I got some iPhone Prototypes

[upsguy27]

Looks like Apple might have tried to put a higher resolution screen in the iPhone originally...

<key>RenderWidth</key>
<integer>640</integer>
<key>RenderHeight</key>
<integer>480</integer>

/Private/var/root/Media/CheckpointData.xml

EDIT: Nevermind, that's just the resolution pictures are taken at.

EDIT 2: Also interesting, the serial number JQ548TEZTXL in the same file above is tied to an iPod Video...

 

[MattGTO]

EDIT 2: Also interesting, the serial number JQ548TEZTXL in the same file above is tied to an iPod Video...

JQ548TEZTXL = Purple 1 original prototype modded iPod Video? <--- Very interesting possibility. For those who don't know iPhone was codenamed Purple 2. Purple 1 was the first "iPod Phone" attempt, which, I believe, was a clickwheel device.

 

[upsguy27]

Purple 1 original prototype modded iPod Video? <--- Very interesting possibility. For those who don't know iPhone was codenamed Purple 2. Purple 1 was the first "iPod Phone" attempt, which, I believe, was a clickwheel device.

Yeah, I read that in the wired article. Interesting stuff.

 

[pj225]

look at the end of the NOR dump my friend

Oh. I didn't noticed that

Now, I have created third partition and trying to boot the dump using kernel cache from 1.1.4. Kernel loads normally, but after few seconds, screen goes to maximum brightness level - I think it's that SkankPhone app trying to launch... When I press the sleep/wake button, the brightness decreases to minimal. Kernel caches from the dump doesn't load - iBoot spits out an "Memory image not valid" error. I will try to pack the kernel cache into 8900 container using mk8900image utility from OpeniBoot.

EDIT: IT WORKS!

By restoring 1.0.0 firmware and copying PrivateFrameworks from dump, I have managed to launch the SkankPhone app. Not all options in menus works, but it's probably caused by missing utilities in root filesystem - I haven't copied all utils in from FW dump's usr/bin etc.


It seems that the S\N displayed at the bottom is hardcoded into SkankPhone app, the S/N of my iPhone is different...

Edit #2: It works fine on 1.1.4, too Just copy the frameworks and programs from the dump that doesn't exist in iPhone's /System/Library/PrivateFrameworks and /usr, and better do not copy lockdownd and USB communication programs from the dump - very nasty things can happen that might require a restore.

 

[retrovm]

Yeah, I read that in the wired article. Interesting stuff.

can you link the article please? i'd dig reading it. thanks!
and how did you guys find out info with that serial number?

 

[pj225]

can you link the article please? i'd dig reading it. thanks!
and how did you guys find out info with that serial number?

http://www.wired.com/gadgets/wireless/magazine/16-02/ff_iphone?currentPage=all

https://selfsolve.apple.com/GetWarranty.do

 

[iHarri]

@pj225
can you please post a step by step tutorial how to put the firmware on the iphone.....

 

[pj225]

@pj225
can you please post a step by step tutorial how to put the firmware on the iphone.....

There is no need to use the entire prototype FW - restore to 1.1.4 is enough, but remember to backup important data.

1. Restore to 1.1.4 - It must be jailbroken. You can use whatever you like to jailbreak it, but better do not use ZiPhone - it doesn't install afc2 service.
Once you have restored and jailbroken the 1.1.4, install OpenSSH.

2. If you have Windows, use iPhoneBrowser to copy entire AppleInternal folder onto root folder of your iPhone. If you have a Mac, use DiskAid.

3. Copy the following frameworks from firmware dump System/Library/PrivateFrameworks: ARMDisassembler.framework, CHUD.framework, Coach.framework, DiskImages.framework, diStorm.framework, iPodCalendars.framework, iPodContacts.framework, MediaKit.framework, NDISASM.framework, PerfTool.framework, PHTesting.framework, PPCDisasm.framework, Symbolication.framework

to iPhone's /System/Library/PrivateFrameworks

4. Connect to iPhone using SSH and login as root

5. Enter commands:

ln -s /AppleInternal/Applications/SkankPhone.app /Applications/SkankPhone.app

chmod +rwx /AppleInternal/Applications/SkankPhone.app/SkankPhone

Reboot/Respring and you should have a new "interesting" icon on SpringBoard.

Note that some options inside SkankPhone doesn't work unless you copy some contents of FW dump's /usr directory to iPhone. I just copied my iPhone's usr/ onto FW dump and copied it back to iPhone.

If you want SkankPhone to run at every boot, copy com.apple.SkankPhone.plist file from FW dump's /System/Library/LaunchDaemons to iPhone's LaunchDaemons directory.

---

Notes:

S\N isn't hardcoded into app, I was wrong I just tried to flash the NOR dump onto my iPhone and it overwritten my serial number with the proto's S/N.

SkankPhone can co-exist with SpringBoard - When SkankPhone is started, it kills SpringBoard.

There are various interesting tools in /usr - go figure

I don't know why the hell Apple would need PPCDisasm.framework on mobile ARM OS.

 

[maokh]

Whats a good way to make a flash dump without actually installing anything on the device?

 

[pj225]

Whats a good way to make a flash dump without actually installing anything on the device?

You mean entire NAND and NOR chip content dump, or only NAND filesystem (OS files)?

I don't have any knowledge about chip dumping, but you can read the contents of NOR using OpeniBoot.

If it comes to root FS dumping, well, I don't know much about it, too. If you don't want to install anything onto device, maybe try making a ramdisk that launches "mount_hfs /dev/disk0s1 /mnt1 && mount_hfs /dev/disk0s2 /mnt2 && tar -cf /mnt1/ --preserve /mnt2/mobile/Media/rootfs.tar" and then transfer it to computer using DiskAid/iPhoneBrowser.

 

[maokh]

You mean entire NAND and NOR chip content dump, or only NAND filesystem (OS files)?

Im mainly interested in a NAND dump on a virgin phone. Infact, id like to do exactly what was done to pull the software off the beta iphone.

Thanks for the tips

 

[pj225]

Im mainly interested in a NAND dump on a virgin phone. Infact, id like to do exactly what was done to pull the software off the beta iphone.

Thanks for the tips

Try asking planetbeing from Dev Team how you can do it, he helped Brooklyn8 dump the FW.

 

[retrovm]

http://www.wired.com/gadgets/wireless/magazine/16-02/ff_iphone?currentPage=all

https://selfsolve.apple.com/GetWarranty.do

hey, thank you!

 

[iCantwait]

bit of a bump in this thread, i just bought a prototype off ebay

when i get it i'll try and get it working, then i'll sell it - for heaps.

 

[hchung]

So I fix iPhones on the side to make a little extra cash sometimes and a guy approached me with two phones with cracked screens.

Turns out they both have blank backs and boot up to a menu that let you run Skankphone.

While I would have said they're prototypes, the serial numbers appear to be late 2007, and Skankphone has a slightly different menu with a screen that tells you the OS version. They're running OS 1.1.3.

Since that's well after the release of the iPhone, what are these? Why are they blank? And why does one of them have white button/switch plastic instead of black?

 

[kAoTiX]

Do you have any pictures of these to show us? Including screenshots from the device itself. I would be interested to see these.

 

[hchung]

Here: http://img192.imageshack.us/gal.php?g=dscf1613w.jpg
Let me know what you think. From the outside, it looked just like a normal phone except no etching on the back. Just noticed I forgot to ask for a picture of one with the white buttons.

Do you have any pictures of these to show us? Including screenshots from the device itself. I would be interested to see these.

 

[SkankPhwn]

Here: http://img192.imageshack.us/gal.php?g=dscf1613w.jpg
Let me know what you think. From the outside, it looked just like a normal phone except no etching on the back. Just noticed I forgot to ask for a picture of one with the white buttons.

PM me if you would like the firmware of on of these dumped for ppl + you to check out. It is not prototype firmware, but rather factory debug firmware, which is still really cool

 

[hchung]

I tried to PM you but it seems you're not allowing PMs.
Anyhow, I'd be interested in learning how to do the dump.

I don't have access to them at the moment, but given instructions, I can try to figure a time to get to them and do it.

PM me if you would like the firmware of on of these dumped for ppl + you to check out. It is not prototype firmware, but rather factory debug firmware, which is still really cool

 

[trajen]

I'm running an iPhone 2G OS 3.0 unlocked & jailbroken on T-Mobile...

I'm good at directions, can someone walk me thru downgrading the OS and putting the prototype software on my iPhone? Would it be possible to keep the unlock and run the proto software for awhile?

 

[war eagle]

I'm running an iPhone 2G OS 3.0 unlocked & jailbroken on T-Mobile...

I'm good at directions, can someone walk me thru downgrading the OS and putting the prototype software on my iPhone? Would it be possible to keep the unlock and run the proto software for awhile?

Why would you want to?

 

[trajen]

Why would you want to?

For ***** and giggles!

 

[magicshortbus]

Lol, those are clones. Some guy tried to sell me one, the homescreen looked legit but when I opened Phone the dialing screen looked just like that.

 

[benflick]

Lol, those are clones. Some guy tried to sell me one, the homescreen looked legit but when I opened Phone the dialing screen looked just like that.

The ones in this thread aren't clones.

 

[williamtcforsyt]

I don't post on here(yet) however I though some of you guys might think these are cool. I also hope maybe you can give me some advice on how to get one of them to power up.

I picked up 2 iPhone prototypes on the bay. The seller didn't know what they were, and just listed them as as-is parts units. Neither units say "iPhone" on them anywhere, or list the storage capacity. I did some research on the serial numbers, it appears they were both manufactured about 6 months before the release of the iPhone.

Phone #1:
-Doesn't turn on (tried leaving on charger for awhile, along with various reset procedures)
-Glass screen
-Serial number YM650xxxxxx which corresponds to a factory in China, manufactured week 50 of the year 2006. (The iPhone was announced on Jan 6 2007 and release June 29 2007.)

Phone #2:
-Powers on OK
-Plastic screen
-Serial number YM649xxxxxx which corresponds to a factory in China, manufactured week 49 of the year 2006.
-Runs iPhone OS 03.06.01_G (iPhone Launch OS 1.0 was version 03.11.02_G)

The phone that works is pretty neat to use. It does make calls(with my ATT sim), and I can surf the net. However when I did get to web pages they were the mobile versions, not the regular versions. I can receive SMS but not compose my own, other than 5 included test messages. It doesn't sync to itunes. Camera seems to work. It has tons of testing options. I included some pictures for you all, cause if I don't have pics it didn't happen

Also, the working phone has several subtitles that alternate on the screens including:

[Skank is the new black]
[Nine parts perspiration]
[Say hello to the Newton MessagePad 3000]
[Skankphone]

Two prototypes side to side: http://img119.imageshack.us/my.php?image=iphone1dw1.jpg

Back side of both models: http://img75.imageshack.us/my.php?image=iphone7pj1.jpg

Home screen of phone #2: http://img399.imageshack.us/my.php?image=iphone2go0.jpg

Dialing screen phone #2: http://img83.imageshack.us/my.php?image=iphone3bd3.jpg

Network band selection screen (quad band): http://img383.imageshack.us/my.php?image=iphone4ox2.jpg

Screen that shows the operation of various phone features: http://img352.imageshack.us/my.php?image=iphone5zz3.jpg

Browser(no page loaded): http://img383.imageshack.us/my.php?image=iphone6zd6.jpg

PM me if you ever decide to sell these