Hey everyone. Am I excited to give you all some great news. Well these past 2 weeks I have been working on a method to “patch” the stupid time based expiry in the iPhone OS 3.0 betas and today I can finally confirm that I do have a 100% working solution!
So why was I looking for a solution? Well, for all nobody anywhere on the internet had a solution for this, so I made it a bit of a personal goal to do this.
Why so late, iPhone OS 3.0 beta 3 has already expired?! Again, I was testing this and I believe that my method will work for every beta (I also believe that it would work on already expired betas, like iPhone OS 3.0 beta 3 (7A280f). I also decided to finish tests 1 week after beta 3 should have expired. iPhone OS 3.0 beta 3 expired on May 9th (last week on Saturday).
So what’s the secret? How did you figure this out? Well the secret is actually in the iPhone’s lockdown.
For those who don’t know what a “lockdown” is, its the part of the iPhone that has special files that allow the iPhone to be activated. (That’s why iTunes needa to connect to the internet after your iPhone was restored.)
So taking this into account and the fact that you need a developers account, I dove into the SpringBoard application and (thanks to Mike) I found that every beta firmware has a
So I had been informed of a “UDID bypass” method of activating the iPhone that included deleting that entire line from the SystemVersions.plist and using iTunes if you were on AT&T, 3.0, and without a developers account. Well, that sounded reasonable to me so I gave it a shot and surprisingly it worked 100%.
I decoded to do some work with a legitimate restore/activation on 3.0 and then with a “UDID Bypass” restore/activation, and I compared and contrasted.
What I found is that in the legitimately activated iPhone, the time based expiry was in the lockdown and the iPhone was constantly checking with the lockdownd process.
So how do you do this? Well there is one way that this is (confirmed) possible, but I have a couple of theoretical scenarios that I believe to also work.
My confirmed method, what you will need is:
•iPhone OS 3.0 (7A280f) (Theoretically any iPhone OS 3.0 release)
•Quickpwn (for iPhone OS 3.0 beta) this can be found on our friends down at quickpwn.com)
•Diskaid (old version, lastest version claims that it doesn’t work with 3.0)
•iphonebrowser (just in case you cant find an older version of diskaid)
•a fully working AT&T sim with some service (I used my PrePaid GoPhone AT&T SIM that I already use for the iPhone, if you don’t have one, borrow one, or buy a GoPhone SIM fom AT&T or a $20 prepaid AT&T phone from Walmart and take the sim out and put it into the iPhone)
•Regular iTunes account
Just a few quick things before you start. For iPod touch 1G users, you can use this method. I will specify what steps you will and will not need. (No, you don’t need AT&T for this to work for you, lol)
Also, for all iPhone 2G users, if you have an unlocked iPhone, do not worry about losing your unlock, your baseband will forever be unlocked as Apple gave up on updating your basebands.
iPhone 3G users, if you want or need an unlock, do not update to 3.0 as your baseband is updated (unlike iPhone 2G users). Also, you will have issues downgrading to 2.2.1, (it is possible, if you need to know, email me at firstname.lastname@example.org to learn how.) So use this method if you want 3.0, and don’t need 2.x.x, and if you use AT&T as your carrier.
Alright so now restore your iPhone or iPod touch to iPhone OS 3.0 beta 3. The file should include _7A280f_ somewhere in the file name. If it doesn’t do not restore to it, it is not beta 3. Also make sure that your inrernet is off during the restore process, after it starts the restore (when it says preparing for iPhone restore” disconnect your router from te internet.
Next, (make sure you are 100% done with the restore and not connected at all to the internet) now open Quickpwn and find your firmware, click the blue arrow, and uncheck Activation. I repeat, UNCHECK Activation!!!! It will not work if you select Activation. Just have Icy (or Cydia if you are using the beta 5 version of quickpwn), now follow all the steps to place it into DFU and let it do its thing.
When thats done it will reboot, and it should hang on a white bar with an Apple logo (thats not quickpwn’s fault, its Apple’s fault). So now use DiskAid or iphonebrower or any other USB SSHing program you use, and navigate to /system/library/CoreServices/SystemVersions.plist now drag that to your desktop.
Open it, and edit it. Now here’s the trick to initiate this whole method, if you are on beta 3 (7A280f), just change where it says:
change it to:
Now that that’s done, make sure your AT&T SIM is in the iPhone, now reconnect your internet, open iTunes,drag the modified SystemVersions.plist back into the iPhone and reboot your iPhone. Now iTunes should activate it and give you a non-expiry lockdown!
Congratulations! You are now done!
For those on iPhone OS 3.0 beta 4 or iPhone OS beta 5, do everything up until you are editing the SystemVersions.plist. Not only will you change from “Beta” to public, but you will also have to change where it says “3.0” to “2.2” and change the build version to “5G77”. Now save it and drag it back to the iPhone, and overwrite the old one.
Now after iTunes activates you, go back to the modified SystemVersions.plist on your desktop, and edit it again, change “2.2” back to “3.0” and change “5G77” to whatever your build version is. DO NOT change the “Public” to “Beta” as it will expire. Now save, and drag it in again, and reboot your iPhone.
There you go! You are all set!
A theoretical version of this method would be to restore, jailbreak, change the SystemVersions.plist, and then just drag the lockdown from a legitimately activated 2.2.1 iPhone and do it that way.
So there you go everyone, you can now enjoy iPhone OS 3.0 beta 3 (or whatever) until final release this summer!