I have a package that enables Rogers WAP $7.00 package like the USA T-Zones package but I need a tester that is in Canada. Here are the requirements of such a tester:

1) Knows how to use SSH and can type in a command that I give them without questions.
2) Has Rogers and orders rogers WAP and can verify that it is actually active on the SIM card.
3) Has iPhone OS 2.0 or later on a jailbroken iPhone.

If you believe you fit these criteria and are interested in helping out, please drop me an email.

Planetbeing wrote an outstanding post on the simularities and differences on pwnage, quickpwn, and ziphone. It is a very interesting read. The original post was here but you can read it here as well (posted with permission).

Similarities
Jailbreak

Both utilities jailbreak.

Payload medium

Primary jailbreak payload is placed into iPhone memory for both jailbreaks

Differences
Technique

ZiPhone uses, as the root filesystem device, a pseudo-device that provides a window to an arbitrary section of memory. This memory is not allocated or otherwise reserved by the operating system and hence will be used by other random processes in other random ways and will become more and more corrupted with every CPU clock cycle. The only safe way to use this is to mlock all memory used by the jailbreak binary as soon as possible, and then use data previously uploaded to flash. Anything else will cause either the jailbreak binary to crash at random moments or cause random data to be written to flash. I am not sure why Zibri elected not to implement ZiPhone in a safer fashion.

QuickPwn uses the same mechanism that Apple uses to send its update ramdisk. This memory is both allocated and reserved. It will not crash at random moments, or give you repeating BSD root errors. This is the way the XNU kernel is designed to use ramdisks.

Longevity

ZiPhone hinges on a BUG in iBoot that was quickly fixed by Apple.

QuickPwn uses an iBoot FEATURE that Apple cannot remove without rewriting their own software and undergoing lengthy QA. Even if Apple did change the architecture, it would be straight-forward to simply mimic what they do and adapt to it. The reason QuickPwn can do this is because it relies on a hardware exploit to bootstrap into this phase. Apple cannot fix this problem without changing the manufactured hardware.

Elegance

ZiPhone modifies an existing Apple ramdisk and ships it as a complete set.

QuickPwn contains all-original code and features a very tiny bootstrapper that allows it to use libraries and code that’s already on the iPhone.

Not only does ZiPhone’s distribution of Apple’s binaries violate copyright laws, it also takes up a large portion of room on the ramdisk that could be used for the payload. Keeping its existing algorithm, ZiPhone would never have been able to install Cydia, for example. The maximum feasible ramdisk size is 32 MB; Cydia takes 13 and Apple’s library take up a significant amount. With some work, Zibri could possibly make it just under the 32 MB limit, but with the large number of files in Cydia, and the large size of the corruptible area of memory, corruption would be inevitable.

Some history / A personal note
Zibri claims to have “invented the ramdisk jailbreak”. Even if this were true, it would have as much relevance to QuickPwn as the 1.0.2 jailbreak does: The techniques used are entirely dissimilar. Not a single step in the process is the same.

However, this is not even true. Before Zibri left, we already had a prototype ramdisk jailbreak in our SVN (which Zibri later leaked parts of). It was written by myself and stored under the very obvious name of “ramdisk-jb” and it contained a modified version of a launchd written by Turbo (who should be considered the father of the ramdisk payload). It basically untarred a SSH installation onto the rootfs. It was rudimentary, and required a lot of work to get up to production standards.

While it’s obvious that Zibri has picked every bone of that SVN repository clean, I am puzzled why he did not learn from that example source code. It had mlock and it was written in proper C, unlike the rather make-do replacement of launchd with sh. Perhaps he did not understand the code.

A week before his release, we became aware that Zibri was going to write a ramdisk exploit. We considered racing him to it, but we were constrained by the fact that we had already publicized one working method of jailbreaking: The oft-loathed 1.1.3 soft-jailbreak, which we considered perfectly acceptable until the release of the SDK (we were not aware at the time the SDK release would take so long). In addition, 1.1.3 was a minor update and there was no reason people could not stay on 1.1.2 for awhile longer. The issue is that while a ramdisk jailbreak would certainly be easier and better, we would be burning this great exploit that allowed us to reliably decrypt ramdisks (which we had no other way of doing at the time).

Therefore, we chose not to build our own implementation and instead pursue Pwnage, a longer term project. It was ironic months later that Zibri came to flame us out about releasing the dual-boot method, accusing us of burning the exploit. It was amusing because it was so much lower value than the ramdisk exploit, which he was responsible for burning and really had no future prospects because of pwnagetool.

We are aware that the dual-boot method was the last remaining bit of non-public knowledge from our SVN that he had, and my belief was that the flame was caused by his soreness at losing his last chance at remaining relevant after the pmd (”ramdisk”) vulnerability was patched.

T-Mobile changed their T-Zones IP address causing everyone’s T-Zones to stop working. Thanks to help from DR03, I have fixed this and posted a new T-Zones hack for iPhone OS 2.0. All you T-Mobile users still on 1.1.x, It’s time to upgrade. I don’t plan to release a fix for iPhone 1.1.x at this time. You can update easily following one of our many guides.

For 1.1.x users that really don’t want to upgrade, you can fix proxy.pac yourself but editing the file /var/preferences/proxy.pac and changing “10.0.0.0″ to “25.0.0.0″. (The 2.0 version is a bit more flexible allowing addresses from both 10.* and 25.* to both be covered.

Quickpwn v1.50 is out. Download it here. The updates adds a youtube fix and bootneuter option to unlock the 2g.  I will test this late tomorrow when I get home from vacation. Refer to the quickpwn guide for assistance using the tool.

Pwnage v2.0.3 is out to support v2.0.2 firmwares on OSX. The guide is the same but the firmware support is expanded. You can download it via sparkle (the internal update system in pwnage). Or you can grab it off theiphoneproject.org here.

This version supports fw 2 .0.2, contains for installer 4 b6, and adds support for a bunch of .de language localizations. If you need a guide you can use our guide here.

Good news for you windows users! Quickpwn for 2.0.2 is out. You can download it here. This is the GUI version. You can use my quickpwn GUI guide here for this.  Remember, this does not activate or unlock. So, you only want to use this if you are able to run 2.0.2 and already have phone service with your sim. For those that need more such as an unlock, you should wait for the full pwnage before moving to 2.0.2.

A few points to remind everyone:

1) This is for those that already updated to 2.0.2. It does not provide you with 2.0.2 as part of the process.

2) You can get 2.0.2 firmwares from my firmware page here.

3) If you’re having problems with the DFU steps, refer to my DFU page here.

4) Custom firmwares cannot be used with this process. It works differently. Where pwnage will allow you to create a firmware, pwn your device, then restore that firmware, this process will only pwn your phone and allow you to do so without a restore.

iPhone firmware 2.0.2 is out. But as always, do not update until we get word on a jailbreak. You can get the firmware files from our firmware links here.  The changelog officially only says “Bug Fixes”.

A nice little treat from the dev team tonight for Windows users. This app is called quick pwn. It’s in its beta stages. But it will allow you to pwn your device very quickly without restoring! This should eliminate many of those 160x errors many windows users are experiencing. Note: you do not need to do this if you already have a working, pwned 2.0.1 device. (Note: to see this guide in German, you can use this link).

Who should use this tool? This is for those that are not planning to restore. It’s not clear what the activation state is after the process therefore, I only recommend this for those that have a contract carrier or an unlocked phone already. This is also perfect for those that pwned and did not install Cydia as it will result in Cydia being installed. If you are on a 2g and need to unlock, you can do so with bootneuter, but this will not activate for you. If you are on a stock device and using AT&T or a contract carrier, this is the perfect jailbreak for you. You will not lose your contacts or have to do any backups. Finally, if you are going to restore anyway, especially if you need to unlock a 2g, you may as well use winpwn or such.

Here are the steps to using the tool:

Step 1) Download the tool here and extract it to a folder such as c:\quickpwn.

Step 2)  Download the proper firmware image such as 2.0.1 3g or 2.0.1 2g. Save this image in the same folder with the quickpwn.exe file. For our example we will use c:\quickpwn. Your folder should now look like this:

Step 3) Optional. semi-advanced, and can be skipped! You can replace your boot images now if you want to.  Make sure you get proper files and name them properly. You must use logo.png and recovery.png and put them in the same folder overwriting the ones that are there. Note that there are many boot logos that are not valid. If you have any problems try using the default images.

Step 4) While the command  prompt will say “kill all itunes processes”, you must ignore this step. In fact, before you get started start iTunes and make sure your phone is recognized by it. Now, leave iTunes running but don’t touch it again.

Step 5) Hook your phone up to your PC and double click either  “iPhone 2G.bat”, “iPod touch.bat”, or “iPhone 3g.bat” depending on which device you have.

Step 6) You will see some stuff go by the screen like this:

Then you will be prompted to turn off your phone and press enter when you have done so:

Step 7) As it says on screen, turn off your phone by holding power, sliding to power off, and waiting for it to power off. Do not take the phone off the pc connection! If you do, you must start over.

Step 8) In this next step we need to get our phone into DFU mode so it can be pwned. If you have any problems following the onscreen instructions, then refer to this DFU guide. The program will help you through the steps but it often takes multiple attempts to get into DFU mode. And, if you fail to get into DFU mode, the app quits and you must start over.

Therefore, I recommend that you get into DFU mode before hitting ENTER. Read the DFU guide link and press enter when you are in DFU mode. Then ignore the directions on the screen until it recognizes your phone is in DFU mode. When you are in DFU mode, the app should automatically take over and you will see this:

Wait a bit for the process to finish, and congratulations! You are done.

Step 9) Optional 2g phone only. If you need to unlock your phone, install bootneuter from Cydia and run it! Select “neuter, unlock, do not change bootloader settings, and then flash!”.

Troubleshooting:

1) If during the process you did not kill iTunes you will see these questions:

Is your device connected to your computer via USB? Type “Y” to continue.
Is your iPhone currently powering on? Type “Y” to continue.

If you see these questions it means that your phone is not being recognized by the PC. Remember you must have iTunes running and it must see your device. If you have to, close and reopen iTunes, disconnect and reconnect your device, or even reboot your PC. You should not see the above two message as part of the process.

2) When you turn on your iPhone, it does not have any display.  Man, is it bricked?

This is probably caused by using an invalid boot image (logo.png) in the process. If you wait long enough the thing should boot up to springboard normally. In this state, you do not have any logo showing you the device is booting. You can fix it by repeating the process with a valid png file.