Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Go
Search
Unlock
Navigation Main page Community portal Current events Recent changes Random page Help Ground rules Contents 1 Official Unlock 2 Hardware Unlock 3 Old AnySim Patch (1.0.x) 4 New AnySIM Patch (1.1+) 5 IPSF Toolbox What links here Related changes Special pages Printable version Permanent link 6 Cloning Officially Unlocked Phones 7 Ultrasn0w 8 External Links
This is the process by which the iPhone is modified such that the baseband will accept the SIM card of any GSM carrier. This is entirely different than a jailbreak. Contrary to popular thought, jailbreaking one's iPhone does not unlock it. A jailbreak is, however, required for all currently public, unofficial software unlocks (see "Official Unlock" below).
Official Unlock
At +0x400 in the seczone, a token is stored encrypted with (NCK + NORID + HWID). Apple, knowing the NCK, sends it using an activation token over iTunes. The phone receives an AT+CLCK="PN",0,"......NCK......" It decrypts the token with the generated key. If that decryption, after deRSAing with Key 2, is a valid token for the phone, it is stored back to that flash with the token TEA, but not RSA decrypted. On startup, if the lockstate table says the phone is unlocked, it validates that RSA token. This type of unlock does not require a jailbreak and is permanent, even surviving a restore (unless Apple or your carrier decides to relock the phone, something that has rarely happened [1] ).
Unlock in iTunes
Hardware Unlock
It is not possible to hardware unlock current devices. The only way to mention here would be Gevey SIM, which is actually not a hardware modification. Back in the days of the original iPhone, it was possible to hardware unlock your iPhone. The instructions were on geohot's blog, which is currently private.
IPSF
This exploit changed the lockstate table in the seczone to read unlocked and created a spoofed RSA token that was seen as valid by bootloader 3.9 (4.6 was not vulnerable to IPSF). It overwrote your previous token, which means the phone could nor longer be officially unlocked, unless a restore of the token was performed from a previously made backup. Since the token isn't modified in a baseband flash, this unlock survived a baseband downgrade or upgrade. Apple attempted to combat this by requiring AT+CLCK command to be sent every startup. In a officially unlocked iPhones, lockdownd does this. In a late version IPSF phone, signal.app does this.
Ultrasn0w
After the S-Gold 2 days, user land exploits are used to unlock the current devices and basebands, which are usually exploit with ultrasn0w, yellowsn0w, PurpleSn0w or Blacksn0w. Those Softwares exploited several injunction vectors, such as AT+XAPP, AT+XLOG or AT+XEMN
External Links
English Website from chpwn with overview of unlock status Deutsche Website von pattyland mit einer bersicht des Unlockstatus's "Baseband Playground" a presentation by Luis Miras about all current unlocks
This page was last modified on 27 December 2011, at 16:24. This page has been accessed 74,160 times. Privacy policy About The iPhone Wiki Disclaimers