[soonwai]

How to Unlock a 1.1.1 Phone

Thanks to functionality already built into the iPhone, an unlock is possible from any software or firmware version.

With your iPhone turned on, but sleeping, hit the home button once. You will be prompted to "slide to unlock". Touch your finger to the slider button and drag it all the way to the right, then release. Your iPhone is now unlocked.

Important note: To prevent your phone from becoming locked again, touch your screen and move your finger around.

Credits to iphone-elite wiki.

but seriously...

[size=16pt]How to upgrade your unlocked 1.0.2 iPhone to an unlocked 1.1.1 iPhone (for OS X)[/size]
If you have an unlocked 1.0.2 iPhone, like I do, and like to be on the bleeding edge or just itching to download some songs directly to your iPhone, this is the guide for you. Be aware that you will be tinkering with the very guts of your iPhone and there's always a chance that you'll brick it or even worse turn it into a HTC Touch. In any case, I'd like to assure you that I've successfully upgraded 2 iPhones using the methods outlined in this guide. This guide is a consolidation of information & unlocking methods discovered in the hackint0sh.org & iPhone Elite forums. Credits must be given to naximus (hackint0sh.org) & Tifel (iPhone Elite), iPhone Elite Team for the revirginizing tool & Dev Team for AnySim 1.1.

[size=16pt]Warning: Do this at your own risk.[/size]

Requirements

• [li]iPhone 1.0.2 unlocked using AnySim or iUnlock methods. This method may not work with iPhones unlocked with the commercial IphoneSimFree method.[/li]
  [li]OS X Mac[/li]
  [li]WiFi network[/li]

Software needed

• [li]iTunes 7.4.2 (4) (That's what I have on my Mac).[/li]
  [li]iNdependence 1.2.5 http://code.google.com/p/independence/[/li]
  [li]anySIM 1.1 http://conceitedsoftware.com/iphone/site/anysim11.html (AnySIM 1.1p did not work for me.)[/li]
  [li]Apple's iPhone 1.1.1 update http://appldnld.apple.com.edgesuite....a_Restore.ipsw (or you can let iTunes download the update later.)[/li]
  [li]Virginizer Pack http://rapidshare.com/files/64722081...nizer_pack.zip[/li]
  [li]SSH server running on the iPhone, install this on your iPhone using iNdependence (If you already have a SSH server running, I recommend uninstalling and installing the one from iNdependence)[/li]

Summary of the entire process

• [li]Revirginize 1.0.2[/li]
  [li]Activate & Jailbreak & SSH virgin 1.0.2[/li]
  [li]Pre-1.1.1 preparation[/li]
  [li]1.1.1 update via iTunes[/li]
  [li]Activate & Jailbreak & SSH 1.1.1[/li]
  [li]Unlock 1.1.1[/li]

Preparation

• [li]Ensure iTunes is not running[/li]
  [li]Open Activity Monitor and quit ituneshelper. Keep Activity Monitor open, if ituneshelper comes back, kill it.[/li]
  [li]Download all the files listed above.[/li]
  [li]If you've downloaded it, move iPhone1,1_1.1.1_3A109a_Restore.ipsw to /Users/yourshortusername/Library/iTunes/iPhone Software Updates/[/li]
  [li]Recommended is that you keep your AT&T SIM in your phone though I had my Digi SIM inside throughout the process cause I forgot.[/li]
  [li]Disable Phone Lock & Sim Lock on your iPhone[/li]
  [li]Set iPhone Auto Lock to Never[/li]
  [li]Make sure your battery is charged[/li]
  [li]Connect your iPhone to the same WiFi network as your Mac & note down your iPhone's IP address[/li]

So here goes nothing...

1.0 Revirginizing
(refer to iPhone Elite wiki http://code.google.com/p/iphone-elit...irginizingTool & forums http://rdgaccess.com/iphone-elite/viewtopic.php?t=98
For added peace-of-mind it is advisable to install the vt100 terminal application or MobileTerminal prior to running through this process just in case anything fails and you lose wifi access.
All references to IP address 192.168.1.100 should be replaced by your phone's IP address.)

Connect your iPhone to your Mac & quit iTunes if it comes up. Remember to watch out for ituneshelper in Activity Monitor.
Install SSH server using iNdependence. Just follow its instructions. The iPhone will need to be restarted twice. (If you already have a SSH server running, I still recommend uninstalling and installing the one from iNdependence)
Disconnect your iPhone from the Mac & plug it into the charger.

Uncompress virginizer_pack.zip on the Mac, open a terminal session, cd to the folder where you extracted virginizer_pack & copy the entire folder to your iPhone. The password for root is dottie

scp -r virginizer_pack root@192.168.1.100:/usr/bin

Backup your seczone

Connect to your phone:

ssh root@192.168.1.100

Change to the working directory:

cd /usr/bin/virginizer_pack

Stop CommCenter: (-w switch is not necessary)

launchctl unload /System/Library/LaunchDaemons/com.apple.CommCenter.plist

Make norz executable:

chmod +x ./norz

Make a seczone backup: (should only take about 2 seconds)

./norz seczone.backup 0x3FA000 0x2000

You should see:

Code:

# ./norz seczone.backup 0x3FA000 0x2000
geohot's nor dumper
all your norz are belong to us
super fast...just the way i like it
Dumping: A03FA000-A03FC000
Waiting for data...
Got Header: 77 0b cc
Increasing baud rate...
02 00 82 00 04 00 00 10 0E 00 A4 00 03 00 
02 00 01 08 14 00 00 00 00 00 A4 00 03 00 09 00 
00 00 33 2E 39 5F 4D 33 53 32 C3 0A 03 00 
02 00 84 00 00 01 01 00 00 00 89 00 00 00 62 88 
00 00 03 00 00 00 00 00 00 00 01 00 00 00 02 00 
00 00 00 00 40 00 3F 00 00 00 00 00 01 00 08 00 
00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 A6 03 03 00 
02 00 85 00 02 00 FF FF 85 02 03 00 
02 00 02 08 06 00 00 00 01 02 03 00 0E 08 03 00 
Wrote: 0xa03fa000
Wrote: 0xa03fb000
Dumped

This will create a file called seczone.backup in the working directory. If you're stuck at "Waiting for data...". Hit CTRL-C to cancel the process. You should have a 0 byte seczone.backup file. Now "chmod 766 ./seczone.backup" and try the dump again.

Exit back to your Mac and copy the seczone.backup file off to somewhere safe:

exit
scp root@192.168.1.100:/usr/bin/virginiz...k/seczone.backup /seczone.backup

Virginize

Connect to your phone again:

ssh root@192.168.1.100
cd /usr/bin/virginizer_pack

Make iUnlock executable:

chmod +x ./iUnlock

Now do:

./iUnlock ./ICE03.14.08_G.fls ./eliteloader.bin

You should see:

Code:

iUnlock v42.PROPER -- Copyright 2007 The dev team


Credits: Daeken, Darkmen, guest184, gray, iZsh, pytey, roxfan, Sam, uns, Zappaz, Zf

* Leet Hax not for commercial uses
Punishment: Monkeys coming out of your ass Bruce Almighty style.

Sending Begin Secpack command
Sending Erase command
Waiting For Erase Completion...
Sending Write command
00%
05%
.
.
80%
90%
Sending End Secpack command
Validating the write command
FW are equal!
Completed.
Enjoy!

Takes about 30 seconds

Make bbupdater executable:

chmod +x ./bbupdater

Now check the baseband status:

./bbupdater -v

You should see:

Code:

Resetting target...
pinging the baseband...
baseband unresponsive to pinging
Done

Takes about 26 seconds.

Your seczone should now be repaired.

Now reflash the default 3.14.08 baseband firmware:

./bbupdater -f ./ICE03.14.08_G.fls -e ./ICE03.14.08_G.eep

You should see:

Code:

Preparing to flash using /dev/tty.baseband at 750000 baud
Please reset target
Resetting target...
ProcessDetailUpdated: Boot-loader is active
ProcessDetailUpdated: EBL version: 3.9_M3S2 3..9
ProcessDetailUpdated: Boot mode is: CC
ProcessDetailUpdated: Baud rate set to 750000
ProcessDetailUpdated: Get flash id.
ProcessDetailUpdated: CFI stage 1
ProcessDetailUpdated: Flash ID is: 88620089
ProcessDetailUpdated: CFI stage 2
ProcessDetailUpdated: Boot process finished
ProcessOutlineUpdated: Reading SW version data
ProcessDetailUpdated: Receiving data.
ProgressUpdated: 100
ProcessDetailUpdated: Upload OK
ProcessOutlineUpdated: Process time was 133 msec.
Upgrade from  to 
Downloading EEP
ProcessOutlineUpdated: Start downloading from file ICE03.14.08_G.eep.
ProcessDetailUpdated: Sending sec-pack.
ProcessDetailUpdated: Load region 0
ProcessDetailUpdated: Sending end-pack.
ProcessDetailUpdated: Checksum OK.
ProcessDetailUpdated: Verify OK
ProcessOutlineUpdated: Process time was 1795 msec.
Downloading FLS
ProcessOutlineUpdated: Start downloading from file ICE03.14.08_G.fls.
ProcessDetailUpdated: Erasing the dynamic eeprom area
ProgressUpdated: 100
ProcessDetailUpdated: Sending sec-pack.
ProcessDetailUpdated: Load region 0
ProcessDetailUpdated: Sending data.
ProgressUpdated: 0
ProgressUpdated: 2
ProgressUpdated: 4
.
.
ProgressUpdated: 99
ProgressUpdated: 100
ProcessDetailUpdated: Load region 1
ProcessDetailUpdated: Sending data.
ProgressUpdated: 0
ProgressUpdated: 1
ProgressUpdated: 2
.
.
ProgressUpdated: 99
ProgressUpdated: 100
ProcessDetailUpdated: Sending end-pack.
ProcessDetailUpdated: Checksum OK.
ProcessDetailUpdated: Verify OK
ProcessOutlineUpdated: Process time was 1 min 52  sec.
Resetting target...
pinging the baseband...
issuing +cpwroff...
Done

Takes about 2 mins.

Now check the baseband again:

./bbupdater -v

You should see:

Code:

Resetting target...
pinging the baseband...
issuing +xgendata...
    firmware: DEV_ICE_MODEM_03.14.08_G
 eep version: EEP_VERSION:207
eep revision: EEP_REVISION:7
  bootloader: BOOTLOADER_VERSION:3.9_M3S2
Done

Takes about 6 seconds

Restart CommCenter: (Don't forget -w)

launchctl load -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist

Congratulations, you have virginized your phone!

Power off the iPhone and power on. An "Incorrect SIM" message will appear as your iPhone is now locked. It should still be activated & jailbroken. If it is not then you'll need to activate & jailbreak using iNdependence which should be fairly straightforward.

PRE-111 firmware preparation

Connect your iPhone to the Mac.
Open iNdependence. (iNdependence's status should be "Connected to iPhone - Firmware 1.0.2 - activated - AFC connection - jailbroken)
Go to the Firmware tab and click the "Pre 1.1.1 Upgrade "button. Enter your iPhone's IP address and use dottie as the password.
Follow the instructions from iNdependence. (Open iTunes, Set Up Your iPhone as a new phone, Give it a name, Click Continue)
Once the iPhone is shown in iTunes, go back to iNdependence and click OK.
iNdependence will do its Pre-111 magic for about 10 seconds.
When the " Success Your phone is now ready to be upgraded to 1.1.1" dialog appears, click OK.
Quit iNdependence.

Now switch back to iTunes which should be in your dock and running.

Update to 1.1.1 using iTunes

Click UPDATE NOT RESTORE.
If you have not downloaded the 1.1.1 ipsw file, iTunes will do so now. This will take awhile. It's a 152MB file.
iTunes will then extract, verify, update & verify again so please wait while your iPhone is upgraded to 1.1.1. It shouldn't take longer than 7 minutes.

Once the wait is over you should get a message from iTunes saying that the iPhone has been updated. Click OK and quit iTunes.

Your iPhone will restart and the screen will show "Activate iPhone".

Activate & Jailbreak 1.1.1

Open iNdependence. Verify that the status is "Connected to iPhone - Firmware 1.1.1 - not activated - AFC connection - jailed". If you see anything else, sorry, but you'll have to start over.

Activate the iPhone. Go to the Activation Tab and click Activate Phone.
After about 1 min 30 secs, iNdependence will ask you to power off & on the iPhone. Just follow its instructions.
You'll need to power off & on the iPhone one more time and it should have been activated & jailbroken.

Status is now "Connected to iPhone - Firmware 1.1.1 - activated - AFC connection - jailbroken"

Reinstall SSH. Go to the SSH tab and click "Install SSH/SFTP/SCP". You will have to restart the iPhone twice for this.

Unlock 1.1.1

Now go to the Customize tab. Click on Applications and System.
Click Add button and browse to your downloaded anySIM 1.1 location and select it. Use AnySIM1.1, AnySIM 1.1p did not work for me.
You will be asked for iPhone's IP address and password. Use "alpine" for the password. If you get a "Host Verification Failed" message, just click Yes to fix it.
Quit independence.

Put your SIM into the iPhone if it's not already in. (I left my DiGi SIM in throughout the whole process accidentally and it was OK.)
You should see anySIM in your springboard.
Touch anySIM & Slide to Unlock. Read the License Agreement and scroll down till you see a red button.
Touch the red "OK. Unlock My Phone" button.
Wait while AnySIM copies, erases & flashes firmware. This takes about 4 mins 50 secs.
Finally and hopefully, the message you see is "Unlock Successful!" Touch OK.
Restart the iPhone.

Post Unlock Steps (Optional but recommended)

Use iNdependence to remove both AnySIM & SSH (You can keep SSH if you like but it runs in the background all the time thereby reducing your iPhone's battery life).

Now you should have an activated, jailbroken & unlocked iPhone 1.1.1.

I've done this to 3 phones and all have gone well with Calls, SMS, WiFi & Youtube all working.

Please let me know how it goes for you. I'll try to answer any questions that you may have.

When i ssh into my phone i keep getting kicked out of the phone before i can change directories.


nick-labancas-power-mac-g4:~ NickTheFish$ ssh -l root 192.168.0.12 root@192.168.0.12's password:
Last login: Mon Oct 29 17:53:08 2007
-sh-3.2# cd
Connection to 192.168.0.12 closed.
nick-labancas-power-mac-g4:~ NickTheFish$


After i log in , i try to type: cd /usr/bin/virginizer_pack BUT it goes to CONNECTION CLOSED!

WTF????

Any ideas?

I tried this to try and get past the above post error:

nick-labancas-power-mac-g4:~ NickTheFish$ ssh -l root 192.168.0.12 /usr/bin/virginizer_pack/virginator.sh
root@192.168.0.12's password:

Welcome to virginator!

-----WARNING-----
It is very important to be connected to a reliable
power source during this process. If your phone
powers off or reboots during a critical operation
it could become permanently damaged.
-----------------
Is it safe to continue?
---
1) Yes, please continue.
2) No, please exit.
---
1
Starting virginator...


What do you want to do?
---
1) Just backup my seczone.
2) Backup my seczone and re-virginize.
---
2
You chose to backup your seczone and re-virginize.


Starting...
==== Beginning sanity checks ====


Found "/bin/launchctl"
ERROR: Cannot find "norz".
ERROR: Exiting now...
nick-labancas-power-mac-g4:~ NickTheFish$


At least i was able to fire up revirginator but i got the above error. CANNOT FIND "NORZ"


Buehller? Buehller?

[danayanch]

Hey,

Did you put the contents of the virginator package in the folder specified? norz is included in the package. It is probably pointing to a location on the phone where the norz is not located.

Dana Y

yes I did.

in the /usr/bin/ folder.

Finally worked this morning all by itself?!?!?!?!?!

I am almost done. just waiting for anysim to do it's magic!

Thanks to all!

[vasuvius]

is this for Intel Macs ? will it work on PowerPC ?

thanks

I used a PPC G4 and it worked flawlessly.

Here's what I did:

1. REVIRGINIZED my UNLOCKED 1.0.2 phone with software fron here:

http://www.hacktheiphone.com/111/iph...eband_mac.html

2. I then updated my iTunes and UPDATED the iPhone to 1.1.1.

3. Downloaded INDEPENDENCE 1.3 beta. It worked flawlessly.

4. Followed instructions above and loaded PRE 1.1.1 firmware.

5. Activated phone and installed ssh etc...

6. Loaded ANYSIM1.1. I didn't have to ssh anysim to phone since it was already in INDEPENDECE 1.3. Just clicked on button and BAM! It was there.

7. Removed AT&T sim and installed my t-mobile sim and ran ANYSIM.

8. ENJOY PHONE!!!