asoa’s blog

If your iPhone came with 4.02.13_G (aka 1.1.2) OUT OF THE BOX then do NOT use this unlock as it does not work with bootloaders other than BOOT03.09_M3S2. New iPhones (and all U.K. and German iPhones) come out of the box with BOOT04.06_M3S2.

Here’s the instructions for you to update your iPhone to the latest firmware and then to unlock it. (IMPORTANT: DO NOT SKIP ANY STEP OR INTERCHANGE THEIR ORDER).

Downgrade the baseband firmware:

1. Make sure Modem version is 04.02.13_G in Settings ? General ? About.

2. Set Settings ? General ? Auto Lock ? Never

3. Start Installer and install BSD SubSystem found in System Category.

4. Go to Sources and tap edit and add http://i.unlock.no/

5. Now install “BB Downgrader (1.1.2)” found in Unlocking Tools category. This will take around 5 minutes.

6. When done, restore your phone to get 1.1.1 firmware reinstalled. (You can do this using iTunes. choose firmware manually)

7. When phone have been restored, you can Activate using the following method.

Bypass activation and prepare phone for software installation

1. Make sure you have a SIM-card with PIN turned off, and power on your phone (the supplied AT&T card works fine).

2. On the activation screen, slide for emergency and dial: *#301# to make the phone call itself. (If the incoming call dialog quickly disappears but it keeps ringing, just dial 0 (remove *#301# first), and it will call itself)

3. Answer the call, and tap on Hold

4. Phone will call it self again, tap Decline. You will now be returned to the normal dialer.

5. Tap on contacts, and tap the + icon to add a new. The only info you are going to add to this contact are two URL’s. To add a URL, tap Add new URL. The first URL is prefs followed by a colon: prefs: and the second is jailbreakme.com. Tap Save.

6. Your contact now has two “web pages” - tap on the first one (prefs:). This will take you to the settings dialog. The reason you want this, is because you need to connect to a Wi-Fi network, so tap on Wi-Fi, and get connected to a network, and make sure the icon on top of the screen is indicating that you are connected. While you are in the settings dialog, you should also set: General ? Auto-Lock ? Never.

7. Now, press the home button, and again, slide for emergency dial 0, Answer the call, Hold and Decline the new call so that you get to the contacts. Tap on your contact (No Name), and this time tap on the other home page, jailbreakme.com

8. Safari will launch and show you a web page. Read through the text, before you Install AppSnapp

9. Phone will return to activation screen, but don’t panic, just wait.

10. Phone should automatically restart after almost a minute or two.

11. When the phone starts again, it should no longer say slide for emergency, but rather Slide to unlock It means it was successful! Activation is now bypassed, and phone prepared for software installation!

At this stage you will have a working 1.1.1/04.01.13_G iPhone in sim unlocked status.

This is what you need to do to make it a 1.1.2/04.02.13_G:

1. Run Oktoprep via Installer

2. Update to 1.1.2 via iTunes, after update leave iPhone connected till iTunes “see it” then close iTunes.

3. Jailbreak (http://conceitedsoftware.com/iphone/1.1.2-jailbreak.zip)
3.a Install BSD Subsystem via Installer

4. In Installer add rep.frenchiphone.com or hacktheiphone.com/1.xml to your installer source and then Install AnySIM 1.2.1u from the installer. Reboot iPhone!

5. Put the iPhone in Airplane Mode!!! Run AnySIM1.2.1u! After its completed, go to Settings—>Airplane Mode set to OFF, now u will get a signal bars!

6. !!! IMPORTANT !!!

If u’re outside US, SMS and Phone will NOT work,right away tho. To “FIX IT” install iWorld via Installer(in Tweaks 1.1.2), run it, choose your country, reboot(do it manualy if auto doesn’t work)

By now you will have a 1.1.2/04.02.13_G (latest firmware) iPhone in sim unlocked status. You can start using your phone right away.

Note: The credits for the iPhone unlocks goes to iPhone Dev/Elite Teams.

Wireless LANs operating on the same channel or even in the same spectrum can interfere with each other. This interference, called co-channel interference, is caused by frequency reuse and is most common in 802.11b/g networks. Since the 802.11b/g standard allows for only three non-overlapping channels, frequencies must be reused within the same area when more than three APs are required. Co-channel interference is something that degrades your WLAN throughput and can hurt your WLAN’s performance.

You can also get co-channel interference between overlapping channels in the 802.11b/g spectrum. For example Channel 6 operates between 2426 MHz and 2448 MHz, and Channel 7 uses 2431 MHz to 2453 MHz. This means 17 MHz is used by both channels. Because only one device can transmit on any given frequency, they are effectively sharing 77 percent of their bandwidth, which degrades WLAN performance.

Even though channels 1 through 6 are marketed as non-overlapping for Channel 11, an RF phenomenon called side lobes (basically, power leakage into unintended frequencies) causes them to give off minimal interference. But this is eliminated at greater distances.

Although many devices can interfere with WLANs, adjacent WLANs are the most overlooked culprit. The frequency in which WLAN devices operate is valuable so carefully plan and deploy your WLANs to avoid potential interference.

The credit for the pictures in the article goes to “Protection Ripple in 802.11 WLANs” by Devin Akin, CTO - CWNP.

My first article explains the steps to activate/jailbreak and unlock a new iPhone to firmware 1.1.1. This article instead explains the steps to revirginize an iPhone which has been unlocked with AnySim 1.0 and most other unlocking tools apart from Iphonesimfree and AnySim 1.1

To revirginize.

01. Download the BSD subsytem.
02. Donwload the tools (virginizer_pack) to flash the baseband.
03. Connect the iPhone to WiFi so that you can access it over WiFi
04. Copy the BSD Subsytem and virginizer_pack to the iPhone using SCP
05. SSH to iPhone
06. Backup the seczone
07. Run the virginizing tools to flash baseband to the original 03.14.08

Now I have a virgin iPhone.

08. Using iTunes update the firmware to 1.1.1
09. Activate iPhone using Independence.
10. Jailbreak iPhone (this would be done automatically in step 09).
11. Install SSH on iPhone via Independence.

Now to unlock the iPhone so that it works on my non AT&T sim.

12. Download AnySim 1.1
13. Copy AnySim 1.1 to the iPhone using Independence
14. Run AnySim 1.1 and follow instructions.

Hooray, now I have revirginized an iPhone which was unlocked using AnySim 1.0 earlier and activated, jailbreaked and unlocked it with firmware 1.1.1 which works on my non AT&T sim.

Unlocking iPhone is just a snap if you are familiar with the unix commands and use Mac OS X.

My first try was with a total new iPhone (firmware 1.1.1). Find below the steps I used to activate, jailbreak and unlock the iPhone with 1.1.1 update.

01. Used my non AT&T sim in the phone.
02. Use Independence to take the iPhone to Recovery mode.
03. Download the firmware 1.0.2 from Apple site.
04. Restore the 1.0.2 firmware to the iPhone using iTunes.
05. Wait for iTunes to finish, once done Quit iTunes.
06. Launch Independence again to get the iPhone out of recovery mode.

Now I have the iPhone in firmware 1.0.2

Now to upgrade it back to 1.1.1 so that I can activate/jailbreak the iPhone.

(Please note that if you have used anySIM 1.0 or other older free SIM unlocking solutions (anything except for anySIM 1.1. and iPhoneSimFree) to SIM unlock your phone, and you upgrade to 1.1.1, it will wipe out the SIM unlock and render the phone and text message part of your phone inoperable. Everything else will work though).

07. Launch Independence and activate the iPhone.
08. Use Independence to Jailbreak the iPhone.
09. Install SSH on iPhone via Independence.
10. Connect the iPhone to WiFi so that I can access iPhone over WiFi.
11. Do a Pre 1.1.1 upgrade using Independence.
12. Using iTunes update the firmware to 1.1.1
13. Activate iPhone using Independence.
14. Jailbreak iPhone (this would be done automatically in step 13).
15. Install SSH on iPhone via Independence.

Now to unlock the iPhone so that it works on my non AT&T sim.

16. Download AnySim 1.1
17. Copy AnySim 1.1 to the iPhone using Independence
18. Run AnySim 1.1 and follow instructions.

Hooray, now I have an activated, jailbreaked and unlocked iPhone with firmware 1.1.1 which works on my non AT&T sim.

At home here in Colombo, we have Comet Cable and ADSL internet from SLT. After we moved into the house I connected my wireless router to the ADSL router at home. Just after I powered on the wireless router the TV signal got corrupted and the wireless signal was fluctuating like anything.

Having a thorough knowledge of wireless analysis, I suspected interference immediately but I had no way to check it out with a spectrum analyzer. I changed the channel of wireless router from channel 6 to channel 1 and the TV signal was back to normal and the wi-fi signal also became normal. In order to confirm my suspicion I checked the details of the Comet Cable decoder and found out that it was in fact a wireless decoder using 2.3 - 2.7 GHz. Thought also to check the Comet Cable site to see if I can get any more info about this product and follows is what I found on the Comet Cable site.

Comet Cable uses state of the art MMDS (Multipoint Multi-channel Distribution System) pay television system, which is widely used in over 35 million households throughout the world. The only system deployed in the South Asian region. The distribution of these channels are from the HEAD END located at the rooftop of the HILTON JAIC TOWER. From which, these channels are transmitted in the MMDS frequency band (2.3 - 2.7 GHz) to the customer site where specialized equipment from Comet Cable is required. These signals are then converted to UHF signals via a down converter installed at site to transmit the audio/video signals to the customer’s television.

Comet Cable distributes its services to a radius of approximately 50 Km from the HILTON JAIC TOWER. Main distribution area is considered to be the Greater Colombo Region. This system requires line-of-sight transmission from the antenna at customer site and the transmitting tower. 

Aha 50 Km! So this could be one reason why I see fluctuations of so many wireless signals I found throughout the Greater Colombo Region. Anybody who has Wi-Fi at home or office with close proximity to a Comet Cable decoder and having connectivity problems should switch channels and see if your wi-fi signal improves.

It was my first visit to Colombo during May 2006 and I came with my colleagues for a business meeting and stopped at Colombo City Hotel which offers Affordable Star Class Accommodation in Colombo. The hotel is situated in the heart of the city of Colombo adjoining the World Trade Centre and the port of Colombo in close proximity to all Commercial Banks and Government Institutions. It was a perfect destination for a business traveler.

Here goes a location map of the hotel.

I was at Room 405 and I can see Hilton, The World Trade Centre and the Bank of Ceylon building clearly from my room. The hotel does have ADSL and paid Wi-Fi Internet but I thought to try and see if there are any Free Wi-Fi’s around which I can go online and check my mail for free.

I just opened my iBook and immediately found an access point with the SSID of tsunami which is wide open and free to access. I use to check my mails, chat directly from my room for the 3 days we stayed at the hotel. The speed was unbelievable and the speed which I get back at home is not even comparable to the speeds which I get from here. It took me less than a minute to download a 29mb file from the ROL server.

My second trip to Colombo was for taking wife for the delivery of our baby. We came to Colombo on 2nd December and decided to stop at Colombo City Hotel once again before I could find a place for us to stay here for 2 months. This time we were at Room 306 and I get almost the same view from the hotel room as my previous trip.

I opened my iBook and fired up KisMac to check for the available networks. KisMac came up with 22 wireless networks out of which 16 has no security, 3 WEP encrypted and 3 WPA encrypted. This means 73% either is not aware about wireless security or do not bother to secure their networks. Guess what! These networks could be from some big office in the World Trade Center! Here goes the screenshot of KisMac while scanning.

This time the signal from tsunami was very weak and I had to find another one which allows me to go online with a stable connection. I was able to connect to both the aztech newtork and the Firecracker55 network. In order not to leech the total bandwidth of a single connection, I connected my Compaq laptop running Windows XP Pro to the Firecracker55 for my wife to use and connected my iBook to the aztech network.

I was connected to aztech but yet I cannot go online. I fired up Firefox and tried to connect to the gateway IP of this aztech network. There goes the ADSL router configurations page. I was able to login even without a password. In the configurations page I found that the ADSL interface of the router is not up. In order to bring the interface up, I pressed the connect button on the configurations page and opened a new tab in Firefox and browsed to google.com to see if I am online. I’m online. There I see my google.lk page.

When ever I get a free time, I tried to peek into the security of the other networks which I could see. I found out that even though linksys does not use a security it has MAC filtering on in order to connect to only allowed wireless devices which has their MAC address in its database. I had the MAC Address changer which I have discussed in my earlier post which I used to change the MAC address of my windows laptop to see if I can connect to the linksys network. Here again I was able to bypass the MAC filtering implemented on the linksys network.

Don’t you think this people should be aware of such security issues before implementing wireless networks like this?

Many of the wireless networks I have come across around Male’ during our wardriving are lulled into the false sense of security that if they have WEP and MAC address filters set up on their Access Points / Wireless Routers they are secure.

They are totally mistaken; WEP is easy to break and MAC filters are even easier to by pass.

For those of you Windows users, Code Project has written a freeware MAC Address changer which is available at the Code Project site.

MAC Address Changer is very easy and simple to use. Using this tool is as simple as choosing your desired network card from the drop down combo box, entering a new MAC address, then press the Change MAC ID button.

Try it out to see how easy it is to circumvent the MAC filtering rules you setup on your Access Points and Wireless Routers.

Is anybody aware there is a Nation-wide Wireless Network in the Maldives or the so called 200 island wide Hotspot in the Maldives.

200 island wide Hotspot in the Maldives

Definitely I was not aware. I was aware there are some smartBridges and airPoint PRO equipment throughout Male’ during my various analysis projects but was not aware of such a 200 island wide Hotspot as mentioned in the customer success stories on smartBridges website.

I have been too lagged behind in blogging due to loads of work at office and partly due to time contraints with my studies towards the coveted CWNA exam.

On September 7 2006, I have attempted my CWNA exam and the results came out with flying colours. I am really happy as I have just passed over one hurdle which is on the way to my ultimate objective of getting the triple crown (passing CWNA, CWSP and CWAP) status before the end of the year 2006.

Now what I am concentrating is towards CWAP which covers the analysis of the Wireless LANs aka the most advanced topics in the IT industry.

Time for more studies to reach for my objective as there is very little time left.

Here I am in Trivandrum for a medical and wardrived almost all the major roads here and not even a single wi-fi signal was caught by my PDA.

Came home, we have a cable connection at home which was connected to a PC. The PC gets the IP via DHCP from the Cable Service provider. I tried connecting my iBook to the Cable Modem and I am not getting an IP as in the case of the PC. I needed to find a solution to check my mails from my iBook.

Since my room is on the ground floor and the PC with the cable connection is on the first floor, the best solution for me to use the laptop in my room and the sitting room would be to get a wireless router and connect it to the cable modem. We went to a few places and most of the guys doesn’t even know what a router (”rootere” - as they call it) is. Atlast we found a place where there are Linksys 802.11b and D-Link 802.11g routers. The choice was D-Link for a number of reasons. Speed, Size, Functions, Ability to operate in mixed mode are some of the few.

We got the router and when it comes for the configurations, the router doesn’t get the IP via DHCP too. Thought for a while on the issue and I cloned the MAC address from the PC’s network card to the router. Bingo! I got the connection. (That means the Cable Service provider has bound the MAC address of the PC’s network card so only that PC gets the IP via DHCP).

Connected the PC with the one of the routers LAN ports and setup wireless as an open system. Why an open? There are no hackers around? No much places around my home.

Wireless Security Is Bad For Your Health Scott Turner, wireless nonexpert, argues that wireless security is leading to a health epidemic.

Now I can run around my home either using my iBook or iPAQ to use Internet rather than sticking infront of the PC. Mobility is very important huh?