Iphone firmware 1.1.4 released and also hacked

Iphone's lastest firmware, 1.1.4, is released a few days back. And the good news is that it is already hacked. Currently the hack is only for 3.9 bootloaders. So, all the people who dared to do hardware hacking has a reason to be proud. I am sure this hack will be available soon for the 4.6 bootlloader also. With 3.9 bootloader, currently you can activate + jailbreak + unlock your phone. There are more than one tutorials on how to hack the new firmware. Here you go. Tutorial1, Tutorial2, MacTutorial.

If your phone is already on 1.1.3, need not rush for 1.1.4. Because the 1.1.4 firmware do not have any new features its just bug fixes. If your bootloader is 4.6, you need not really wait. There is method to downgrade you 4.6 bootloader to 3.9. Here is a tutorial on how to downgrade your 4.6 bootloader using ziphone.

Be careful about the fake versions of ziphone making rounds, which claim that they can unlock 1.1.4. I would download it only from ziphone.org. Zibri, the guy behind the ziphone, is yet to release the new version of ziphone which can hack 1.1.4. He is doing the testing. Keep looking at ziphone.org

Update: Ziphone 2.5 is released. It is one step solution to unlocking 1.1.4 . visit www.ziphone.org
I restored to 1.1.4 and unlocked mine.

How to share internet connection on PC with iphone

This is a tutorial on how to share the internet connection available on your ethernet port(LAN cable) or dial-up connection with your iphone, if you have a wireless network adapter in your PC/Laptop. This will be helpful for the people who do not have wireless modems in their home, but have other means of connecting to the internet like broadband, dial-up etc. However, the PC need to have wireless adapter which support 802.11 adhoc networking protocol. Most of today's network adapters support this. You can buy a USB based wireless network adapter which are widely available. This tutorial can also be used just to setup an adhoc network between a PC and the iphone. Enough of marketing, lets get started...

I am assuming that you are using windows XP or Vista. I am assuming that your ethernet is already configured properly for accessing internet. We first need to make your PC/laptop capable of talking to the iphone and viceversa. Follow the below steps to setup an adhoc network between the PC and the iphone.

1. Go to control panel -> network connections.
2. Right click on "Wireless network connection" and choose properties
3. Choose "Wireless Networks" tab.
4. Click the "Add" button, in "Preferred networks" section.
5. Give "iphone-net" as SSID (you can choose any other name)
6. Select "Open" for "network authentication"
7. Select "Disabled" for "data encryption"
8. Tick the checkbox saying "This is a computer-to-computer(ad hoc) network..."
9. You need not change anything else in the other two tabs.
10. Save your settings, by pressing OK in all the places.

If everything goes fine, in your iphone, you will be able to see "iphone-net" as one of the available wi-fi networks when you turn on the wi-fi in the iphone. Do not connect to it yet. The procedure ahead is very simple if you have DHCP available on your ethernet. i.e if you automatically get an IP when you connect the LAN cable. Most of the ADSL broadband modems have this functionality. They assign an IP to the PC, when the LAN cable is connected. If you are not a geek you mostly would use this feature to get an IP for your PC.

For now, let us assume that you have DHCP available on your ethernet, where you have internet connection. (If you do not have DHCP, you should follow some extra steps that I mentioned at the end of this tutorial). Follow the steps to create a network bridge.

1. You will have at-least have two entries in your network connections.
2. One will be of the ethernet, and another will be of the wireless network.
3. Select the two connections (by doing ctrl+left click).
4. While both the connections are selected, right click and select "bridge connections"
5. It will take a little while to bridge connections.
6. You will get one more entry in network connections with name "Network Bridge"

You are almost ready to go. Do your routine exercise whichever you follow to be able to access the internet on your PC. For e.g starting your ADSL modem, and/or connecting the LAN cable etc. Once you are able to access internet on your PC, do the following on your iphone.

1. Turn on the wifi
2. Select iphone-net that will be shown in the available networks.
3. Click the small blue round arrow on the right
4. It will give more details about the connection.
5. You should see the IP that is in the same range as that of your PC.
6. Open the safari browser, and open some website. It should work.
Enjoy!!

(I am bored now, I will write later on how to access internet if there is no DHCP on the ethernet. For the knowledgeable, its obvious that we need give static IP in both the PC and iphone in the same range. I will explain it later)

One big and irritating problem that I face is that, the network connection keeps dropping very frequently. It gets disconnected every 10 mins or so. The wifi signal indicator does not become grey, but internet access will cease. I do not know a permanent solution to this. If you know, please help me. The workaround is to turn-off the wifi and turn it on again.

See the following tutorial about network bridges for general idea. This network bridge is available only on windows XP and vista. This technique is very simple. I couldn't succeed to share the internet using the ICS(Internet connection sharing) feature. I did not try much. Also, I am not sure if we can create a bridge with a dail-up connection. I do not have first-hand experience but by quick googling it seems that it is possible.

Software unlock for 4.6 bootloader released

Geohot found a flaw in the new 4.6 bootloader. This a very good news for all the people having 1.1.2OOTB & 1.1.3OOTB phones and waiting for software unlock. This is also a good news for some people who bricked their 1.1.2 OOTB phones. They can upgrade to 1.1.3 version to unbrick their phone and unlock it. See the details about the exploit from geohot's blog.

Zibree developed a nice easy to use GUI based application that can unlock the phones. It is called ziphone. This application is a conglomerate of different tools one has to use to perform this software unlocks. So, one need not bothering about collecting all the needed files from different sites. This application performs other tasks also besides performing the unlock. It can jailbreak and activate the phones also. It also has the capability to downgrade or erase the bootloader.

1.1.2 OOTB Hardware Unlocking: Restoring baseband & Unlocking

After you successfully downgraded your bootloader to 3.9, everything else is a piece of cake. Immediately after downgrading the bootloader to 3.9, using iunew, your baseband will be in an unusable state. The tutorial at unlock.no, suggests to use the bbupdater command to reflash the baseband with 1.1.1 version. But I would recommend you to simply use itunes and restore the firmware to 1.1.2 version. This is less geeky way of restoring the baseband, but a little time consuming process. You can restore to 1.1.2 irrespective of which baseband (1.0.2 or 1.1.1) you were in when you downgraded the bootloader. You can see that you got your wifi back.

Now, we have to activate and jailbreak your phone. For that, restore it back to 1.1.1 firmware usingn itunes. Now, jailbreak & activate your phone using the www.jailbreakme.com technique. Follow the detailed explanation for this at unlock.no. Now you have to run oktoprep. Download it from the 1.1.1 tweaks sections of your installer. This will prepare your phone to be upgraded to 1.1.2. (If you are from outside US, install an application named "phone # to name fix" from the "unlocking tools" section of the installer and run it. Read last paragraph for more details). Now perform an upgrade your phone to 1.1.2. Remember that you have to choose "upgrade" and not "restore" this time. You can select which version of firmware to upgrade but clicking the "upgrade" button while holding the shift key.

After the upgrade to 1.1.2 is over, you phone will be locked again. Now, you have to use 112jailbreak application to jailbreak & activate your 1.1.2 firmware. Download the application from here and unzip it. Run the application by clicking "windows.bat" file. In the application window, choose to install SSH and then click the "Jailbreak" button. The jailbreak process will take some and you phone will reboot a couple of times. At the end it will say "Slide to unlock". You will not have access to spring board. Also all your applications installed in 1.1.1 version and the settings will still be there. This is because you upgraded to 1.1.2 and not restored to 1.1.2. Remember this for future. It will be handy.

You are just one step away from the unlock step. You have to download the Anysim1.2.1u application. It will be found in "Utilities" section of your installer. Download it, but do not run it yet. First go to settings and turn ON the airplane mode. Remove the AT&T sim and put the new sim that you are going to use. Now, run the newly installed anysim 1.2.1u application. Read through the instructions and slide to start the unlocking process. During the process the airplane symbol will go away. Do not worry, just ignore it. At the end, you will get a message saying that the unlock is successful. Turn off the airplane mode and you should see signal with your carriers name. You have completed the unlock process. Congratulate yourself!!

People staying out of US, need to do one more step before making calls. You have to download iworld application and run it. If this application is not installed the phone will keep soft-resetting everytime you try to dial a number or when you try to read SMS. You can find this application in the "Tweaks 1.1.2" section. After downloading, run the application and choose the country where you are using the phone.

One more problem with iphone is that it does not match the incoming numbers correctly with the number stored in the contacts. Incoming numbers might come with the country/local code prefixed to the actual number stored in the contact. By default, iphone does not match them properly. For e.g. If you store a contact number of a person as 985062374853, and if the incoming number comes as +91 985062374853, the phone will not show the corresponding contact. One technique people use as a workaround for this is to store both the number for the contact. But this is a tedious process for all the contact. This problem can be fixed by installing an application named "Phone # to name fix" in the "Unlocking tools" section of the installer. The catch here is that, this application works on 1.1.1. So, you have to install this application before upgrading to 1.1.2.


Enjoy your fully functional, unlocked iphone.
(PS: Consider donating to the hackers)

Previous Step: Bootloader downgrade

1.1.2 OOTB Hardware Unlocking: Bootloader downgrade

Now you are done with the hardware changes for the hack. Now we will use a combination of software and hardware to downgrade the bootloader. The software part will involve running the commands ienew & iunew. The hardware part is to connect the testpoints while you run the iunew command. Lets go step by step. Even if you have wifi I would recommend you to run all the following commands from your iphone only.

The necessary files in this step are the following. I gave the source of them in my earlier post.
- toolpack provided by geohot(ienew, secpack...etc)
- nor file of 3.9 bootloader
- bbupdater (optional)
You have to put all these files into a directory something like /usr/bin or /112ootb or something else. If you have wifi you can transfer them with psftp or any other ftp-over-ssh utility. If you do not have wifi, use ibrickr to place files on the iphone. Once you kept all the files on the iphone, you have to give executable permission for all the files using the "chmod +x" command.

Now we have to run ienew. ienew is the new version of ieraser for 1.1.2ootb phones. Before running ienew, you should unload the commcenter with -w option. The -w option is very important. The exact command is "launchctl unload -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist". Instead of typing the command in terminal, you can use an application named 'UICtl' to start, unload, and stop different services in the iphone. Now run the ienew command as "./ienew", while you are in the directory where other files from the toolpack are located. If the command ran successfully, you will see some hex strings getting printed. At the end you will get a message saying

Hopefully the main flash was erased, wait for the next step...

This command will modify the baseband in a controlled manner, for the testpoint to downgrade the bootloader. Mostly you will loose your wifi after this command. Do not panic. You will get your wifi back, when we restore to 1.1.2. You can now proceed to run iunew from the mobile terminal.

But not everyone is successfully able to run ienew. I see lot of complains on the forums. Most common of them are...
1. Command hanging at "Waiting for data.."
2. bus error
3. Error saying "Can't write"
For (1), retry the command. Also make sure that you unloaded the commcenter. Sometimes it hanged for me. But I was successful when I re-ran the command. Dont know any specific reason.

For(2), most probably, the place from where you are running is not same as the location where the rest of the files from the toolpack is located. Execute the command from appropriate directory. The testcode.bb file should be in the same directory from where the ienew command is run.

For(3), try stopping the lockdown service. Remember, it is stopping and not unloading. The exact command is "launchctl stop /System/Library/LaunchDaemons/com.apple.mobile.lockdown". This is not gauranteed to work in all the cases, but try your luck. Repeatedly try the ienew command a few times. You can also try rebooting the device. I used to get this "can't write" error. One day I did some changes and suddenly it worked. I dont remember what exactly did I change before running the command. But I am sure that I did stop lockdown service. You can use the 'UICtl' application to stop the service.

Now you are ready to run iunew. iunew is the new version of iunlocker for 1.1.2ootb phones. Before running iunew, you have to make sure that ienew ran successfully atleast once. iunew uses data in some areas written by ienew. So, it is necessary that ienew successfully ran once, for the iunew to work. Also make sure that you are running the command from a location where the other files from the toolpack are present. You have to connect the two testpoints while the iunew command is run. If you have a friend, you two people can co-ordinate to run the command exactly when the testpoint was connected. Or else, induce a delay before running iunew, using the sleep command. The command will look something like "sleep 20; ./iunew", where 20 represents the delay in seconds. After issuing the command you can turnonver the phone and connect the testpoints. Take a deep breath and have a stable hand when you connect the testpoint. It is enough to hold for about 5 seconds, after the actual iunew command ran. If the testpoint was held connected at the required time, you will get a message saying
TESTPOINT WORKS: 55
Press any char, then hit enter after testpoint has been disconnected

Now you can remove the connecting wire. Type any character and press any key to proceed. You will see some more messages flowing after this. At the end you will get a message saying

run bbupdater -v and pray

if it worked, enjoy your unlocked iPhone!!!

But if you run "bbupdater -v" at this stage, it will fail. Do not worry. You succeeded in downgrading the bootloader. Everything else is a piece of cake going forward.

The iunew command might throw an error saying...

Please connect the testpoint

This means the testpoint was not held connected when required. It is quite likely that you moved you hand a bit and the testpoint got disconnected. Try over multiple times. I did not succeed in first attempt. After trying a few times, if you are sure that you are holding the testpoint correctly, check other things.

- Make sure that you scratched the A17 line enough. You might have left some plastic coating over it which is acting as insulation. Scratch a little more to expose the gold line properly. Be careful not to overdo the scratching and snap the line. Then you will be in big trouble.

- Make sure the connecting wire is insulated properly, especially over the place when you hold the wire. Or else, the power coming from the capacitor will be grounded through your body.

One more problem which lot of people faced is that the iunew command hangs at "Spamming AT, waiting for a response". You can try killing the command and then retrying the same. This worked for lot of people. If nothing works, try rebooting your phone and then retrying this comamnd.

At the end of this whole process, your bootloader will be downgraded to 3.9 version. But your baseband will be in unusable stage. So, you will not have any wifi. You cannot make calls yet. The next step is to correct your baseband.

Next Step: Restore baseband & unlock
Previous Step: Scratching A17 line

1.1.2 OOTB Hardware Unlocking: Scratch A17 line

As I said in my earlier post, you will be surprised to know the place where you need to scratch. Atleast, I was surprized even after reading about it on the web. It is very tiny. Initially, I was a bit nervous to do it, but finally did it. See the pictures below to understand how small the area is. The first picture is zoomed around 10 times to show the testpoint area in the second picture. The area which is zoomed out is also marked in the first picture. The second picture shows the two points which should be connected using a conducting wire. The two points are called testpoints.

The first thing I did after seeing the testpoint area is to go and buy a magnifying glass. Luckily I found a magnifying glass which has a big 5x glass and a small 10x glass. 10x glass is really useful. You can clearly see what you are doing. You should make sure that you are not scratching the adjacent lines by mistake. Also with 10x glass you will know how much of the insulation is scratched.

For scratching, you need a pointed device with a sharp tip so that you have full control of where you are scratching. I looked around for a small blade, but later got the idea of a surgical needle which is used for injections. It was very helpful for me. The picture below shows the line that you have to scratch. This line is called A17 line. Take extreme care that you do not scratch it too much. You just need to expose the gold material beneath. The gold line is soft. If you scracth it hard you might break it. Its better to be conservative while scratching. The picture below shows me scratching the A17 line with the surgical needle.

Some other people followed techniques where they did not scratch the A17 line. Instead they used a pointed pin and sticked directly into the line. I never tried that and dont know the details of it. So lets settle for this scratching business. Once you do enough scratching, prepare a conducting wire to connect the two testpoints. Make sure that you have proper insulation over the wire, especially over the place where you are going to catch it. This is to ensure that the 1.8V power coming from the capacitor is not grounded through your body. Some people complained on the forums that the testpoint is not working, but were later able to do after changing their connecting wire. Below is my connecting wire with proper insulation. I did that by connecting two headpins with a normal conducing wire, and then insulating it properly with a tape.

The following are my tools to open the iphone body and to scratch the A17 line. Screw set, magnifying glass, surgical needle, and kitchen knife.

Next Step: Bootloader Downgrade
Previous Step: Disassemble Iphone

1.1.2 OOTB Hardware Unlocking: Disassemble Iphone

I guess this is one of the hardest steps in the whole process. You will have to struggle to open the phone if you do not have ipod opening toolkit. If you do not have the ipod opening toolkit, be prepared to have some scratches on your cute device. All you need in this process is patience. I took 4-5 hrs to open my first iphone. Here is a tutorial from ifixit to open the body. Follow only till page-5 in this tutorial, where you completely remove the back cover.

If you do not have ipod opening toolkit, you can use some sharp object to poke into the slit of the black atenna cover and the metal back cover. I used a small kitcen knife to poke into the slits. Ofcourse, you will get scratches because of this. People around the world used different techniques to open the box. Some of them are using guitar picks, credit cards etc. There are some youtube videos to help you in this regard. Be very careful when you poke stuff near the battery. It can puncture you battery and your iphone can blow up.


Once you open the covers, your iphone will look like this. Articles from the web says that we need to open the metal cover. But I was confused which metal cover to open. The metal cover that needs to be opened is indicated in the above picture. The metal cover is glued to the pcb is some places, as shown in the pictures below.

Scrape the glue lightly so that you can easily open the metal cover. Once you scrape the glue, it becomes easier to lift off the metal cover which is held by small tabs.

The tabs are located on all the sides of the metal case. A gentle force is enough to release the tabs. Use some pointed device to release the tabs. I used my kitchen knife to do it.

It will look like this once you open the metal cover. (I blackened the numbers on the chips not to reveal the identity). If you are still wondering where to do the testpointing by scratching the A17 line, it is in the small circle towards the lower right corner. I was surprized to realise that it is so small. Even after looking the testpoint pictures on the web, I could not believe that I am going to make a scratch over those tiny lines. It took me a little time to map that images given on the web to the real pcb infront of me. That is why I highlighted the area for easily finding the testpoint location.

Next Step: Scratching A17 line
Previous Step: Gathering Resources

1.1.2 OOTB Hardware Unlocking: Gathering resources

This step will involve gathering your weapons for hardware unlocking. The following applications should be installed before attempting to downgrade the bootloader.
- BSD base, extra & subsystem
- Mobile Terminal (Optional if you have wifi, but strongly recommended)
- UIctl (Optional. GUI version of launchctl)

If you have wifi & installer, you can directly install these applications. Instead if you do not have wifi, ibrickr is your savior. With ibrickr you first needs to install PXL daemon which will be used to install other applications using .pxl files. Go to applications section in ibrickr and it will ask you to install PXL daemon. You need to reboot the iphone twice in the process. Once you are ready to install applications, you need to download the corresponding pxl files of the necessary applications. A good repository of pxl files is located at exploit.org. If the files come with .zip extension, rename them to .pxl extention. Install the downloaded applications using ibrickr.

You also need the following files to downgrade the bootloader.
- Bootloader downgrade tool pack by geohot. Get it from here.
- nor dump of 3.9 bootloader. Get the rar file from binarytrade and extract it.
- bbupdater (optional. google for it)

If you have wifi, you can copy the file using any ftp-over-ssh(scp) tools like psftp. If you do not have wifi, use ibrickr to copy the files to desired location(like /usr/bin). After copying the files to your phone give executable permission to all the files by doing "chmod +x"

To be sure that you have 4.6 bootloader and 04.02.13 baseband firmware version, you have to use bbupdater. Issue the following commands in the given sequence

- launchctl unload -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist (or use UIctl to unload the commcenter)
- bbupdater -v

If your baseband is not 04.02.13. Do not proceed. If you baseband is 04.03.13, you are having a 1.1.3 baseband firmware, which cannot be erased at the moment. This is because we need a 1.1.4 secpack to erase it. The secpack included in the kit is that of 1.1.3. So, we can erase only 1.1.2 baseband firmware(04.02.13).


Next Step: Disassemble iphone
Previous Step: Downgrading 1.1.2 firmware

1.1.2 OOTB Hardware Unlocking: Downgrading 1.1.2 firmware

You have two choices here
1. Downgrade to 1.1.1
2. Downgrade to 1.0.2

If you choose (1), be prepared to loose wifi. i.e. You should install mobile terminal before running the commands for bootloader downgrade. But this process is simple and very straight forward. Instead if you choose (2), you will not loose wifi. You can run the commands from you PC, while connected to the phone over wifi. But you might or might not succeed in downgrading your firmware to 1.0.2. There is no harm even if you fail downgrading to 1.0.2. You can try option (1) anytime.

Option-1: Downgrade to 1.1.1
First put your phone in recovery mode(DFU mode) by holding the home and power key simultaneously for a while and then releasing only the power key after the phone starts rebooting. itunes will detect that your phone is in recovery mode. In itunes, press restore while holding shift key. You will be allowed to select the firmware to restore. Choose 1.1.1 firmware(you should download it first). At the end of the process itunes will give an error, which you can ignore. Your phone will still be in recovery mode(DFU mode). Kick it out of recovery mode using iphuc or 1.1.2 jailbreak application. Now your phone will show the activation screen. Follow the standard procedure for activation & jailbreaking using jailbreakme.com. You can follow this tutorial.

Option-2: Downgrade to 1.0.2
This is not a straight forward process and also you might not fully succed to downgrade to 1.0.2. If you failed in this process, go to option-1. Many people claimed that they were easily able to downgrade to 1.0.2 using iTunes7.4 software. I, myself, was able to downgrade to 1.0.2. Actually, I first downgraded to 1.1.1 and then downgraded to 1.0.2. You can also try AppTappInstaller to downgrade to 1.0.2. One might wonder why would anyone what to go this route. Remeber that there are poor souls like me. I screwed my baseband and lost my wifi when I am on 1.1.2. I am not aware of techniques to jailbreak+activate in 1.1.1 without wifi.

Follow the initial steps mentioned in option-1, to put iphone in recovery mode. In itunes, choose to restore 1.0.2 firmware(you should download it first). It will give an error saying that it cannot downgrade the firmware. Now, you have to use ibrickr to prepare the phone to downgrade to 1.0.2. Rename the 1.0.2 firmware file to 1.0.2.ipsw and copy it into the folder of ibrickr. Else ibrickr will itself download the 1.0.2 firmware. Now start ibrickr and select to downgrade to 1.0.2. ibrickr will only prepare the phone to be downgraded. After that you have to use itunes and choose to restore to 1.0.2. This time itunes will start the downgrade process. Many people complained that this process hangs at "Waiting for iphone". If it finishes successfully it will give an error at the end, which you can ignore. In the iphone, if you see a yellow triangle with some warning message, that means you downgraded your firmware to 1.0.2. Pat yourself lucky.

Now, you should use ibrickr to proceed. In ibrickr, choose the option to solve the yellow triangle state. If the background turns red, that means ibrickr is proceeding successfully. You will see lot of messages scrolling on the screen. The phone might reboot a copule of times during the process. This process will take time, be patient. In this process ibrickr will also jailbreak the 1.0.2 firmware, but it will not activate it.

To activate the 1.0.2 firmware, you have to replace the lockdownd file with a cracked version(try this, or search for it on the web). This file will be located in your iphone at /usr/libexec/lockdownd. After you replaced the file with a cracked copy, you have to reboot your phone. Upon reboot your phone will not ask for activation. You will have access to the springboard. There are other techniques to activate 1.0.2. Google around if you are interested.

Next Step: Gathering resources
Previous Step: Summary

Hardware unlocked my 1.1.2 OOTB iphone

Ye! I finally unlocked my 1.1.2 OOTB phone last week. I guess I did all possible mistakes that I could in the process. But the good thing is that I have a happy ending. Now my phone is fully functional.

The most stupid mistake that I did is to run baseband downgrader (from i.unlock.no) when I am on 1.1.2. When I downloaded the package using installer, it asked if I am ready to run it. I accidentally pressed continue. Bang !! At the end of the process it gave some error and then rebooted the phone. I lost my wifi after that. Having no wifi is really painful to proceed. You cannot direcly install the necessary applications for hacking.

To go into more technical details..., the baseband downgrader would use ieraser to erase the baseband. Since the 1.1.2 OOTB phones has 4.6 bootloader, which has higher security restrictions, ieraser messes with the baseband. This will make you loose your wifi also. Ideally, one should use a newer version of ieraser named 'ienew', when on a 4.6 bootloader. It erases the baseband in a controlled way for the hardware hacking to happen(prepares for testpointing).

Once things are messed up, we will have to go via a hard way of fixing things. The steps in brief are as follows.

- Downgrade to 1.0.2 (Use ibrickr to downgrade if needed)

- Once downgraded, use ibrickr to jailbreak it.

- Replace /usr/libexec/lockdownd file, to activate 1.0.2.

- Install necessary applications like mobileterminal using ibrickr

- Upload the files needed for bootloader downgrade

(ienew, secpack, 3.9nor...) using ibrickr

- Open up the iphone (Do not underestimate this step)

- Scratch the A17 line to be used for testpointing.

- run ienew + iunew with testpoint.

This will donwgrade the bootloader to 3.9.

- Restore to 1.1.2 firmware using itunes.

You will get back your wifi. (Go and celebrate!)

- Restore to 1.1.1

- Activate + Jailbreak using jailbreakme.com

- Run oktoprep on 1.1.1

- Update to 1.1.2

- Use the java application to activate & jailbreak 1.1.2

- Show off your unlocked 1.1.2 OOTB!!

Here I am just listing steps, I will post more detailed process in a series of posts.

Next Step: Downgrading 1.1.2 firmware