Update (7/13): iPhone Unlocking Imminent? They are talking to the GSM radio. This could be the last step, the iPhone could be unlocked by this weekend!
————————————————
An optimistic update on the iPhone Dev Wiki. Nightwatch is looking for a few good men or women to help finish the toolchain they need to hack the iPhone wide open.
Toolchain: Call for Developers
I have started a project to create a high-quality ARM assembler tailored for the iPhone. This is our last major hurdle to overcome in order to write programs for the phone. We know how to produce the assembler code in the correct way, thanks to some insider information helpfully provided to us. I’ve created a project page for this undertaking, which already features a working cross-GDB. Any help would be much appreciated.
Join them if you think you have the skills to help out.
Continue reading ‘iPhone Hacking in the Home Stretch, Maybe: iPhone Hacking Update 7/10/07 PM’
It looks like the access to the serial console, which seemed so promising just a few days ago, has dead ended against a well-locked gate. Fortunately, there are still other fronts for attack
Latest Progress Report - The iPhone Dev Wiki
July 9, 2007 2:50AM Eastern Update
The bootloader is basically a dead end. Everything that goes into it must be signed, and without apples 1024-bit RSA private key, this isn’t going to happen. Fortunately we have another in. We have basically full command over the file system and can upload, copy, and run files. I’ll say this, ringtones would be a *trivial* thing to do now. We know the radio is accessible though software from from thisbbupdate dump. Once the toolchain is working, we can write a program to write to /dev/tty.baseband, and finally unlock thi thing.
-dev team
Update: They’ve compromised the root filesystem, which should open opportunities for ringtones, custom icons, and potentially, custom apps, including unlocking programs.
The press has been picking up on some commercial efforts to unlock the iPhone.
Newzeland’s Computer World reports on John McLaughlin who is the founder of Belfast, UK-based UniquePhones. McLaughlin said he has engineers working around the clock in several countries who are close to cracking the security Apple has set up to ensure customers can only use iPhones with AT&T Wireless service.
On July 3rd, his website claimed to be close to making a public announcement about cracking the activation, but so far, nothing. Meanwhile, a public hacking effort has already announced their own success on the activation front, as has “DVD Jon.”
The Register also has a version of the same story.
It has been a busy day for the sleepless iPhone hackers. They released two tools, and have made a lot of progress, including figuring out how to manipulate the boot loader, and figuring out how to unlock the phone once they can get appropriate access to the radio.
Boot Loader
We’ve successfully issued commands to the boot loader. So far, we’ve been limited to power off, but have made significant progress on issuing other commands. Some of the commands are radio commands, and this is our key to wealth and prosperity. 
UnlockingWe know how to unlock the phone, so the question now is whether we can get the commands to the radio or not. We don’t believe our method is the only method, but assuming that with the help of some very smart folks we can get access to the radio, the firmware should be trivial to unlock.
iPhoneInterface
iPhoneInterface details are available in my earlier post
Hardware side
We are working some prototype circuitry which once understood, will allow us to access the debug capabilities of the phone. Stay tuned for more on this, as I don’t have up-to-date information on this yet.
SVN
A public subversion server should be up by 1:00AM Eastern.
Public read-only SVN at http://iphonesvn.halifrag.com/svn/iPhone/
Again, I’m not posting a link to the actual Wiki because they’ve asked people not to in order to preserve performance and reduce vandalism so they can continue to use it productively.
It looks like the last progress report from the iPhone Dev Wiki team was premature. Things sound like they’ve totally turned around in the last hour or so. They almost have free reign on the iPhone, and this freedom puts them in a much better position to hack the unlocking functions.
I’m still honoring their request not to link directly to their site.
Update: The team has released two tools, one which allows you to activate the iPhone without an AT&T account or iTunes. The other gives system level access to the live iPhone operating system. Read about them and digg it if you like it.
So, it looks like I was a little premature about some things. We can run any file, we can start and stop things on iPhone at will, we can get files on the phone and put them where ever we like, and we can get into the bootloader and commands are successful (though we can’t read the output yet). We have essentially totally reversed the restore process and totally own several things on the phone. Our technique is based around doing interesting things with restore, and while I can’t publish any code yet, I promise you we will put some information up tonight when we get finished hacking. We will also still do a major tonight, as promised.
Tomorrow will bring some more work on the tool we are releasing, which will allow you to do much more with the phone. I cannot stress enough how close we are to the internals of the phone, and the closer we get, the more opportunity we have to mess with the unlock functions themselves.
