Monday, February 18, 2008









Wednesday, February 13, 2008


There are two types of unlocking: "Firmware-patch" and "Direct unlock"
Firmware patch is simply patching the firmware in order to bypass the unlock. Phone is still "locked", firmware is just tricked into believing it's not. An example would be when phone startsup and runs code "if(phoneIsLocked == false) doStartphone();" - a patch would simply change "false" to "true", causing it to run doStatphone() even when it's locked. If firmware is upgraded/restored, this patch will of course be removed and were back to start again. This type is in the industry considered as a semi-unlock, and only accepted as a last resort if no other way is found (usually, it's just a temporary solution)

Direct-unlock is the real way of unlocking phones. Usually it involves just rebuilding the entire lockdata in EEPROM with "blank" unlocked data. Or the safest way is to get the phone itself to clear the data by making it unlock itself - which could be achieved by for example finding the unlock codes and feed it with them. This would leave absolutely no trace of "hacking" - it will be 100% correctly done, as intended by the manufacturer.

(SIM-cloning/Turbosim is not mentioned, because that's not considered unlocking.)
When a phone is unlocked (in a proper way), it will always be unlocked. Firmware upgrades never touches EEPROM, including lock data.

Here are my thought's on how iphone unlocking works - of course, it's just my thoughts based on my experience with other phones, and I may very well be wrong.

IPFS unlock solution is permanent, and will handle all future updates Yes, i'm fairly sure that a phone unlocked with IPFS is a proper unlock (not firmware patch), making it permanent. But of course, unlike other's, iphone needs activation and IPFS therefore completely dependent on activation, which is depending on jailbreak. But when it comes to the operator lock itself, IPFS's permanently unlocks it.

I'm not sure exactly how IPFS does unlock it, but i'm feeling very sure it's one of these:

1. IPFS reads data from the baseband/EEPROM, and rebuilds the lock area in EEPROM with proper data - without any lock. This is exactly the same done on almost all other phones.

2. IPFS patches the baseband, but only as a temporary step in order to achive the above. When it's finished, it doesn't matter if the patch is removed (bb upgraded), because phone is already unlocked.

AnySIM and the other solutions are fimware patch solutions and will never survive baseband flashing/upgrade. Unlike IPFS (if IPFS also patches firmware), AnySIM patches firmware in order to bypass the lock, not in order to unlock it - or at least it's not unlocking it properly. The fact that anysim unlocked phones are bricked after upgrading, must be caused by changes the anySIM solution does to EEPROM, which is not properly done, and makes it "corrupted" as seen from the new firmware.

In my opinion there's no reason to be so negative about IPFS. They did the real unlock and so far noone have been able to recreate their solution. So don't expect a free real solution for 1.1.1 appearing very soon either. A free patch-unlock though is probably already possible now that they have decrypted the ramdisk, i will try that tomorrow. Of course iphone dev team are doing the most important work, and let's hope they soon will be able to work out a direct unlock solution as well.


Open installer, and tap Sources, Edit and Add.

Type in and Ok then Done.

Now tap on Install at the bottom and scroll down to the Unlocking Tools category
Install SMS Fix

When done installing, reboot your phone and it should work

Note: I have not throughly tested this, so there may be side effects i'm not aware of yet. But you can just uninstall the package to revert the changes. I only tested on 1.1.1.

Where can i find the iPhone firmware files?

1.0.0: iPhone1,1_1.0_1A543a_Restore.ipsw
1.0.1: iPhone1,1_1.0.1_1C25_Restore.ipsw
1.0.2: iPhone1,1_1.0.2_1C28_Restore.ipsw
1.1.1: iPhone1,1_1.1.1_3A109a_Restore.ipsw
1.1.2: iPhone1,1_1.1.2_3B48b_Restore.ipsw
1.1.3: iPhone1,1_1.1.3_4A93_Restore.ipsw


Now you can unlock your brand new iPhone very easy. I set up an Installer script to make it even easier. In short terms, downgrade your phone to 1.1.1 and jailbreak as described below. After you have access to the phone, open Installer and goto Unlocking Tools and Install 1.1.2/1.1.3 OTB Unlocker. When it completes, you must upgrade to 1.1.2.

Bypass activation and prepare phone for software installation

1.Make sure you have a SIM-card with PIN turned off, and power on your phone (the supplied AT&T card works fine).

2.On the activation screen, slide for emergency and dial: *#301# to make the phone call itself. (If the incoming call dialog quickly disappears but it keeps ringing, just dial 0 (remove *#301# first), and it will call itself)

3.Answer the call, and tap on Hold

4.Phone will call it self again, tap Decline. You will now be returned to the normal dialer.

5.Tap on contacts, and tap the + icon to add a new. The only info you are going to add to this contact are two URL's. To add a URL, tap Add new URL. The first URL is prefs followed by a colon: prefs: and the second is Tap Save.

6.Your contact now has two "web pages" - tap on the first one (prefs:). This will take you to the settings dialog. The reason you want this, is because you need to connect to a Wi-Fi network, so tap on Wi-Fi, and get connected to a network, and make sure the icon on top of the screen is indicating that you are connected. While you are in the settings dialog, you should also set: General → Auto-Lock → Never.

Now, press the home button, and again, slide for emergency dial 0, Answer the call, Hold and Decline the new call so that you get to the contacts. Tap on your contact (No Name), and this time tap on the other home page,

8.Safari will launch and show you a webpage. Tap on Tap here to jailbreak your iPhone
Phone will return to activation screen and after a few seconds the phone should restart.

If the phone does not restart after waiting a full minute, please make sure that you have your phone connected to the computer and try again.

11.When the phone starts again, it should no longer say slide for emergency, but rather Slide to unlock It means it was successfull! Activation is now bypassed, and phone prepared for software installation! (If you are going to use an AT&T SIM, you won't need to do the next step.)

Unlock the SIM-lock on jailbroken 1.1.1

1.Open installer, and install the update if prompted.
2.Go to sources and tap Edit and Add
3.Add this URL:
4.Tap Done and then Refresh
5.Go to Install (at bottom) and scroll down to the Unlocking Tools category and install AnySIM
6.When installed you can press the home button, and you will find a new AnySIM icon on your home screen. Launch it and follow the instructions.
7.The unlocking process will take about 5-10 minutes, in the end it should say it was successful!
8.To clean up your phone, launch Installer and uninstall AnySIM. Then go to Settings → General → Auto-Lock and set it to a prefered value.

Congratulations, you are done!