How to unlock the iPhone to use any SIM
Page 3 of 3Step 14.
Go back to Fugu and navigate into your NORDumper folder (on the computer) and copy its contents to your /usr/bin folder. Ensure all these files have 3 Xs in permissions as discussed earlier.
Step 15.
Open a new Terminal and SSH in to your iPhone. Type: cd /usr/bin Then press enter/return. Type: NORDumper dump.bin Then press enter/return. You will now have to wait up to 20 minutes while the dump is processed. The iPhone's CPU is nowhere near as fast as a home computer, that's why this takes so long.
You may not notice it, but you will eventually get a prompt # when it is done dumping.
You can check the dump.bin file size to confirm it is 4 megabytes. It's in your /usr/bin folder.
Step 16.
Navigate to your ieraser folder and drag all the files in it to your /usr/bin folder. Ensure all these files have 3 Xs in permissions as discussed earlier.
Step 17.
Go to where you downloaded the collection of files in Step 9. This decompressed not as a folder but as individual files. In my case I immediately put these files into a folder I have been referring to as "How to Unlock" in my Fugu screen shots.Look for the file called ICE03.14.08_G.fls Note, this file is only meant for iPhones running 1.0.1 or 1.0.2 firmware. Right click this file and use HexEdit to open it. If you do not have HexEdit, you can get it here for free.
What you are going to do is click and drag to highlight a very specific section of code in this file, then you will copy and paste it into a new file . There is no simple way to do this, so try to follow along.
You need to start at hex address 000001A4 and drag to hex address 000009A4. Here are two screen shots showing the starting and ending addresses. Also note it will say at the very top of the program window "Sel: $000001A4:000009A4", when you have highlighted the code within the correct address range.
Go to the HexEdit menu bar and click "Edit" then select "Copy". Now click "File" then select "New". A blank window will open. Click on "Edit" then select "Paste". The code you highlighted will now be copied to the new file. Now click "File" then select "Save as...". Label the file "secpack" and save it to your desktop.
Drag the secpack file into your "How to Unlock" folder (or whatever you are calling your folder). Go back to Fugu, and copy secpack to /usr/bin.
Step 18.
Open a Terminal and SSH to the iPhone. Type: cd /usr/bin Then press enter/return. Type: ieraser Then press enter/return. This process hung for me the first time, the screen froze at "Waiting for data", so I closed the Terminal and started again. You should see status right away when you type ieraser and press enter/return. If it still hangs at "Waiting for data" after several tries, then try to locate version 2 of the ieraser program.
Step 19.
Copy the dump.bin file from /usr/bin to your desktop.
Now right click the dump.bin file on your desktop, and select HexEdit to open it with. Click "Find" then select "Go To Address..." Enter 00020000 Select the "Hex" button and click "GO".
You are going to do the same thing you did in the last step where you copied a block of code. This time you are going to highlight a truly massive section of code. It will take you about two minutes worth of clicking and dragging to grab it all. If you drag to the bottom edge of your desktop it will scroll a lot faster than if you just stay within the confines of the HexEdit program's screen. I hope that makes sense. Otherwse your scrolling will just take a lot longer. Practice this if you must.
We will be highlighting the address range of 00020000 all the way to 00304000, (watch the 0s in the addresses, count them so you are getting the right addresses). Here is what the beginning and ending byte pairs look like, just so you know.
Once you have highlighted this section of code, go to the HexEdit menu bar and click "Edit" then select "Copy". Now click "File" then select "New". A blank window will open. Click on "Edit" then select "Paste". The code you highlighted will now be copied here. Now click "File" then select "Save as...". Label the file "nor" and save it to your desktop.
Now open the nor file on your desktop with HexEdit. Click "Find" then select "Go To Address..." Enter 215148 and click "GO".
You need to change the string of data 04 00 A0 E1 to 00 00 A0 E3. There are a couple of occurrences of this string of data, so make absolutely sure that you are at address 215148! The easiest way to change this data is to click "Find" then select "Find & Replace..." then enter 04 00 A0 E1 in the "Find:" box, then click the "Find Next" button. Make sure you are at address 215148. Then enter 00 00 A0 E3 in the "Replace with:" box. Make sure the "Hex" button is checked by "Matching:", then click the "Replace" button. I found HexEdit to be a real pain if you wanted to edit directly on the screen, so I used the replace method. I wish there was a better and free hex editing program, but there isn't.
Save the file, put it into your "How to Unlock" folder (or whatever you are calling it). You can verify the file size to make sure you did this correctly. It should be exactly 3,031,040 bytes.
Upload the file with Fugu to /usr/bin. I also set the permissions to 3 Xs.
Step 20.
Navigate to your iunlocker folder and copy all the files in it to your /usr/bin folder. I set all the permissions to have 3 Xs on all the files afterward.
Step 21.
It's time to put the unlocking tool on the circuit board again. Remember to place your needle on the trace first, then make contact with the capacitor. Since you need to operate the computer at the same time as you are using the needles you have two choices: get someone else to help you, or use the "sleep" command to delay the Terminal from executing the command you type long enough to let you get the needles into position.Open a Terminal and SSH into the iPhone (if you don't still have a sesison open already). Type: cd /usr/bin Then press enter/return. If you will be doing this by yourself, you can specify a delay, in seconds, between the time you run the command iunlocker and press enter/return and the point when you think you can get the needles positioned on the phone. To do this you would, for example, type: sleep 10; iunlocker Then press enter/return. If you are having someone help you do this then type: iunlocker DO NOT press enter/return until your needles are on the trace and the capactior first. When they are, press enter/return. I didn't get a screen shot of this (please send me yours if you have one) but the following will display:
If you got the message "Please connect the tespoint", then you need to try again, you didn't make the connection correctly with the needles. Don't worry, it took me about 5 attempts to get this too. Just type: iunlocker and do it again.
The program should then say "TESTPOINT WORKS: 55". You've done it! You can now remove the needles. Follow the on screen instructions which say something like, press any char(acter) key and then press enter/return. It will now scroll a long list of hex addresses for about 5 minutes before it stops and gives you this message.
Type: bbupdater -v Then press enter/return.
Step 22.
If your Terminal is still open, start minicom again.Type: AT+CLCK="PN",0,"00000000" Then press enter/return.
Type: AT+CLCK="PN",2 Then press enter/return.
You should get a response: 0. Congratulations, your iPhone is now SIM lock free!!!
Step 23.
Navigate to your /System/Library/LaunchDaemons folder. Copy the com.apple.CommCenter.plist file back from your "How to Unlock" folder (or whatever you are calling it).
Step 24.
Now you should upload a new lockdownd file specifically for 1.0.1 and 1.02 firmware only. You can download this here. This will allow you to switch SIMs without having to go through the activation process every time you want to switch - great for when you are travelling and don't have a computer with you. Put it into your "How to Unlock" folder (or whatever you are calling it.) Then navigate to your /usr/libexec folder and copy it there and set its permissions to have 3 Xs as discussed earlier.
Step 25.
You can put your iPhone back together and put your SIM in it. Restart the iPhone and use the iAsign activation process.Your iPhone is now unlocked (temporarily if you restore), and in my case on the T-Mobile network. Make a call and receive a call right away to verify. If you have managed to complete this hack, congratulations; You are part of a very small group of people that can.
A new menu will be added in your "Settings".
