Tutorial: iPhone Unlock in 7 Easy Steps
I have all the files you need and a quick guide for performing the unlock on OS X below. A huge thanks to my Russian friend (guest184) in #iphone.unlock on undernet for putting the guts of this together before going to sleep. I just tested it and it worked fine for me on my iPhone here in Asia on Thai GSM and TRUE. I unlocked several more phones with others to verify the steps. If you need help post in the channel and I will do my best to assist, but I am no expert!
Before you Begin: Restore your iPhone to Apple factory settings and install the 1.0.2 update. This can be done by putting the iPhone into recovery mode. This is done by holding both the select and sleep buttons for 25 seconds while your iPhone is docked. Do this until it reboots and returns with a yellow sign reading: Connect to iTunes. Fire up iTunes. Choose Restore. To confirm your version, go to Settings > General > About > Version on the iPhone.
Warning: These tools are not perfect and while it is quite rare, it is always possbile to brick your iPhone when messing with the firmware, and file structure. Also be sure to set your Settings > General > Auto-Lock to Never. You¡¯ve been warned.
Step 1 - Jailbreaking with iNdependence
You need to jailbreak your iPhone in order to write files to it. There is a lot written about this and it is pretty simple to do (1 click) but it often causes problems. A good tool for doing this is either iNdependence, or iFuntastic. iNdependence works best for me so that is what I will show here. The latest version of iFuntastic (v3.x) installed a lot of uneccesary stuff on my iPhone so I avoided it.
This tripped me up! iNdependence performed consistant jailbreaks for me but it asks for the iPhone firmware files. This is a 92mb download you can grab here. Now you need to rename this file .zip and then unzip it somewhere so you can point to it when iNdependence asks for it. As it¡¯s running you should see this:
Step 2 - Activation
You need to activate the iPhone now. Again this is a 1 click solution from within iNdependence, and it will again ask for the iPhone firmware files from the last step. After some rebooting you should be activated and can now check out the iPhone interface etc. Easy so far!
Step 3 - SSH and Installer
Now we need some tools, specifially SSH installed on the iPhone. In order to do this you need to install installer.app from NullRiver. Others had success installing SSH right from iNdependence but sadly it wouldn¡¯t happen for me.
Installer really kicks ass and will open up a whole new world of iPhone apps you never knew existed. You will really be surprised at what is already available for free. Be sure to set up your wi-fi settings because Installer is so smart it just downloads stuff straight from the internet to your iPhone. Right now we are interested in installing the following in this order:
BSD Subsystem (v1.5 currently - adds some FreeBSD tools)
Community Sources (v2.5 - adds tons of community maintained homebrew apps, yay!)
Installer (v2.63 - Installs stuff!)
OpenSSH (v4.6x - allows us to SSH to the iPhone)
Alright if those apps installed okay you should be able to SSH to your iphone (user: root / password: dottie):
ssh root@your.iphone.ip
Be sure and change the root password at some point - now is a perfect time:
passwd root
Step 4 - Copy the Needed Files
Okay you can remove the SIM from your phone, we won¡¯t need it until the end of the procedure. Now we need to copy some files from the zip I provided onto the iPhone and get hacking. You can simply do this step with any SFTP client like Transmit, whcih is what I did. Put the files from the zip onto your iphone into these locations, you will not need to create any folders:
/usr/libexec/lockdownd
/etc/termcap
/bin/ice.fls
/bin/nor
/bin/iunlock
/bin/bbupdater
Step 5 - Hack the iPhone
Login to iPhone via SSH and execute the following, everything should be cool but be sure to watch for errors. The NOR dump/patch will take about 20 minutes so grab some Corn Pops:
chmod +x /bin/iunlock
chmod +x /bin/bbupdater
mkdir /usr/local
mkdir /usr/local/etc
/bin/launchctl unload /System/Library/LaunchDaemons/com.apple.CommCenter.plist
iunlock ice.fls nor
bbupdater -v
Step 6 - tweak the Modem Settings
Now we need to tweak the modem a bit. Again in SSH run:
minicom -s
It will yammer about no config file found which is just fine. Select serial port setup, and change /dev/modem to /dev/tty.baseband, save setup as dfl, exit.
You now should have intialized the modem and are dumped to a command line within minicom 2.2. You are so close now it¡¯s not even funny. Type:
AT+CLCK=¡±PN¡±,0,¡±00000000¡å
and then
AT+CLCK=¡±PN¡±,2
Both command shoud result in an OK response from minicom.
Step 7 - Dance Around the Room
Reboot the iPhone and slap your SIM card in now. You should now be basking in the warm glow of having a fully unlocked iPhone. If not don¡¯t despair. These tools are not perfect and not everyone pulls off the unlock on their first attempt (me included). If you have a problem, a restore and restarting the procedure over again can very likely yield different results.
Source: iPhone Unlock in 7 Easy Steps
|