Tuesday, March 23, 2010

Fixing Blacksn0w on 3.1.3




Update: Ultrasn0w now supports 05.11 thru 05.13 with a new exploit that should fix all possible WiFi issues and any OS 4.0 problems. http://ultrasn0w.com/


------------------- Deprecated ------------------
miniFAQ: 
  • Can this be used with my 'accidentally restored' 3.1.3/non-jailbroken/running BB 5.12.xx iPhone?
    • NO
  • Does this also fix the WiFi problem (WiFi not connecting/requiring a reboot)?
    • NO, you should reset network settings to fix the WiFi problem. Preferably before you  install the unlock and with original operator SIM card in (otherwise, there are reports of resetting network settings causing an unbootable phone). 
3.1.3 with 5.11.07 BB ONLY


Update3: Thanks to nice people running PushFix.info, this fix is now available in their repository, cydia.pushfix.info, and their package actually does compatibility checking before install.
Update2: You need to chmod +x the dylib, forgot to mention that earlier :-(
Tools:
gdb, IDA 5.5, ldid, hex editor (XVI32)
Test load:





launchctl unload /System/Library/LaunchDaemons/com.apple.CommCenter.plist ; launchctl load  /tmp/com.apple.CommCenter.plist ; launchctl start com.apple.CommCenter
       
Test load in gdb:
gdb /System/Library/PrivateFrameworks/CoreTelephony.framework/Support/CommCenter
   >set env DYLD_INSERT_LIBRARIES = /usr/lib/blacksn0w.dylib
   >run
 
Cause of the bug:
Blacksn0w is locating a function to patch by searching the binary for a reference to string "SIM is not supported" . In 3.1.3 the same function now uses the string "Verified" in the reverse condition branch.. Since the location to patch is determined by instruction search&replace, the patch itself still works in 3.1.3 after changing the string and its length in Blacksn0w binary ..
I also changed the patch from mov r1, 1 to mov r0 , 1 because I suspect that's what it was supposed to do, instead of returning whatever garbage CFRelease left in r0 :-)
DISCLAIMER: please test-run before installing permanently; failure to do so or installing original BlackSn0w on 3.1.3 will force you to restore!
Instructions:
  • Download blackra1n.com/blacksn0w.deb , unpack with 7Zip
  • Copy System\Library\LaunchDaemons\com.apple.CommCenter.plist from .deb to /tmp/ on the phone
  • Copy the patched blacksn0w.dylib to /usr/lib/
  • Execute in SSH: chmod 755 /usr/lib/ blacksn0w.dylib
  • Try to execute a test load, make sure you get signal with your T-Mobile SIM -)
  • ONLY If test load works OK, copy com.apple.CommCenter.plist from /tmp to /System/Library/LaunchDaemons/
  • If test load does not work OK, the phone will freeze, wait 20 seconds and reboot (Power+Home), upload CommCenter crash logs from /private/var/logs/CrashReporter

72 comments:

D said...

Tested on 3g + 3.1.3 OS + 05.11.07 BB. Works

Push said...

Thanks msft.guy! Works great on my 3.1.3 3GS on 05.11.07. In fact, no supposed "race condition" any more. Was the r1/r0 swap responsible for WiFi not working?

Push said...

I think I'll answer my own question. I patched regular blacksn0w with the change that you made 2101 -> 2001 and used ldid to fix the sig.

I have found that my other 3GS @ 3.1.2 now boots with WiFi every time. Before, I would have to generally reboot it once as the first boot would result in no WiFi. I have tried several power offs and also used SBSettings to reboot several times. Every single time WiFi works right away.

So congrats, I think you also solved the "race condition" that turns out to be just a bug.

OSMAN said...

AutoSubmitted

SysInfoCrashReporterKey
3814501509051efaaeb94891da9e41822b8b2539
bug_type
109
description
Incident Identifier: 9E741F03-046E-4D40-BD4D-A0430DFF1C1F
CrashReporter Key: 3814501509051efaaeb94891da9e41822b8b2539
Process: CommCenter [1409]
Path: /System/Library/PrivateFrameworks/CoreTelephony.framework/Support/CommCenter
Identifier: CommCenter
Version: ??? (???)
Code Type: ARM (Native)
Parent Process: launchd [1]

Date/Time: 2010-03-21 01:08:54.962 +0200
OS Version: iPhone OS 3.1.3 (7E18)
Report Version: 104

Exception Type: EXC_BREAKPOINT (SIGTRAP)
Exception Codes: 0x00000001, 0xe7ffdefe
Crashed Thread: 0

Dyld Error Message:
could not load inserted library: /usr/lib/blacksn0w.dylib
Dyld Version: 149

Binary Images:
0x2fe00000 - 0x2fe24fff dyld armv7 <f5805b649fffebb1d5cc3ebd3e372e9e> /usr/lib/dyld

displayName
CommCenter
name
CommCenter
os_version
iPhone OS 3.1.3 (7E18)
system_ID

version
??? (???)




what does it mean?

Μαριω said...

Hello,
i have 3gs with 3.1.3 jailbreak with pwnagetool.

baseband 05.11.07

Model MC131B

I start test but after few seconds, phone freeze so this unlock fix over blacksn0w is not woeking for now.
hope that you will fing some solution:)
thanx

msft.guy said...

@Push: Not sure about WiFi, it might very well be unrelated..

@OSMAN: It cannot load /usr/lib/blacksn0w.dylib, make sure the file exists and running ldid -S /usr/lib/blacksn0w.dylib does not return errors. Install LDID from cydia. Make sure to use capital S in ldid command line.

@Μαριω: Please try to get a crash log after phone hangs and you reboot it.

Push said...

msft.guy, I run pushfix.info and believe me, I think you may have fixed it. I have given my patch for 3.1.2 to a few others and it has fixed their WiFi problems as well.

Please contact me via info :AT: pushfix.info

I am working on a free cydia package that will install this fixed version of blacksn0w for 3.1.2 & 3.1.3. It gives full credit to you and Geohot. I am trying to get in touch with Geohot to get his permission.

Seif said...

I have a 3gs (old bootrom) on 3.1.2
I want to upgrade to 3.1.3 using sn0wbreeze.
If i do so, will i be able to apply this patch?

interqd said...

just tried the easy .deb installation on my iphone 3gs 3.1.3 by snowbreeze, doesnt work.. it cant boot, stuckin at white apple logo...

i think you have to fix something in it...

Jeff said...

Ihaas to get a new iPhone 3gs. It is 3.1.3 and version 05.12.01. If I follow the instructions will jailbreak the
phone and give me either cidya or rock? I just want to be sure before I attempt anything.

interqd said...

@jeff
u cant get anything... these are only for those who upgrade their iphone to OS 3.1.3 using pwnage or snowbreeze..
as for me i just upgraded to 3.1.3 using snowbreeze..tried the .deb given with no luck.. have to restore agaiin..

@msft.guy
great job man...looking fordward for the stable release for this blacksn0w

Boumer said...

hey.

i do have the old bootrom and 3.1.2 I was wondering if i have to remove the old blacksn0w unlock in some way?

or just install the RC2 over the old release?

I didn't install the "sn0w" unlock via cydia. I used the one in blackrain.

btw: THX A LOT FOR YOUR WORK!!!

Pele said...

I have udpated my 3GS iphone firmware from 3.1.2 to 3.1.3 which was previously blackra1n. Will this jailbreak my iphone again?

Thanks
Lee

MasterMike said...

Hi!

Have you tried to Fix the Bootloop? I know that there are a few people with a chrashed Baseband.
Do you know what i mean?

Greets Mike

Dan said...

can this be done in a 3GS 3.1.3 baseband 05.12.01????? someone have tryed in this baseband?? someone knows how to jailbreak to??

George Hotz said...

Cool.

satrix said...

my mother,is true does only suck people with not saved sssh 3.13 Mc BB 05.12.01 or whath is it I am disapointed 1 mounths looking every day I am in linux like home but in vista vith one kids yes picture and newbie in iphone area I fuck self after 1 hour I get it home please no unlock only JB.any help

satrix said...

or if it possible to downgrade him????
thx m8

Mesembe said...

it works on my 3G. THANKS

Andrew said...

will this work on a MC model for 3.1.3 3rd generation ipod touch 32GB?
thanks a bunch!!!!

Andrew said...

or rather will the stable release of blacksn0w, work for the 3rd generation ipod touch 3.1.3?

interqd said...

this is for iphone.. dont think ipod touch needs this at all..

Pele said...

Can it be done from scrath on the iphone 3GS firmware 3.1.3

Someone please HELP

Thanks

mad1523 said...

Applied to a pwnagetool jb 3.1.2 05.11.07 bb 3gs and it fixed my Wifi issues instantly. Thank you! I have no interest in upgrading to 3.1.3 even if the bb stays intact.

chris said...

hi folks
can someone please help? i have installed the 3.1.3 blackra1n unlock, and all went well except for a "different SIM detected" error...the phone is showing Vodafone with service, however is only allowing emergency calls only.
05.11.07 using the install through Cydia.
many thanks
soren1974

locolbd said...

When will this be possible on a windows system.?

Jdawg said...

@interqd ipod touch 3.1.3 3rd gen does need a jailbreak also. redsn0w and sn0wbreeze dont work on 3rd gen and blackra1n doesnt work on 3.1.3 at all.

interqd said...

sorry.. but this isi not jailbreak..
this is just unlock for the simcard reader..

interqd said...

hi msft.guy ...
i really need this unlock.. but the .deb file didnt work for me ....

please tell me how to do a test load??
i cant understand ur instruction...
can i use mobileterminal to testload??
pls answer... been depressed for 3 days ..my iphone is just like a mini ipad now

msft.guy said...

@MasterMike: it should be possible to create a custom ramdisk that would restore CommCenter.plist, but generally you can always restore at least to custom (pwned) 3.1.3, so I don't see a point..
@Boumer: just stay on 3.1.2 unless you know what you're doing, otherwise create a custom 3.1.3 using latest PwnageTool to keep your BB version.
@05.12: NO, this is the same blackSn0w exploit that ONLY works on 05.11 radio
@stock 3.1.3: NO, this is not a jailbreak of any kind

313day313 said...

*****Update3****
In update 3, are you saying that i dont have to do all this file transfer work and download it from pushfix.info? If so whats it called

Push said...

@chris : I don't know specifically how to fix that, but I have heard the problem is fixed by not changing SIM's.

So, leave the SIM you are going to ultimately use in the phone the whole time, from custom firmware restore to blacksn0w RC2 unlock.

Before a restore, you could also try removing this file and then rebooting:

/var/root/Library/Lockdown/activation_records/data_ark.plist

That's just a guess though.

MasterMike said...

hmm,
So if I understand correctly I need a cfw 3.1.3 and a new commcenter.plist?
Only the CFW 3.1.3 is not enough, right?
how can I create a custom ramdisk that would restore CommCenter.plist?

greets

chris said...

many thanks Push

will try these

Push said...

msft.guy and others:

Regarding the baseband crash, what do you think of this?

http://bit.ly/9YWwhQ

interqd said...

tried the blacsnow rc 2 yesterday from pushfix repo...
didnt work :(
had to do full restore...

mine is 3gs 3.1.3 bb 5.11.07
anyone succeed in iphone 3gs?

Push said...

@interqd : Not sure about others, but I am using it on a 3GS @ 3.1.2 05.11.07 and a 3GS @ 3.1.3 05.11.07.

As you can imagine, just saying it doesn't work doesn't help me or msft.guy. :( What steps did you take, what specifically happened, etc? Were you using a sn0wbreeze or Pwnagetool jailbreak?

Also, I have a new tip for everyone out there. No one should EVER use "Reset Network Settings".

Finally, just tonight I believe I have developed the fix for WiFi not working (Settings -> WiFi shows no networks). This will be confirmed with a few people and then integrated into blacksn0w RC2. This time I'm pretty sure I've found it. It is not fixed by a blacksn0w patch, but by something else.

I also recovered my phone from a boot loop caused by reset network settings and I didn't have to restore. I may put up instructions on how I did that when I get time.

interqd said...

@push
strange.. mine is same as yours.. os 3.1.3 5.11.07
i jailbroke it with snowbreeze
well..firstly i did a restore from backup.. it doesnt work, got a bootloop then i restored my iphone and set as new..installed blacksnow rc2 and still didnt work(bootloop again)..
so i think there is some thing in that blacksnow that prevents my iphone to do normal booting..

actually 3 days ago before i went to 3.1.3 suddenly my iphone shows no service and became hot..
then i tried to get signal again by going to airplane mode off - on - off

but once i set the airplane mode to on, my iphone hanged and after 15minutes it got bootloop.. (thats the story why i went to 3.1.3)

hope it can help u and msft.guy to fix the incoming version of blacksnow..

and about the bootloop fix.. am waiting for that.. may be there is also fix for my bootloop after installing blacksnow (all versions)..

krimo said...

@push and/or @msft.guy,

I have an iphone 3.1.2 + 05.11.07 jailbroken with blackrain and unlocked with blacksnow.
But one month ago I lost my wifi. Can I use blacksnow rc2 to keep my iphone unlocked and restore my wifi without upgrading first to 3.1.3

Thanks

Henk said...

Hey. I have an iphone 3gs, OS 3.12, baseband 05.11.07, jailbroken with redsnow 0.9.2, unlocked with blacksn0w. Unlike others, I had no wi-fi problems at all. Neverthess, I tried blacksn0w RC2. Result? Unlock works indeed, but now continuous wi-fi problems. No wi-fi found at all. Although the app yFylite does find wi-fi networks. I retried several times, even using network setup restore etc, with the same result: no wi-fi. As a result I went back to blacksn0w RC1. Everything works fine now. RC2 for sure has still some issues.

brenda said...

Have a couple questions. I was uploading my music and accidentally click the upgrade in feb. Before I would run blackra1n to unlock it and it would work great. I don't know what else to do. Can you help me please...

Seif said...

PLEASE HELP!!

iPhone 3GS
Modem firmware: 05.11.07
Software 3.1.3 (sn0wbreeze)

I ONLY installed blacksn0w RC2 from cydia, and there is not signal coming from any sim, even the original. I activated it while restoring through sn0wbreeze.

PLEASE HELP.

shaul eini said...

@msft.guy listen, instead of "No Sim" it always on "searching" and the phone is slower then ever.
i'm using blacksn0w RC2 from you repo. i guess it doesn't work for a lot of users.
can you check it out ?

Push said...

@shaul If you are using a 3G phone, I recommend the regular blacksn0w at this time. If it's a 3GS, RC2 Final should work. If not, there is something weird for you because it works for almost everyone.

The timing is not right for the 3G right now, but it is perfect for the 3GS. I've got to fix it again for the 3G.

Takeshi Nomo said...

Hi Push:

I have an AT&T 3gs with 3.1.3 05.11.07 JB with snowbreeze. Blacksnow RC2 final 1.1 worked at the beginning and somehow it lost singal. After that, it keeps showing searching even without a sim card. Tried reset, reinstalled custom firmware and blacksnow rc2 final 1.1. It still shows searching.
Any idea what is going on? thx

Mike said...

Hi Push:

I got the same problem. can you hep.

I have an AT&T 3gs with 3.1.3 05.11.07 JB with snowbreeze. Blacksnow RC2 final 1.1 from cydia.pushfix.info. it keeps showing searching even without a sim card. Tried reset, reinstalled custom firmware and blacksnow rc2 final 1.1. It still shows searching.
Any idea what is going on? thx

Luka said...

My Solution to jailbreak iPhone 3GS 3.1.2 (05.11.07) and fixing the Wifi problem
Ok i just jailbroke my iPhone and unlocked it using Blacksn0w and after a reboot i recognized that i am not able to connect my IPhone to any
WIFI ACCESS POINTS…my first thought was,maybe its a hardware failure …so i start google around and find out it might be because of Blacksn0w, i uninstall it and my Wifi came back, then i started google again for a solution and tried a few and finally after some tryouts i just did it this way with success!
So if you are willing to try this solution i will post the steps
But Before starting i would recommend to all newbies first google OpenSSH, AppSnyc, imobilecinema, Sbsettings, afc2add…so you now what your are going to install
Here We Go
01 – Install ” iPhone2,1_3.1.2_7D11_Restore ” in DFU Mode (not Recovery “Restore” Mode)
02 – Download & Run Blackra1n Wait for a Reboot = Jailbreak !
03 – Install Cydia
04 – Connect to iTunes and Sync without any Contact or App or Music, just uncheck everything and sync
05 – Open Cydia and add http://repo.beyouriphone.com Source
06 – Open Cydia and add http://sinfuliphonerepo.com Source
07 – Open Cydia and add http://cydia.install0us.com Source
08 – Open Cydia Search & Install OpenSSH
09 – Open Cydia Search & Install AppSync
10 – Open Cydia Search & Install imobilecinema
11 – Open Cydia Search & Install Install0us
12 – Open Cydia Search & Install Sbsettings & Config it
13 – Uninstall Blackra1n
14 – Go to iPhone -> Setting and do some fine tunning like add email, set time & date …
15 – Connect to iTunes and install all Apps & Games & Music … finally Sync
16 – Open Cydia and add http://cydia.pushfix.info Source & Install BlackSn0W
17 – Open Cydia Search & Install afc2add
18 – Check if your YouTube or Push are working !
19 – If everything is ok go to setp 20, if not search and install PushFix from Cydia
20 – Reboot
I HOPE THIS HELPED YA !!
PS: BlackSn0W – afc2add – PushFix should always be the last thing you install from cydia

Frederic said...

Hi, thanks a lot msft.guy! It worked for me (3.1.3 custom with 05.11.07 BB and old iBoot). No wifi or reboot loop problem. But I noticed a problem with the latest version (RC2 v1.1) : I'm using a SIM doubler (www.simore.ch), so I can switch from a sim to another with the help of the "SIM Apps" function. This worked fine with release 0.2, but it does not work anymore with 1.1. So I downgraded to 0.2 and everything's fine now. I thought this might be of interest to you, maybe you have an idea how to restore the "SIM Apps" thing. Cheers!

Takeshi Nomo said...

http://extechblog.wordpress.com/2010/03/23/blacksn0w-crashes-3-1-2-firmware-05-11-07-baseband-3gs-no-shsh-on-file-solution/

follow this. it will help you to unlock you 3gs 05.11.07 with blacksnow rc2 final

sidq said...

Ii is working fine but need fine tuning such as when you reboot it stays in ..... for 30 second and then starts searching and than it shows the wifi bar than carrier signal and finally carrier name which takes approx 90 sec.
Is it possible to say searching on reboot?
I am on 3.1.3 -5.11.07 with 3GS

En lekfull said...

@push: Thank you for solving the wifi issues. Would you be able to fix the poor reception issues as well?
I have blacksnow RC2, 05.11.07 BB , and this is what happends:
- iphone connects using 3G to a nearby cell tower with great signal strength
- after some time, the iphone roams to another cell tower with very poor reception, even the phone is stationary
- when moving (e.g. in a car), phone calls are often dropped when roaming between towers
- when stationary, during heavy internet traffic, performance is very low (< 1 Mbit/s) even though signal quality is showing all bars. Expected speed >3Mbit/s (The same SIM provides excellent download speed in the same location when used in an android phone.)

The most important fix would be the dropped calls, which I suspect is linked to the erratic spontaneous roaming to a low-strength cell tower

Hope this helps. If I can assist you in testing, please let me know.

Mark said...

Awesome fix! For some reason, I'm having some issues (which some others seem to be having too). My phone is only unlocking sometimes - the rest of the time once blacksn0w starts up, I lose Wifi. After this, the phone runs really really slow. I'm baffled at this point - no crash logs either that I see... thoughts? I've also never managed to get it to work when booting up.


handle_connection: Could not receive internal message #2 from bbver. Killing connection
23:24:53 2010 ` lookup_baseband_info: The SIM status has changed
23:24:54 2010 ` lookup_baseband_info: Could not connect to CommCenter
23:24:54 2010 ` load_activation_records: looking at /var/root/Library/Lockdown/activation_records (1/0)
23:24:54 2010 ` load_activation_records: looking at /var/root/Library/Lockdown/activation_records/wildcard_record.plist (8/0)
23:24:54 2010 ` _extract_record_identifier: Could not extract ICCID from account token
23:24:54 2010 ` load_activation_records: Could not extract ICCID from record
23 :24:54 2010 ` load_activation_records: This is a wildcard record
23:24:54 2010 ` load_activation_records: looking at /var/root/Library/Lockdown/activation_records (6/0)
23:24:54 2010 ` dealwith_activation: No unlock record. Looking for a care flag.
23:24:54 2010 ` dealwith_activation: No care flag. Looking for a record that matches the SIM.
23:24:54 2010 ` dealwith_activation: Looking up the record for ICCID XXXXXXXXXXXXXXXX
23:24:54 2010 ` dealwith_activation: No record for the SIM. Taking whatever we can get.
23:24:54 2010 ` determine_activation_state: The original activation state is WildcardActivated
23:24:54 2010 ` determine_activation_state: SIM status: kCTSIMSupportSIMStatusReady
23:24:54 2010 ` determine_activation_state: Removing previously issued activation ticket from data ark
23:24:54 2010 ` determine_activation_state: No ICCID in the activation record
23:24:54 2010 ` determine_activation_state: The record contains a wildcard ticket
23:24:54 2010 ` deliver_baseband_ticket: SIM is not in operator locked state. Ignoring activation ticket
23:24:54 2010 ` determine_activation_state: The activation state has not changed.
23:24:54 2010 ` lookup_baseband_info: The SIM status has changed
23:24:54 2010 ` lookup_baseband_info: Could not connect to CommCenter
23:24:54 2010 ` load_activation_records: looking at /var/root/Library/Lockdown/activation_records (1/0)
23:24:54 2010 ` load_activation_records: looking at /var/root/Library/Lockdown/activation_records/wildcard_record.plist (8/0)
23:24:54 2010 ` _extract_record_identifier: Could not extract ICCID from account token
23:24:54 2010 ` load_activation_records: Could not extract ICCID from record
23:24:54 2010 ` load_activation_records: This is a wildcard record
23:24:54 2010 ` load_activation_records: looking at /var/root/Library/Lockdown/activation_records (6/0)
23:24:54 2010 ` dealwith_activation: No unlock record. Looking for a care flag.
23:24:54 2010 ` dealwith_activation: No care flag. Looking for a record that matches the SIM.
23:24:54 2010 ` dealwith_activation: Looking up the record for ICCID XXXXXXXXXXXXXXXXXXXXXX
23:24:54 2010 ` dealwith_activation: No record for the SIM. Taking whatever we can get.
23:24:54 2010 ` determine_activation_state: The original activation state is WildcardActivated
23:24:54 2010 ` determine_activation_state: SIM status: kCTSIMSupportSIMStatusReady
23:24:54 2010 ` determine_activation_state: No ICCID in the activation record
23:24:54 2010 ` determine_activation_state: The record contains a wildcard ticket
23:24:54 2010 ` deliver_baseband_ticket: SIM is not in operator locked state. Ignoring activation ticket
23:24:54 2010 ` determine_activation_state: The activation state has not changed.
23:25:35 2010 ` lookup_baseband_info: New phone number XXXXXXXXXXXXXX to insert into the ark

Mark said...

Sorry last message got cut off - here's what it looks like when it's not working (pretty much just hangs on searching forever)

Tue May 18 02:02:42 2010 (0x82de00) handle_connection: Could not receive USB message #8 from unknown. Killing connection
Tue May 18 02:03:04 2010 (0x839e00) handle_connection: Could not receive USB message #5 from unknown. Killing connection
Tue May 18 02:03:30 2010 (0x82d000) handle_connection: Could not receive internal message #2 from bbver. Killing connection
Tue May 18 02:03:31 2010 (0x385242d8) lookup_baseband_info: Could not connect to CommCenter
Tue May 18 02:03:31 2010 (0x385242d8) lookup_baseband_info: The SIM status has changed
Tue May 18 02:03:31 2010 (0x385242d8) lookup_baseband_info: Could not connect to CommCenter
Tue May 18 02:03:31 2010 (0x385242d8) load_activation_records: looking at /var/root/Library/Lockdown/activation_records (1/0)
Tue May 18 02:03:31 2010 (0x385242d8) load_activation_records: looking at /var/root/Library/Lockdown/activation_records/wildcard_record.plist (8/0)
Tue May 18 02:03:31 2010 (0x385242d8) _extract_record_identifier: Could not extract ICCID from account token
Tue May 18 02:03:31 2010 (0x385242d8) load_activation_records: Could not extract ICCID from record
Tue May 18 02:03:31 2010 (0x385242d8) load_activation_records: This is a wildcard record
Tue May 18 02:03:31 2010 (0x385242d8) load_activation_records: looking at /var/root/Library/Lockdown/activation_records (6/0)
Tue May 18 02:03:31 2010 (0x385242d8) dealwith_activation: No unlock record. Looking for a care flag.
Tue May 18 02:03:31 2010 (0x385242d8) dealwith_activation: No care flag. Looking for a record that matches the SIM.
Tue May 18 02:03:31 2010 (0x385242d8) dealwith_activation: Looking up the record for ICCID XXXXXXXXXXXXXXx
Tue May 18 02:03:31 2010 (0x385242d8) dealwith_activation: No record for the SIM. Taking whatever we can get.
Tue May 18 02:03:31 2010 (0x385242d8) determine_activation_state: The original activation state is WildcardActivated
Tue May 18 02:03:31 2010 (0x385242d8) determine_activation_state: SIM status: kCTSIMSupportSIMStatusReady
Tue May 18 02:03:31 2010 (0x385242d8) determine_activation_state: No ICCID in the activation record
Tue May 18 02:03:31 2010 (0x385242d8) determine_activation_state: The record contains a wildcard ticket
Tue May 18 02:03:31 2010 (0x385242d8) deliver_baseband_ticket: SIM is not in operator locked state. Ignoring activation ticket
Tue May 18 02:03:31 2010 (0x385242d8) determine_activation_state: The activation state has not changed.

msft.guy said...

@Mark:
The 'cannot connect to CommCenter' line looks suspicious; maybe CommCenter IS crashing?
Can you connect via SSH over USB (using for example this tool: http://code.google.com/p/iphonetunnel-usbmuxconnectbyport/downloads/list) and run ps -e | grep CommCenter to see if PID keeps changing?

Mark said...

I think you're right on that one...

before running blacksn0w, I have two entries -

33 ??/System/Libary/PrivateFrameworks/CoreTelephony/framework/Support/CommCenter

76 ttsys000 grep CommCenter

After running blacksn0w, both items came back up with different PIDs. However, the second one went away for a while (30 seconds maybe), showed up a 3rd time (with a third PID) and now doesn't show up at all.

Here are the syslogs - not sure if that would help.

http://padfly.com/codesamples

En lekfull said...

I've been running your blacksn0w a couple of weeks now.

Issues:

- I have noticed significantly *worse* reception using this version than geohots version. The phone would frequently go to GSM data where geohots version stayed on 3G. The phone also displayed fewer signal bars than geohots. (1-2 bars vs geohot's 4-5)
- I've also noticed Wifi going away several times. A workaround: Running WiFoFofum enables it again!
- Wireless passwords often disappear too, promting them to be reentered.

Today, the phone hung completely, with the same symptoms as other has written about:

- A reboot, and the phone gets stuck at "Searching..." forever. - Looking at ps -e | Grep CommCenter, I can see that CommCenter keeps running and does NOT crash.
- Systools shows CommCenter is consuming 99% CPU time

This completely kills the performance of the phone and of course it also renders it useless as I have no GSM.

There is no CommCenter crash log.
I'm going to look for other logs tomorrow.

En lekfull said...

One thing to add: CommCenter keeps running, but
/usr/sbin/BTserver and /usr/sbin/ BlueTool keeps dying, and respawning, while the phone is "Searching..."

Where would the logs for those be at?

msft.guy said...

@En lekfull:
You can force a dump by sending an ABRT signal (killall -ABRT CommCenter), then it might be interesting to look at the stack.
Reception might be related to the launch method in the repackaged version; you can try just using the 3.1.3 binary in /usr/lib/ and modifying the CommCenter.plist - this is more risky, but looks like you can recover if you almost drain the battery so that cellular turns off..

On BTServer: that's weird, are there crash logs?

En lekfull said...

@msft.guy: I made two crash dumps using killall -ABRT CommCenter
The dump logs are in a RAR at http://www.megaupload.com/?d=5ISJ7T3Q

I edited the PLIST for BTServer and disabled it at load. This did stop the phone from respawning BTServer but it did not help the Searching... issue.

I noticed securityd was respawning as well, so I did an ABRT dump on it as well (in the RAR)

WORKAROUND
==========
Finally, I reflashed the baseband using BBExtremeUpdater following the instructions in http://extechblog.wordpress.com/2010/03/23/blacksn0w-crashes-3-1-2-firmware-05-11-07-baseband-3gs-no-shsh-on-file-solution/

This resolved the Searching... issue and now the phone boots up normally again, and BTServer behaves normally.

I conclude that Baseband is still being corrupted by the repackaged version of blacksn0w v2. I am on 3.1.2 on a 3GS.

After reflashing, reception is still poor and the phone often backs down to GSM even where there should be 3G coverage.

Can you elaborate on why it might help to start it from CommCenter? I am willing to try it, but I want to be sure I can recover again without having to drain the battery.

Can you add a wrapper with a baseband corruption check in the boot process?

En lekfull said...

@msft.guy: Many 3GS owners seems to report similar signal quality/reception issues in areas where cell towers have frequency overlap - e.g. http://forums.macrumors.com/showthread.php?t=915137
I am in an area with overlapping frequencies from many different towers, and the signal issue does look like tower selection problems, so this theory rings true to me.

Shin said...

Hi msft.guy, THANKS for all your hard work on this! I'm having the same problem with the fixed blacksn0w rc2 release. I'm running 3gs, 3.1.3OS + 5.11.07BB. All JBs prefect with spirit, everything is fast and WiFi works great. Once at this stage: GeoHot's blacksn0w via cydia will crash it and has to be restored. This rc2 installs but no WiFi & runs slooow and crashes often. Unlock works intermittently only. There is something still really wrong with this combination. Any advice would much appreciated! TY again for all!!!

Shin said...

OK Maybe this will help: AFTER rc2 is installed it will ALWAYS freeze and require hard restart if: Setting-> General->About is pressed. The about button stays lit and it freezes and requires hard restart: If it will help I can post the fat crash logfile somewhere. This is all that is in panic.crash after the above scenario. I can post/send the fat crashlog somewhere if might help. At least this freeze is consistent and always repeatable.
Incident Identifier: D886C5FC-3CE5-4DF3-9210-42BF3B91AE4C
CrashReporter Key: d5765596a8b4a64285074ed726f8fee4a44ed6a7
Date/Time: 2010-05-19 09:44:25.643 -0700
OS Version: iPhone OS 3.1.3 (7E18)

CRC ERR!
-----------------------------------

Thanks everyone for the amazing community always on the bleeding edge figuring things out and helping each-other!

Shin said...

OK I was misled by some idiot posts! Blacksn0w RC2 is NOT compatible with 'SPIRIT' untethered 3GS JB! Sorry! If anyone knows how to UnLock an untethered 'SPIRIT' JB please let me know! Does anyone know if someone is trying to rewrite Blacksn0w to work with Spirit? Thanks and sorry for being a Reeeeetard!

msft.guy said...

@En lekfull:
I looked at the logs
Looks like blacksn0w is spinning in a loop with this call stack:

bb_recv()
bb_send()
hijacked()

There's a read()/select() loop in bb_recv(), and it is probably spinning there. Why - geohot knows.. My guess is the dialog with baseband didn't go as planned ;)

On baseband corruption: as far as I understand (and it admittedly isn't much), it is impossible to corrupt anything in the baseband, otherwise that would be used for a more permanent unlock. blackra1n injects its payload each time the baseband boots, and the payload only affects the baseband RAM.

En lekfull said...

@msft.guy:
Somehow it appears baseband is being corrupted, as it helps to reflash it. I'm not suggesting blacksn0w code does it, but perhaps the BB calls made by blacksn0w are revealing a BB bug?

Can you somehow insert a timeout in blacksn0w so that it kills itself after, say, 60 seconds, if it gets stuck in that loop?

WIFI often dies using blacksnow RC2. There are no networks visible at all in the scans. WiFiFofum appears to reset wifi using other methods, because networks starts showing up again when I run that.


A BIG thank you for the effort to improve on blacksn0w.

Mark said...

@msft.guy - Turns out that my baseband was corrupted somehow which is probably what was causing my issue - blacksn0w rc2 would occassionally work, but mostly would result in phone running slow and "searching" always appearing.

Anyways, for anyone else having the issue - I reflashed following instructions here and my phone seems to be working 100% now. No more fears of rebooting!

http://extechblog.wordpress.com/2010/03/23/blacksn0w-crashes-3-1-2-firmware-05-11-07-baseband-3gs-no-shsh-on-file-solution/

Lex Power said...

@Mark: Thanks for you link. it worked for me. My iPhone is 3GS 3.1.3, 05.11.07 BB, didn't work for the first time, but after repairing baseband, it worked like a charm. Thanks for all of your support.

Tochukwu said...

Well the manual install didnt work so i just put in the cydia.pushfix.info and used the bsn0w from their repo and it work. i tried all the others b4 but anytime i tried to run the test my phone freezes but after i installed the bsn0w my 3gs worked well, I have wifi running and i'm on 3.1.3, 5.11 with the new bootloader but an mb model i dont know if that would be helpful to anyone. But u guys saved my life

Martin said...

Cheers, had trouble after using a 3.1.3 ipsw with LLB removed after botched spirit jb over blackra1n, took me a few restores to work out that BlackSn0w was causing the device to freeze, needing a full restore on a 3GS then installed your patched version, and it's working a treat!

Balivo said...

My case: I was forced to upgrade my Blackra1n RC3 JB and Blacks0w RC1 unlocked 3GS 3.1.2 with BB 5.11.07 to 3.1.3. Because it is new unit and I have not saved my 3.1.2 signatures in Cydia. I did custom restore without BB update and JB it with Spirit. The first time, following the Dev-Team how-to I have tried to install Blacksn0w RC1 and the result is clear - restore again! Then I figure out the right unlock for 3.1.3 - Blacksn0w RC2. Unfortunately, didn't work for the first time, but after repairing base-band, it worked. My conclusion is: somehow Blacksn0w RC1 corrupt BB or more likely it is not compatible with 3.1.3
Hope, this will help. Thanks!

En lekfull said...

ATTENTION!

Blacksn0w RC2 has been superceded by ultrasn0w release 0.93. The ultrasn0w 0.93 release unlocks ALL baseband versions and resolves all problems mentioned on this page.

You can download and install ultrasn0w 0.93 from http://www.sinfuliphone.com/showthread.php?t=168
or google for other sources.
Thank you.

Smith Mosan said...

My friends last night my son birthday I share with you some interesting. On the original iPhone, both the LCD screen and the Digitizer were fused together during the manufacturing process. When the next generation iPhone was released (the 3G), Apple, in its infinite wisdom, decided to separate the LCD screen from the Digitizer. This was great, because it allowed you to just replace the Digitizer when you went crazy and threw your phone through the wall, finally fed up with your AT&T reception problems. Oh, we know this didn't happen to you...but. Same thing with the LCD - the repair was less expensive, since you could just remove and replace that part alone. The separate screen design was the same for the iPhone 3GS model - life was good.
Iphone Logic Board Repair