iPhone SimFree (iPSF) was one of the first iPhone unlocking company that showed up with a software unlock for the iPhone. Ever since, their unlock method has been seen as superior to the popular (and free) anySIM method. Why so? Well anySIM unlocks do not last through iPhone software updates whereas iPSF unlocks have stood solid and are known to survive updates that come from apple.
Recently, popular iPhone hacker GeoHot released an unlock method that is a clone of the iPSF method. If you like the idea then follow the following guide and convert to his unlock.
Who can do this?
Anyone who has an iphone (bootblock 3.9) and running the latest 1.1.3 Firmware (including new baseband 4.03_13_g)
Files you need:
anySIM 1.3 Cleaner
Step 1
If you are on 1.1.1 or 1.1.2 upgrade to 1.1.3 using the Nate or Dev team jailbreak method. Various guides for this out there so it should not be an issue.
Once on 1.1.3 with the 1.1.2 baseband, upgrade to the 1.1.3 baseband using this guide.
Step 2 (For people who used anySIM 1.3 previously)
To reverse the anySIM 1.3 unlock follow these instructions (credits to crashn):
1. Copy the following files (from the anySIM 1.3 cleaner download) to iphone /usr/bin/
bbupdater
ICE04.03.13_G.fls
ICE04.03.13_G.eep
secpack
2. Turn on Airplane Mode.
3. From the iphone Terminal (vt 100 available for download in installer) , stop CommCenter by trping the following:
launchctl unload /System/Library/LaunchDaemons/com.apple.CommCenter.plist
4. Next type
cd /usr/bin/
then type these commands:
./bbupdater -f ICE04.03.13_G.fls
./bbupdater -e ICE04.03.13_G.eep
./bbupdater -v
5. Restart the CommCenter now by typing this command:
launchctl load /System/Library/LaunchDaemons
/com.apple.CommCenter.plist
6. Exit terminal and turn off Airplane Mode.
7. Reboot and you will have a clean 04.03.13 baseband.
Step 3
Now to unlock using the geohot-iPSF unlock. Note: At this step you should have a 1.1.3 iPhone running bootloader 4.03_13_g and NOT unlocked (that means you have no signal and the phone is NOT unlocked).
Follow the following steps (thanks bezman):
1) Download the IPSF Unlock files from the link provided at the begining of this post.
2) Extract the file to your desktop – it should be a folder called ipsftool
3) Install BSDSubsystem, OpenSSH and Term-vt100 on your iphone.
a) you will need to add www.trejan.com/irepo to your sources in installer (if you are on jailbreked 1.1.3 with 04.03.13_G firmware/baseband/modem firmware) and install the “SUID Lib Fix” , “Term-vt100 SUID Fix” and “BSDSubSystem 2.0 Term Fix” fix for 1.1.3 for term-vt100 to work properly. This is very important – the Termvt-100 password will be alpine – make sure you type everything carefully and slowly – if you make a mistake, exit Term-vt100 and re-open it and start over.
4) Now log in with WinSCP into your iphone (use your iphone ip address and username: root – password: alpine)
5) Create a folder called “ipsf” in /usr/bin
6) Copy all the files from the ipsftool folder on your desktop to /usr/bin/ipsf
7) Give ALL the files in the “ipsf” folder 0777 permissions (either in winscp)
This is a very important step, most if not all errors of this process will occur if you don’t have the right permissions – In WinSCP right click the files and give them the right permissions.
If you dont like/know how to do it in WinSCP then from terminal you can issue the following commands:
cd /usr/bin/ipsf
chmod 777 *
8.) Once you have copied all the files from the ipsftool folder to /usr/bin/ipsf open Term-vt100 on your iphone and issues the following commands.
cd /usr/bin/ipsf
./ipsf.sh
It will start going through a lot of code, once successful, it should go through in about 5-7 mins and reboot after.
9) You should now have 1.1.3 totally unlocked – If your signal is giving trouble, run the Signal.app that should be on your springboard on your iphone.
If after running signal.app you have no sound, simply play a song or ringtone to fix this.
Signal.app is set up to run on every reboot to get you signal, this is because the lockdown for 1.1.3 has not been fixed to work with the IPSF unlock yet. and will hopefully be fixed soon.
10) *VERY IMPORTANT* copy the entire “ipsf” dir from iphone to somewhere safe like a USB key or better burn a CD with the stuff on it. You SHOULD have copy of that folder as long as you will have that iphone (this is for safety purposes in case something goes wrong in the future).
Dont like the unlock? Revert back the unlock using these instructions:
Step 1: Prepare to Revert
Make sure all the files in the previous unlock procedures are uploaded to iPhone, put it into a folder, say, /revert113. NOTE: actually you don?t have to copy all files, but it?s easy to copy them all other than to select the needed files one by one).
Step 2: Revert Seczone
Now take these steps to turn off CommCenter, then revert the seczone (NOTE: the original seczone has been dumped into a file named seczone during your previous unlock procedures):
launchctl unload -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist
cd /revert113
chmod 755 *
./process
cat secloader seczone > fselector_revert
./iUnlock secpack fselector_revert
./norz seczone.ignore 0?3FA000 0?2000
./norz seczone.revert 0?3FA000 0?2000
The seczone is now reverted to the original. Copy the seczone.revert to your computer, and compare it with your original seczone file using a binary tool (I use WinHex), they should be exactly the same.
Step 3: Reflash Modem
Now the usual way to reflash the modem and turn on CommCenter after the flash:
./bbupdater -f ICE04.03.13_G.fls -e ICE04.03.13_G.eep
launchctl load -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist
Reboot and everything?s back to the original.
Enjoy your iPhone, it will now survive any future updates from apple and wont lock itself up like anySIM unlocks 
By IPSF Style 1.1.3 (3.9) unlock by Geohot - Pagina 7 - iPhone Forum - alles over de apple iPhone (in Nederland) February 7, 2008 - 4:51 pm
[...] Doe dit alleen als je handig bent met ssh en in het tikken van commando’s binnen je terminal-vt100 Haklabs ? The Perfect iPSF Unlock Clone __________________ 1.1.3 Dev Team versie 3 met Bootloader 04.03.13_G [...]
By IPSF Style 1.1.3 (3.9) unlock by Geohot - Pagina 8 - iPhone Forum - alles over de apple iPhone (in Nederland) February 7, 2008 - 6:18 pm
[...] Doe dit alleen als je handig bent met ssh en in het tikken van commando’s binnen je terminal-vt100 Haklabs ? The Perfect iPSF Unlock Clone __________________ 1.1.3 Dev Team versie 3 met Bootloader 04.03.13_G ! De titel van het topic [...]
By Ryan February 7, 2008 - 7:07 pm
I had a nate true 1.1.3 updated phone, which used official IPSF to unlock before. Have 3.9 bootloader.
Did the baseband upgrade through Installer to 1.1.3.
Skipped the Step 2 (because did not use Anysim 1.3, but original IPSF).
Continued to Step 3, everything worked without hitch.
At the end, it took several minutes with the spinning disk, then a few more minutes to reboot.
I then ran the signal app which showed up with this unlock, and the WIFI works but no PHONE.
Anyone know what gives? Is it because I had already used official IPSF?
Where to go from here to get phone functionality back? Thanks much, Ryan.
By labrat February 7, 2008 - 8:39 pm
Try reverting back to a locked state, it is possible that since you had IPSF before something messed up…so revert the unlock using the instructions provided and then try again.
By Ryan February 8, 2008 - 2:39 am
Help Please!
In the above instructions to revert, the 4th command to enter is:
“./process”
(without the quotes)
When I enter that, it says:
Running process
zsh: bus error ./process
#
should I just continue the instructions even though there was this error? Sorry for the noob question…
Thanks,
Ryan
By IPSF Tool by Geo - Pagina 2 - ModMyApple.it February 8, 2008 - 3:24 am
[...] Qui c’e’ una guida dove spiega come tornare indietro… Haklabs The Perfect iPSF Unlock Clone Ma come mai sto metedo viene snobbato? E’ un [...]
By Ryan February 8, 2008 - 11:01 am
Good news–
Did some reading, someone else had a similar problem. Was fixed by simply re-running the GeohotIPSF program!
Now it works! Thanks much.
By RUBIKS February 9, 2008 - 11:18 pm
AWESOME IT WORKED… I NOW HAVE A FRESH 1.1.3 UNLOCKED UPGRADE RESISTANT, BOOTLOADER 3.9 BASEBAND 04.03.13 (WITH LOCATE ME WORKIN PERFECTLY) AFTER A LONG NITE OD RESTORING AND CODING AND BACKUPPPING AND *H**ING AND WOHOOOOOO
By airkaos February 11, 2008 - 2:17 am
Can I use this on version 1.1.2, or it has to be 1.1.3
thanks
By Pancho February 13, 2008 - 4:50 am
what happend, if i make the ipsf-hack without uninstalling anysim 1.3? i have made it so and have no problems with my iphone. if there is any trouble, could i reverse the anysim unlock AFTER i have installed the ipsf-hack? thx, regards
By jmerhi February 13, 2008 - 1:33 pm
Hi,
I have an OTB 1.1.1 BL 3.9 iPhone unlocked with iPhone Sim Free (payed version) so I decided to upgrade to 1.1.3.
1.- Upgrade using iTunes to 1.1.3
2.- Activated & Jailbreak with ziphone.
After I do that I have my iPhone unlocked but without carrier signal. I know that my iPhone is unlocked because I use the Signal.app that I find on the Hakint0sh forums and after use it My Carrier Signal come back.
But my question is: This is the normal way to have a carrier signal on my iPhone? Is not avaible any other method without using the signal.app ?
Thank you for your help
By William M February 23, 2008 - 4:09 pm
I want to reverse the anysim 1.3 unlock.
If I use the instructions above, will my NCK counter be reset to 0?
Or does anysim 1.3 not increase the unlock attempts on the NCK by 1?
By james February 26, 2008 - 5:30 pm
i wa wondering too, if this can be ran on a 1.1.2 jailbroken phone (usign stealthsim so its still a ‘stock’ phoen as far as unlocking goes). i want to do it on 1.1.2 as i stand now, adn then jsut upgrade to 1.1.3 or 1.1.4
By Freddy B July 16, 2008 - 3:56 am
Hey
Do u no how to unlock the the firmwere 2.0?
thx
By tx34ELLA February 16, 2010 - 9:04 pm
Did you utilize the ideas of a paper writing service for your famous release? I opine that you really have good research essay creating technique. Thank you for sharing that!