Hack Attack: iPhone Root Password Revealed + SIM Removal... ~ Ask The Admin

Monday, July 02, 2007

Hack Attack: iPhone Root Password Revealed + SIM Removal...

If you are just getting here click below

Whaaaaaaaaaaaa? Hell Yeah we have root access to the new iPhone. Does "ALPINE" mean anything to you?

How about you Mr. Jobs?

Yup that is the offical root password grabbed from the password hashes off of http://www.hackintosh.org

How long until we see a hello world. I wonder if this is going to be a sony-esque battle or will Apple let the masses hack the device. Only time will tell...

Check out this quick article from a msdn blog. I love it!!

Here is the instructions for sim removal from howardforums

Removing the SIM card

"Insert the end of a small paper clip into the hole on the
SIM tray. Press firmly and push it straight in until the tray pops out."

And Here is the whole "Consolidated Post" From Hackint0sh.org with
the juicy parts from the howard forums posts as well. It looks like the iPhone is not "Locked" to the sim it was activated with as an ATT employee swaped out a malfunctioning one with a new one.

We also now know after the phone is activated you can remove the sim and use the majority of its features.

Consolidated iPhone Hack Unlock Thread


I have been bouncing around the internet, and here is some consolidated
info about unlocking/hacking the iPhone. Someone should start a skypecast. You
need skype and a windows box to host one.

Consolidated iPhone Hacking

Removing the SIM card from

Alright, I did some swapping this morning, and
below is what I have found out. In summary, the iPhone SIM, once activated seems
to work fine in unlocked and newer and older AT&T/Cingular phones that are
locked. Other AT&T/Cingular SIM cards will not work until activated with
iPhone plans. They connect, can't dial. iTunes will let you activated it. Non
AT&T/Cingular SIM cards will not work at all.*

So, this phone has
almost a double-lock on it. You have your standard GSM subsidy lock, but you
also have some sort of mechanism that is tying the SIM card to the phone. This
latter one I'm sure someone will figure out how to work around soon.*

iPhone (activated) 8gb Locked to AT&T/Cingular
680 GSM Unlocked & unbranded
SonyEricsson Z520 Locked to Cingular
SonyEricsson W600i Locked to Cingular

iPhone "AT&T 3g
SIM" - Activated
Cingular 3g SIM - Prepaid (looks just like AT&T Sim
minus logo)
Cingular 64k "Smartchip" Sim
Vondafone UK SIM

Yes = Works*
No = Does Not Work

- iPhone "AT&T 3g SIM"
NO - Cingular 3g SIM - Prepaid (looks just like
AT&T Sim minus logo) - Same as below
NO - Cingular 64k "Smartchip" Sim -
Gets a "Incorrect SIM please connect to iTunes to reactivate phone" It does let
me use phone features, just fails when trying to dial. It does connect to
NO - Vondafone UK SIM - "Incorrect SIM, The iPhone must be used
with an approved SIM" This is a different message than using another
CINGULAR/ATT Sim. This is the GSM "lock"
NO - OldSkool AT&T SIM - Same
message as Vodafone SIM

Treo 680
YES - iPhone "AT&T 3g SIM"
YES - Cingular 3g SIM - Prepaid (looks just like AT&T Sim minus logo)
YES - Cingular 64k "Smartchip" Sim
YES - Vondafone UK SIM
Oldskool AT&T SIM (won't connect to network though, it's deativated)

Sony Ericsson Z520
YES - iPhone "AT&T 3g SIM"
YES - Cingular
3g SIM - Prepaid (looks just like AT&T Sim minus logo)
YES - Cingular
64k "Smartchip" Sim
NO - Vondafone UK SIM
NO - Oldskool AT&T SIM

Sony Ericsson W600i
YES - iPhone "AT&T 3g SIM"
Cingular 3g SIM - Prepaid (looks just like AT&T Sim minus logo)
Cingular 64k "Smartchip" Sim
NO - Vondafone UK SIM
NO - Oldskool

You can Still use other things without SIM (after it is

You can still play music and use other features with
invalid SIM

Gsm Cell Phone
Tons of cool gsm phones. Affordable
plans. Get Rogers Wireless.

From Mac Rumors:

All current claims to people owning an unlocked iPhone are false. To
this date no one I am aware of has successfully unlocked an iPhone. I purchased
an iPhone at 6 yesterday with the sole purpose of unlocking it. I have T-Mobile
and have zero intention of switching to AT&T. So, I'm looking for the
community who is currently trying to unlock it. I was involved in the
uncrippling the V710 project and was impressed by the people I met.

hoping we could get a sticky thread going with all the current progress made.
Maybe this thread :-)

Here is the progress I have made so far. My friend
purchased an iPhone as well yesterday and let me run a USB sniffer while he was
activating it. Here is that log. You can view it with SnoopyPro. Currently, I
cannot even get my iPhone off the main screen saying I need to activate it. That
is the first step towards an unlock. I'm surprised no one has really started
hacking it yet; where are the firmware dumps, does it have seems, where is the
unlocked status stored? Post whatever you can find out. My sn is "imgeohot". If
this community is as good as the V710 community, we can have this thing unlocked
in a week.

The iPhone is an amazing device, let's bring it to the
AT&T free masses. I am looking for the "they" people claim will unlock the
iPhone and actually will work on it.

This is a crosspost from HoFo

From hackint0sh:

I've got my iPhone, it's activated, and I've
been doing some rudimentary analysis of what's going on with it. I doubt I'll be
able to accomplish the Holy Grail myself - loading 3rd party apps to do whatever
you want (portable gaming platform ahoy!) But I bought my iPhone in the hopes
that it'll eventually happen, and I'd like to help the hacking community get to
that point however I can.

Here's what I've found so far.

you update iTunes to 7.3, a PrivateFramework called MobileDevice.framework gets
installed in /System/Library/PrivateFrameworks. Four applications are inside it,
aside from the library binary itself: AppleMobileDeviceHelper.app,
AppleMobileSync.app, reenumerate, and usbmuxd. These applications, from a
cursory analysis (i.e. strings :P), seem to have tons of debugging info left in

When I sync my iPhone, iTunes throws this into the Console:

Created child with pid 788...
Starting child at
AppleMobileDeviceHelper.app/Contents/MacOS/AppleMobileDeviceHelper, setting
input fd to 27, output fd to 33 and closing all other pipes
Created args
array of size 5
AppleMobileDeviceHelper.app/Contents/MacOS/AppleMobileDeviceHelper starting up,
argc is 4...
arg[0] =
arg[1] =
arg[2] = 27
arg[3] = 33
Created child to sync device with pid
Waiter has started running...
Created unique process name from
name AppleMobileSync, process name AppleMobileSync:

So in order to mess
with the iPhone, iTunes calls "AppleMobileDeviceHelper --pipe [input pipe]
[output pipe]", which I assume to just be plain old unix file descriptors.
Someone should sniff the data running over those pipes to get started.

I did a port scan and found something running on port 62078

Don't know what it is, and when ever you connect, it cuts the connection
right away.

Any ideas?

-We managed to obtain and crack the hashs
of the user passwords for the iPhone OS. More information could be found at our
development Wiki here (link removed).

Edit: cause you digg people broke
the poor wiki:

The password for root is "alpine"
The "mobile" user
accounts password is "dottie"

Is it sick to have root pasword to all
iPhones worldwide? Well not really, there is no terminal yet to login :P

-FWIW - I can also confirm that the iPhone is not an any way locked to
the SIM it is shipped with prior to activation.

I was having activation
issues, and after numerous phone calls and trips to ATT store, they finally
swapped out the SIM (which fixed the problem).

iPhone Restore image

This ipsw file is actually a zip file. Rename it .zip and
unarchive. You will get two disk images, a system software dmg and a user dmg
(from what I can tell). The system software dmg is password protected

There are also a few files compressed using the compzlss thing as on

Happy Hacking!!!!

Just to note, I couldn't download it
in Safari, but "curl -O http://..." worked for me.


From this


-iPhone Dev Wiki:


SIM Card


Site claiming to unlock iPhone soon:


I have an iPhone to dedicate
to testing, so if anyone needs info from it (i.e. IMEI) I will forward it to

Last edited by freudling : 07-01-2007 at 11:32 PM.