1. jdm.accord's Avatar
    Picked up a $50 iPhone 4 today that had a shattered back and had the "iPhone is disable" message on it due to too many failed passcode attempts. I put it in restore mode to see what color the iTunes logo would be before doing a restore and its the older silver CD logo. So I know its running iOS 4.1 or lower. I'm hoping I scored a 4.0.x firmware and can unlock it. Problem is, the phone doesn't have files saved (tried restoring to 4.3.3 using pwnage) and even if I guessed the firmware correctly using redsnow, its disabled because of the passcode issue.

    Any ideas how I can do a custom restore to 4.3.4? Will snowbreeze do this yet? I have a MacBook so I'm not up on snowbreeze but if it can get me custom 4.3.4, I can get access to a PC to do it. Help me out ya'll, thanks!
    2011-07-20 03:11 AM
  2. ihappy's Avatar
    If you believe it is 4.1 or lower then you can always try bypassing the passcode screen. However if the device is not yours (which is why the passcode screen would be on is my guess) then more than likely its going to get blacklisted eventually.

    The bypass will only work if you're on 4.1 or lower from what I have tested. I tried this on 4.2.1 and 4.3.3 and it didn't work.

    Turn the device on and get to the passcode screen
    Go the emergency call screen and dial any random number
    Hit the call button and immediately hit the power button.
    You should now be in the phone dialer keypad screen
    2011-07-20 03:52 PM
  3. jdm.accord's Avatar
    If you believe it is 4.1 or lower then you can always try bypassing the passcode screen. However if the device is not yours (which is why the passcode screen would be on is my guess) then more than likely its going to get blacklisted eventually.

    The bypass will only work if you're on 4.1 or lower from what I have tested. I tried this on 4.2.1 and 4.3.3 and it didn't work.

    Turn the device on and get to the passcode screen
    Go the emergency call screen and dial any random number
    Hit the call button and immediately hit the power button.
    You should now be in the phone dialer keypad screen
    The iTunes logo is the silver CD so I know for a fact its 4.1 or lower. If it was 4.2 or above, the iTunes logo would be blue. Its not my phone originally. Like I said, I paid $50 for it because of its condition. Not sure if that bypass will work but I'll give it shot
    2011-07-20 04:01 PM
  4. ihappy's Avatar
    As far as I know thats the only bypass for the passcode screen. It was a major flaw and Apple had it patched up in the next update after 4.1
    2011-07-20 04:04 PM
  5. xtacy's Avatar
    Download Ifaith
    Extract blobs.( this is shud tell u firmware )
    Make signed ipsw
    Restore.
    2011-07-20 04:15 PM
  6. ihappy's Avatar
    Download Ifaith
    Extract blobs.( this is shud tell u firmware )
    Make signed ipsw
    Restore.
    There might be a problem with that. How do we know it has any blobs saved? He bought the phone second hand and stated there are no files saved since he already tried restoring to 4.3.3 using pwnage tool
    2011-07-20 05:56 PM
  7. xtacy's Avatar
    There might be a problem with that. How do we know it has any blobs saved? He bought the phone second hand and stated there are no files saved since he already tried restoring to 4.3.3 using pwnage tool
    You might wanna google Ifaith. It's shsh dumper. Dumps blobs of the firmware the phone is running regardless of it being previously saved or not.
    She call me Mr. Boombastic say me fantastic, touch me in me back
    she say I'm Mr. Ro...mantic
    2011-07-20 06:31 PM
  8. ihappy's Avatar
    You might wanna google Ifaith. It's shsh dumper. Dumps blobs of the firmware the phone is running regardless of it being previously saved or not.
    It only dumps if there is something to be dumped. As I stated before if the device has no shsh saved either with TU or on Cydia then ifaith is not gonna grab anything.

    I'm not denying your post about using ifaith. I am simply stating that ifaith will only pick up what it sees.
    Last edited by ihappy; 2011-07-20 at 06:53 PM.
    2011-07-20 06:40 PM
  9. xtacy's Avatar
    Ifaith dumps shsh even if they are not on Cydia and tu.
    All devices which run x firmware has x blobs. Ifaith is the only software which can dump/extract the blob of the firmware the device is running on even when U are terribly misinformed.
    Official statement
    iFaith is the first public SHSH Dumper that dumps the SHSH blobs for the current iOS revision running on your iDevice.

    I have estracted numerous blobs using it. Adviced many ppl to use it. I know am not wrong :-)
    Read this
    when your device comes from Apple, it comes with a firmware pre-installed. If Apple is no longer signing that firmware, you wouldn't be able to save the SHSH blobs in the past. With ih8sn0ws new tool, you can dump the SHSH blob directly from your currently installed firmware. The way this works is that Apple has signed image files that show up during the boot sequence with the SHSH blob. iFaith allows you to dump your SHSH key directly from those files.

    After you have dumped the files, you then patch the firmware file you are trying to downgrade to with your SHSH key, this firmware file is considered a signed firmware file. Once you have created it, you simply restore it in Pwned-DFU mode just like you would if you were restoring any other custom firmware. iFaith is compatible with mostly all iDevices except for the iPad2 and a few others.
    Last edited by xtacy; 2011-07-20 at 07:29 PM.
    2011-07-20 07:19 PM
  10. ihappy's Avatar
    You are correct. I understand what you are saying now.

    But now am I to believe that after you extract the shsh blobs and create a signed ipsw with the shsh blobs intact using ifaith that it will preserve the baseband as he clearly is trying to do??
    Last edited by ihappy; 2011-07-20 at 08:47 PM.
    2011-07-20 08:44 PM
  11. xtacy's Avatar
    If he is on 4.1 the baseband won't b unlockable . If he is 4.0 it will be. Baseband won't change
    2011-07-20 10:12 PM
  12. ihappy's Avatar
    Interesting. So basically ifaith not only extracts the shsh blobs of the current fw on the device but it also preserves the current baseband as well. Thanks for that insight.
    2011-07-20 10:15 PM
  13. xtacy's Avatar
    Nopes. Doesn't preserve. But the fact that we don know the current firmware doesn't help. I misquoted my statement.
    2011-07-20 10:28 PM
  14. ihappy's Avatar
    Nopes. Doesn't preserve. But the fact that we don know the current firmware doesn't help.
    This is true. But he can still try and extract the shsh blobs and save them correct?
    Create a custom fw using pwnage tool or sn0wbreeze to preserve said baseband and still use the extracted shsh blobs to restore??

    I'm just brainstorming here. I haven't done this procedure before
    2011-07-20 10:44 PM
  15. xtacy's Avatar
    Yeah
    Technically yeah :-)
    2011-07-20 10:58 PM
  16. jdm.accord's Avatar
    Is iFaith osx compatible? The phone could potentially be running 4.1 and thus all of this be in vain since 4.1 has a baseband I can't unlock. I just figured it was worth a shot and maybe I'll get lucky running 4.0.x
    Last edited by jdm.accord; 2011-07-21 at 12:09 AM.
    2011-07-21 12:05 AM
  17. ihappy's Avatar
    Is iFaith osx compatible?


    I just checked and no it is not. Sorry
    Last edited by ihappy; 2011-07-21 at 12:13 AM.
    2011-07-21 12:10 AM
  18. jdm.accord's Avatar
    I just checked and no it is not. Sorry
    Yeah I did the same lol. h8snow has said mac support "coming soon" for over 2 years now. Guess their definition of "soon" is different than mine.
    2011-07-21 01:34 AM
  19. jdm.accord's Avatar
    so I fired up my old PC (07 model running vista) and tried to get iFaith. Every time I download it from any source, the zip file is empty. I have the .NET 2.0 framework or whatever already installed as part of Vista. Any help would be appreciated
    2011-07-21 04:31 AM
  20. xtacy's Avatar
    Try another mirror :-)
    Ih8sn0w sux that guy is a rude ***
    2011-07-21 07:32 AM
26 12
LINK TO POST COPIED TO CLIPBOARD