Novice required are had many concepts about the crack R-SIM15,R-SIM14,GPP,GEVEY,HEICARD,HEISIM,RSIM 10,RSIM11+,RSIM 9 PRO mini air Unlock,iPhoneX,iPhone8,Firmware,Any version, No jailbreak
 
简体中文 English


Novice required are had many concepts about the crack

Since starting iPhone 3GS, I have accumulated a lot of experience in jailbreaking and software use from 3.1.2 to 3.1.3 to 4.1. Share your iPhone experience. This article focuses on a number of basic jailbreaking concepts for the iPhone.


I. what is iOS?


IOS is the iPhone OS. The iPhone is a smartphone with an iPhone OS on top of the hardware. This operating system is like Windows CE and Windows Mobile. They are easily described by a comparison: iPhone OS is to iPhone as Windows XP is to our x86, x64 home PCS, and WinCE is to embedded hardware.


What is the difference between a locked version and a unlocked version?


The iPhone comes in two types, locked and unlocked. A locked version is a network lock, which means it is bound to a carrier, such as AT&T in the us and O2 in the UK. Such a phone can only be used by plugging in the SIM card of the corresponding carrier, but not by plugging in other CARDS. Usually, the purchase of this type of iPhone is to sign a 1-2 year network access agreement with a carrier, bind a credit account to promise the monthly consumption of how many yuan, discount purchase or free delivery. In this way, the cost of the iPhone has been converted into the phone charges of the corresponding carriers. If you want to use a different card, the iPhone will have to be jailbroken and unlocked. Only through these two processes will a locked iPhone be able to use another carrier's card. As for unlocking, there are also hard unlocking and soft unlocking, which we will talk about later.


Unlocked versions are also known as official unlocked versions, such as those from Hong Kong or the united Arab emirates. (there is also a customized version of hutchison's iPhone 3 in Hong Kong.) The phones are generally more expensive, but the advantage is that any carrier's SIM card can help activate the iPhone and make it work. They only need to escape, not unlock.


Check out "tell if your iPhone 3G is locked or not."


Click here to view "iPhone 3G,iPhone 3GS global locked version information query"


The iPhone 2G (first generation) is all locked


What is prison break? Why escape?


Jailbreak means to take advantage of some loopholes in the iOS system, obtain the root permission of iOS through instructions, and then change some programs to enhance the functions of iPhone, breaking through the closed environment of iPhone. When the iPhone was first bought, it was enclosed. As our ordinary users, we cannot obtain the root rights of iPhoneOS, let alone install some software into the phone. We can only buy some software (free of course) through the iTunes Store in iTunes, and then copy the software we legally get like the phone in a way approved by Apple (iTunes connects to iPhone and synchronizes). But this way we keep the vast majority of our users firmly within apple's jurisdiction. Some useful software, but not necessarily in Apple's interest, won't make it into the iTunes Store. For example, we can't install SSH on iOS, copy files in iOS, or install the input method more suitable for us. These software, all need to use a higher level of permission, apple is not allowed.


In order to use our iPhone better, we need to jailbreak. Breaking out of prison is not a must, but a cell phone that has escaped from prison is much more fun, convenient and fun to use. After jailbreak, can use a lot of software for free, more can make the phone's usability further enhanced.


Check out the full series of jailbreak tutorials here


What is unlocking? Why unlock it?


Because of the locked iPhone, we have to unlock it if we want to use a SIM card from another carrier. If you don't have to switch carriers, you don't have to unlock it. But for example, if you don't lock it, you can't use AT&T. You can only unlock it.


There are two methods of unlocking, the hard solution or the soft solution. Before the soft solution is released, it is the hard solution. The most common hard solution is to use the card sticker. If not, there is an ultimate unlock method, but it can only be done by Apple officials because we don't know the key. Just as we can't get into a room without a key, we can't fully and perfectly unlock it without a key. After getting to know iPhone baseband, NOR, firmware, etc., let's discuss the perfect unlock in more depth.


Usually said crack, when it is called the "unlock + prison break", for many iPhone users (especially in mainland China on the iPhone users), both are needed (or that sentence, of course, the escape is not a must, just better to play), so a lot of way to crack is put to unlock and jailbreak a piece, provided to you.


What is firmware? How to update firmware?


Firmware is the carrier for the iPhone to store the basic iOS and communication module implementation software, which is equivalent to the computer's operating system (such as Windows xp) or the more advanced BIOS. Without firmware, the iPhone is just a piece of hardware without a brain, the equivalent of buying a computer without an operating system. Firmware can be thought of as an operating system.


On a deeper level, the iPhone's firmware is divided into an application part and a baseband part. The application part mainly refers to the iOS iPhone OS operating system, while the baseband is mainly the iPhone communication system. The two parts add up and are synthesized into a XXXX. Ispw file that exists and runs an iPhone firmware.


Updating the firmware is the equivalent of reinstalling the operating system, and is done through iTunes's "iPhone firmware recovery." Prior to the 3GS, iPhone 1 and iPhone 2 phones, without adequate security measures, were able to download Apple's firmware software (xxx.ipsw) and restore it. But with the 3GS and later, you can't do that. Because for a piece of firmware downloaded from the Internet, we can modify the contents of their internal content directly jailbreak, which of course apple does not do. After encryption was added to 3GS, if we wanted to restore the firmware (or update the firmware), we would first go to apple's activation server to check whether the firmware software (XXX. Ipsw) that we were about to restore came from apple officials. They will check the signature of this firmware. If not official, then sorry, the user cannot restore the firmware. This printed out the next topic, and SHSH and himself built apple firmware to restore the authentication server.






What is ECID? What is SHSH? How do I back up SHSH? How can I get back to the original version of iOS?


The fundamental reason for bringing this up: apple prohibits you from using older versions of firmware. Once you "upgrade," you can't "downgrade." They typically prevent you from doing this by having iTunes receive a command to refuse to do it when you choose to restore older firmware. Remember, firmware is now signed and signed with a globally unique identifier (ECID) that only your device has. Apple USES the "only one" approach to generate a hash of the corresponding firmware file with your ECID. ITunes will receive this hash and send it to your device. Upon receipt of your device, the signature will be checked and verified (make sure the firmware is indeed from an apple official). Encryption algorithm is very complex, in practice temporarily unable to be cracked). If the signature matches, the firmware recovery will continue. If there is no match, the device will report an error and the recovery operation will be aborted.


But we're going to worship Saurik (Jay Freeman), and now we know how to fool around with iTunes. Apple offers only the signature of the "active" version of the firmware. Therefore, once the new version of the firmware is released, he stops signing the old version of the firmware. This is why you can no longer get a 3.1.2 signature. Apple is only signing up for version 3.1.3 (the iPad is 3.2) until the next firmware release. Soon, firmware signatures for versions 3.1.3(and 3.2) will be a thing of the past, as apple will only sign new versions of firmware. The current version is important. If you do not have a valid signature for your device (ECID), you will not be able to restore that version of firmware. This problem occurs periodically after every firmware update.


So, if there was a mechanism to save this signature, we could bypass apple and restore any version of the firmware at will. If your device is jailbroken, use cydia and your SHSH files will be saved. On the other hand, if your device isn't jailbroken or currently isn't jailbroken, that's unfortunate because cydia can only be used after it's been jailbroken.


ECID that Exclu ­ sive Chip ID, ID is the iphone 3 gs / 4, each of the 3 gs / 4 has its own unique ECID. With this ECID, you can uniquely identify an iPhone. The ECID is not quite the same as the serial number we get when we press *#06#, although both can uniquely identify a phone. The ECID is the unique number of the iPhone, and the latter is only the unique number of the communication module for the iPhone.


SHSH is actually a feature code that adds up to ECID+iOS for a particular version. To upgrade to a version of an iPhone 3GS or iPhone 4, you need to download a file from apple's activation server to determine whether the version is legal for the phone. This file is XXXX. SHSH.


This file is very important to jailbreak with us. We must backup the SHSH file for each iOS version, so that we can build our own authentication server and restore the old and vulnerable version to jailbreak one day when apple does not allow us to restore to this version.


Again, the ECID and SHSH concepts only apply to the 3GS and above, not the iPhone 1 and 2.


There are two main ways to back up SHSH. One is that with Cydia, you can go to the Cydia homepage and see the contents of backup SHSH (but in English). Another is through TinyUmbrella software. So far, the software has done a good job. When the iPhone is connected to a computer, it can automatically read the ECID number and get a specific version of SHSH from Cydia or apple. Specific tutorial and TinyUmbrella software download click here to view.


As for firmware recovery, that is, iOS degradation, we still need to use TinyUmbrella. After importing the corresponding SHSH, you can simulate apple's authentication server on your local computer and recover the firmware banned by apple.


What is the baseband? What is NOR? What is a Seczone? What is NCK?


Baseband is the iPhone's communication system, which is used to control the phone communication program, control the phone communication, WiFi wireless communication, and bluetooth communication. The iPhone has relevant communication hardware, which is driven by the baseband communication system. With the baseband working normally, it can make calls, send and receive text messages and use 3G functions.


Except WIFI. The baseband version can be found in the version number used by the modem in the iphone setting -> "about this machine". IOS and baseband are relatively independent and work together. After the baseband upgrade, many of the software solutions will fail and the locked iPhone will not work. Worst of all, baseband degradation is virtually impossible. So for a locked version of the phone, the baseband upgrade must be cautious, must wait for cracking before upgrading. Of course, the unlocked version should also be cautious about baseband upgrade.


NOR is a type of flash memory chip. Different from Flash NAND. But both are memory chips. The Baseband of the iPhone USES this flash. NOR is the medium for baseband storage.


Seczone is an internal verification module of baseband. It belongs to this communication system. This authentication module is so powerful that it blocks everything but code generated using apple-specific private keys. This makes the baseband hard to crack. And you can't force it.


NCK is an unlock counter. There's a calculated value inside. It reaches a certain value. It would permanently make the iPhone available only to AT&T or other national carriers.




With these concepts in mind, we can discuss the perfect jailbreak.


Further discussion on the perfect unlock:


Eight, how to achieve a perfect unlock?


The baseband data in iPhone is stored in NOR. Yes, the baseband state is stored in NOR, which includes the current unlocked state of iPhone. When the iPhone was delivered, it was locked in ATT's network. Now some people are asking: wouldn't it be perfect if we changed this state to unlock? Yes, but the question is:


1, only through baseband firmware, that is, baseband operating system, can read and write NOR, and NOR seczone control is extremely strict, want to directly send instructions to write, is impossible.

Every firmware that comes out of baseband is digitally signed by Apple. That is to say, every firmware that comes out of baseband is only firmware that has been signed with one of Apple's 1024-bit private keys.

3, the most important point, we do not know to go to NOR seczone inside what to write, to unlock, because NOR seczone data is encrypted, which is not zero is lock, 1 is unlocked so simple, NOR the iPhone each before encryption can be the same, but each is different after encryption, and the encryption mechanism, also can be calculated only by Apple's private key.


So, what does it take to achieve a perfect unlock?

Back to Previous Page