According to their site, WinPwn 2.0.0.1 has the following features:

- Support for both 1.1.4 and 2.0

- Custom Image Support

- Custom Payload Support

- 3g iPhone support

[WinPwn and Rapidshare Mirror]

- It auto-finds the bl39 and bl46 files better, if they’re on your computer.
- It creates the ~/Library/iTunes/Device Support/ folder if not present, which should help with some 1600 errors people have been having.
- Many people have reported the PwnageTool not starting up at all (the icon never stops bouncing). This issue should be resolved now.
- The Sparkle AppCast URL is fixed in this version, so automatic updates should work for future releases.

If you successfully jailbroke and unlocked your iPhone with OS 2.0 with the previous one, there's no need for you to use this version. Otherwise, you can download from here or here.

We can't wait for the tool to be released. [iPhone Dev Blog]

Breno MacMasi, one of the Brazilian guys who achieved this, told us how it works:

Our procedure consist in using one SIM adapter to simulate a fake IMSI test card. Instead of the AT&T IMSI like in the universals.

In other words, like the original SIM card hacks for the iPhone classic, this method forges the International Mobile Subscriber Identity, making the phone believe it's working in the network in which it's supposed to work. There's no word yet on the availability of this hack, but we will keep all of those who don't want to pay roaming charges updated. [Techguru]

You can download from here and here.

If you were wondering how I was doing push email tests on iPhone OS 2.0 and Vodafone UK, this is the reason why. The code wizard commandos at the iPhone Dev Team have been working on this non-stop since the early days of beta testing. In fact, I had iPhone OS 2.0 running on my iPhone since last week. That was version 5A345, two below 5A347, but identical in functionality.

Now that the official iPhone OS 2.0 is out, the iPhone Dev Team will release their Pwnage tool for everyone to unlock and jailbreak their iPhones soon, although the specific date/time is not firm yet. It may not be as interesting as before—since most countries now have the iPhone and it will be impossible to buy without doing a contract first—but people looking to install unsigned applications and buy pay-as-you-go cards while traveling—instead of roaming—will find it very useful.

And besides, we don't get tired of seeing the Death Star exploding again and again. [iPhone Dev Team Portal]

Apart from the previous unlocking and jailbreaking, the new version has three main features:

• Easily customizable images for start and restore screens.
• You can use packages to customize your firmware and install software right away, on one single update.
• You can now pwn iPhone 1.2.0 beta 3.

We also got confirmation of what we already hinted last week: Apple is preparing up to battle the hackers, with more and more code running signed and secured inside the iPhone. This will make things more difficult for the iPhone Dev Team.

How much more difficult? Would this be a real challenge to the iPhone Dev Team's current dominance in the hacking war? According to them, it may be. But it just makes things more interesting and fun, which is exactly what we wanted to hear.

Get your update now. [iPhone Dev Team via Pwnage in Gizmodo]

Pwnage is extremely simple to use. First you have to back up your iPhone data using iTunes.

Then, connect the iPhone, select the firmware from your hard drive and iPwn the iPhone. Pwnage will upload the new firmware to the iPhone and that's that: the tool will take care of everything and, in a few minutes, your iPhone will be ready to go.

I tried this with the latest modified version of iPhone firmware update 1.2.0 and it works as good as with the previous version. So go ahead, punks, and make Steve's day.

Note: if by any chance you come across a pwned version of the latest 2.0 firmware, my advice is not to use this version, as this Apple beta is not as stable as I wish. Instead, use the previous beta, which worked perfectly. [iPhone Dev Team]

Update: Due to legalities the Pwnage tool has been delayed. We'll keep you updated with any release information as we get it. [iPhone Dev Team]

[Hackint0sh]

Whats new? Visible changes are:

• Exchange Support
• Appstore
• Parental Controls
• SDK Support
• Calculator is more advanced
• CISCO VPN support
• Mail mass deletion

Features not included:

• There is no spotlight icon

[Gizmodo's iPhone Hacking Coverage and Hacint0sh]

pwned firmware means it's custom [firmware], you can have it install anything you would ever want :-) Pwned works with some magic, it will be hard to close but nothing is impossible (from Apple) with a mindtwist. But first, we will enjoy :)

They told us that this is all part of their previous Pwnage project, which instead of trying to hack into the iPhone, directly patches the firmware itself to both unlock it, so you can use the iPhone with any carrier you want, and allow you to install any applications you want. You can see how it works here:

According to the Dev Team, the custom 2.0 firmware (technically, 1.2.0,) is now up and running without problems in many of their iPhones, running unsigned applications without a single problem. However, current Installer.app applications need to be changed: "they changed lots of the API, a lot. We will see how much has to be changed to the Toolchain [the previous development tool for iPhone independent developers] to still work after 2.0."

The best news, however, is this: "the hacked 1.2 firmware works with anything. AT&T and others, it's pwned. And Apple will not really be able to patch it this time... somehow :-)"

I'm flabbergasted. As Han Solo would say, "that's one in a million, kid!" Once again.

The cool thing here is that Dev Team told us that this is 1) a true unlock and 2) Apple will have a very difficult time closing this hole. That's the news, not just jailbreak—in fact, it's not even jailbreak in the classic sense. It's built-in the hacked firmware, which allows for installation of any application, unsigned or "Apple Approved"

In other words, true carrier and applications independence. And for a long time.

Note: as you can see, the Dev Team is still working hard in making the iPhone a completely open, carrier-independent platform. If you want to help them, please send a Paypal donation to iphone.devteam@gmail.com or join them at hackint0sh.org.

geohot's 1.1.2 software unlock yes, this is what you have all been waiting for now fixed to support 1.1.3

1. Download these:
gunlock and the secpack from http://iphonejtag.blogspot.com/ or the blog :)
the 4.02.13 fls from http://george.zjlotto.com/index.php/baseband/

2. Downgrade your phone to 1.0.2. See all the great tutorials online to do this.
Your baseband won't be downgraded, this is normal.
This will probably work on other versions too, but 1.0.2 doesn't lose wifi on bb access.

3. Kill CommCenter and run "gunlock secpack ICE04.02.13_G.fls"

4. Reload CommCenter. For some reason my phone was in brick mode. Use the elite team bricktool to get out.

5. Enjoy your 1.1.2 OTB unlocked iPhone

Now, who'd have thought it'd be this easy : )

This release is no thanks to elite/dev
I wish they would share like the old days.
I don't believe everyone in the team is like this, but come on guys.

Oh, the drama. Next in Venezuelan Telenovela TV, Hackers Passion! ¡Rosita, tú mataste a tu hermana! ¡No, lo hizo Pablo! ¡Sí! ¡No! ¡Amparo! [iPhonetag]

The Digg badge in this post is for the original story in Geohot's blog.

• Google Maps Faux GPS has problems working unless you install Navizon.

• Cannot change EDGE Settings. Jesus's EDGE is now nonfunctional because he can't enter in the custom settings for his provider. This is not a big deal for people actually on AT&T or one of the three official providers in Europe, but for people who've SIM unlocked and are wandering about on other networks, it's a huge deal.

• The jailbreak may break official third party apps from the SDK? We don't know if this will be the case, but iPhone Atlas claims that the method Nate used to jailbreak disables "Nikita," which is a component in the iPhone that installs signed software. Signed software, in the iPhone's case, would be official third party apps that are signed by Apple to make sure they don't corrupt or kill your device. If this is broken and unfixable, then jailbreakers may be unable to get in on the SDK action in February.

The official iPhone Dev Team jailbreak was released yesterday, but we haven't had any experience with this yet.

What have you heard? Drop a note in the comments detailing the problems you've had with the jailbreak or just 1.1.3 in general.

Fot the Windows version, you need to download an install iBrickr (instructions are on Nate's site), which will guide you through downloading and installing the firmware. The whole thing will take about 15-30 minutes, based on estimates.
[Cre.ations.net]

Adam from Lifehacker has a walkthrough for the process as well.

Mac version is here.

We had some doubts, but now we can tell you we are sure: the new firmware 1.1.3 is real. Or as Nate puts it: "if it is a hoax, they did a buttload of work." The fact is that it installs normally and it works perfectly. For those not familiar, Natetrue is one of the most respected and veteran iPhone hackers and the author of the popular app iBrickr.

Nate goes on to say that "it installs on the phone no-questions-asked and for that you need to have Apple's private key, which i can confirm that the iphone hacker community does not have—as much as we would love to have it." Indeed, Apple's private encrypted key, used to authenticate all accesses to the iPhone most-private guts, hasn't been uncovered yet by anyone in the world.

In other words, no firmware upgrades can be installed without the knowledge of this key. Furthermore, the idea that someone would have access to this key and spend months to create a fully functional firmware update, with key new features and without any documentation whatsoever seems just absolutely silly.

Effects on unlocks and Third-party applications
The update breaks AnySim's unlocks. Logically, you can't unlock this update using AnySim and there's no alternative to iTunes for activation. If you want to activate, it will only work using iTunes and a standard AT&T account. Nate says, "that is the only way we have been able to activate so far." Nate tried to upgrade an AnySim 1.2u iPhone and it failed. Even while he was able to force it to boot, the phone refused to activate even with a normal AT&T SIM card. "I suspect it's due to the fact that the baseband could not be upgraded to the 1.1.3 'required' version", he says.

Other updates remain untested, like iPhone Sim Free or any of the hardware-based ones, like TurboSIM. In theory, these should work just fine, but jailbreak and activation would be absolutely impossible for the time being. We would have to wait until the update gets released in the open to try new alternative activation methods.

Your favorite third-party apps will be gone too, with no possibility of return for now. The update fixes the bugs which allowed "the jailbreak method we were using for 1.1.2, locking us out again, as expected."

Other effects
Like previous firmware upgrades, whatever is in the user partition remains unchanged. Only the Apple-owned part is affected by 1.1.3. So for those of you who claim that this is a fake because it says "Nate" in the network instead of "AT&T," that's the reason. He changed the network name in 1.1.2 using a program by Erica Sadun, of TUAW, called Make It Mine.

New features and future releases
The list of new features are confirmed too: all are correct, but he couldn't confirm if they are the only ones or not.

Many of you would be wondering how this could have happened, knowing the extremely tight security around the iPhone firmware updates. We don't know, but apparently the leak has occurred because "someone wanted to help the unlock effort." The source of the leak is completely anonymous, even to the people who have had access to the upgrade.

Why the update hasn't hit Torrent yet? The code could be watermarked to catch any leaks "so for now it's screenshots and videos." Also, distributing it won't make much sense at this point: according to Nate the iPhone 1.1.3 Firmware update could hit as soon as next week.

Stay tuned for more updates. [Cre.ations.net - Thanks Nate for your insight and Markus for the tip]

(WARNING: if you have used anySIM or iUnlock in your iPhone, don't upgrade to 1.1.1. You won't be able to apply this and you will brick your iPhone. Everyone else, including people who use TurboSIM or IPSF Paid solution, can do it.) [Official Jailbreak Download (Comes with Tutorial) - (Additional reporting by Jesús Díaz)]

First off, if you apply this patch you won't be able to sync any data to iTunes in its cracked state. To sync again, you're going to have to "delete the symlink Media [directory] and rename OldMedia to Media." Or restore to the previous state, which of course means you will lose the jailbreak.

Also, just to apply the patch, you're going to have to be familiar with IPHUC, a command line utility that that lets you browse your phone's file structure. It also involves directory manipulation when you're inside the phone, also not a basic task. This alone requires you to have basic linux command line knowledge, and rules out most of the regular folks who just want Super Mario on their phone.

In addition to this, if you have an iPhone, this tool won't activate it. The iPod touch doesn't require activation.

So our recommendation is to wait. This is a good start, a step in the right direction, but wait until a much friendlier jailbreak is out. (Additional reporting by Jesús Díaz) [toc2rta]

• Third Party apps run. Kind of. We probably have to recompile many of them for the new frameworks because many of them crash.

• Springboard no longer recognizes DisplayOrder.plist. And the list of "whitelisted" apps (that is, the official Applications including Safari, Photos, Calendar, etc) seems to be hard-coded into Springboard.app

• The iPhone has been activated via third-party workarounds.

• The 1.1.1 binaries barely work with 1.0.2—at least not well enough to run the music store without major hacking.

• The Mobile Terminal App works on 1.1.1.

• The entire bsd suite still works—as do standard command-line utilities compiled for ARM.

• 1.1.1 references both com.apple.mobile.radio and com.apple.mobile.nike.

• The jailbreak method is nowhere near ready for prime time. So please be patient.

[Tuaw]

I can understand why Apple made the decision to make the Nike+ Sport Kit not work with the iPhone (providing a reason to buy an iPod Nano, preventing possible damage to a $399 device, differentiating products, whatever), but iPhone users still want this thing to work with their phones. After all, the phone's flash-based, relatively small and light (if you use an armband), and should work perfectly with the kit—in theory.

Is making the kit work with the iPhone possible? Can you access the 30-pin accessory port with the iPhone? If you can, is it possible to interface with this thing using the iPod nano as reference? Is this a pipe dream, or could this possibly be done?

If enough people get behind this idea, there could even be a bounty set up to reward the hacker(s) that enable this. Let's see where we can take this.

First of all, the reason for the weeks of delay in getting video proof is because the IPSF team was busy not with the unlocking process—that was done weeks ago—but the business end. Because they're planning on selling to resellers for THEM to make businesses of, they had to finalize the database and all the backend stuff to manage licenses, etc. All very boring, and all stuff you guys don't want to hear about. Point is, they didn't delay this on purpose because they couldn't get the unlock working. Also, we're the first site to get permission to show the video unlock process. CNN and Engadget were not allowed to show video of the unlock process.

So sites who doubt that the IPSF team is real can finally relax. They're real. They're delivering.

The process is simple. The retailer you buy the unlock from will load the unlock software directly onto your phone, which will check to see if your IMEI is "allowed" to be unlocked. If it is, the software will unlock the phone—a process which took us approximately 2 or 3 minutes, as you can see in the video. The level of complexity is pretty much as low as you can get. Anyone will be able to do this.

In our case, the IPSF guys loaded the unlock application onto the phones via SSH. This is not how it will be done in the final version (you'll get yours loaded by the reseller), but it was quicker this way. Once loaded, the steps were exactly the same as the reseller final version (which they also sent to us, and works perfectly). Once run, a disclaimer comes up, you hit OK, and hit the unlock Apple image. It unlocks the phone, going through the process and displaying what the current activity is (as shown in the video). After unlocking, it cleans up, and you're done.

When we went through the unlock, we started with a T-Mobile SIM, which caused the iPhone to complain about a non-valid SIM. After the unlock was done, the error message was gone and it was able to connect properly to the T-Mobile network. Some of my babbling on camera is incoherent because I was on the phone with the IPSF guys while doing this, but I left the video intact (save for the last part where I cut to making a call) because I wanted to leave no doubts. And that red circle on the call app is the voicemail notification, which doesn't work correctly on T-Mobile (no visual voicemail).

The unlock itself is safe from restores, but requires that your phone is jailbreaked already, since you have to load a program onto the phone. And the app, since it runs directly on the phone, is stable. There should be almost zero chance to brick your phone, and most errors—if there are errors—can be fixed by restoring the phone and trying again.

That's what the final version of the software looks like.

IPSF definitely knows and built off of the iPhone Dev Team's work, insofar as none of this would be possible without the jailbreak. But as far as the actual unlock process, that's all theirs.

Where does this whole thing leave you? iPhone SIM Free is sending out this software to resellers and third-party unlockers starting today, which means you can get yours unlocked very, very soon. As for the iPhone Dev Team, we're still waiting on their free implementation.

One last thing. Five lucky Gizmodo readers are getting a free unlock courtesy of the iPhoneSIMFree team. Check back next week for details.

With additional reporting by Jesus Diaz

iPhone Sim Free

After many, many hours of intense work from "Nightwatch," the first independent "Hello World"* application has been compiled and launched on the iPhone. This was made possible using the "ARM/Mach-O Toolchain," Nightwatch's "special project," that he has been working on so carefully over the past few weeks. Certain parts of the toolchain (such as the assembler) are being refined and tested and these will be released as soon as possible.

It should be noted that Nightwatch has been instrumental in creating these tools, working in near isolation to get them finished. Nightwatch was also responsible for the "jail exploit" that he developed from information he and other members of the the dev team discovered.

Please join us to thank Nightwatch, Tmiw, Darkten and Daeken for making this happen.
- the dev team

Keep going fellas, keep going. [Thanks TechLuver]