Updated Guide now a pdf
http://www.freeiphoneunlock.com/pdf/iphoneunlock.pdf
Ok here is the simplest and cheapest guide to hardware unlock your iphone.
Things needed
You will need an iPhone (Jailbreaked +SSH enabled + Installed Binkit)
And 2 needles (to conduct the electricity) or use your imagination
And all the needed files - Files Needed
For jailbreaking and installing the ssh extensions see http://www.hacktheiphone.com
Ok here goes its simple!
Install winscp (get it here Winscp)
Extract Putty from the rar then put is somewhere on the desktop.
Install the hexedit from the folder Hexedit. (this was included in these files)
Make sure the binkit is on your iPhone. (if not it’s included in the rar)
Copy the files in the bin folder in rar to your iphone in the /bin folder
Now its time to open your iPhone (Use anything you can think of that would not scratch it a guitar pick is good but I used a knife which made a few scratches, but if you want to I am sure you will find something that wont scratch)
http://www.ifixit.com/Guide/iPhone/ is a great guide on how to open your iPhone!
Now open up the metal case right below the battery.
Now Startup your iphone (plug it into your computer)
Connect your iPhone to your wifi network, and set up a connection from your pc to the iphone with winscp.
If you don’t know how
- open WINSCP
- Select new.
TO GET YOUR IP OF YOUR IPHONE SIMPLY LOOK AT YOUR IPHONE CLICK ON SETTINGS GOTO Wi-FI > THEN UNDER YOUR CHOSEN NETWORK Click the little Blue Arrow (>)
This should Show your IP ADDRESS Under IP Address!
Now! Lets get started
- Enter the ip of your iphone into the host address field - username : root
- password : dottie
- File Protocol SCP
- save the settings and login
(ignore the errors ;-))
- Create a new folder “etc” in the folder /usr/local/etc or /etc
- Copy termcap from rar to this folder.
- Copy bbupdater from rar to /bin
- Goto the folder /system/library/launchdeamons and move the file commcenter.plist to your desktop (make sure the file is moved and
not copied. reboot the phone. (you can use putty to do this )
- start putty
- enter the ipaddress of your iphone in the hostname field, and click open.
- login with username : root and the pass : dottie
- type reboot
- disconnect and reconnect the phone. (it will automaticaly turn on)
- Start putty again and login.
- type : minicom -s
- select serial port setup and type : A.
- enter: /dev/tty.baseband Enter
- press esc
- select save setup as dfl
- when entering minicom type AT
- the modem should respond. OK
This is where you will touch your two points together using your needles! Only without soldering!
Or a clearer picture for those who are unsure !
The two points should be touching
There should not be any response… even wen you touch the needles again.
- Make sure the needles are not touching now.
- exit Minicom (CTRL A then X)
- type : bbupdater -v
- type minicom it should respond ok when entering the AT command.
- when this is the case. The needles where connected right 
Now time for more things! If you got this far WELL DONE!
Now…….. The rest NORDumper is located in the files you downloaded earlier!
- Copy the files from folder NORDumper from the rar to /usr/bin on your iphone using winscp
- in putty, go to this folder. type : cd /usr/bin type : ls you should see the nordumper file
- type : NORDumper dump.bin (this is case sensitive…)
- now you have to wait for about 10 to 20 mins. Wait till the dump is completed.
Now for the next step! To FREEDOM! (Quote from Gladiator)
- Copy the contents of the folder ieraser from the rar also to /usr/bin on your iphone using winscp.
- Start Cygnus Hex Editor. and open the file ICE03.14.08_G.fls. (included in the rar) (only for firmware 1.0.1 and 1.0.2 !!!!)
- Select the range from 000001A4-000009a4. In the taskbar the selection should show 1A4-9A4. (verry important !!)
- then goto menu edit–> select copy to file. name the file : secpack
- Upload this file to /usr/bin on the iphone.
- in putty type ieraser. (if it hangs try http://lpahome.com/ieraser.rar )
Getting closer!
- copy the dump.bin from /usr/bin to your PC using winscp.
- Open this file with Cygnus Hex Editor.
- Select the range 00020000-00304000
- In the taskbar it should show 20000-304000 (if not do the selection again)
- goto menu edit–> select copy to file. name the file : nor
- open this file with the hexeditor.
- Find the row 215148 and change 04 00 A0 E1 to 00 00 A0 E3
- save the file, and upload it to /usr/bin using winscp
Too close!
- copy the files in the folder iunlocker from ther rar to /usr/bin
- Touch YOUR NEEDLES TOGETHER HERE! (Touching where they should)
- with putty goto /usr/bin and type iunlocker
- when the program halts. Remove your needles and press a character on your keyboard followed by Enter.
- you will see a lot of numbers running on your screen. This also takes a while…
- after it’s done type : bbupdater -v
- it should show : xgendata and some more text i can’t remember..
Last steps to total FREEDOM!
- start minicom again.
- type AT+CLCK=”PN”,0,”00000000″
- type AT+CLCK=”PN”,2 this should respond in a 0 .
- Congrats !!!! youre phone is now simlockfree.
- now copy back the commcenter.plist file (don’t forget)
WELL DONE!
- Now put your phone back together and insert your chosen simcard
- Turn on the phone
The new simcard will not be accepted yet.
Now activate your Iphone
You could update the phone with itunes to 1.0.2.
After that you could use iactivator to jailbreak and to generete the keys and activate the phone.
ALSO ID LOVE SOMEONE TO SEND A MAC GUIDE and I will add it
Sorry if I missed something out! Im really tired and will go over this in the morning to be 100% correct
Thanks
HaRRo
August 26th, 2007 at 3:24 am
Well done!!
August 26th, 2007 at 4:01 am
Great job putting all this together, Thanks!!
August 26th, 2007 at 9:46 pm
Great walk-through! I was able to unlock my iPhone in 2 hours with this. Now connected to tMobile in the US. Thanks!
Note: people may need to “chmod +x NORDumper”, iErase, and iUnlock in SSH. I did.
August 26th, 2007 at 11:58 pm
[…] Unlock your iphone easy hardware unlock! […]
August 27th, 2007 at 6:37 am
Great job , Thanks!!
August 27th, 2007 at 7:05 am
kdub.,buddy thanks to your call.need one iphone to test.nice work.!
August 27th, 2007 at 7:09 am
[…] http://steve-jobs.com/iphone/iphone-…er-method.html (No Ratings Yet) Loading … […]
August 27th, 2007 at 7:19 am
I lost my WIFI in the process anyone got a clue?
August 27th, 2007 at 10:23 am
Hi There!!
I find this much easier to follow than Geohot’s explanation, thank you very much.
A question about this method, does this just allow you to “use” any sim, or does it actually “unlock” it, as in the EDGE settings appear like engadget’s supposed unlocked iPhone?
And can this be un-done if we choose so?
August 27th, 2007 at 10:40 am
shot bro nice work. Now i just have to find my nuts so I can try it.
August 27th, 2007 at 10:51 am
Nice, I will definetly try this one out as soon as I get my iPhone (ordered yesterday)
August 27th, 2007 at 3:47 pm
[…] first is about iphone hardware unlock. It’s a more easier hardware unlock than GeoHot’s version, even if it’s actually based on the […]
August 27th, 2007 at 4:10 pm
Hi,
can someone help me please? I don´t manage to move or delete the CommCenter.plist file. WinSCP doesn´t let me do it. Do you have any idea how can I do it?
August 27th, 2007 at 5:13 pm
[…] Simplified iPhone Hardware Unlock Procedure Posted by Adam Geitgey on Monday, August 27th, 2007 […]
August 27th, 2007 at 7:20 pm
good summary. at the end you can read “After that you could use iActivator to jailbreak and to generete the keys and activate the phone’… regretfully, iActivator nor INdependance, aren’t on win32 yet… should be great that nate or ziel could put hands on it, because DevTeam Operator are very close to achieve win32 version, but jailbreak process failed. Great Job again !
August 27th, 2007 at 8:40 pm
Reboot and minicom commands not working in PuTTy, any help?
August 27th, 2007 at 11:46 pm
hey tnx a lot man!! i did it with the needles
or at least with one..i just had one for the fucking tiny line..i used a nail on the other end ;)… probably the 2nd iphone unlocked in switzerland..
August 27th, 2007 at 11:51 pm
Getting the same problem, Reboot and minicom commands not working in PuTTy
August 27th, 2007 at 11:59 pm
minicom and reboot are usually in the binkit, make sure you have all the binkit files installed, you can use iBrickr to do all this automatically.
August 28th, 2007 at 12:06 am
if i use ibricker it will do anything autmatically?
August 28th, 2007 at 12:07 am
“- disconnect and reconnect the phone. (it will automaticaly turn on)”
does this mean unplug it from the PC (as in disconnect the USB cable, and then plug it back in)?
Thanks
August 28th, 2007 at 12:19 am
-sh-3.2# reboot: command not found
whats worng?
August 28th, 2007 at 12:20 am
meaning you didnt install reboot in the binkit ! Manually restart the phone, slide to turn off would work
August 28th, 2007 at 12:29 am
how can I install that where do I find this file/bin? please need help crisis@gmx.net
August 28th, 2007 at 12:30 am
add me on msn messenger
August 28th, 2007 at 2:56 am
cant manage the minicom -s help plz
August 28th, 2007 at 4:22 am
I keep getting a message Please Connect to the testpoint when running iunlocker… are my needles wrong??? they worked on the begining of the process.
August 28th, 2007 at 5:17 am
Hi,
Nice work!
I have a problem. I´m trying to send the comand ieraser but I got an error that say’s:
Got Header: 77 0b cc
Zsh: bus error ieraser
Some people in the hackintosh forum have the same problem and in the irc channel too, without answers.
Could you give us an some hope?? It~s possible that the *Ice.fls has a different version for my modem?
Thanks
August 28th, 2007 at 7:30 am
Need some help here:: I am on the step where i have connected the pins (1st time); then entered: bbupdate -v (in putty)..
I get this error: /bin/bbupdater: Permission denied
Does this mean that my pin connection didn;t work? And do i need to start over from rebooting the phone?
August 28th, 2007 at 8:01 am
Hi
I`d installed the binkitt
then I reboot but only the Apple logo appears…phone doesn`t start again
ok…shit …i think i have to push the buttons 30 seconds and i have to connect to Itunes and do all the ssh things again.
But..grrr….ITunes can`t restore my phone….
After the dmg files where downloaded in iTunes an error occures and it says can´t download the files….I tried several times…
I can`t get my phone back to work…AHHHHHH……
Any Idea???
thanks….
August 28th, 2007 at 8:03 am
any tutuorials for Mac users? Thanks a bunch.
August 28th, 2007 at 8:17 am
I got IT!! You need to change the permissions of the files to 755. Honest mistake.
August 28th, 2007 at 8:49 am
Hey bro, you said
ICE03.14.08_G.fls. (included in the rar) (only for firmware 1.0.1 and 1.0.2 !!!!)
and I got 1.0 any tips?
Thanks
August 28th, 2007 at 9:28 am
More errors??
When I type in ieraser; i get this:
Bus error
What am i doing wrong?
August 28th, 2007 at 11:33 am
[…] guy from Switzerland, who performed it successfully and has it working in the Orange network. [Steve Jobs Blog via iPhone in Switzerland - Thanks […]
August 28th, 2007 at 12:14 pm
[…] [Steve Jobs Blog via iPhone in Switzerland - Thanks Fabien] […]
August 28th, 2007 at 12:51 pm
sound pretty easy!
August 28th, 2007 at 3:15 pm
[…] Source: Steve-Jobs […]
August 28th, 2007 at 3:24 pm
Now figure out how to get push email functioning
Great hack.
August 28th, 2007 at 3:51 pm
[…] también permitiría que sea casi imposible que AT&T baje este software, como ha pasado con el tutorial de HaRRo. A ver si cumplen, y este miercoles a las 12:00 tenemos un desbloquear de iPhone, gratis y […]
August 28th, 2007 at 5:42 pm
[…] interface. There are no real details other than how they claim that anyone could do it. Next, is another hardware method that require zero soldering whatsoever. All one needs apparently are a couple of needles to conduct electricity, and some guts of […]
August 28th, 2007 at 8:55 pm
I need help ASAP whikle im doing the hardware unlock ..my phone lost WIFI and now it won’t pick any wifi up after touch the 2 point.. Please help..!!!!!!
Thanks
August 28th, 2007 at 9:31 pm
Hi,
i made all the Steps and got the Final 0 from the AT+CLCK Command.
But when I insert an other Sim-Card i can Enter the PIN-Code and
i got the Error “Sim Incorrect” - Activate Iphone.
I can use all the other Funtions, Ipod, Calender etc. but no Phone.
What is the Final Step to use antoher Sim-Card?
Please let me know a Way with Windows!
Regards Laureon
August 28th, 2007 at 10:45 pm
Hello,
I still have ICCID Mismatch after activation….!!!!
Any Idea????
THX
August 29th, 2007 at 12:35 am
[…] guy from Switzerland, who performed it successfully and has it working in the Orange network. [Steve Jobs Blog via iPhone in Switzerland - Thanks […]
August 29th, 2007 at 1:58 am
has anyone confirmed this works?
August 29th, 2007 at 4:09 am
Potty is crashing when i try to enter the first minicom -s command, any ideas?
August 29th, 2007 at 4:45 am
if you got an error that say’s:
———————————
Got Header: 77 0b cc
Zsh: bus error ieraser
———————————-
just restart your iPhone, and try again.
August 29th, 2007 at 3:32 pm
Hi, this great but i can not down load your files in your link. Could you please help me get the files at http://rs107.rapidshare.com/files/51207171/Geohack.rar
Thanks a lot
KhanhNam John
August 29th, 2007 at 4:00 pm
OK, I got now and that start
August 29th, 2007 at 6:40 pm
[…] stadig skille sin elskede iPhone ad, og det er jeg i hvert fald lidt tilbageholden med. Læs guiden her. (tak til […]
August 30th, 2007 at 2:10 am
Successfully unlocked iPhone in Hungary / Vodafone, thank you for nice how-to
August 30th, 2007 at 2:14 am
BTW, here is something strange with WiFi, my unlocked phone see only few access points but my another brand new iPhone can see much more access points in the same time and in the same place.
August 30th, 2007 at 7:18 am
Can anyone who successfully unlocked their iphone using hardware bootleg hack, pls post their dmg image online? Would restore of this dmg on new iphone unlock the new iphone?
August 30th, 2007 at 9:49 am
Hi Guys, I’m stuck on the very last step: when I restart minicom to issue the AT+CLCK command, minicom appears very slow and hardly accepts any input. Pressing keys repeatedly eventually yields the correct command but with no response from the modem. After a reboot I lost all WiFi connectivity to the iPhone . Any ideas?
August 30th, 2007 at 1:00 pm
please send me how can i touch this two points together with picture clearly
icant undrestant
Thanks !
Kane
August 30th, 2007 at 1:05 pm
Can someone post better pictures for the two points, Im having trouble finding exactly where they are
August 30th, 2007 at 6:32 pm
Works in Argentina, with CTI Movil and Personal. Good job guys!!!!!!
August 30th, 2007 at 6:43 pm
hello there, I got mines unlocked just fine, but what happens is, that when I turn it on, I get no warnings about the SIM. I took the SIM out and it doesnt eaven care. I put in a ORANGE SIM and it will not do anything.
Can Someone Help Please.
Thank you
August 30th, 2007 at 7:19 pm
Pls, help me. When i run minicom recieve the error msj “No termcap database present!” and the file “termcap” allready is in the usr/local/etc
Tks
August 30th, 2007 at 9:54 pm
Hi guys,
I did everything and it worked, except that I can’t receive calls. only outgoing calls, sms in/out, EDGE are working. when some one call me they get busy signals, and I don’t get any thing, however, If I’m on a call it rings once and stops showing me who called, yet they still get busy signals. the call forwarding is off by the way.
Any body’s having the same problem? Any solutions out there?
TIA
August 31st, 2007 at 2:51 am
Basel did u on the setting show my number or ID on the network? Cuz i had that problem with other phones when i do not show my number. Pple could call me but i couldn’t call out.
August 31st, 2007 at 6:44 am
i unlocked my phone fine. have 1.02 and did a restore and now will not accept new sim. WHAT TO DO PLEASE.
August 31st, 2007 at 7:44 am
Hi Angeleyes,
Just put “termcap” to “/usr/ect”
Cheers,
T.N
August 31st, 2007 at 7:48 am
Or just “/etc”
August 31st, 2007 at 8:10 am
outgoing calls works but incoming won’t, as if when somebody calls me I hit “end” before it even rings, so they get busy signals!
August 31st, 2007 at 10:58 am
Done it works in Argentina Tks!
August 31st, 2007 at 2:20 pm
can someone please confirm if the SIM card required to use with this unlock is a TURBO SIM or regular sized SIM?
August 31st, 2007 at 6:04 pm
I keep getting this :
2# ieraser
Resetting the Baseband…Done
Opened: /dev/tty.baseband
iEraser: tool by geohot
thanks to gray and the dev team for the implementation
thanks to nightwatch for the awesome toolchain
and thanks to anonymous, iProof, lazyc0der, and dinopio for the idea for this cool trick
this tool erases your main fw, starting at 0×20000. you need this for the testpoint to work
you need a file called secpack matching your current firmware version in this folder
see http://iphonejtag.blogspot.com for instructions on finding this file
Waiting for data…
Got Header: 77 0b cc
Bus error
and then the erro you see above can anyone help please thank you. ps
i try restarting my iphone and still it did not work!!!
to the person asking a about if you need a turbp sim no you do not once your done you GOOD TO GOOOOOO!
August 31st, 2007 at 6:12 pm
Hea Nati so where did you put the ieraser files and the secpack file???
and when you got the error you just reboot and then it work???
ps can i get you secpack and nor ???? thank you
August 31st, 2007 at 7:11 pm
Does this unlock process resist a Restore or Upgrade? Tks a lot!!!!!
August 31st, 2007 at 10:31 pm
I got to the point where im running iunlocker ad it has stopped at DOWNLOADED: 2E0300. is this a problem with the code or do I have to keep waiting. This is the secod time it has stuck at this point and last time we thought we lost the wireless signal. I’ve been at this for over 13 hours already and I’m not having any luck. the DOWNLOADED: 2E0300 has been stuck for 30 mins
September 1st, 2007 at 1:23 am
Hi, I only want to thank for all of the efforts to make a great and usable guide!
I’m Italian, with no experience with soldering or electronic, but a friend helped me for this. The rest is was a lilltle bit tricky, I’ve made the process 3 times to make it work, but unless all the people (HaRRo included) I wouldn’t be here today with a full working iPhone in Venice with the “I TIM” sign on it.
Thanks!
September 1st, 2007 at 3:24 pm
Need to unlock my first i-phone, need to know if we can kill a i-phone with this solution or not??
How many times take this process to unlock iphone
Thanks a lot
BR
September 1st, 2007 at 3:36 pm
hello harro
could you add me on MSN please
jerome.tosello@wanadoo.fr
thanks a lot BRO
BR
September 1st, 2007 at 6:14 pm
Done! It’s work in Vietnam!
September 1st, 2007 at 7:56 pm
[…] Ca se passe sur le site Steve-jobs.com (gonflé les mecs
) […]
September 1st, 2007 at 11:07 pm
please help
I stack at AT+CLCK=”PN”,0,”00000000″
Error
AT+CLCK=”PN”,2
CLCK = 1
please help me …
September 2nd, 2007 at 1:09 am
Hi,
I went through all the steps and i got a response of 0, but when i put in my t-mobile sim card, it says no service, but my phone makes a noise and my phone button has a red dot by it. I select that and its shows that i have voicemail, but i still cant connect to it or make phone calls. Wuts going on? Please help me. Thanks
September 2nd, 2007 at 4:57 am
It works fine! My iPhone is unlocked!
September 2nd, 2007 at 11:33 am
I get all the way dump.bin but the 215148 to 21514b contains 03 00 80 e2 not what I expected. I did it 3 times. Any ideas? I also noticed that I am on rev 1.0
September 2nd, 2007 at 11:37 am
I get all the way to Nordump, move the dump file into the hex editor, do the extraction and then go to make the mod buet 215148 to 21514b contains 03 00 80 e2 not what is in the pst. I did it three times any ideas? ( I reposted because I mispspelled my email address
September 2nd, 2007 at 12:00 pm
[…] Allons bon. On connaissait le faux blog de Steve Jobs, le grand patron d’Apple. Mais on aurait pas forcément pensé que les petits rigolos qui l’on créé et le mettent à jour régulièrement, à coup de bluff et d’ironie pinçante, aurait eu le toupet monstrueux… D’écrire un billet sous sa plume expliquant comment débloquer l’iPhone. […]
September 2nd, 2007 at 12:22 pm
En joy France ! The IPhone will be ordered unlocked !
Seb
September 2nd, 2007 at 3:21 pm
K solved my own problem, had 1.0 with old baseband code, did I tunes, had to hard reset by holding the two buttons, then reload, lost all the hacks, started over got to
dump.bin, now the 215148 to 21514b is correct. On we go
September 2nd, 2007 at 4:27 pm
[…] L’iPhone est enfin débloqué de façon logicielle. Via Clubic. Encore plus facile sans soudure. […]
September 3rd, 2007 at 6:24 am
can i get some help… i cant get putty to run… its close out after 3 letter…. anyone knoe why?
September 3rd, 2007 at 1:16 pm
[…] niedawno przez grup? ameryka?skich studentów i wylansowany przez blogi bran?owe mechaniczny sposób odblokowania iPhone’a znalaz? wielu […]
September 3rd, 2007 at 8:33 pm
I live in Mexico and I want to buy an iPhone but anyone could tell me how to get an iPhone without the need to pay for AT&T services and not to have to sign a contract with them?.
September 3rd, 2007 at 11:29 pm
Was following your instructions to the letter but when I use putty I can login ok but then the connection is lost as soon as I try an type a command, it seems to be after typing the third character on the prompt. Any Ideas ?
September 4th, 2007 at 3:33 am
Followed the instructions but when I try and putty to iphone, although I can login ok, putty terminates after I type in three characters. Any ideas folks.
September 4th, 2007 at 12:27 pm
Someone knows whats could happend if i run a Restore or Upgrade after the Unlock? would come locked again? Tks from Argentina!
September 4th, 2007 at 8:15 pm
Degsie i had the same problem i reinstaled Minicom and it worked
September 5th, 2007 at 3:19 pm
will this hack work with SPRINT??? I really want one of these phones
September 5th, 2007 at 4:23 pm
hi do u have the guide for mac users? im using a power book tiger os 10.4. thanks
September 6th, 2007 at 1:46 am
Can I still unlock my iphone using the hardware method if my iphone is already updated to 1.0.2?
September 6th, 2007 at 3:53 am
[…] i found an iphone hack you can try via the steve-jobs.com website. its a slightly techie, but reportedly works. have […]
September 6th, 2007 at 6:56 am
It works fine! the iPhone is unlocked! MOVISTAR PANAMA!!!
September 10th, 2007 at 3:05 pm
Hi. I did the described procedures in the PDF file and it does indeed unlock the iPhone. My friend is happily using the iPhone in Singapore. He restored his iPhone after some software he installed gave him problems (I don’t know which). After the restore, his SIM card did not work and he had to follow the same procedure again to unlock his phone.
Is this normal? I might also get an iPhone, but if the procedure had to be followed for every restore (or upgrade), I might want to look for an alternative unlocking method.