Saturday, December 15, 2007


Unlock IphoneRemove the black part, the three screws, and the aluminum case. Disconnect the wire connecting the phone to the case. Also remove the metal cover over the comm. board. This is all the disassembly you have to do. If you feel like being safe, desolder the battery red lead.

The red line is covering the A17 trace. In order to trick the chip into thinking the flash is erased in the correct section, you will need to pull this high. Scrape away at the trace with something like a multimeter probe. Then solder a very thin wire to it. Be very careful. Only scrape away at that solder mask above that one trace. This is the hardest step in the whole process; the rest is cake. Also solder a wire to the 1.8v line. Connect to wire coming from the trace and the wire coming from the 1.8v to your unlock switch. Be careful, you only get one chance to do this right.

Time to test what you just soldered. First use the continuity check on a multimeter to make sure the wires aren’t shorting to ground or to each other. Make sure your switch is in the off position. Power up your iPhone. Hopefully it didn’t smoke :) Now go into minicom to tty.baseband and send a few commands, AT a few times will do. It should respond OK. Now flipApple Iphone your switch, the base band should stop responding. Even when you flip it back, the base band still shouldn’t respond. Be sure your switch is off, then open another Ssh and run “bbupdater -v” You can get bbupdater off the ramdisk. This should reset the base band, and minicom should start working again. If it did this, your soldering is most likely good, and you are ready to actually start unlocking your phone!!!

If it passed the checks in step 4, congratulate yourself. You are a pro soldered. Go eat lunch. If not, don’t worry yet. I must’ve thought I bricked my phone 100 times. First of all, to power up your phone you don’t need to reconnect the case with the power button. Just connect it with USB, it’ll power itself up. Secondly, don’t waste time compiling minicom.

This tool uploads a small program, “”, to the base band using the boot rom exploit. This program needs to be in neither a dir with “norâ€�, the file you obtained. You need to have the switch on when running this program. This will download and run the code in “” Then the program will stop and ask to turn off the switch. Do so. You type any character then hit enter. The nor download starts right away. When the counter reaches 0×2E4000, it is done. Run “bbupdater -v”. Hopefully it will return the xgendata. If is does, the nor upload was successful.

If you already used up your attempt counter, the phone should already be unlocked. If not just run ‘AT+CLCK=”PN”, 0,”00000000″. That will unlock the phone for sure. Run ‘AT+CLCK=”PN”, 2. It should finally return 0!!!Your phone is now unlocked. Exit minicom and copy the CommCenter plist back to its place. Reboot. IAsign. And enjoy your unlocked iPhone.

No comments: