Unlocking iPhone 3GS with iOS 4.1 and Baseband 5.14.02

This is not a sysadmin topic. But still I would like to share my experience of Unlocking an iPhone 3GS.

PDF Version

The following method first Jailbreaks the Iphone with the help of Redsnow 0.9.6b5 and then unlocks using Ultrasnow 1.2. The method can be used with iOS 4.1, iOS 4.2.1 with Basebands 5.14.02 and 5.15.04.

The method requires that you download all the required softwares. WIFI need not be enabled for the process. All the files needed can be downloaded to the PC from the below links and then the process of unlocking can be commenced. (While using Redsnow, the PC has to be connected to the Internet as it has to fetch baseband files from the Apple Server)

Required Software :

iTunes - Download

Redsnow 0.9.6b5 - Download

Ultrasnow 1.2 - Download

iOS 4.1 - Download       

iExplorer - Download

After all the above has been downloaded continue to the steps described below.

Word of Caution : During all the steps mentioned below the iPhone must be plugged in to the PC through the data cable. Disconnecting the phone or turning it off can cause damage to the iPhone. So keep the phone fully charged and plugged in at all times till the process is over.

1. Install iTunes

Install iTunes 10 or above. This will help redsnow detect the iPhone when the phone restarts in recovery mode. The drivers required will be copied automatically during the iTunes Installation.

2. Running Redsnow (Jailbreaking)

The process that redsnow does is that :

a) It changes the baseband of the iPhone from 5.14.02 to 6.15.00. This is done since no unlock has been released for 5.14.02.

b) It installs Cydia Installer. This will be needed to Install Ultrasnow needed to unlock the iPhone.

If you are going to run Redsnow in Windows 7 or Vista be sure you run it in a compatibility mode for Windows XP and also run it as Administrator to avoid any problems.

Start Redsnow and click the 'Browse' Button and direct it to the Path of the iOS image that you have downloaded earlier.

Wait for the firmware to be processed. Once it is done click next. Choose “Install Cydia” and “Install iPad Baseband” options. A popup message will pop up with a warning, click Yes to continue.

Now follow the instructions by Redsnow to put the iPhone in the DFU mode.

After this redsnow will download the baseband files from the Apple Server, create a custom firware file and flash it into the device. (Please be patient while this step proceeds as it can take some time. Please don't do anything until this step is completed).

Once you get a confirmation message, the iPhone will restart and you will get a fully Jailbroken iPhone with baseband changed to 6.15.00 and Cydia Installer installed.

You can check the new baseband settings in Settings > General > About > Modem Firmware. It will be 6.15.00

3. Installing Ultrasnow

Install iExplorer. Using iExplorer browse to the folder private/var/root/Media.

Create a folder Cydia. Inside the folder Cydia again create a folder AutoInstall (the names are case sensitive)

Unzip the Ultrasnow_1.2.zip file you have downloaded and copy the contents to the AutoInstall Folder.

Restart the iPhone twice.

The iPhone will be unlocked and you can use the SIM card of the service provider you desire.

USER MANAGEMENT (Redhat)

Understanding Users


Following are the types of users that normally come in a Linux OS.


1. Administrator  or Super User
2. Normal Users
3. Sys Users or Pop Users (Users that have no shell to log in into)
4. Network User


The information regarding users is normally stored in the file /etc/passwd.

Each entry in the passwd file has 7 fields as shown:

Username : X : UID : GID : GECOS : Home directory : Default shell


Username           - gives the name of the user
X                         - indicates whether the user has a password
UID                    - the User ID  ( 0 is for root user , 1-499 are pop users, greater than 500 are normal users)
GID                     - the Primary Group ID number
GECOS               - It is used to give comment or description for that user
Home Directory  - Specifies the home directory of the user
Default Shell       - Specifies the default shell the user gets


Each user has a primary group associated with it. When a user is created, a primary group of the user with the same name as that of the user is created.


Information regarding the group is contained in the field  /etc/group


Each entry in the group file contains 4 fields :


Groupname : X : GID : Members in the group




Adding Users


useradd  <username>  - Creates a user

passwd  <username>  -  Sets a password for the user

useradd -d <directory location>  <username>  - Creates a user and makes the directory specified, the user's  home directory.

useradd  -s  <shell>  <username>  -  Creates a user by specifying the default shell the user gets.


Modifying Users


usermod  -g  <groupname>   <username>   -   Change primary group of the user

usermod  -G  <groupname>   <username>   -   Change secondary group of the user


User Groups

groupadd  <groupname>   -   Creates a group

gpasswd  <groupname>    -   Set or change the password of a group

groups  <username>         -   Lists the groups of a user

groupdel  <groupname>      -   Deletes a group


Delete Users


userdel  <username>        -    Deletes a user

userdel  -r  <username>   -    Deletes a user along with the home directory of the user.


" To create a pop user  -  useradd  -s  /sbin/nologin  <username> "

Allowing Remote Access to a MySQL Database

By default MySQL does not allow databases in a machine to be accessed from a remote host. By performing the following steps, access to a database from a remote machine can be enabled.


Connect to the mysql server :

[root@localhost:~] mysql -u <username> -p



Now for  Granting access to the IP address of the remote machine :

mysql>   GRANT ALL ON dbname.*  TO  username@'IP ADDRESS' IDENTIFIED BY 'PASSWORD';



Along with this you will need to allow Port 3306 to be accessed by the remote machine.

If Iptables is used,

iptables -A INPUT -p tcp --dport 3306 -j ACCEPT



This will allow the user to access the database from a remote machine.

Nagios Server Installation (Linux)

Nagios Installation Steps (Linux):  PDF version


1. Download  nagios-core and plugins

Download the required files from http://nagios.org/download

You would need :-
nagios-3.0.1.tar.gz
nagios-plugins-1.4.15.tar.gz


2. The following prerequisites are to be satisfied :

a) Make sure Apache (Default installation will do) is installed and running.
It can be checked using the URL http://localhost


b) Verify whether gcc is installed

[root@localhost]#rpm -qa | grep gcc

gcc-3.4.6-8
compat-gcc-32-3.2.3-47.3
libgcc-3.4.6-8
compat-libgcc-296-2.96-132.7.2
compat-gcc-32-c++-3.2.3-47.3
gcc-c++-3.4.6-8


c) Verify whether GD is installed

[root@localhost]# rpm -qa gd
gd-2.0.28-5.4E

3. Create the  user and group for nagios

[root@localhost]# useradd nagios
[root@localhost]# passwd nagios
[root@localhost]# groupadd nagcmd
[root@localhost]# usermod -G nagcmd nagios
[root@localhost]# usermod -G nagcmd apache


4. Install nagios packages.

 Go to the location where you have downloaded the nagios core and plugin packages :-

[root@localhost]# tar xvf nagios-3.0.1.tar.gz
[root@localhost]# cd nagios-3.0.1
[root@localhost]# ./configure --with-command-group=nagcmd --with-nagios-user=nagios  --with-nagios-group=nagios
[root@localhost]# make all
[root@localhost]# make install
[root@localhost]# make install-config
[root@localhost]# make install-commandmode

At the end of configure, the configuration Summary is displayed :

General Options:
-------------------------
Nagios executable: nagios
Nagios user/group: nagios,nagios
Command user/group: nagios,nagcmd
Embedded Perl: no
Event Broker: yes
Install ${prefix}: /usr/local/nagios
Lock file: ${prefix}/var/nagios.lock
Check result directory: ${prefix}/var/spool/checkresults
Init directory: /etc/rc.d/init.d
Apache conf.d directory: /etc/httpd/conf.d
Mail program: /bin/mail
Host OS: linux-gnu
Web Interface Options:
------------------------
HTML URL: http://localhost/nagios/
CGI URL: http://localhost/nagios/cgi-bin/
Traceroute (used by WAP): /bin/traceroute



5. Configure the web interface.

[root@localhost]# make install-webconf
[root@localhost# htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
New password:
Re-type new password:
Adding password for user nagiosadmin..


6. Install Nagios Plugins

[root@localhost]# tar xvf nagios-plugins-1.4.11.tar.gz
[root@localhost]# cd nagios-plugins-1.4.11
[root@localhost]# ./configure --with-nagios-user=nagios --with-nagios-group=nagios
[root@localhost]# make
[root@localhost]# make install

Note:- In Redhat systems in case the above configure command might not work and the process might hang. when it displays the message  'checking for redhat spopen problem... ' . Use ' --enable-redhat-pthread-workaround' to the ./configure command as a solution for the problem.


7. Start Nagios

a) Add the nagios to the startup scripts.
[root@localhost]# chkconfig --add nagios
[root@localhost]# chkconfig nagios on

b) To verify there are no errors in the Nagios Configuration file use :
[root@localhost]# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

c) Start the nagios
[root@localhost]# service nagios start
Starting nagios: done.


8. Web Interface Login.

Nagios Web URL: http://localhost/nagios/

You should use the User ID and Password that was created from Step 5 to login.

Single User Mode by editing Grub (Redhat)

Getting access in single user mode in Redhat is quite similar to the process in Ubuntu.

The following are to be done.

1. Press 'e' in the Grub loader to edit the kernel parameters

2. Add either a '1' or 'single' at the end of the parameters.

3. Continue  with the booting process

You will get access to a shell in single user mode.

Single User Mode by editing Grub (Ubuntu)

Some times it can be useful to get access in the single user mode (eg. forgot login details, etc). This is what you do incase your Grub loads you into Ubuntu.

To get into single user mode in Ubuntu , 

1. Press 'e' when the Grub loader turns up. This enables us to edit the kernel parameters at boot time.

2. Remove the 'quiet splash ro' part in the kernel parameter. Replace it with 'init=/bin/bash rw'

3. Press Ctrl + X

And thats it!!!! 

You will get dropped into a shell in single user mode.

Firefox Not Responding

While using Firefox in Ubuntu 11.04, I faced a problem that when I start Firefox, the following error message shows up

 “Firefox already running or not responding”

What I did was  :

1. Remove Firefox using Synaptic Package Manager

2. Remove contents in  ~/.mozilla using rm -rf *

3. Now Again Install Firefox from Synaptic Package Manager

This corrected the above problem for me.

SSH Slow Login

At times, while trying to login to a remote machine using SSH , after entering

ssh username@ipaddress

we might have to wait for ages to make the terminal prompt fot the password.

This can be rectified by doing the following


Open  /etc/ssh/ssh_config

Comment out the following lines

'GSSAPIAuthentication yes’  

‘GSSAPIDelegateCredentials no’

Now try using ssh.  The delay wont happen again.

PostgreSQL Backup and Restore (Linux to Windows)

In case we want to take a PostgreSQL database backup from a Linux Box and restore it to a Windows Machine, the following steps can be performed.

In the Linux Box

Create the backup

pg_dump -U <username> -F c  –f <backupname>  <databasename>

Now copy the created Backup file to the windows machine



In the Windows Machine

Open CMD

Change directory to the PostgreSQL bin folder (Incase the Path Variable is not set)

pg_restore -U <username>  <backupname>    >    <databasename>

Ubuntu Post Update Network Problem

Once while updating a machine from Ubuntu 9.04 to 9.10 , the Network was not working.  While trying to restart the service , the service wouldn't start at all. 

user@mc:~>sudo service networking start

networking stop/waiting

So what we did was ,

user@mc:~> sudo /etc/init.d/networking force-reload

Guess this would help people who run into such problems while updating Ubuntu. 

Cheers

Integrating SpamAssassin with Exim4

Spam can be a real headache.!!!!

We used Spam Assassin to get rid of Spams in our mailserver, Exim4 running in Debian Squeeze.

The given setup will lead to mails having a spam score greater than 5, as determined by Spamassassin, to be rejected.


First, the packages need to be installed:

sudo apt-get install exim4-daemon-heavy  sa-exim  spamassassin


In /etc/default/spamassassin set the following lines:

ENABLED=1

The option lets the spamassassin daemon (spamd) start on boot.


Start spamassassin :

service spamassassin start


Now in /etc/exim4/exim4.conf.template, Insert the following lines in MAIN CONFIGURATION SETTINGS:

local_scan_path = /usr/lib/exim4/local_scan/sa-exim.so


To enable Exim’s spamassassin connector, in the file /etc/exim4/sa-exim.conf ,comment the following line:

#SAEximRunCond: 0


By default debugging is enabled. If you dont have enough storage change the value to 0 since it may generate very large log files :

SAEximDebug: 0


The updated file /etc/exim4/exim4.conf.template becomes active by running the following line:

/usr/sbin/update-exim4.conf 


Then restart Exim4

/etc/init.d/exim4 restart




Incase you haven't made SAEximDebug: 0, the logs can be examined to see if the spams are being rejected properly

Logs are located at /var/log/exim4/rejectlog

SSH without Password

At times situations occur that we need to copy files from a machine or a server to another through ssh or scp using a script. We might not be able to enter a password all the time ,eg. in a situation where the script that does this job runs through Crontab.

In such situation we might require that ssh or scp to be performed without requiring to enter a password to access the machine.

The following method can be used to connect two servers or machines without password.



Assume two machines MC1 and MC2.

1. Log into the machine MC1. We have to generate a pair of authentication keys.
(Do not Enter Pass phrase in this step)

user1@MC1:~> ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/home/a/.ssh/id_rsa):

Created directory '/home/a/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/a/.ssh/id_rsa.

Your public key has been saved in /home/a/.ssh/id_rsa.pub.

The key fingerprint is:

3e:4f:05:79:3a:9f:96:7c:3b:ad:a9:51:37:bs:36:e4 a@A

2. Using ssh create a director ~/.ssh on MC2. Most Probably the directory will be present.

user@MC1:~> ssh user2@MC2 mkdir -p .ssh
user2@MC2 's password :

3. Add user1's new public key to user2@MC2: .ssh/authorized_keys

user1@MC1:~> cat .ssh/id_rsa.pub | ssh user2@MC2 'cat >> .ssh/authorized_keys'

user2@MC2's password: 

That's all!!!!!!

Now it will be possible to ssh between MC1 and MC2 without a password.

PostgreSQL Command History Problem

We had a problem in on of our DB Servers running PostgreSQL that when a user logs in as the postgres user, the history of the commands that he enters stays only as long as the user is logged in. That is when the postgres user logs out, the history of commands that were entered previously were cleared out.

The following method solved this problem .

Create a .bash_history file in the home directory of the Postgres User.


This helped in retaining the History of commands used by the User.

Blocking HTTPS in ISA Server 2006

We like most of the organisations have a policy blocking social networking sites like Facebook, Orkut, etc.
The thing we did was the ususal thing, ie , to create a rule blocking a URL set containing the urls for the sites.

Then we happened to notice that a few people were getting access to Facebook with the help of the URL https://facebook.com

Even though we blocked HTTP access to Facebook, the site could be accessed through HTTPS.

We researched quite a bit and found out that blocking HTTPS is quite impossible in ISA Server 2006.So what we did was ....


1. Created a Domain Set containing thet domains to be blocked (eg: facebook.com and *.facebook.com)


2. Access to the following protocols were blocked - HTTP , HTTPS and HTTPS Server, for the above said Domain Set to Internal Users.


The Key to the solution was Blocking HTTPS Server. That is, even though we couldn't do anything to block HTTPS access to the Facebook site (Outbound) , blocking HTTPS Server would result in blocking the Incoming Packets (Inbound).




 Hope this helps...

Hi All!!!!

This is a simple blog where I would like to share my experiences, working as a Sysadmin. This would  include the problems that i faced from time to time and the way how it was rectified (if at all it was rectified... :D)

Will be keeping this blog updated from time to time. If  there is any queries regarding anything written in the blog feel free to leave a comment or mail me @ jus4fuunn@gmail.com.

So lets get started!!! ;)