How to unlock the iPhone to use any SIM
Page 2 of 3
Turn on the iPhone and plug it into your computer. Ensure you are in Wi-Fi mode and not EDGE.
Determine what IP address is being assigned to your iPhone by your router. Press the Home button,
"Settings", "Wi-Fi", select the name of your network by pressing the blue arrow on the right, then
look where it says "IP Address". On my iPhone it is 10.0.1.4
Next press Home, "Settings", "General", "Auto-Lock", then select "Never". This will keep the iPhone
from disconnecting the SSH connection you will maintain while working on this procedure.
Start Fugu, log into your iPhone, and navigate to the /usr folder.
Click the "New Folder" button. Call the folder "local" and make sure it is being created
"Remotely", and click "Create".
You should now see local in your list of folders in /usr.
Double click the "local" folder. Click the "New Folder" button again. Call the folder "etc" and
make sure it is being created "Remotely". Click "Create".
You should now see etc in your local folder.
Download this collection of files.
Decompress the folder. I renamed my folder to How to Unlock, which you will see in all my Fugu
screenshots. Copy the file termcap to your etc directory.
Ensure the permissions for termcap display 3 Xs. If they don't, right click termcap and select "Get
Make your settings match these, then click "Apply".
Here is termcap with 3 Xs in the "Permissions" column. Now you know what this looks like. I will
have you set the permissions on several files just like this.
Navigate to your /bin folder and copy the file bbupdater to it. Ensure its permissions are set as
Navigate to your /System/Library/LaunchDaemons folder. Move the com.apple.CommCenter.plist file out
of the folder. I dragged mine to my How to Unlock folder on the computer.
Now right click the .plist and delete it from the iPhone.
Shut off the iPhone. Make sure your SIM card and the tray are removed, and the back lid remains
connected via the ribbon cable. Restart the iPhone.
Open the Terminal, and log into the iPhone via SSH.
Type: ssh -l root (Your iPhone's IP address) Then press enter/return.
You will be asked for your password. The default is dottie. It will not display when you enter it.
Type: cd /usr/bin Then press enter/return.
Type: minicom -s Then press enter/return.
Select "Serial port setup" (with your down arrow key) then press enter/return.
At the next screen, type: A
Your cursor will now be at the "Serial Device" line. Type: /dev/tty.baseband Then press
Press the escape key. Select "Save setup as dfl" and press enter/return. You will get a pop up
message saying "Configuration Saved".
Select "Exit". Then press enter/return.
A screen will appear briefly saying "Initializing Modem" and then this screen will appear.
Type: AT Then press enter/return. You should get a response of "OK". Keep this
Terminal open with minicom running.
Now it is time to make your unlocking "tool". I built mine with two darning sewing needles, a
couple inches of speaker wire, and electrical tape to secure the wire to the needles. Use whatever
you have to, but it better have very sharp points and be electrically conductive. Check your
continuity if you have to with a meter to be sure it's good.
The next thing you have to do is scrape the "trace" that you need to apply current to. Note, some
have said they were able to just push the needle into the trace without scrapping. I chose the
scrape method. I've never done this before, so I grabbed my Simpsons bottle cap opener (which plays
an audio file when a bottle cap touches it), took it apart, and scraped one of the traces on it,
used my unlocking tool, and completed the circuit causing the audio loop to play. I did this to
ensure I knew how hard and how much I needed to scrape a trace to get to the conductive material in
it. It doesn't take much pressure to do. I highly recommend practicing on a spare circuit board
somewhere. I guarantee you the traces on the iPhone are ridiculously small and easy to break. If
you break the trace, you could kill your phone, but traces can be repaired. In fact Radio Shack
sells a trace repair pen for $6. Check their site.
Unless you have exceptional vision, I recommend getting a magnifying glass and a small flashlight.
I found this tool that I will now swear by. I should get paid for this plug (I won't link directly),
but if you go to The Sharper Image website, and do a search for the term "magnify" you'll find a
really nice magnifying glass that is somewhat bendable, has a built in stand, and has a built in
light with an on and off switch. It's only $20. Here's what it looks like.
The first picture below was taken by Nick Chernyy for GeoHot's blog. The path colored in red represents
the trace that you must connect one end of your unlocking tool to. Pick anywhere on this trace to
scrape away some of the insulation to get to the copper underneath. DO NOT break the trace, or
damage anything else nearby. Go slowly, be patient, wear away the material a little at a time. You
don't need to do much. I couldn't even see the copper underneath on mine. I do not know who took
the second picture. The third picture was sent to me by an anonymous reader and demonstrates very
well, the scale you are dealing with here. If the third picture doesn't scare you, then
That thing on the right with the red tip, is a match!
Go back to the Terminal where minicom was left running. Touch the needles to the contact points
(make sure you contact the trace first, then make contact with the capacitor second)
the iPhone (this is referred to as a testpoint) and remove them. Go back to the Terminal window and
type: AT then press enter/return. Nothing should happen. It shouldn't accept the letters when you
try to type them. Good, you did it right.
Close this Terminal window
Open a new Terminal window. SSH back in to the iPhone. Then type: cd /bin Then press
enter/return. Type: bbupdater -v Then press enter/return. You should see the following
Next type: minicom Then press enter/return. Type: AT Then press enter/return.
You should get a response "OK". This is proof that you have jumpered the two connection points