Goal1: make a hole in the System by either running Custom AT commands on the bootrom or if this fails just memory flash it, followed by rewriting it's code checker.
Goal2: Make Unsigned code specifically for IMG3 (instead of it's previous system IMG IMG2!)
Goal3: run unsigned code signature on the device (for apps like Cydia or Installer)
Goal4: make the process user friendly for the End user :)
Goal5: distribute the method to others for a JAILBREAK!!!!!!!!!
Goal6: party like a rock star!!!! xD
Goal7: fix bugs, and make adaptations (if needed!!) and then party again
:) this is gonna be fun woo0ot!
Subscribe to:
Post Comments (Atom)
5 comments:
a) You can't make unsigned code run on a signed bootrom without a jailbreak.
b) You connot gain a jailbreak through AT commands as they are for baseband and have nothing to do with the application processor that is jailbroken in a normal jailbreak.
srts the bootrom has a hardware system task list and I never said using AT cmds would jailbreak it but could inturn help unsigned code be accepted. Hence why doing a hardware flash on the bootroms code checker and re-writing it's hardwired function could be a more viable option because it could then make it so either 1) you could deactivate the code checker totally or 2) what I would do is make it's checker think unsigned code of cydia (yes cydia...) could be read by the code checker as normal average signed code.
srts the bootrom has a hardware system task list and I never said using AT cmds would jailbreak it but could inturn help unsigned code be accepted. Hence why doing a hardware flash on the bootroms code checker and re-writing it's hardwired function could be a more viable option because it could then make it so either 1) you could deactivate the code checker totally or 2) what I would do is make it's checker think unsigned code of cydia (yes cydia...) could be read by the code checker as normal average signed code.
1. The Kernel / AMFId is responsible for code sign checks in userland, so it wouldn't be the bootrom that rejects Cydia o.O
2. I am looking at the iPod touch 2G bootrom right now and the only task it has is the idleoff task, which, as you could infer from the name, shuts it down it nothing is happening for a set amount of time
3. The RSA check on firmware files that are passed to it or that it loaded from NOR is not a "task", but rather a hardcoded check that you can't avoid. Even if you had a tier-2 Apple engineer's development device somehow, the best you could do is bypass some of the tag checks that assure the firmware is being loaded onto the correct hardware, and I think that some header mismatches (or more accurately, sometimes the routine will return "1", which is like saying "there was an error, but if we are a dev device it's OK", versus returning 0x16 which basically says "FAIL! ABORT! ABORT!") can be bypassed with a dev device too. Anywho, the signature check stays in place at all times.
4. The bootrom does NOT use AT commands. I don't know where you get this. That is the baseband, which accepts them like any other modem made in the past 30 years or so. That is like saying your computer accepts AT commands; It just does not make any sense. In fact, the only thing the bootrom "accepts" is a file being sent to it via USB or serial.
thanks chronic... My friends gave me a whole bunch of inaccurate info grrrrr... Now I look stupid again....! Well thanks any who and for once I guess you were patient :) later!
Post a Comment