More great iPhone unlocking news: Engadget reports that they were able to verify the claims of iPhoneSimFree, an organization of six individuals who have spent the last two months trying to unlock the device, and have finally done it.
iPhoneSimFree is a software based solution which does not require you to open up your iPhone or really do anything except for connecting your iPhone to your computer and running a software program.
According to Engadget, who got a test copy of the software to unlock their device, everything works without a hitch, and even some menus that were previously disabled become available for users of iPhoneSimFree unlocked iPhones.
Supposedly, this will work on any version of firmware, can be removed at any time, and overall sounds like a gift from heaven. Well, maybe not a gift, because the iPhoneSimFree folks are planning to be selling this software soon on their site (no, it’s not available yet). And we’ll let you know once it’s released.
And in other news, a second team of programmers plans to release their own iPhone unlock software tomorrow afternoon. Stay tuned for that.
Source: Engadget
Engadget Unlocked by iPhoneSimFree Apple iPhone video
Written by dennis on August 24th, 2007 with no comments.
Read more articles on News and iPhone Asia and iPhone Canada and iPhone Europe and iPhone Hacks.
More good news keep coming: an American teenage hacker by the name of George Hotz posted the complete Apple iPhone unlocking procedure which enabled him to have the phone working on T-Mobile USA network. His way of unlocking it is somewhat complicated, as it requires opening up the device, soldering some parts, and additionally modifying the firmware code.
This iPhone hack is really not for amateurs, because it will no doubt void the warranty, and most of us would be quite disappointed if something went wrong during the soldering procedure and we’d end up with a dead but very expensive toy.
At the same time, it’s unclear whether Apple will be able to cancel this iPhone unlock with a new firmware upgrade, but at the moment George Hotz is selling what he calls the first ever to be unlocked Apple iPhone on his website to collectors. According to him, he already received a $25,000 offer for it.
George’s instructions are reposted below, visit his website for photos of the process.
Step 1
First, I would like to say thanks again to gray, iProof, dinopio, lazyc0der, anonymous, the dev team, nightwatch, and everyone who donated. Without them, there would be no unlock today, and I surely wouldn’t be up at 8AM.
Second, you may brick your iPhone using this tutorial. YOU ARE WARNED.
Okay on to the actual step. Remove the black part, the three screws, and the aluminum case. Disconnect the wire connecting the phone to the case. Do not remove anything else. Comment on these posts if you are with me so far. Once we get a good number of comments I’ll move on.
Step 2
Also remove the metal cover over the comm board. This is all the disassembly you have to do. If you feel like being safe, desolder the battery red lead. I didn’t 
Step 3
The red line is covering the A17 trace. In order to trick the chip into thinking the flash is erased in the correct section, you will need to pull this high. Scrape away at the trace with something like a multimeter probe. Then solder a very thin wire to it. Be very careful. Only scrape away at that solder mask above that one trace. YOU DO NOT WANT TO BREAK THE TRACE. This is the hardest step in the whole process; the rest is cake. Also solder a wire to the 1.8v line. Connect to wire coming from the trace and the wire coming from the 1.8v to your unlock switch. Be careful, you only get one chance to do this right. Thanks again to Nick Chernyy for the picture.
Step 4
Ok, time to test what you just soldered. First use the continuity check on a multimeter to make sure the wires aren’t shorting to ground or to each other. Make sure your switch is in the off position. Power up your iPhone. Hopefully it didn’t smoke Now go into minicom to tty.baseband and send a few commands, AT a few times will do. It should respond OK. Now flip your switch, the baseband should stop responding. Even when you flip it back, the baseband still shouldn’t respond. Be sure your switch is off, then open another ssh and run “bbupdater -v” You can get bbupdater off the ramdisk. This should reset the baseband, and minicom should start working again. If it did this, your soldering is most likely good, and you are ready to actually start unlocking your phone!!!
Step 5
If it passed the checks in step 4, congratulate yourself. You are a pro solderer. Go eat lunch. If not, don’t worry yet. I must’ve thought I bricked my phone 100 times. First of all, to power up your phone you don’t need to reconnect the case with the power button. Just connect it with USB, it’ll power itself up. Secondly, don’t waste time compiling minicom. Download the binary here, and termcap here.
Step 6
Now, with the switch off, your baseband should be working perfectly. Here you should take a NOR dump of your phone. The dev team’s NORDumper is a great way to do this. This is good to have in case something goes wrong. You can extract the firmware from this as well, which we’ll get to later.
Step 7
So here is the first tool release, iEraser. This erases the current firmware on your modem. Don’t worry, you can always put it back with bbupdater. Here how the bootrom check works; it reads from 0xA0000030 0xA000A5A0 0xA0015C58 0xA0017370 and all these addresses must read as blank, or 0xFFFFFFFF. When you erase flash, it becoms 0xFFFFFFFF. But you can’t erase those locations, because they are in the bootloader. So thats where the testpoint comes in. Pulling A17 high hardware OR’s the address bus with 0×00040000(offset one because data bus is 16 bit) So the bootrom instead checks locations 0xA0040030 0xA004A5A0 0xA0045C58 0xA0047370, which are in the main firmware and can be erased. Pretty genius
To use this tool, you need the secpack from your modems version. The erase of this section is protected. Check the modem version in Settings->About. It’ll either be 3.12(1.0) or 3.14(1.0.1 and 1.0.2). You need the ramdisk which cooresponds to your version. Then go into “/usr/local/standalone/firmware” and get the ICE*.fls file. Extract 0×1a4-0×9a4 and save it in a file called secpack and place it in the same directory as the ieraser tool. Run ieraser. This should erase the modem firmware and leave you one more step on your way to unlocking.
Step 8
Now its time to patch the firmware. Thanks to gray for finding these patches, this required some very complicated reversing. First, you need to extract the firmware from your nor dump. The range you need is 0×20000-0×304000. Save this file as “nor”. The patches you need to apply are as follows. These are offsets from the begininning of the file to saved as “nor”. Choose your version, and patch.
3.12: (213740): 04 00 a0 e1 -> 00 00 a0 e3
3.14: (215148): 04 00 a0 e1 -> 00 00 a0 e3
Resave the file nor, you’ll need it soon…
Step 9
The final tool is iUnlocker. This tool uploads a small program, “testcode.bb”, to the baseband using the bootrom exploit. This program needs to be in a dir with “nor”, the file you obtained in the last step. You need to have the switch on when running this program. This will download and run the code in “testcode.bb” Then the program will stop and ask to to turn off the switch. Do so. You type any character then hit enter. The nor download starts right away. When the counter reaches 0×2E4000, it is done. Run “bbupdater -v”. Hopefully it will return the xgendata. If is does, the nor upload was successful.
Step 10: The Last One
minicom into /dev/tty.baseband. If you already used up your attempt counter, the phone should already be unlocked. If not just run ‘AT+CLCK=”PN”,0,”00000000″. That will unlock the phone for sure. Run ‘AT+CLCK=”PN”,2′. It should finally return 0!!!
Your phone is now unlocked. Exit minicom and copy the CommCenter plist back to its place. Reboot. iASign. And enjoy your unlocked iPhone.
Written by dennis on August 24th, 2007 with no comments.
Read more articles on News and iPhone Asia and iPhone Canada and iPhone Europe and iPhone Hacks.
In case you haven't been keeping up with the flurry of news today, there are now two companies claiming to have the magical software needed to unlock the iPhone. As good as that sounds, it comes at a price. Neither one of these groups intend to give away the crown jewels for free. No, they're going to make you pay to use the method, which they claim to have developed independently. I'm not too sure about that.
read more
Written by Michael Johnston on August 24th, 2007 with no comments.
Read more articles on Opinions and Editorials.
According to CNET, France Telecom confirmed today that they are in the midst of negotiations with Apple to be the carrier of the iPhone in France, though they haven't finalized the deal yet. "I can confirm there are talks," a France Telecom representative said.
read more
Written by Edward Kirk on August 24th, 2007 with no comments.
Read more articles on News.
UPDATE: One of the three methods described below ran into a legal roadblock on Saturday. See iPhone Unlock Hits Legal Hang-Up.
- - - - -
With uncanny serendipity, three teams trying to unlock Apple’s (AAPL) iPhone so that it can work with carriers other than AT&T (T) have reached their goal within days of each other.
First out of the block was George Hotz, a 17-year-old student from New Jersey who posted a 10-step technique on his website Thursday that requires cracking open the iPhone and doing some tricky soldering.
His accomplishment was quickly overshadowed by a team from iPhoneSIMfree.com, which developed a software-only technique that does the same thing without having to void the iPhone’s warranty by opening it up. The group demonstrated its procedure today to Engadget’s Ryan Block, who vouches for its authenticity on the blog and in a video. (Note the "T-Mobile" in the upper left hand corner of his iPhone screen, pictured above.)
Now Infoworld is reporting that a third team, based in Belfast but drawing on the resources of programmers around world, has accomplished the same thing — a software-only hack that will allow iPhone owners to run the device on any GSM-based SIM card. According to John McLaughlin, founder of Uniquephones, the software will be available for download tomorrow afternoon at www.iphoneunlocking.com for $25 to $50.
The iPhoneSimFree team says per unit and bulk licenses for its software will be available next week; no price has been set. Hotz says he has no plans to sell his hardware solution, although he has offered his iPhone, modified and autographed, for sale on eBay.
Neither Apple nor AT&T has commented on these developments, which came just shy of two months from the day the iPhone went on sale. AT&T may take comfort in the fact that most users won’t bother trying to get around their 2-year service contract. Apple, for its part, could undo all these hacks with its next iPhone software upgrade.
[Photo courtesy of Engadget.]
Written by Philip Elmer-DeWitt on August 24th, 2007 with no comments.
Read more articles on AAPL and T and iPhone.
