Activation

Lockdownd is always running on the iPhone and is in charge of monitoring the activation status of the device. When the iPhone is first purchased it is unactivated and only the "Emergency Call Screen" is available. The lockdownd patches here (which require a jailbreak) activate your phone and obviate the need to activate legitimately through iTunes with an official carrier.

Lockdownd Patches on Difference Versions

Lockdownd 1.1.2:

Offset Original  Patched  Reason 0×4B3B 0×1A      0xEA     Changed  to ignore baseband version. 0×79FC 0xD7      0xFF     0×00 00  Disallows enabling of Voided Warranty. 0×79FE 0xFF      0×1A     0xA0 0xE1 Part of  patch at 0×79FC 0×7E0B 0×0A      0xEA     Disallows enabling of Voided Warranty. 0xAC73 0×0A      0xEA     Disallows enabling of Voided Warranty. 0xBC40 0×01      0×00     Change enable brick mode to disable. 0xC5CC 0×01      0×00     Change enable brick mode to disable. 0xC5D4 0×88      0xEC     Change Unactivated to FactoryActivated 0xC614 0×48      0xAC     Change Unactivated to FactoryActivated 0xC640 0×1C      0×80     Change Unactivated to FactoryActivated 0xC6F0 0×90      0xD0     Change MissingSIM to FactoryActivated 0xC74C 0×44      0×74     Change MismatchedICCID to FactoryActivated 0xC7DC 0xB4      0xE4     Change MismatchedICCID to FactoryActivated 0xC8AC 0xB0      0×33     0×14 0×34 Change Unactivated to  FactoryActivated 0xC904 0×01      0×00     Change enable brick mode to disable.

Lockdownd 1.1.1:

Offset Original  Patched  Reason 0×482F 0×1A      0xEA     Changed  to ignore baseband version. 0xAF5C 0×01      0×00     Change enable brick mode to disable. 0xB814 0×24      0×54     Change Unactivated to FactoryActivated 0xB818 0×01      0×00     Change enable brick mode to disable. 0xB838 0×00      0×30     Change Unactivated to FactoryActivated 0xB858 0xE0      0×14     0×10 0×15 Change Unactivated to  FactoryActivated 0xB884 0xB4      0xE4     Change Unactivated to FactoryActivated 0xB958 0×00      0×10     Change MismatchedICCID to FactoryActivated 0xB970 0xEC      0xF8     Change MissingSIM to FactoryActivated 0xB9E0 0×58      0×88     Change Unactivated to FactoryActivated 0xBA58 0×01      0×00     Change enable brick mode to disable.

Lockdownd 1.0.2:

Offset Original  Patched  Reason 0×9184 0×01      0×00     Change enable brick mode to disable. 0×94F0 0×01      0×00     Change enable brick mode to disable. 0×94F4 0×3C      0×68     Change Unactivated to FactoryActivated 0×95C4 0×84      0×98     Change MismatchedIMEI to FactoryActivated 0×9604 0×01      0×00     Change enable brick mode to disable. 0×9624 0×2C      0×38     Change MismatchedICCID to FactoryActivated 0×962C 0×28      0×30     Change MissingSIM to FactoryActivated 0×96A4 0×01      0×00     Change enable brick mode to disable.

Lockdownd 1.0.1:

Offset Original  Patched  Reason 0×9158 0×01      0×00     Change enable brick mode to disable. 0×94C4 0×01      0×00     Change enable brick mode to disable. 0×94C8 0×3C      0×68     Change Unactivated to FactoryActivated 0×9598 0×84      0×98     Change MismatchedIMEI to FactoryActivated 0×95D8 0×01      0×00     Change enable brick mode to disable. 0×95F8 0×2C      0×38     Change MismatchedICCID to FactoryActivated 0×9600 0×28      0×30     Change MissingSIM to FactoryActivated 0×9678 0×01      0×00     Change enable brick mode to disable.

Lockdownd 1.0.0:

Offset Original  Patched  Reason 0×8CF8 0×01      0×00     Change enable brick mode to disable 0×90A4 0×01      0×00     Change enable brick mode to disable 0×90A8 0×3C      0×68     Change Unactivated to FactoryActivated 0×9178 0×84      0×98     Change MismatchedIMEI to FactoryActivated 0×91B8 0×01      0×00     Change enable brick mode to disable 0×91D8 0×2C      0×38     Change MismatchedICCID to FactoryActivated 0×91E0 0×28      0×30     Change MissingSIM to FactoryActivate 0×9258 0×01      0×00     Change enable brick mode to disable

All Lockdownd

1.1.4 original http://rapidshare.com/files/133067477/114_lockdownd_original.zip.html

1.1.4 patched http://rapidshare.com/files/133067620/114_lockdownd_patched.zip.html

Details: The lockdownd in firmware 1.1.4 is very similar to the version 1.1.3, so the same patch applied to 1.1.3 also works on 1.1.4. NOTE: You can’t use the old 1.1.3 patched lockdownd because the files are different, you need to apply the patch on the 1.1.4 lockdownd.

Patch details:

Search for differences

1. G:\iPhone Stuffs\Lockdownd\lockdownd_114_original\lockdownd: 1,107,780 bytes 2. G:\iPhone Stuffs\Lockdownd\lockdownd_114_patched\lockdownd: 1,107,780 bytes Offsets: hexadec.

83AF:	0A	EA AFA3:	0A	EA C4CF:	1A	EA CDB4:	80	04 CDB5:	28	29 CDC0:	01	00 CE08:	2C	B0 CE58:	DC	60 CE59:	27	28 CF24:	3C	94 CF7C:	F4	3C CF7D:	26	27 D000:	70	B8 D1A8:	8C	10 D1A9:	24	25 D224:	4C	94 D274:	01	00

17 difference(s) found.

1.1.3 original http://rapidshare.com/files/133068021/113_lockdownd_original.zip.html

1.1.3 patched http://rapidshare.com/files/133068133/113_lockdownd_patched.zip.html

Patch details:

Search for differences

1. G:\iPhone Stuffs\Lockdownd\lockdownd_113_original\lockdownd: 1,107,780 bytes 2. G:\iPhone Stuffs\Lockdownd\lockdownd_113_patched\lockdownd: 1,107,780 bytes Offsets: hexadec.

83AF:	0A	EA AFA3:	0A	EA C4CF:	1A	EA CDB4:	80	04 CDB5:	28	29 CDC0:	01	00 CE08:	2C	B0 CE58:	DC	60 CE59:	27	28 CF24:	3C	94 CF7C:	F4	3C CF7D:	26	27 D000:	70	B8 D1A8:	8C	10 D1A9:	24	25 D224:	4C	94 D274:	01	00

17 difference(s) found.

1.1.2 original http://rapidshare.com/files/133068455/112_lockdownd_original.zip.html

1.1.2 patched http://rapidshare.com/files/133068558/112_lockdownd_patched.zip.html

Details: This patch uses the same technique as introduced in 1.1.1 patch. With this patch, the 1.1.2 can be factory activated immediately.

The patch details:

Search for differences

1. G:\iPhone Stuffs\lockdownd\lockdownd_112_original\lockdownd: 996,440 bytes 2. G:\iPhone Stuffs\lockdownd\lockdownd_112_patched\lockdownd: 996,440 bytes Offsets: hexadec.

4B4C:   01    14 4B4E:   A0    00 4B4F:   E3    EA    C5C1:    00    40 C5C2:   54    A0    C5C8:    04    00 C5CA:   00    A0    C5CB:    1A    E1    C5CC:    01    00 C5D4:   88    EC

10 difference(s) found.

Note: the 1.1.2 has a firmware checking routine which will brick phone in case an unexpected version is found. The patch at 4B4C-4B4F fixes it. In case the firmware version causes any problem, the syslog will log the following info

lookup_baseband_info: Not the expected firmware version. Enabling brick mode

but the actual bricking operations will not be run because the patch will force a jump once the syslog is done.

1.1.1 original http://rapidshare.com/files/133068876/111_lockdownd_original.zip.html

1.1.1 patched http://rapidshare.com/files/133068957/111_lockdownd_patched1.zip.html

Details: Patch detail:

Search for differences

1. C:\iPhone\lockdownd\lockdownd_111_original\lockdownd: 819,328 bytes 2. C:\iPhone\lockdownd\lockdownd_111_patched\lockdownd: 819,328 bytes Offsets: hexadec.

B810: 04 00 B812: 00 A0   B813: 1A E1    B814: 24 54 B818: 01 00

5 difference(s) found.

source: George Zhu's Blog