Welcome to iPhoneGoBoom.com

• Home
• Status/Links
• Jailbreak_1.1.1
• Activate_1.1.1
• Unlocking_1.1.1
• Wikis_1.1.1
• Virginizing_1.0.2
  • Virginizing_Mac
  • Virginizing_Windows
• Intro to FAQ
• FAQ_1.0.2
• Firmware Info
• IPSF Q&A

The iPhone VirginMaker (LONG WAY)

THESE STEPS WORK ONLY ON 1.0.2 PHONES THAT WERE UNLOCKED WITH ANYSIM OR iUNLOCK

thanks to gray for reversing the iphone crypto, without him this server wouldn't work
thanks to ipsf for writing a really well designed software program
and thanks to everyone who gave me seczones to play with
(revised by sunnyDlite)


Instructions

Files you need, and files you might need if something goes wrong:

Revirginizer files
(contains bbupdater, iUnlock, 314secpack, 314fls_correct, eeprom.eep, geomaker.exe, SimFree.app,
readme.txt (older, and not as helpful as the one you are reading now).

Baseband (Needed for Flashing the Baseband)
(this package includes ICE03.14.08_G.eep, ICE03.14.08_G.fls)

Apptap
http://iphone.nullriver.com/beta/

winSCP for Windows (for communication and transfering files between iphone and your pc)
http://winscp.net/eng/download.php

Putty for Windows (To execute commands in your iphone from your pc)
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

ibrickr for Windows (for installing files on Windows, even without WiFi)
http://cre.ations.net/creation/ibrickr

iTunesMobileDevice for Windows - http://rapidshare.com/files/56134826/iTunesMobileDevice.rar (if you have iTunes 7.4.x place it in the ibrickr folder for it to work)

Terminal for Windows (for running commands directly from the phone instead of using Putty)
http://iphone.exploit.org/pxl/MobileTerminal-VT100-svn161.pxl

Extract ALL files into your ibrickr folder.


PREPARING FOR VIRGINIZING
0. Flash the 102 Baseband (for folks with and without WiFi)

If you have unlocked a 102 phone, you need to flash the baseband (modem). AnySim and iUnlock modify the baseband by writing code to it, and an iTunes restore does not update the baseband if you restore to the same version of the firmware. Re-flashing will allow us to write a new baseband to the phone that we can use for virginizing.
Please note, however, that YOU CANNOT flash a 1.0.2 baseband if you already updated to 1.1.1.


IF YOU HAVE WiFi (For Windows)
a. Install AppTap using the installer you downloaded
b. On the phone, run Installer app and get Community Sources, BSD Subsytem, and OpenSSH
(These apps will let you SSH into the phone using Putty, and let you add files with winSCP)
c. Using Putty, SSH to the phone by typing "ssh -l root x.x.x.x" using your IP# for the x's.
The password is "dottie"
d. Using winSCP, SFTP to the phone (user "root", password "dottie").
Create a folder called "flash" and upload bbupdater, ICE03.14.08_G.eep, and ICE03.14.08_G.fls
e. Using Putty, type "launchctl unload -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist"
f. In Putty, type "cd /flash" then hit enter
g. In Putty, type "chmod +x bbupdater" hit enter
h. Then type ./bbupdater -f *.fls -e *.eep and hit enter
CONGRATS, YOUR BASEBAND IS NOW FLASHED. GO TO STEP 1 of VIRGINIZING

IF YOU DON'T HAVE WiFi
a. Open Ibrickr and choose Files
b. In the Ibrickr File manager view on the right side of the screen click the on the picture of the iPhone where it says bin/ it will look like a hyperlink
c. Click the upload files button. select ICE03.14.08_G.eep & ICE03.14.08_G.fls click open and wait for them to upload
d. Click back go to file and upload the files from the iphone.unlock.zip to /usr/bin
e. Once the files have been uploaded go back to the main screen of Ibrickr and choose Applications > install from PXL file and choose MobileTerminal-VT100-svn161.pxl
f. From your iPhone tap the Terminal icon on your springboard and type
launchctl unload -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist
g. Then type cd /usr/bin then hit enter
h. Then type chmod +x bbupdater and hit enter
i. Then type ./bbupdater -f *.fls -e *.eep and hit enter
CONGRATS, YOUR BASEBAND IS NOW FLASHED. GO TO STEP 1 of VIRGINIZING


VIRGINIZING STEPS
1. Download ipsf, the version doesn't really matter (or use the one in the virginizer pack)
a. Using iBrickr or winSCP, copy SimFree.app to /Applications
b. Using Putty, cd into the SimFree.app directory
c. Then, chmod +x bbsimfree kill rm sh

2. Change your DNS server in Wi-Fi settings to 216.252.80.8 (required)

3. Run IPSF; it won't work if your flash isn't original so bbupdate first(the fw version doesn't matter)
a. it will say invalid token/error update token, this is normal
b. if it says something else, that isn't normal

4. Go to http://kakaroto.homelinux.net/seczones/(your imei).bin after IPSF finishes
a. use your real imei, not 0049..., example http://kakaroto.homelinux.net/seczones/011245000012345.bin
b. this file is your restored seczone, file size is 4096 bytes at time of writing.

5. original geohotz gloader contained a bug which prevented it from working.
This program generates a personal gloader.
In Putty, type "geomaker 011245000012345.bin",
you will receive "011245000012345.bin_loader" - THAT IS YOURS LOADER.

6. now time to restore seczone. further instructions situable only for fw ver 1.0.2.
assuming that you installed bsd subsystem and openssh packages.

Using winscp, SFTP the following files to your iphone (better make some dir like /usr/u)
314fls_correct,314secpack,eeprom.eep,
bbupdater,iUnlock, 011245000012345.bin_loader (not .bin from server, but generated loader)

Using Putty, SSH to phone,
chdir to /usr/u
chmod +x bbupdater
chmod +x iUnlock

now execute
/bin/launchctl unload /System/Library/LaunchDaemons/com.apple.CommCenter.plist

that will unload commcenter

now execute
./iUnlock 314secpack 011245000012345.bin_loader

that will write seczone loader to phone.

now execute
./bbupdater -v

YOU WILL GET ERROR "CAN'T PING TARGET", THAT IS NORMAL !!!! MOST IMPORTANT IS THAT SECLOADER IS RUN AND RESTORES SECZONE

to be sure, execute again ./bbupdater -v

finally, write patched firmware in phone

./iUnlock 314secpack 314fls_correct

now execute
./bbupdater -v

it MUST show correct version !

and finally, just to be sure:

execute
./bbupdater -e eeprom.eep

that will write correct eeprom.

now execute
/bin/launchctl load /System/Library/LaunchDaemons/com.apple.CommCenter.plist

OR
reboot your phone now - it is VIRGIN and UNLOCKED with gray's "ignore mnc/mcc" method (used in anysim11)

thx goes to geohot for server, gray for all research and code.


Disclaimer:
Your ltoken/seczone are being saved to this server.
These could contain personal information.
This is a test server, and will be taken down and have all the info deleted this Monday
The source of the server will be released then.


EXAMPLE OUTPUT of all process on iPhone:

Using username "root".
root@192.168.3.3's password:
# cd /usr/u
# chmod +x *
# ls
000000000000000.bin_loader 314secpack eeprom.eep
314fls_correct bbupdater iUnlock
# /bin/launchctl unload /System/Library/LaunchDaemons/com.apple.CommCenter.plist
# ./iUnlock 314secpack 000000000000000.bin_loader
iUnlock v43.hiBaud -- Copyright 2007 The dev team


Credits: Daeken, Darkmen, guest184, gray, iZsh, pytey, roxfan, Sam, uns, Zappaz, Zf

Sending baudrate command speed 921600
Sending Begin Secpack command
Sending Erase command
Waiting For Erase Completion...
OK
Flashing
20%
40%
61%
81%
OK
Sending End Secpack command
Validating the write command
FW are equal!
Completed.
Enjoy!
# ./bbupdater -v
Resetting target...
pinging the baseband...
baseband unresponsive to pinging
Done
# ./bbupdater -v
Resetting target...
pinging the baseband...
baseband unresponsive to pinging
Done
# ./iUnlock 314secpack 314fls_correct
iUnlock v43.hiBaud -- Copyright 2007 The dev team


Credits: Daeken, Darkmen, guest184, gray, iZsh, pytey, roxfan, Sam, uns, Zappaz, Zf

Sending baudrate command speed 921600
Sending Begin Secpack command
Sending Erase command
Waiting For Erase Completion...
OK
Flashing
01%
02%
03%
04%
05%
06%
07%
08%
09%
10%
11%
12%
13%
14%
15%
16%
17%
18%
19%
20%
21%
22%
23%
24%
25%
26%
27%
28%
29%
30%
31%
32%
33%
34%
35%
36%
37%
38%
39%
40%
41%
42%
43%
44%
45%
46%
47%
48%
49%
50%
51%
52%
53%
54%
55%
56%
57%
58%
59%
60%
61%
62%
63%
64%
65%
66%
67%
68%
69%
70%
71%
72%
73%
74%
75%
76%
77%
78%
79%
80%
81%
82%
83%
84%
85%
86%
87%
88%
89%
90%
91%
92%
93%
94%
95%
96%
97%
98%
99%
OK
Sending End Secpack command
Validating the write command
FW are equal!
Completed.
Enjoy!
# ./bbupdater -v
Resetting target...
pinging the baseband...
issuing +xgendata...
firmware: DEV_ICE_MODEM_03.14.08_G
eep version: EEP_VERSION:207
eep revision: EEP_REVISION:7
bootloader: BOOTLOADER_VERSION:3.9_M3S2
Done
# ./bbupdater -e eeprom.eep
Preparing to flash using /dev/tty.baseband at 750000 baud
Please reset target
Resetting target...
ProcessDetailUpdated: Boot-loader is active
ProcessDetailUpdated: EBL version: 3.9_M3S2 3..9
ProcessDetailUpdated: Boot mode is: CC
ProcessDetailUpdated: Baud rate set to 750000
ProcessDetailUpdated: Get flash id.
ProcessDetailUpdated: CFI stage 1
ProcessDetailUpdated: Flash ID is: 88620089
ProcessDetailUpdated: CFI stage 2
ProcessDetailUpdated: Boot process finished
ProcessOutlineUpdated: Reading SW version data
Error: couldn't retrieve version information: File not found.
Upgrade from è?û/ to ôö/
Downloading EEP
ProcessOutlineUpdated: Start downloading from file eeprom.eep.
ProcessDetailUpdated: Sending sec-pack.
ProcessDetailUpdated: Load region 0
ProcessDetailUpdated: Sending end-pack.
ProcessDetailUpdated: Checksum OK.
ProcessDetailUpdated: Verify OK
ProcessOutlineUpdated: Process time was 1730 msec.
Resetting target...
Done
# ./bbupdater -v
Resetting target...
pinging the baseband...
issuing +xgendata...
firmware: DEV_ICE_MODEM_03.14.08_G
eep version: EEP_VERSION:207
eep revision: EEP_REVISION:7
bootloader: BOOTLOADER_VERSION:3.9_M3S2
Done
# /sbin/reboot