ios 7.0.6 Safe to Hactivate

[BesfortShalaTec]

i just test it but you need to modify something cuase wont work
1)Download ispw of 7.0.6 if you have copy to this location
C:\Users\Usernamexx\AppData\Local\Temp\ssh_rd
2.delete all file and folder there just leave ispw there
3.open ssh_rd_rev04b.jar
4.connect to device to DFU
5.you will see this

Code:

 
 SSH ramdisk maker & loader, version 29-06-2013 git rev-04b
Made possible thanks to Camilo Rodrigues (@Allpluscomputer)
Including xpwn source code by the Dev Team and planetbeing
Including syringe source code by Chronic-Dev and posixninja
syringe exploits by pod2g, geohot & posixninja
Special thanks to iH8sn0w
device-infos source: iphone-dataprotection
Report bugs to msft.guy<[email protected]> (@msft_guy)
 
 
Extracted resource to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\native\jsyringeapi.dll
Extracted resource to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\native\mux_redux.dll

Connect a device in DFU mode
MobileDevice event: MuxConnect, 0, 0
MobileDevice event: MuxDisconnect, 0, 0
MobileDevice event: DfuConnect, 4cb1227, 8930
DFU device 'iPhone 4 (GSM)' connected
Building ramdisk for device 'iPhone 4 (GSM)'
Extracted resource to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\all_keys.plist
Working dir set to C:\Users\Samiri\AppData\Local\Temp\ssh_rd
IPSW at http://appldnld.apple.com/iOS5.1.1/041-6051.2012.0525.Cvby7/iPhone3,1_5.1.1_9B208_Restore.ipsw
Downloading Restore.plist
Local file C:\Users\Samiri\AppData\Local\Temp\ssh_rd\iPhone3,1_5.1.1_9B208_Restore.ipsw not found; downloading from http://appldnld.apple.com/iOS5.1.1/041-6051.2012.0525.Cvby7/iPhone3,1_5.1.1_9B208_Restore.ipsw
Downloaded to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\Restore.plist
Restore.plist downloaded to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\Restore.plist
Parsing Restore.plist..
Kernel file: kernelcache.release.n90
Restore ramdisk file: 038-5512-003.dmg
Downloading Firmware/dfu/iBSS.n90ap.RELEASE.dfu
Downloaded to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\Firmware\dfu\iBSS.n90ap.RELEASE.dfu.orig
Decrypted to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\Firmware\dfu\iBSS.n90ap.RELEASE.dfu.dec
Extracted resource to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\nor5.patch.json
Patched to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\Firmware\dfu\iBSS.n90ap.RELEASE.dfu.dec.p
iBSS prepared at C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\Firmware\dfu\iBSS.n90ap.RELEASE.dfu
Downloading Firmware/dfu/iBEC.n90ap.RELEASE.dfu
Downloaded to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\Firmware\dfu\iBEC.n90ap.RELEASE.dfu.orig
Decrypted to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\Firmware\dfu\iBEC.n90ap.RELEASE.dfu.dec
Extracted resource to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\nor5.patch.json
Patched to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\Firmware\dfu\iBEC.n90ap.RELEASE.dfu.dec.p
iBEC prepared at C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\Firmware\dfu\iBEC.n90ap.RELEASE.dfu
Downloading Firmware/all_flash/all_flash.n90ap.production/DeviceTree.n90ap.img3
Downloaded to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\Firmware\all_flash\all_flash.n90ap.production\DeviceTree.n90ap.img3
Device tree prepared at C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\Firmware\all_flash\all_flash.n90ap.production\DeviceTree.n90ap.img3
Downloading Firmware/all_flash/all_flash.n90ap.production/manifest
Downloaded to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\Firmware\all_flash\all_flash.n90ap.production\manifest
Downloading kernelcache.release.n90
Downloaded to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\kernelcache.release.n90.orig
Decrypted to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\kernelcache.release.n90.dec
Extracted resource to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\kernel5.patch.json
Patched to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\kernelcache.release.n90.dec.p
Kernel prepared at C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\kernelcache.release.n90
Downloading 038-5512-003.dmg
Downloaded to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\038-5512-003.dmg.orig
Decrypted to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\038-5512-003.dmg.dec
Extracted resource to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ssh.tar
Added ssh.tar to the ramdisk
Ramdisk prepared at C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\038-5512-003.dmg
Using syringe to exploit the bootrom..
Exploit sent!
Preparing to load the ramdisk..
Ramdisk load started!
MobileDevice event: DfuDisconnect, 4cb1227, 8930
MobileDevice event: DfuConnect, 4db1227, 8930
DFU device 'iPhone 4 (GSM)' connected
Ignoring same device iPhone 4 (GSM)
MobileDevice event: DfuDisconnect, 4db1227, 8930
MobileDevice event: RecoveryConnect, 4db1281, 8930
MobileDevice event: RecoveryDisconnect, 4db1281, 8930
Almost there..
MobileDevice event: MuxConnect, 0, 0

Success!
Connect to localhost on port 2022 with your favorite SSH client!

 login: root
 password: alpine

5.open putty connect to "localhost" port 2022 root alpine
6.mount.sh
7.delete setup.app in putty reboot_bak
8.use ireb or tinyumbrella to exit recovery mode

[asadnow2k]

You tested this on what module?

[BesfortShalaTec]

Quote:

Originally Posted by asadnow2k

You tested this on what module?

just iphone 4 GSM others won't work

[rathbone]

after hacktivation, phone does have signal?

[SC400slide]

hope it works cuz i like my phone

sag

[BesfortShalaTec]

Quote:

Originally Posted by rathbone

after hacktivation, phone does have signal?

Sure it won't have this just delete setup.app nothing more

[austin0]

is it tested by anyone?

[.:[WHH]:.]

bro hw of iphone 4 is old
so till exist exploit botroom
always iphone 3gs/4
can hactivated and never patched

[osfloca]

will work on 3,2 3,3 also?

[FS®]

BesfortShalaTec, 1)Download ispw of 7.0.6 if you have copy to this location
C:\Users\Usernamexx\AppData\Local\Temp\ssh_rd... just as I said...worked like charm right?

[SC400slide]

Quote:

Originally Posted by BesfortShalaTec

i just test it but you need to modify something cuase wont work
1)Download ispw of 7.0.6 if you have copy to this location
C:\Users\Usernamexx\AppData\Local\Temp\ssh_rd
2.delete all file and folder there just leave ispw there
3.open ssh_rd_rev04b.jar
4.connect to device to DFU
5.you will see this

Code:

 
 SSH ramdisk maker & loader, version 29-06-2013 git rev-04b
Made possible thanks to Camilo Rodrigues (@Allpluscomputer)
Including xpwn source code by the Dev Team and planetbeing
Including syringe source code by Chronic-Dev and posixninja
syringe exploits by pod2g, geohot & posixninja
Special thanks to iH8sn0w
device-infos source: iphone-dataprotection
Report bugs to msft.guy<[email protected]> (@msft_guy)
 
 
Extracted resource to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\native\jsyringeapi.dll
Extracted resource to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\native\mux_redux.dll

Connect a device in DFU mode
MobileDevice event: MuxConnect, 0, 0
MobileDevice event: MuxDisconnect, 0, 0
MobileDevice event: DfuConnect, 4cb1227, 8930
DFU device 'iPhone 4 (GSM)' connected
Building ramdisk for device 'iPhone 4 (GSM)'
Extracted resource to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\all_keys.plist
Working dir set to C:\Users\Samiri\AppData\Local\Temp\ssh_rd
IPSW at http://appldnld.apple.com/iOS5.1.1/041-6051.2012.0525.Cvby7/iPhone3,1_5.1.1_9B208_Restore.ipsw
Downloading Restore.plist
Local file C:\Users\Samiri\AppData\Local\Temp\ssh_rd\iPhone3,1_5.1.1_9B208_Restore.ipsw not found; downloading from http://appldnld.apple.com/iOS5.1.1/041-6051.2012.0525.Cvby7/iPhone3,1_5.1.1_9B208_Restore.ipsw
Downloaded to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\Restore.plist
Restore.plist downloaded to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\Restore.plist
Parsing Restore.plist..
Kernel file: kernelcache.release.n90
Restore ramdisk file: 038-5512-003.dmg
Downloading Firmware/dfu/iBSS.n90ap.RELEASE.dfu
Downloaded to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\Firmware\dfu\iBSS.n90ap.RELEASE.dfu.orig
Decrypted to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\Firmware\dfu\iBSS.n90ap.RELEASE.dfu.dec
Extracted resource to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\nor5.patch.json
Patched to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\Firmware\dfu\iBSS.n90ap.RELEASE.dfu.dec.p
iBSS prepared at C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\Firmware\dfu\iBSS.n90ap.RELEASE.dfu
Downloading Firmware/dfu/iBEC.n90ap.RELEASE.dfu
Downloaded to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\Firmware\dfu\iBEC.n90ap.RELEASE.dfu.orig
Decrypted to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\Firmware\dfu\iBEC.n90ap.RELEASE.dfu.dec
Extracted resource to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\nor5.patch.json
Patched to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\Firmware\dfu\iBEC.n90ap.RELEASE.dfu.dec.p
iBEC prepared at C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\Firmware\dfu\iBEC.n90ap.RELEASE.dfu
Downloading Firmware/all_flash/all_flash.n90ap.production/DeviceTree.n90ap.img3
Downloaded to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\Firmware\all_flash\all_flash.n90ap.production\DeviceTree.n90ap.img3
Device tree prepared at C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\Firmware\all_flash\all_flash.n90ap.production\DeviceTree.n90ap.img3
Downloading Firmware/all_flash/all_flash.n90ap.production/manifest
Downloaded to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\Firmware\all_flash\all_flash.n90ap.production\manifest
Downloading kernelcache.release.n90
Downloaded to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\kernelcache.release.n90.orig
Decrypted to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\kernelcache.release.n90.dec
Extracted resource to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\kernel5.patch.json
Patched to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\kernelcache.release.n90.dec.p
Kernel prepared at C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\kernelcache.release.n90
Downloading 038-5512-003.dmg
Downloaded to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\038-5512-003.dmg.orig
Decrypted to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\038-5512-003.dmg.dec
Extracted resource to C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ssh.tar
Added ssh.tar to the ramdisk
Ramdisk prepared at C:\Users\Samiri\AppData\Local\Temp\ssh_rd\ipsw_iphone31_9B208\038-5512-003.dmg
Using syringe to exploit the bootrom..
Exploit sent!
Preparing to load the ramdisk..
Ramdisk load started!
MobileDevice event: DfuDisconnect, 4cb1227, 8930
MobileDevice event: DfuConnect, 4db1227, 8930
DFU device 'iPhone 4 (GSM)' connected
Ignoring same device iPhone 4 (GSM)
MobileDevice event: DfuDisconnect, 4db1227, 8930
MobileDevice event: RecoveryConnect, 4db1281, 8930
MobileDevice event: RecoveryDisconnect, 4db1281, 8930
Almost there..
MobileDevice event: MuxConnect, 0, 0

Success!
Connect to localhost on port 2022 with your favorite SSH client!

 login: root
 password: alpine

5.open putty connect to "localhost" port 2022 root alpine
6.mount.sh
7.delete setup.app in putty reboot_bak
8.use ireb or tinyumbrella to exit recovery mode

Thanks muches! I dont know how to mount.sh? please help anybody with mac?

[ppdavisito]

With the software WinSCP after of connect,search the button Console and then put the commond mount.sh

[Smartphone2005]

what this command can do??

[Oluromeo]

nice information to be updated by you bro...

[ensung]

nice idea but for junior member its not enough can you post full details like youtube video or screenshoot it helps us more anyway thanks your post