Sunday, February 14, 2010

Apple Late Model iPhone 3GS Clarifications

A couple things I've learned over the past couple days:

iRecovery reports the iBoot version wrong on all the 3GSs I have tried. It always reports 636.66, when in fact the versions were 359.3.2 and 359.3.

The 4th and 5th digits of the serial number are the manufacture week. According to theiphonewiki iPhones made after week 40 are not vulnerable to the 24kpwn (untethered) exploit. This isn't quite true, as I have at least one week 41 that was vulnerable to 24kpwn.

I have yet to find a good way to put 3GSs in DFU mode, or more importantly, get them out of DFU mode, which is the only way I have seen to reliably tell which iBoot version they have. I have tried holding the power and home button for 30 seconds, even a minute, or just the power, or just the home button for that long. iRecovery won't even detect it.

To build iRecovery you need a couple packages, namely readline and libusb. On the Mac this apparently requires darwin ports then libusb, but I never actually got it to build on OSX. For ubuntu you just need to apt-get libusb-dev and libreadline5-dev (although I also installed libusb-1.0-0-dev before I saw libusb-dev, just in case you need both). Also, while building on Ubuntu, I had to add "include <signal.h>" to irecovery.c, or else it couldn't find SIGINT.

Also, from what I can tell, even if you have your SHSH saved, you can never downgrade your baseband, so if you accidentally upgrade to 3.1.3 you lose your ability to unlock.

Finally, switching back and forth from blackra1n and redsn0w has worked fine so far.

Update: Switching from redsn0w to blackra1n caused iTunes not to be able to sync, giving error message "iTunes cannot read the contents of the iPhone xxxx. Go to the Summary tab in iPhone preferences and click Restore to restore this iPhone to factory settings." The fix is to delete /private/var/mobile/Media/iTunes_Control/iTunes/iTunesDB and any files under /private/var/mobile/Media/iTunes_Control/Music.

No comments: