Unlock Iphone 1.1.1 and 1.1.2 firmware

Unlock your iPhone for free - no computer necessary!

First, thanks to everyone who made this possible. Iphone Dev team who made the sim-unlock application used in the tutorial, Installer.app team, geohot, Iphonesimfree tongue.gif and all others. No need to disassemble your phone anymore, and no need to input commands manually.

Warning! Firmware version 1.1.2 is now released. If you bought a phone that had 1.1.2 preinstalled (it shows a picture of a cable and the iTunes icon), it is not possible to unlock it. If you did not have this firmware when you bought the phone, i do not recomment to update to this version yet. It's very important that you don't let iTunes restore to 1.1.2 as well, so always select firmware manually by holding Shift/Option key while clicking Restore. Details about restoring/upgrading here.

This tutorial assumes that your iPhone has firmware version 1.1.1. If you are unsure, here is how to check: On the emergency dial screen dial *3001#12345#* and tap Versions. Firware version should be 04.01.13_G. If it's 03.14.08_G you have v1.0.2 and need to update it to 1.1.1 first. Read here first if you previously unlocked your phone.

NEW! If you have an unlocked 1.0.2 iPhone, or upgraded to 1.1.1 and have "damaged" imei (0049) you need to repair your phone. I have now put together the ultimate repair solution - this is the absolutely easiest way to repair the phones (virginize). To do so, just add http://i.unlock.no/ as a Source in Installer, make sure BSD Subsystem is installed (else it's in the System category) and install The Virginizer found in the Unlocking Tools category. There's two versions, use the one corresponding to your Modem firmware. Click here for more details. And remember, you got it here first!

Bypass activation and prepare phone for software installation

Make sure you have a SIM-card with PIN turned off, and power on your phone (the supplied AT&T card works fine).
On the activation screen, slide for emergency and dial: *#301# to make the phone call itself. (If the incoming call dialog quickly disappears but it keeps ringing, just dial 0 (remove *#301# first), and it will call itself)
Answer the call, and tap on Hold

Phone will call it self again, tap Decline. You will now be returned to the normal dialer.
Tap on contacts, and tap the + icon to add a new. The only info you are going to add to this contact are two URL's. To add a URL, tap Add new URL. The first URL is prefs followed by a colon: prefs: and the second is jailbreakme.com. Tap Save.

Your contact now has two "web pages" - tap on the first one (prefs. This will take you to the settings dialog. The reason you want this, is because you need to connect to a Wi-Fi network, so tap on Wi-Fi, and get connected to a network, and make sure the icon on top of the screen is indicating that you are connected. While you are in the settings dialog, you should also set: General → Auto-Lock → Never.

Now, press the home button, and again, slide for emergency dial 0, Answer the call, Hold and Decline the new call so that you get to the contacts. Tap on your contact (No Name), and this time tap on the other home page, jailbreakme.com
Safari will launch and show you a webpage. Read through the text, before you Install AppSnapp

Phone will return to activation screen, but don't panic, just wait.
Phone should automaticly restart after almost a minute. . If it does not restart withing 2 minutes, click here.

When the phone starts again, it should no longer say slide for emergency, but rather Slide to unlock It means it was successfull! Activation is now bypassed, and phone prepared for software installation! (If you are going to use an AT&T SIM, you won't need to do the next step.)
Unlock the SIM-lock

Open installer, and install the update if prompted.
Go to sources and tap Edit and Add
Add this URL: http://i.unlock.no
Tap Done and then Refresh
Go to Install (at bottom) and scroll down to the Unlocking Tools category and install AnySIM
When installed you can press the home button, and you will find a new AnySIM icon on your home screen. Launch it and follow the instructions.
The unlocking process will take about 5-10 minutes, in the end it should say it was successful!
To clean up your phone, launch Installer and uninstall AnySIM. Then go to Settings → General → Auto-Lock and set it to a prefered value.
Congratulations, you are done!

A few tweaks

If you want to enable the International menu, install Enable International menu which is found in the Unlocking Tools category. This will let you choose keyboards, and set your phone to use your prefered regional settings, like date and phone number formatting. Be alerted though - it looks like Apple haven't finished this feature completely yet (which is probably why it's deactivated) so there may be some issues. In my case Fahrenheit and Celsius is mixed up in the Weather application for instance!

By default, the EDGE settings found in Settings → General → Network → EDGE are not saved when phone is restarted. To fix this, install EDGE Settings fix which is found in the Unlocking Tools category..

If YouTube does not work ("You must first connect to iTunes..."), try to install YouTube activation which is found in the Unlocking Tools category. Also make sure that the phone has correct date.

If you for some reason need to deliver your phone to Apple (service etc.), i recommend that you revert the unlock first so that they (hopefully) can't see it's been unlocked. Install OneSIM which is found in the Unlocking Tools category, and tap on the new icon it creates to run it. After you are done, do a restore in iTunes.


Frequently asked questions and problems

Nothing happens after i visit jailbreakme.com

If you visit jailbreakme.com, install AppSnapp, get thrown back to the activtion screen and you have waited more then 3-5 minutes but phone does not restart - try restarting your phone manually. If phone starts normally everything is fine. If you still only get to the activation screen it did not work. Usually this is because there is a problem on the server, or maybe your internet connection. Wait some time (a few minutes if you are impatient, or a few hour if you want to be sure) and try again.
How can i upgrade a new unactivated phone?

Just put it in recovery mode, and it will automatically restore to the latest firmware. It might be safer to manually download and select the 1.1.1 firmware.
How should i upgrade or restore my phone?

To enter recovery mode, connect the phone to the computer and press and hold the Power button (on top) and the Home button (on bottom front) simultaneously. After about 15 seconds phone will appear to turn off, release the Power button but keep holding the Home button. After about 15 seconds the computer and iTunes will detect the phone in recovery mode, and you can perform a restore. IMPORTANT: If you just click the restore button, it will restore it with the latest firmware. It's much safer to manually select firmware instead. If you want to manually select a different firmware you can hold down SHIFT key (Windows) or Option/ALT-key (Mac) when clicking the Restore button, and it will let you choose firmware file. Download the wanted firmware here (you would normally want 1.1.1).
My phone is already unlocked - can i update to 1.1.1?

Not straight away! The old unlock software's (before anySIM 1.1, except iphonesimfree.com's software) had serious flaws, making the phone unusable in later firmware. Before you update your phone you will need to repair your phone by "virginizing" the phone (baseband) firmware. Below are the ultrasimple instructions
How to "Virginize" an unlocked phone before update to 1.1.1

Ignore all long and complex tutorials - I have set up a fully automatic script that will repair the phone so that you can upgrade it.
Set Settings → General → Auto Lock → Never
Make sure Modem firmware is 03.14.08_G. Check this in Settings → General → About.
Start Installer and update it if it asks. Tap on Sources, Edit, and Add http://i.unlock.no/ as a repository.
Make sure you have BSD Subsystem installed, if not, go to System category and install it.
Now, install The Virginizer found in the Unlocking Tools category. This will take about 10 minutes to complete.
How to "Virginize" if you already upgraded and have 04.01.13_G.

You would want to do this if you upgraded to 1.1.1, and now have 0049xxx IMEI, and Modem version 04.01.13_G. Check this in Settings → General → About.
Set Settings → General → Auto Lock → Never
Install BSD SubSystem found in System Category.
Go to Sources and tap edit and add http://i.unlock.no/ (if you haven't already).
Now install "The Virginizer" found in Unlocking Tools category. This will take almost 10 minutes.
When done, restore your phone to get 1.1.1 firmware reinstalled.
When phone have been restored, you can Activate and unlock as normal.
How do i downgrade a 1.1.2 phone.

Downgrade the main firmware:

Connect the phone to the computer and launch iTunes.
Restore your phone like explained in details here.
You will get an error when restore is complete, just ignore it and run AppTapInstaller.exe (to Mac users: iNdependence should do the same.
AppTapInstaller.exe will fail, but your phone will get to the Activation Screen now!
When on the activation screen, just follow my tutorial to jailbreak and bypass activation
Now your phone main firmware is ok, but to get the phone part working properly you should also downgrade your baseband firmware. At the moment this is NOT possible if your phone already had 1.1.2 when you bought it (meaning it has the new bootloader). If you accidentally upgraded your phone to 1.1.2 and want to go back to 1.0.2 or 1.1.1, read on.
Downgrade the baseband firmware:


Make sure Modem version is 04.02.13_G in Settings → General → About.
Set Settings → General → Auto Lock → Never
Start Installer and install BSD SubSystem found in System Category.
Go to Sources and tap edit and add http://i.unlock.no/
Now install "BB Downgrader (1.1.2)" found in Unlocking Tools category. This will take around 5 minutes.
When done, restore your phone to get 1.1.1 firmware reinstalled.
When phone have been restored, you can Activate and unlock as normal.
Can't find AnySIM - Unlocking Tools category is missing

Please follow the tutorial carefully - it will show up after you add my repository (http://i.unlock.no) and tap refresh.
YouTube is not working

If YouTube does not work ("You must first connect to iTunes..."), try to install YouTube activation which is found in the Unlocking tools-category after you have added my repository (see previous question)
Is the unlock permanent? Can i restore my phone or upgrade it?

This unlock method is based on a firmware patch, so everytime the baseband firmware is flashed, the unlock will not work anymore. You should be able to restore without loosing the unlock, and you should also be able to upgrade to future firmwares as long as the baseband firmware is not updated, but never perform a software update before you have specifically read that updating is safe.
Where can i find the iPhone firmware files?

1.0.0: iPhone1,1_1.0_1A543a_Restore.ipsw
1.0.1: iPhone1,1_1.0.1_1C25_Restore.ipsw
1.0.2: iPhone1,1_1.0.2_1C28_Restore.ipsw
1.1.1: iPhone1,1_1.1.1_3A109a_Restore.ipsw
1.1.2: iPhone1,1_1.1.2_3B48b_Restore.ipsw
Tips and tricks

Some of these tricks require computer skills. Don't ask me for help.
SMS recieved from internet is scrambled/not working?

For some ridiculous reason, Apple did not add real support for the SMS standard. The result is that SMS sent with a alphanumeric/non standard number will either not be recieved at all or the text will get scrambled as shown on the screenshot below. This bug may even damage the SMS database on your phone. It took Apple some time, but in 1.1.2 it's finally fixed, so we can just use the phone application from 1.1.2 on 1.1.1 (1.0.2 or older is not supported currently).
Thanks to saraf_suman for telling me that.
http://bildr.no/thumb/125691.jpeg

How to fix the SMS problem easily:

Open installer, and tap Sources, Edit and Add.
Type in http://i.unlock.no/ and Ok then Done.
Now tap on Install at the bottom and scroll down to the Unlocking Tools category
Install SMS Fix
When done installing, reboot your phone and it should work
Note: I have not throughly tested this, so there may be side effects i'm not aware of yet. But you can just uninstall the package to revert the changes. I only tested on 1.1.1.
Sometimes the phone displays the phone numbers instead of the names?

There's a bug in the iPhone software that will cause problems with detecting the numbers stored in your contacts, if iPhone is used outside the supported countries. I have set up a fully automatic fix for this (thanks to Dev team for patched files), that will fix this problem.

Start Installer and install the package called Phone # to name fix located in the Unlocking Tools category (i.unlock.no must be added as a Source to see this category).
Configuring EDGE settings (internet)?

If you have firmware 1.01 or later you can go to Settings → General → Network → EDGE to configure EDGE. Check your provider's website for settings.

Note for 1.1.1 users: For some reason v1.1.1 firmware will not save the settings after reboot. I have added a little fix, which is available in my repository for Installer.app: http://i.unlock.no/ - descriptions on adding my repository is here (step 1-4)
Changing phone number formating: (123) 456-7890

Formatting is stored in:
/System/Library/Frameworks/AddressBookUI.framework/ABPhoneFormats.plist Download this file from your phone. The file is stored in binary format, so you'll need to convert it to text. Now save this file and open it in a text editor. Change the formatting under us to look like you want (if you find your region in the file, just copy from your region to the us). There's probably some way to just make it use your language (instead of 'us'), but i don't know where you specify that. When you are done changing formatting, save the file and upload it to the iphone in same directory you found it. You don't need to convert i back to binary.
Update for 1.1.1 users: In previous versions locale settings did not apply to number formatting. I noticed that in 1.1.1 it does, so it's better to change the phone's locale configuration instead of changing the formatting manually. Install "Enable International Menu" found in the Unlocking Tools category.

Making the carrier name/logo fit without scrolling

Apple left a rather small space for operator name, so if it's above 7(?) characters, it will scroll, and display only first part (click picture at right). I found a way to decrease the font size, making it fit.

Load the following file in a Hex editor:
System/Library/CoreServices/SpringBoard.app/SpringBoard Font size should be at offset 7C176. In HxD, just click "Search → Goto" and set offset to 7C176 as shown in picture below. If the font size is not at this offset in your file, you can try a text string search for loopOperatorToBeginning, it should be right above that.

http://bildr.no/thumb/99603.jpeg http://bildr.no/thumb/98989.jpeg

As you can see, you can also change the font type, and color of the text. Default is size 14. Changing it to 11 or 12 should do.

Update: Here is a way to set a permanent carrier logo. I have created a few logos for norwegian users (screenshot below): Telenor, Netcom, Tele2, Chess, OneCall. Download here. Remember that you will need to change pictures manually if you switch carrier.
http://bildr.no/thumb/104802.jpeg
Disabling autocorrection when typing on keyboard

Read here until i write a more detailed way.
Adding international characters on the keyboard?

Read here until i write a more detailed way.
My comments about the iPhone unlocking solutions

I've been unlocking cell phones for more than 5 years, and even though i don't develope the solutions myself, i know pretty much how it works - and iPhone does not appear to be different from others, except for the fact that it needs activation in addition to unlocking.
There are two types of unlocking: "Firmware-patch" and "Direct unlock"

Firmware patch is simply patching the firmware in order to bypass the unlock. Phone is still "locked", firmware is just tricked into believing it's not. An example would be when phone startsup and runs code "if(phoneIsLocked == false) doStartphone();" - a patch would simply change "false" to "true", causing it to run doStatphone() even when it's locked. If firmware is upgraded/restored, this patch will of course be removed and were back to start again. This type is in the industry considered as a semi-unlock, and only accepted as a last resort if no other way is found (usually, it's just a temporary solution)

Direct-unlock is the real way of unlocking phones. Usually it involves just rebuilding the entire lockdata in EEPROM with "blank" unlocked data. Or the safest way is to get the phone itself to clear the data by making it unlock itself - which could be achieved by for example finding the unlock codes and feed it with them. This would leave absolutely no trace of "hacking" - it will be 100% correctly done, as intended by the manufacturer.

(SIM-cloning/Turbosim is not mentioned, because that's not considered unlocking.)
When a phone is unlocked (in a proper way), it will always be unlocked. Firmware upgrades never touches EEPROM, including lock data.

Here are my thought's on how iphone unlocking works - of course, it's just my thoughts based on my experience with other phones, and i may very well be wrong.
IPFS unlock solution is permanent, and will handle all future updates Yes, i'm fairly sure that a phone unlocked with IPFS is a proper unlock (not firmware patch), making it permanent. But of course, unlike other's, iphone needs activation and IPFS therefore completely dependent on activation, which is depending on jailbreak. But when it comes to the operator lock itself, IPFS's permanently unlocks it.

I'm not sure exactly how IPFS does unlock it, but i'm feeling very sure it's one of these:
1. IPFS reads data from the baseband/EEPROM, and rebuilds the lock area in EEPROM with proper data - without any lock. This is exactly the same done on almost all other phones.
2. IPFS patches the baseband, but only as a temporary step in order to achive the above. When it's finished, it doesn't matter if the patch is removed (bb upgraded), because phone is already unlocked.

AnySIM and the other solutions are fimware patch solutions and will never survive baseband flashing/upgrade. Unlike IPFS (if IPFS also patches firmware), AnySIM patches firmware in order to bypass the lock, not in order to unlock it - or at least it's not unlocking it properly. The fact that anysim unlocked phones are bricked after upgrading, must be caused by changes the anySIM solution does to EEPROM, which is not properly done, and makes it "corrupted" as seen from the new firmware.

In my opinion there's no reason to be so negative about IPFS. They did the real unlock and so far noone have been able to recreate their solution. So don't expect a free real solution for 1.1.1 appearing very soon either. A free patch-unlock though is probably already possible now that they have decrypted the ramdisk, i will try that tomorrow. Of course iphone dev team are doing the most important work, and let's hope they soon will be able to work out a direct unlock solution as well.

Feel free to correct me, i already mentioned this is just how i think it works.

0 comments

Make A Comment
top