Haklabs.com

• February 7th, 2008
• 14 Comments

iPhone SimFree (iPSF) was one of the first iPhone unlocking company that showed up with a software unlock for the iPhone. Ever since, their unlock method has been seen as superior to the popular (and free) anySIM method. Why so? Well anySIM unlocks do not last through iPhone software updates whereas iPSF unlocks have stood solid and are known to survive updates that come from apple.

Recently, popular iPhone hacker GeoHot released an unlock method that is a clone of the iPSF method. If you like the idea then follow the following guide and convert to his unlock.

Who can do this?

Anyone who has an iphone (bootblock 3.9) and running the latest 1.1.3 Firmware (including new baseband 4.03_13_g)

Files you need:
anySIM 1.3 Cleaner

IPSF Unlock Files

Step 1

If you are on 1.1.1 or 1.1.2 upgrade to 1.1.3 using the Nate or Dev team jailbreak method. Various guides for this out there so it should not be an issue.

Once on 1.1.3 with the 1.1.2 baseband, upgrade to the 1.1.3 baseband using this guide.

Step 2 (For people who used anySIM 1.3 previously)

To reverse the anySIM 1.3 unlock follow these instructions (credits to crashn):

1. Copy the following files (from the anySIM 1.3 cleaner download) to iphone /usr/bin/

bbupdater
ICE04.03.13_G.fls
ICE04.03.13_G.eep
secpack

2. Turn on Airplane Mode.

3. From the iphone Terminal (vt 100 available for download in installer) , stop CommCenter by trping the following:

launchctl unload /System/Library/LaunchDaemons/com.apple.CommCenter.plist

4. Next type

cd /usr/bin/

then type these commands:

./bbupdater -f ICE04.03.13_G.fls
./bbupdater -e ICE04.03.13_G.eep
./bbupdater -v

5. Restart the CommCenter now by typing this command:

launchctl load /System/Library/LaunchDaemons/com.apple.CommCenter.plist

6. Exit terminal and turn off Airplane Mode.

7. Reboot and you will have a clean 04.03.13 baseband.

Step 3

Now to unlock using the geohot-iPSF unlock. Note: At this step you should have a 1.1.3 iPhone running bootloader 4.03_13_g and NOT unlocked (that means you have no signal and the phone is NOT unlocked).

Follow the following steps (thanks bezman):

1) Download the IPSF Unlock files from the link provided at the begining of this post.

2) Extract the file to your desktop – it should be a folder called ipsftool

3) Install BSDSubsystem, OpenSSH and Term-vt100 on your iphone.

a) you will need to add www.trejan.com/irepo to your sources in installer (if you are on jailbreked 1.1.3 with 04.03.13_G firmware/baseband/modem firmware) and install the “SUID Lib Fix” , “Term-vt100 SUID Fix” and “BSDSubSystem 2.0 Term Fix” fix for 1.1.3 for term-vt100 to work properly. This is very important – the Termvt-100 password will be alpine – make sure you type everything carefully and slowly – if you make a mistake, exit Term-vt100 and re-open it and start over.

4) Now log in with WinSCP into your iphone (use your iphone ip address and username: root – password: alpine)

5) Create a folder called “ipsf” in /usr/bin

6) Copy all the files from the ipsftool folder on your desktop to /usr/bin/ipsf

7) Give ALL the files in the “ipsf” folder 0777 permissions (either in winscp)

This is a very important step, most if not all errors of this process will occur if you don’t have the right permissions – In WinSCP right click the files and give them the right permissions.

If you dont like/know how to do it in WinSCP then from terminal you can issue the following commands:

cd /usr/bin/ipsf
chmod 777 *

8.) Once you have copied all the files from the ipsftool folder to /usr/bin/ipsf open Term-vt100 on your iphone and issues the following commands.

cd /usr/bin/ipsf
./ipsf.sh

It will start going through a lot of code, once successful, it should go through in about 5-7 mins and reboot after.

9) You should now have 1.1.3 totally unlocked – If your signal is giving trouble, run the Signal.app that should be on your springboard on your iphone.

If after running signal.app you have no sound, simply play a song or ringtone to fix this.

Signal.app is set up to run on every reboot to get you signal, this is because the lockdown for 1.1.3 has not been fixed to work with the IPSF unlock yet. and will hopefully be fixed soon.

10) *VERY IMPORTANT* copy the entire “ipsf” dir from iphone to somewhere safe like a USB key or better burn a CD with the stuff on it. You SHOULD have copy of that folder as long as you will have that iphone (this is for safety purposes in case something goes wrong in the future).

Dont like the unlock? Revert back the unlock using these instructions:

Step 1: Prepare to Revert

Make sure all the files in the previous unlock procedures are uploaded to iPhone, put it into a folder, say, /revert113. NOTE: actually you don?t have to copy all files, but it?s easy to copy them all other than to select the needed files one by one).

Step 2: Revert Seczone

Now take these steps to turn off CommCenter, then revert the seczone (NOTE: the original seczone has been dumped into a file named seczone during your previous unlock procedures):

launchctl unload -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist
cd /revert113
chmod 755 *
./process
cat secloader seczone > fselector_revert
./iUnlock secpack fselector_revert
./norz seczone.ignore 0?3FA000 0?2000
./norz seczone.revert 0?3FA000 0?2000

The seczone is now reverted to the original. Copy the seczone.revert to your computer, and compare it with your original seczone file using a binary tool (I use WinHex), they should be exactly the same.
Step 3: Reflash Modem

Now the usual way to reflash the modem and turn on CommCenter after the flash:

./bbupdater -f ICE04.03.13_G.fls -e ICE04.03.13_G.eep

launchctl load -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist

Reboot and everything?s back to the original.

Enjoy your iPhone, it will now survive any future updates from apple and wont lock itself up like anySIM unlocks