Fixing Blacksn0w on 3.1.3

Update: Ultrasn0w now supports 05.11 thru 05.13 with a new exploit that should fix all possible WiFi issues and any OS 4.0 problems. http://ultrasn0w.com/


------------------- Deprecated ------------------
miniFAQ: 

• Can this be used with my 'accidentally restored' 3.1.3/non-jailbroken/running BB 5.12.xx iPhone?
• NO
• Does this also fix the WiFi problem (WiFi not connecting/requiring a reboot)?
• NO, you should reset network settings to fix the WiFi problem. Preferably before you  install the unlock and with original operator SIM card in (otherwise, there are reports of resetting network settings causing an unbootable phone). 

3.1.3 with 5.11.07 BB ONLY

Update3: Thanks to nice people running PushFix.info, this fix is now available in their repository, cydia.pushfix.info, and their package actually does compatibility checking before install.
Update2: You need to chmod +x the dylib, forgot to mention that earlier :-(

Tools:

gdb, IDA 5.5, ldid, hex editor (XVI32)

Test load:

launchctl unload /System/Library/LaunchDaemons/com.apple.CommCenter.plist ; launchctl load  /tmp/com.apple.CommCenter.plist ; launchctl start com.apple.CommCenter
       

Test load in gdb:

gdb /System/Library/PrivateFrameworks/CoreTelephony.framework/Support/CommCenter
   >set env DYLD_INSERT_LIBRARIES = /usr/lib/blacksn0w.dylib
   >run
 

Cause of the bug:

Blacksn0w is locating a function to patch by searching the binary for a reference to string "SIM is not supported" . In 3.1.3 the same function now uses the string "Verified" in the reverse condition branch.. Since the location to patch is determined by instruction search&replace, the patch itself still works in 3.1.3 after changing the string and its length in Blacksn0w binary ..

I also changed the patch from mov r1, 1 to mov r0 , 1 because I suspect that's what it was supposed to do, instead of returning whatever garbage CFRelease left in r0 :-)

DISCLAIMER: please test-run before installing permanently; failure to do so or installing original BlackSn0w on 3.1.3 will force you to restore!

Instructions:

• Download blackra1n.com/blacksn0w.deb , unpack with 7Zip
• Copy System\Library\LaunchDaemons\com.apple.CommCenter.plist from .deb to /tmp/ on the phone
• Copy the patched blacksn0w.dylib to /usr/lib/
• Execute in SSH: chmod 755 /usr/lib/ blacksn0w.dylib
• Try to execute a test load, make sure you get signal with your T-Mobile SIM -)
• ONLY If test load works OK, copy com.apple.CommCenter.plist from /tmp to /System/Library/LaunchDaemons/
• If test load does not work OK, the phone will freeze, wait 20 seconds and reboot (Power+Home), upload CommCenter crash logs from /private/var/logs/CrashReporter