iPhone 2.0 Not Meeting Expectations - FollowUp

Below is a video that compares the speed of the iPhone 3G in their commercial to the iPhone 3G in real life. Apple has missed the mark if this new iPhone is supposed to be the solution to slow transfer speeds.

iPhone 2.0 Not Meeting Expectations

Apple appears to have made some mistakes with this recent launch of the new 3G iPhone. On top of a poorly operated scarcity marketing strategy as explained by Seth Godin, there has been problems with activations and signs of poor stability. David of 37signals.com describes his unhappy experiences with the new Apple device over the last week.

In summary, the increase in speed using the 3G network has been fantastic, that is when it works. David stated that he feels the phone dropped the 3G network and used the slow EDGE network approximately 80% of the time. The new 2.0 firmware shows signs of sloppy performance with consistent delays and instances where the device freezes for several seconds. David also told the readers of Signal vs. Noise that while the phone is on the 3G network it burns through battery life, causing the user to recharge daily.

I can imagine that the iPhone uses more power than most cell phones, but Apple needs to effectively match that power consumption with the appropriate battery. That is under the assumption that the new iPhone is under powered. Lets just hope for Apple's sake that this is not the case and that their iPhone is using more power than it should be, and in this case they can identify the problem and release a patch to the firmware to fix it.

The Apple iPhone has been on a consistent path to capture not only the majority stake of the US' market share of cell phones, but also on a global level. If they cannot quickly address these issues, they will see a drop off in consumer loyalty.

In Seth's post regarding the 5 principles of a scarcity campaign, Apple could have done a better job at making their customer's feel as if they were actually cared for and many of these issues would not have been as upsetting.

How-To: Update to Unlocking the Apple iPhone

George has posted on his blog some updated information regarding his steps to unlock the iPhone. They can be read below.

First of all, I don't solder anymore on the phones I unlock. Just get tweezers with a sharp point, scratch away the trace, and use the two prongs on the tweezers to touch the side of the cap and the trace. It's much much easier.
Second, kiwi66 pointed out and fixed some problems with ieraser not connecting to the bootloader. The download link has been updated.
Third, you cannot reboot between ieraser and iunlocker. The wifi will stop working, which I saw happened to several people on the forums. If you do reboot, simply make a launch daemon to run bbupdater -f myver.fls That restores the firmware.
Also using that termcap I have linked seems to make ssh and minicom init slowly. Anyone find a better way, perhaps with just the vt100 file?

HowTo: Unlock Your Apple iPhone

On Tuesday August 21st, 2007, an incoming freshman to Western New York's own Rochester Institute of Technology has announced that he has unlocked his iPhone to work on other service providers networks. This 17 year old soon to be biotechnology major from Glen Rock, NJ, is in the books as the first person in the world to unlock an iPhone. Apparently, he spent all of his last summer before leaving for college, skipping the graduation parties to reach this objective. This is big news.

RIT is just loving every minute of this publicity, boasting how impressive their incoming students can be. The full article from RIT's press releases can be found in Google's cache.

Already, Hotz has traded the unlocked iPhone to a tech business owner for a Nissan 350z and 3 new 8gb iPhones.

So, here it is, the following steps were taken from Hotz's blog. One thing is for sure, this kid is not going to have a hard time finding work in the future.

What You Need:

• First, an iPhone. Of the sshed and jailbroken variety. Also, kill commcenter by moving the LaunchDaemon plist out of the directory.

• Some trusty case opener tools(read: guitar picks) Read one of the many tutorials available online for taking apart your phone.

• A soldering iron. This should've cost you more than $10.

• Fine pitch wire. I used magnet wire salvaged from a little motor.

• An unlock switch. The bigger and more badass, the better. Or if you are cheap, wire cutters :-)

• A red bull. This requires concentration, something I don't have without Red Bull.

Step 0:

You will need a couple things. First add termcap, second you will also need to move com.apple.CommCenter.plist out of its folder and reboot your iPhone. First time you start minicom use minicom -s to enter into setup and set the modem as /dev/tty.baseband

When you done with minicom remember to move back com.apple.CommCenter.plist otherwise your phone wont have service.

Step 1:

First, I would like to say thanks again to gray, iProof, dinopio, lazyc0der, anonymous, the dev team, nightwatch, and everyone who donated. Without them, there would be no unlock today, and I surely wouldn't be up at 8AM.
Second, you may brick your iPhone using this tutorial. YOU ARE WARNED.
Okay on to the actual step. Remove the black part, the three screws, and the aluminum case. Disconnect the wire connecting the phone to the case. Do not remove anything else. Comment on these posts if you are with me so far. Once we get a good number of comments I'll move on.

Step 2:

Also remove the metal cover over the comm board. This is all the disassembly you have to do. If you feel like being safe, desolder the battery red lead. I didn't :)

Step 3:

The red line is covering the A17 trace. In order to trick the chip into thinking the flash is erased in the correct section, you will need to pull this high. Scrape away at the trace with something like a multimeter probe. Then solder a very thin wire to it. Be very careful. Only scrape away at that solder mask above that one trace. YOU DO NOT WANT TO BREAK THE TRACE. This is the hardest step in the whole process; the rest is cake. Also solder a wire to the 1.8v line. Connect to wire coming from the trace and the wire coming from the 1.8v to your unlock switch. Be careful, you only get one chance to do this right. Thanks again to Nick Chernyy for the picture.

Commenter Suggestions:

• I suggest using 0,15mm coated copper wire, the one that looks blank and is coated with a heat sensitive material. Thats a lot more bendable.
• with some soldering experience this is a piece of cake. Equipment is the key, don't try this stuff with too big soldering irons. I use a 0,4mm needle style point
• Use an embossing heater to heat the solder and the board, shielding the plastic case with aluminum foil.

Step 4:

Ok, time to test what you just soldered. First use the continuity check on a multimeter to make sure the wires aren't shorting to ground or to each other. Make sure your switch is in the off position. Power up your iPhone. Hopefully it didn't smoke :) Now go into minicom to tty.baseband and send a few commands, AT a few times will do. It should respond OK. Now flip your switch, the baseband should stop responding. Even when you flip it back, the baseband still shouldn't respond. Be sure your switch is off, then open another ssh and run "bbupdater -v" You can get bbupdater off the ramdisk. This should reset the baseband, and minicom should start working again. If it did this, your soldering is most likely good, and you are ready to actually start unlocking your phone!!!

Commentor Suggestions:

• For information regarding minicom: http://www.macosxhints.com/article.php?story=20041026113304907
  

Step 5:

If it passed the checks in step 4, congratulate yourself. You are a pro solderer. Go eat lunch. If not, don't worry yet. I must've thought I bricked my phone 100 times. First of all, to power up your phone you don't need to reconnect the case with the power button. Just connect it with USB, it'll power itself up. Secondly, don't waste time compiling minicom. Download the binary here, and termcap here.

Step 6:

Now, with the switch off, your baseband should be working perfectly. Here you should take a NOR dump of your phone. The dev team's NORDumper is a great way to do this. This is good to have in case something goes wrong. You can extract the firmware from this as well, which we'll get to later.

Step 7:

So here is the first tool release, iEraser. This erases the current firmware on your modem. Don't worry, you can always put it back with bbupdater. Here how the bootrom check works; it reads from 0xA0000030 0xA000A5A0 0xA0015C58 0xA0017370 and all these addresses must read as blank, or 0xFFFFFFFF. When you erase flash, it becoms 0xFFFFFFFF. But you can't erase those locations, because they are in the bootloader. So thats where the testpoint comes in. Pulling A17 high hardware OR's the address bus with 0x00040000(offset one because data bus is 16 bit) So the bootrom instead checks locations 0xA0040030 0xA004A5A0 0xA0045C58 0xA0047370, which are in the main firmware and can be erased.

Pretty genius :)

To use this tool, you need the secpack from your modems version. The erase of this section is protected. Check the modem version in Settings->About. It'll either be 3.12(1.0) or 3.14(1.0.1 and 1.0.2). You need the ramdisk which cooresponds to your version. Then go into "/usr/local/standalone/firmware" and get the ICE*.fls file. Extract 0x1a4-0x9a4 and save it in a file called secpack and place it in the same directory as the ieraser tool. Run ieraser. This should erase the modem firmware and leave you one more step on your way to unlocking.

Commentor Suggestions:

• to create the secpack file out of the ramdisk you can do:
  
  dd if=ICE03.14.08_G.fls of=~/secpack bs=1 skip=0x1a4 count=0x800

Step 8:

Now its time to patch the firmware. Thanks to gray for finding these patches, this required some very complicated reversing. First, you need to extract the firmware from your nor dump. The range you need is 0x20000-0x304000. Save this file as "nor". The patches you need to apply are as follows. These are offsets from the begininning of the file to saved as "nor". Choose your version, and patch.
3.12: (213740): 04 00 a0 e1 -> 00 00 a0 e3
3.14: (215148): 04 00 a0 e1 -> 00 00 a0 e3
Resave the file nor, you'll need it soon...

Step 9:

The final tool is iUnlocker. This tool uploads a small program, "testcode.bb", to the baseband using the bootrom exploit. This program needs to be in a dir with "nor", the file you obtained in the last step. You need to have the switch on when running this program. This will download and run the code in "testcode.bb" Then the program will stop and ask to to turn off the switch. Do so. You type any character then hit enter. The nor download starts right away. When the counter reaches 0x2E4000, it is done. Run "bbupdater -v". Hopefully it will return the xgendata. If is does, the nor upload was successful.

Step 10:

minicom into /dev/tty.baseband. If you already used up your attempt counter, the phone should already be unlocked. If not just run 'AT+CLCK="PN",0,"00000000". That will unlock the phone for sure. Run 'AT+CLCK="PN",2'. It should finally return 0!!!
Your phone is now unlocked. Exit minicom and copy the CommCenter plist back to its place. Reboot. iASign. And enjoy your unlocked iPhone.