__text:000821A8 CheckSecKey ; CODE XREF: Signature+A8p
__text:000821A8 ; PRISignature+54p

__text:000821F0 28 46 MOV R0, R5 ; 破解签名验证，返回 1
__text:000821F2 A7 F1 0C 0D SUB.W SP, R7, #0xC
__text:000821F6 F0 BD POP {R4-R7,PC}


carrier.plist:signature
__text:00082720 FF F7 42 FD BL CheckSecKey
__text:00082724 05 1E SUBS R5, R0, #0
__text:00082726 18 BF IT NE
__text:00082728 01 25 MOVNE R5, #1

PRISignature
__text:00082B5C FF F7 24 FB BL CheckSecKey
__text:00082B60 00 38 SUBS R0, #0
__text:00082B62 18 BF IT NE
__text:00082B64 01 20 MOVNE R0, #1
__text:00082B66 00 E0 B loc_82B6A

SupportedSIMs:signature
__text:00082BEE FF F7 DB FA BL CheckSecKey
__text:00082BF2 04 1E SUBS R4, R0, #0
__text:00082BF4 18 BF IT NE
__text:00082BF6 01 24 MOVNE R4, #1
__text:00082BF8 7C B1 CBZ R4, loc_82C1A

Thanks for the info!

but as i am unfamiliar with ARM asm or do i have a viphone in hand to play with, could you post the original vs. changed, or maybe post the physical addresses so we could do a quick patch :) is the only change being made just the one mov ?

EDIT:

ah nvm, just found the original post from DIYPDA. the author reposted with no credits, and didnt even put the actual physical address to patch:

[Only registered and activated users can see links]

change 28 46 at 821F0 to 00 20 , and afterwards ldid -s CommCenter

:)

can you explain how we can apply this hack? What we must to do? And is this hack working?

So will this fix the text messaging issue?

__text:000821A8 CheckSecKey ; CODE XREF: Signature+A8p
__text:000821A8 ; PRISignature+54p

__text:000821F0 28 46 MOV R0, R5 ; 破解签名验证，返回 1
__text:000821F2 A7 F1 0C 0D SUB.W SP, R7, #0xC
__text:000821F6 F0 BD POP {R4-R7,PC}


carrier.plist:signature
__text:00082720 FF F7 42 FD BL CheckSecKey
__text:00082724 05 1E SUBS R5, R0, #0
__text:00082726 18 BF IT NE
__text:00082728 01 25 MOVNE R5, #1

PRISignature
__text:00082B5C FF F7 24 FB BL CheckSecKey
__text:00082B60 00 38 SUBS R0, #0
__text:00082B62 18 BF IT NE
__text:00082B64 01 20 MOVNE R0, #1
__text:00082B66 00 E0 B loc_82B6A

SupportedSIMs:signature
__text:00082BEE FF F7 DB FA BL CheckSecKey
__text:00082BF2 04 1E SUBS R4, R0, #0
__text:00082BF4 18 BF IT NE
__text:00082BF6 01 24 MOVNE R4, #1
__text:00082BF8 7C B1 CBZ R4, loc_82C1A

not the same as what i have guy's so be careful,also the part that did not come thru the translator is "Break the signature verification, returns 1"
without the quotes,so before you try to patch that should be changed.

also you would be wise to make a full backup of commcenter before attempting to write/overwrite anything to keep you from having to do a full restore if anything goes wrong.

So how do we go about doing this??

So how do we go about doing this??



change 28 46 at 821F0 to 00 20 , and afterwards ldid -s CommCenter

thanks for the response but im totally lost!

generally cc patches are in the form of a .deb file , and using SSH copy the file to /private/var/root/Media/Cydia/AutoInstall and reboot your device twice.


"ldid-s CommCenter check MD5" is a command that refers to using the cli (command line) and is a command telling commcenter to check itself and take note of the new protocals thus unlocking your commcenter. you can find the cli in installing minicom,the latest version or terminal for 4.2.6 or beyond or there is one in tunnelier and scp.
and remember you can always fix your screw-ups by backing what you are doing up first or by restoring.

I can tell you that patching the bytes at 821F0 will not bypass sign check in commcenter.

4.31patch download：[HIDE-thanks]
[Only registered and activated users can see links][/HIDE-thanks]

4.31patch download：*** hidden content ***Please use the hide-thanks tag instead of the hide tag. Also letting members know what they are thanking for is sometimes helpful.

I fixed the tagging to prevent future hijacks.

4.31patch download：*** hidden content ***

this patch is for gsm 4.3.1 only for iphone4 and 3gs

I can tell you that patching the bytes at 821F0 will not bypass sign check in commcenter.

It is bypass sign check in carrier.plist , but unfortunately it is not bypass sign check in 310VZW.pri

it still won't let me see the download link :(

it still won't let me see the download link :(

click the thanks buttons,if you still cant see it pm a staff member and we will fix it for you.

how did they read this file ?what kind of tool they used? is there anybody know that ?

there are several tools out there to get you into the root of the phone,diskaid,tunnelier,open ssh,iphone browser,ect.

OK use IDA tool can read commcenter file , and I can change it ,but how can I build a new commcenter?

interesting

say I patch the commcenter, how or what file do I need to edit to provision the mdn and min? Seems like carrier.pri, but the format(IMSI_S Default:000[pESN4]) looks like a variable than a constant.