I recently
worked out a flawless method to downgrade iPhone 2G to iOS 1.0, as well as how
to jailbreak, activate and unlock it.
It's fairly straightforward as long as you follow these directions
exactly.
A virtual machine or
computer running Windows XP**
An iPhone 2G (derp!)
**NOTE:
I personally used VMware
Workstation 8 to create a virtual machine using my old copy of Windows XP
Professional (fresh install) in order to do most of this. You could also likely use Windows
XP Mode (if you have Windows 7 Pro/Ultimate/Enterprise). An obvious option is a computer running
Windows XP, however if it's already had a newer version of iTunes installed on
it you may run into issues.
First things first --
credit where credit is due:
George Zhu
- for iLiberty+ and his great blog
iphone-elite
- for information on how to patch lockdownd to be activated
SonnyDickson (Modmyi forums) - for posting the iTunes
version & OS needed
... and of course everyone else that contributed to the
scene that made this possible.
It should be stated that I
have gone through this entire process with a fine-toothed comb in terms of
every detail. I have run through this
many, many times on my phone in order to make sure this process works without a
hitch.
And don't be scared -- if anything goes wrong at all, you can always
start fresh with a DFU mode restore to iOS 3.1.3 and start everything over
again. Trust me, I have done it about
30-40 times now. :)
Also, it should be noted
that after jailbreaking iOS 1.0, iTunes doesn't seem to recognize the phone
anymore. It appears for a split second,
then disappears. I'm not sure how to
resolve this issue, it might simply be an effect of the iOS 1.0 jailbreak
itself.
I repair iPhones as a side
business, and over the years I started to collect iPhones. One day I decided I would buy an iPhone 2G
(the original iPhone) to have in my collection.
I managed to get one off eBay that was in decent condition and in the
original box.
When it arrived, I wasn't
surprised that it had iOS 3.1.3 installed on it, since the owner had likely
restored the phone before selling it. At
that point I made it my goal to see if I could somehow get the original iOS 1.0
(technically iPhoneOS 1.0) installed on it.
Initial attempts to
downgrade the iPhone 2G to iOS 1.0 using the latest iTunes failed
miserably. I started trying older
versions, one by one, without success. I
even had Mac OSX running in a virtual machine and tried multiple versions
there, again without success. I kept
plugging away at it, figuring it must
be possible. As Henry Ford said,
"Whether you think you can, or you think you can't -- you're right."
After much time spent searching,
reading, trial and error, followed by more searching, I finally found the key
that makes this work. Proper credit must
be given to SonnyDickson of Modmyi forums, who posted
the proper iTunes and OS versions required to downgrade properly.
It turns out that you must
use iTunes
7.5.0.20 running under Windows XP in order to ensure a
smooth downgrade to iOS 1.0. If you do
not use this exact combo, you will almost certainly run into iTunes error 20, error
1600, error 1601, 1602, etc. While it is
possible that other iTunes versions or OS's may work, I'm simply sharing what
has worked for me. If you know of
another iTunes version or OS that will work, let me know and I will post an
update.
So after a lot of fighting
with my iPhone 2G, I finally managed to get iOS 1.0
installed on it. Yay! Good times,
right? Well, sort of. Even though it starts up fine, the phone is
stuck at the 'Activate iPhone' screen.
Since Apple has deactivated their 2G activation servers, there is
unfortunately no way to legitimately activate an iPhone 2G. Which means we must turn to software
modifications at this point.
I stumbled across a
forum post on the MacRumors forums where hackerwayne mentioned he was able
to hacktivate iOS 1.0 successfully using a modified version of iLiberty+. I started looking into it and found that
iLiberty+ comes with a package to activate iOS 1.0.2 - 1.1.4, but without
support for iOS 1.0.
I opened the script file,
and noticed it checking iOS versions before applying patches. Somewhat haphazardly, I decided to modify the
value it was looking for so that "1.0" would install the patch for
iOS 1.0.2. Guess what... it worked!
I wasn't satisfied,
though... I wanted the phone to be unlocked, to see if there was a chance it
would work on my carrier (spoiler alert: it doesn't). The unlock only supports baseband 03.14.08 to
04.04.05, and since iOS 1.0 uses 03.12.08 it doesn't work. Using files from George Zhu's blog, I created
my own script to reflash the bootloader to 03.14.08 (download here
if you have any use for it). However the
unlock didn't want to work on 03.14.08, so that seems to have been a wasted
effort.
I also didn't feel right
using the 1.0.2 version of lockdownd on iOS 1.0, so I decided to see if I could
make my own patched lockdownd for iOS 1.0.
I managed to find a fantastic post on George Zhu's blog that describes the differences between lockdownd
patches by iOS version, and it lists the patches required for iOS 1.0 and
1.0.1. Sure enough, they are at
different offsets than the one for iOS 1.0.2, so I decided I'd make my own
Activation script for 1.0 and 1.0.1.
After some research, I
figured out how to extract content from IPSW files and after a few minutes with
a hex editor I had a patched copy of lockdownd for iOS 1.0. While I was at it I decided to extract and
patch lockdownd for iOS 1.0.1 as well, in order to give iLiberty+ the ability
to activate the full range of iOS 1 versions.
I also managed to find an
app called iPatcher by iphone-elite, which should activate iOS 1.0 to iOS
1.1.2. I created a script that runs it
(download it here
if you like), however it doesn't seem to work.
I may have done something wrong, if anyone is able to get it working
please let me know.
After all this work, I
decided to make a blog post about it in case anyone wants to replicate what
I've done. I hope you enjoy it as much
as I enjoyed working on it. :)
First you will need to restore
the iPhone to iOS 3.1.3. You should do a
DFU mode restore to ensure a clean, fresh install. It doesn't matter which version of iTunes or
which OS you use to accomplish this. For
reference, I'm using iTunes 11.1.0.126 on Windows 7 Home Premium.
NOTE: It's
very important that you do not let iTunes
sync the phone after restoring to iOS 3.1.3, otherwise the downgrade may
fail and you'll have to start over again.
To save yourself some hassle, keep an eye on the restore progress and as
soon as the phone restarts, be ready to unplug it. Keep watching the screen (and pressing home
to keep it lit) until it changes from the "Connect to iTunes" background
to the battery icon. At that point
immediately unplug it before iTunes has a chance to sync. You can now close iTunes and move on to Phase
2.
HILARIOUS: After the phone
is done restoring, and if you have a valid SIM inserted, the iPhone may display
the message "Waiting for activation. This may take some time." That's a bit
of an understatement, considering Apple's no longer running activation servers
for the iPhone 2G. :-/
Now it's time to prepare
your Windows XP computer or virtual machine.
You will need to download the iOS
1.0 firmware file, iTunes
7.5.0.20 as well as iLiberty+
1.3.0.113. After installing iTunes
and iLiberty, make sure you extract the Activate
1.0 - 1.0.1 payload into iLiberty's payloads folder. The default location is C:\Program
Files\iLiberty\payloads.
Start iTunes 7.5 and
connect the iPhone. iTunes will warn you
that you need version 8.2 or higher, click OK.
Put the phone into DFU mode. Once
the phone is detected, hold Shift and click Restore, then select the iOS 1.0
firmware file.
iTunes will display
"Extracting software", followed by "Preparing iPhone for
restore". The screen on the phone
will turn white, then display the Apple logo, and shortly afterward display the
'spinning' icon at the bottom of the screen.
iTunes will go through the typical restore procedure, and after about
5-10 minutes or so, your phone should restart into iOS 1.0. :)
After the restore is done,
iTunes will show a message saying you need iTunes 10 or higher (for which
reason I do not understand). Close
iTunes and move on to Phase 3.
TROUBLESHOOTING: If you
get error 1604 and your phone displays the regular "Connect to
iTunes" screen, it means your iPhone may have synced after restoring to
iOS 3.1.3. Try the above steps once
more, if you end up with the same result you should start over with a DFU mode
restore to a fresh iOS 3.1.3 and be careful to not let iTunes sync it when the
restore is done.
The first thing you want
to do in iLiberty+ is update the address for the repo. Go to Tools, Options, and replace the old
address with the new one:
http://iliberty.insideiphone.com/repo.plist
Do not check anything on
the main screen (Standard tab). Instead,
select the Advanced tab, and then click the Refresh button. Then select the "Available On Repo"
tab (at the bottom), scroll down until you locate "Reflash baseband to 04.04.05_G (BL3.9 only)", check it
off and click Download.
Next, click the Local tab
(at the bottom) and check off the following payloads:
- Activate 1.0 - 1.0.1
- Downgrade bootloader from 4.6 to 3.9 (if you are
certain that your phone has bootloader 3.9 you can leave this unchecked -- it's
harmless if you're on 3.9)
- Reflash baseband to 04.04.05_G (BL3.9 only)
- Unlock 03.14.08_G - 04.04.05_G
Cydia is included, however
it's a very old version and not well supported as I'm sure you can
imagine. It does work, but it sure
doesn't like talking to the repo. There
are also very limited options for software. I personally chose to leave it off my phone to
keep the stock home screen.
When you're ready, click Go for it! After a couple seconds iLiberty should ask you to disconnect
and reconnect the phone. After doing so
click OK. You should then see a progress
bar as the ramdisk is uploaded, and the status bar (at the bottom) will say
"Sending ramdisk to device..." followed by "Booting
ramdisk..."
Once it says "Booting
ramdisk..." click the Other Tools tab and the 'Jump Out of Recovery Mode'
button which should kick-start the process.
Pass 1 of iLiberty+ should
now run, which looks like a lot of text scrolling on your screen. After 20-30 seconds your phone will reboot
and display the Apple logo, followed by iLiberty Pass
Wait for Pass 2 to finish
(takes about 7-8 minutes for everything to complete), after which your phone
will reboot. Everything should now be
hunky dory. Enjoy iOS 1.0! :)
