Hack the iPhone
How to unlock the iPhone to use any SIM
Page 2 of 3Step 7.
Turn on the iPhone and plug it into your computer. Ensure you are in Wi-Fi mode and not EDGE.Determine what IP address is being assigned to your iPhone by your router. Press the Home button, "Settings", "Wi-Fi", select the name of your network by pressing the blue arrow on the right, then look where it says "IP Address". On my iPhone it is 10.0.1.4
Next press Home, "Settings", "General", "Auto-Lock", then select "Never". This will keep the iPhone from disconnecting the SSH connection you will maintain while working on this procedure.
Step 8.
Start Fugu, log into your iPhone, and navigate to the /usr folder.
Click the "New Folder" button. Call the folder "local" and make sure it is being created "Remotely", and click "Create".
You should now see local in your list of folders in /usr.
Double click the "local" folder. Click the "New Folder" button again. Call the folder "etc" and make sure it is being created "Remotely". Click "Create".
You should now see etc in your local folder.
Step 9.
Download this collection of files. Decompress the folder. I renamed my folder to How to Unlock, which you will see in all my Fugu screenshots. Copy the file termcap to your etc directory.
Ensure the permissions for termcap display 3 Xs. If they don't, right click termcap and select "Get Info"
Make your settings match these, then click "Apply".
Here is termcap with 3 Xs in the "Permissions" column. Now you know what this looks like. I will have you set the permissions on several files just like this.
Navigate to your /bin folder and copy the file bbupdater to it. Ensure its permissions are set as previously discussed.
Navigate to your /System/Library/LaunchDaemons folder. Move the com.apple.CommCenter.plist file out of the folder. I dragged mine to my How to Unlock folder on the computer.
Now right click the .plist and delete it from the iPhone.
Step 10.
Shut off the iPhone. Make sure your SIM card and the tray are removed, and the back lid remains connected via the ribbon cable. Restart the iPhone.Step 11.
Open the Terminal, and log into the iPhone via SSH. Type: ssh -l root (Your iPhone's IP address) Then press enter/return. You will be asked for your password. The default is dottie. It will not display when you enter it. Type: cd /usr/bin Then press enter/return. Type: minicom -s Then press enter/return.
Select "Serial port setup" (with your down arrow key) then press enter/return.
At the next screen, type: A
Your cursor will now be at the "Serial Device" line. Type: /dev/tty.baseband Then press enter/return.
Press the escape key. Select "Save setup as dfl" and press enter/return. You will get a pop up message saying "Configuration Saved".
Select "Exit". Then press enter/return.
A screen will appear briefly saying "Initializing Modem" and then this screen will appear. Type: AT Then press enter/return. You should get a response of "OK". Keep this Terminal open with minicom running.
Step 12.
Now it is time to make your unlocking "tool". I built mine with two darning sewing needles, a couple inches of speaker wire, and electrical tape to secure the wire to the needles. Use whatever you have to, but it better have very sharp points and be electrically conductive. Check your continuity if you have to with a meter to be sure it's good.
The next thing you have to do is scrape the "trace" that you need to apply current to. Note, some have said they were able to just push the needle into the trace without scrapping. I chose the scrape method. I've never done this before, so I grabbed my Simpsons bottle cap opener (which plays an audio file when a bottle cap touches it), took it apart, and scraped one of the traces on it, used my unlocking tool, and completed the circuit causing the audio loop to play. I did this to ensure I knew how hard and how much I needed to scrape a trace to get to the conductive material in it. It doesn't take much pressure to do. I highly recommend practicing on a spare circuit board somewhere. I guarantee you the traces on the iPhone are ridiculously small and easy to break. If you break the trace, you could kill your phone, but traces can be repaired. In fact Radio Shack sells a trace repair pen for $6. Check their site.
Unless you have exceptional vision, I recommend getting a magnifying glass and a small flashlight. I found this tool that I will now swear by. I should get paid for this plug (I won't link directly), but if you go to The Sharper Image website, and do a search for the term "magnify" you'll find a really nice magnifying glass that is somewhat bendable, has a built in stand, and has a built in light with an on and off switch. It's only $20. Here's what it looks like.
The first picture below was taken by Nick Chernyy for GeoHot's blog. The path colored in red represents the trace that you must connect one end of your unlocking tool to. Pick anywhere on this trace to scrape away some of the insulation to get to the copper underneath. DO NOT break the trace, or damage anything else nearby. Go slowly, be patient, wear away the material a little at a time. You don't need to do much. I couldn't even see the copper underneath on mine. I do not know who took the second picture. The third picture was sent to me by an anonymous reader and demonstrates very well, the scale you are dealing with here. If the third picture doesn't scare you, then nothing will.
That thing on the right with the red tip, is a match!
Go back to the Terminal where minicom was left running. Touch the needles to the contact points (make sure you contact the trace first, then make contact with the capacitor second) on the iPhone (this is referred to as a testpoint) and remove them. Go back to the Terminal window and type: AT then press enter/return. Nothing should happen. It shouldn't accept the letters when you try to type them. Good, you did it right.
Close this Terminal window
Step 13.
Open a new Terminal window. SSH back in to the iPhone. Then type: cd /bin Then press enter/return. Type: bbupdater -v Then press enter/return. You should see the following information.
Next type: minicom Then press enter/return. Type: AT Then press enter/return. You should get a response "OK". This is proof that you have jumpered the two connection points correctly.
