can be fully unlocked and working at 1.1.3.

It is not clear if they downgraded the bootloader from 4.6 to 3.9 which can be hacked. There is not mention of it in the article. Mostly they would have downgraded it. One interesting thing here is to know how they downgraded it without the secpack of 1.1.4. Probably they found a flaw in the bootloader, by which they can downgrade the bootloader. If that is the case, its a great news because all the future phones with 4.6 bootloader can be hacked. I guess apple would not upgrade the bootloader so soon.

The detailed procedure to do this hardware unlock is not yet available. I am not sure what they are waiting for. May be they are waiting for the release of 1.1.4 so that apple does not fix the flaw in the bootloader by then.

Saturday, January 19, 2008

Hardware unlocking tutorial for 1.1.2 OOTB is available

It is available at unlock.no

The tutorial is not for the weak hearted. The procedure involves opening the iphone case and connecting the testpoints on the PCB board using needles . It also involves carefully scratching the trace lines to expose the underlying metal. The baseband downgrade should be performed while the testpoints are connected. There is no other way the baseband can be downgraded as of now.

Because the new 1.1.3 firmware is released and the hackers are working hard on extracting the secpack from it, we can expect some software based solutions soon. But the enhanced security on the new phones is giving them the hardships.

Tuesday, January 8, 2008

iphone internal technical specifications (unofficial)

I try to bring some internal tech specs of the iphone that are not officially documented by apple. These are unofficial. Please note that the information here might not be 100% accurate as the data is collected from different places over the internet. So, please take this info with a pinch of salt. I will keep updating as I find more info. Feel free to correct me if I am wrong.
NOTE: All numbers are approximate round figures

Total physical memory : 128MB
Available Physical memory : 117MB
User memory : 80MB

Number of processors : 1
CPU : ARM
CPU Architechture : 16/32bit RISC
CPU Model : ARM1176JZF (Samsung S3C6400. Not confirmed)
CPU speed : 600Mhz (400Mhz by different reports)
Bus speed : 100Mhz
Cache memory : 16K
Security extension : TrustZone

Baseband processor : Infineon ARM 926
Wi-fi processor : Marvell ARM 946
Bluetooth processor : Cambridge silicon radio - XAP


Sources: source1, sourec2, source3, source4, and a native application "SysInfo"

Saturday, January 5, 2008

Limited capabilities of Iphone's bluetooth

Iphone has a very limited bluetooth functionality. It can only connect with bluetooth headsets and supposedly with bluetooth speakers. It cannot connect to other bluetooth devices like other mobiles. You will not be able to transfer files between your iphone and other bluetooth capable devices. You cannot share even business cards. I see this as a very bit limitation. I share a lot of ringtones and business cards over bluetooth with my friends. Sharing files/ringtones/business cards over bluetooth is very common practice. The irony is that iphone cannot connect with other iphones also. It will not even show other bluetooth devices except headsets in its vicinity. I read in other places that it cannot connect with macbooks also. Read a related review.

Atleast the process of pairing with bluetooth headset is very smooth. Just put your headset in discovery mode and turn ON the bluetooth in your iphone (at Settings->General->Bluetooth). Your phone will automatically detect the headset. Once iphone finds the headset, tap on the device. It will try to pair up with it. Give the PIN if asked for (generally the default PIN is 0000). You are ready to use you bluetooth headset.

It seems like apple wants everyone to come to them for any ringtones and music. Ofcourse, why will apple want to loose a cent in itunes business. On second thoughts, keeping the business aspect aside, this is in line with model in iphone. Iphone never exposes its files and the directory structure directly to the users. So, if I have to transfer a file to the iphone where should iphone keep it ? If all the files are kept in a single location, how will the users tell the applications to use then when they are not aware of the directory structure. Having said all this, I personally did not like this limitation.

Friday, January 4, 2008

Hackers got thier hands on the iphone 1.1.3 firmware

There are confimed reports from sites like hackintosh, gearlive, and iphonehacks that the hackers got their hands on the latest 1.1.3 firmware. This information is first published by folks at gearlive.com. This firmware is supposed to be released around the time of macworld conference on 14 to 18 of jan-2008. But somehow hackers got a handle on it. Cool dudes! gearlive.com has articles on the features of the new firmware with an image gallery. They also have a video also to banish all the claims that the photos are hand-crafted and fake.

The good news for the people waiting for their OOTB 1.1.2 phones to be unlocked is that the new 1.1.3 firmware has a new baseband also. What this means is that the hackers can now develop a software unlock using the new baseband firmware. Please read my earlier post for more technical details on this. An early word of caution for the people who are going to unlock their OOTB 1.1.2 is to not upgrade their phones to 1.1.3 firmware. This might lock their phones again and might not be able to revert back. I am sure we will get more information on this when the hackers release a software unlock. All the best for the hackers in their efforts.

Tuesday, January 1, 2008

Iphone hackers are waiting for 1.1.3 firmware to unlock OOTB 1.1.2 phones

Initially, when I was going through forums I read in some places that hackers are waiting for the release of 1.1.3 firmware to release unlock software for 1.1.2 firmware. Most of the articles said that the hackers are waiting because apple would close the loophole in 1.1.3 if they released the hack early. By not releasing the hack early, they can have a single solution which can fix both 1.1.2 and 1.1.3 firmwares. This argument was convincing and I believed in it.

But recently I read an article which is more convincing. The wait is because of technical reason. They cannot unlock 1.1.2 unless there is a newer baseband firmware which they are expecting in 1.1.3. Let me go into little technical details. The old bootloader (3.9), with OOTB 1.1.1 phones or earlier, needs a secpack of current baseband firmware or a future one to overwrite the default baseband firmware. But the latest bootloader (4.6) needs a secpack of future version only to overwrite the default baseband firmware. So one cannot simply modify/hack the existing baseband firmware and overwrite the default baseband firmware.

This is the main reason why the hackers are waiting for the release of 1.1.3 to provide software unlock solution for the OOTB 1.1.2 phones. If there is no new baseband firmware in 1.1.3, we will be back to square one. Let us hope that there will be new baseband firmware in the new update.