Reminder: To keep tabs on our no-donation releases, follow our team Twitter account

We've moved this topic over to the blog

Version 0.92.1 of the ultrasn0w unlock is meant for those with baseband 04.26.08 running on 4.0GM. It does not use any new exploits, it merely fixes a logfile permission problem. A new ultrasn0w capable of unlocking 4.0's baseband isn't yet released because both the final 4.0 and iPhone 4 are coming out next week. Please be patient. If you're running baseband 04.26.08 on 4.0GM, you can install ultrasn0w by adding http://ios4.ultrasn0w.org to your Cydia source list (do not use the repo666.ultrasn0w.com repo because that still has the older version 0.92). Note: ultrasn0w is spelled with a zero, not the letter “o”.

Once the hack is applied, it allows you to install cellphone Carrier Bundles that aren't officially signed by Apple. This lets you, for instance, install a Carrier Bundle that allows you to use your iPhone as a way to connect your PC to the internet (through your 3G cell connection). Note that carriers may not like you tethering behind their back so you do so at your own risk. For some excellent info on Carrier Bundles vs. mobileconfigs, along with a great generator, see http://www.volkspost.info/ipcc_fw3 (and talk about it here). Another generator is available at http://www.benm.at/help/help.php . If you're in the USA and use AT&T, you can also just go to http://is.gd/8QYHa on your iPhone, install the mobileconfig, reboot, then turn on tethering in Settings→General→Network. (You must apply the hack first, of course.)

Note: If you're not comfortable with the command line, it's better to just wait for a friendlier (hopefully free) form of this hack Follow the instructions in the next section, but you'll need different bsdiff files than for 3.1.2. For 3.1.3, they're here for the 3GS and here for the 3G The correct SHA1 of the hacked file will be: 048df0ec4d672224cd1263fffb8095c2d55c30e3 # 3GS de67fc7b866890cb3e3d5ff520f21a3e7f6682ef # 3G Don't forget to make the new CommCenter executable!! chmod +x /System/Library/PrivateFrameworks/CoreTelephony.framework/Support/CommCenter Failure to do this will probably require a full restore to fix!

You can apply the IPPC tethering hack mentioned above. A bsdiff patch to apply to CommCenter in 3.1.2 to re-enable tethering is available here for the 3GS and here for the 3G. It's just a 2-byte patch as shown below (and an appropriate readjusting of the mach-o's codesign hash): USE THIS AT YOUR OWN RISK! Your carrier may end up charging you for unauthorized tethering access. Update #1 It looks like a lot of people have been looking at CommCenter lately because IRC user CleanAir had a similar tethering patch. Meanwhile over in the 2G CommCenter, WhiteRat and geniusan have patched in native MMS support for that platform. Kudos to CleanAir, WhiteRat, and geniusan for digging into CommCenter and coming up with patches! Update #2 A few tutorials have started to pop up. Eventually this will be made a part of the normal PwnageTool flow but for now this is best left for the adventurous users out there! sub_17538+74 4B F0 58 F8 BL validate_signature sub_17538+74 sub_17538+78 30 B1 CBZ R0, FAIL ; <--- PATCH THIS TO 00 20 (MOV R0,#0) sub_17538+78 sub_17538+7A 05 20 MOVS R0, #5 ; int sub_17538+7C 1C 49 LDR R1, =aValidatedWirel ; "Validated wireless modem connection wit"... sub_17538+7E 02 9A LDR R2, [SP,#0x24+var_1C] sub_17538+80 7E F0 00 ED BLX _syslog sub_17538+80 sub_17538+84 sub_17538+84 loc_175BC ; CODE XREF: sub_17538+70j sub_17538+84 02 9C LDR R4, [SP,#0x24+var_1C] sub_17538+86 05 E0 B loc_175CC sub_17538+86 sub_17538+88 ; --------------------------------------------------------------------------- sub_17538+88 sub_17538+88 FAIL ; CODE XREF: sub_17538+78j sub_17538+88 05 20 MOVS R0, #5 ; int sub_17538+8A 1A 49 LDR R1, =aCouldNotValida ; "Could not validate wireless modem conne"... sub_17538+8C 7E F0 FA EC BLX _syslog sub_17538+8C bsdiff patches are the normal way that PwnageTool modifies Apple software. To apply one manually, you must first get the “bspatch” program. Then do: bspatch CommCenter CommCenter-hacked CommCenter.patch If you don't have bsdiff but know how to use a hex editor, the differences are available here in text format. The correct SHA1 of the hacked file will be: 1b19712035f33654cf72838ebe1a2033931b56b2 # 3GS 063165c3fa3e21d30eb4b486fab924ba3ef0ea5e # 3G You would then remove the original program and replace it. Don't forget to ensure it has execute permission! chmod +x /System/Library/PrivateFrameworks/CoreTelephony.framework/Support/CommCenter After you've started using the hacked CommCenter, visit http://www.benm.at/help/help.php from your iPhone and install a new mobileconfig.

If you've restored to a custom IPSW created by PwnageTool and you no longer see your AT&T signal even though you're a legit subscriber, you most likely answered the “activation” question incorrectly. iPhone users who would normally activate through iTunes should not enable the “Activate the phone” setting in Expert mode (General Settings). You don't want or need PwnageTool to activate your iPhone, since you're a legitimate subscriber. (In Simple mode, you would just tell PwnageTool that yes, you do have a contract that would activate normally through iTunes.) If you answered the question wrong, just go back and create another custom IPSW. Restore to that new IPSW with iTunes using Option-Restore (or Shift-Restore in Windows) and you'll be good to go!

iTunes 9 is a little more aggressive about firmware downgrades. People have noticed that the moment you connect a device, iTunes 9 will remove all but the most recent firmware IPSWs from its cache of firmwares. It will do this even if you aren't planning to update or restore. Previously, it had let them remain and you could Option-Restore (Mac) or Shift-Restore (Windows) to them. This is currently only a minor inconvenience though because iTunes won't go outside of its Library to hunt down and remove these IPSWs (it could easily do this using Apple's Spotlight technology). But now is a good time to copy all your previous IPSWs out of the iTunes Library over to somewhere a bit more permanent. On a Mac, the caches are at ~/Library/iTunes/iPhone Software Updates and ~/Library/iTunes/iPod Software Updates. You'll still be able to Option- and Shift-Restore to them in their new locations. If you've already connected a device to iTunes 9, your older IPSWs may still be in your Trash, so copy them from there. Updates: Right now this is looking like a Mac-only behavior

The auto-removal may also depend on whether you've downloaded (even if you haven't installed) the 3.1 update