Tutorial:Unlock iPhone 3G with TurboSim

From The iPhone Wiki
Revision as of 17:42, 9 August 2008 by Caique2001 (talk | contribs) (added warning)
Jump to: navigation, search

By following these instructions, you acknowledge your responsibility for any damage you cause to your device, and you recognize that you may void your iPhone's warranty.

This article is a step by step instruction to use a net-locked iPhone-3G with a different provider.

The dev team states on their blog that the SIM hacks they examined send illegal signals. <!-- The unlock method here uses zero-g which has been published by Zf, member of dev team, so it can be considered not to cause illegal actions. -->

Update / Warning:

ZeroG, was not intended to do trickery to your cellular network. But due to the way the iPhone's 2.x baseband firmware handles the login, actually it does. Short overview: ZeroG starts up the SIM replacing MCC / MNC with test IMSI codes, leaving the MSIN untouched. Then it restarts the SIM giving the correct IMSI afterwards. Unfortunately the iPhone asks the SIM exactly one time for the IMSI, it doesn't care about the restart. So effectively the login into the cellular network is done in test IMSI mode. Now it is up to your provider, how it handles such requests. For normal logins (no turboSIM) the login request is processed by your provider. In the roaming case your login request is routed from the guest provider to your provider. There is no provider for 'test' MCC / MCN. Your provider has to recognize this upon login (This implies you have to manually select cellular network right from the start.) If your provider accepts the test IMSI code and does authentication with your MSIN (this implies, (real) roaming is not possible, as only _your_ provider can process MSIN correctly), everything could be fine. You don't spoof your identity, there should also be no billing problems. But if you try this method, have successfully installed ZeroG.trb and do _not_ gain access, probably your provider does not accept test IMSI mode. In this case better do not retry as you might risk your IMSI beeing blacklisted.


Swisscom -> O2 Germany

Motivation

Everyone who dislikes pink T's, over-priced unlocked iPhones and likes investigating exciting techniques ... (a.s.o.)

Prerequisites

You need:

  • your jailbroken iPhone-3G with openssh installed (from cydia) and WLAN connection to your PC
  • Bladox' turboSim
  • putty, winscp (or equivalent mac proggies)
  • turboSim programming sw [download]
  • turboSim app zero-g [download]

Installation

1. Put your official provider card (prepaid) together with turboSim into the sim card slot of your iPhone-3G. Google a little bit how to do this. IMHO it's a good idea to (TESA-)tape turboSim and SIM-card together (on upper surface, tape needs to clasp around the chip to the connection's side of the card, so there is no tape edge on the surface in direction of tension), otherwise your SIM can get stuck in your phone and you have to open it.

2. unpack turbo-cable-utils and use WinScp to copy the contents of bin-iphonev2 to folder /bin/ on your iphone (username: root, password: alpine)

Winscp turbo-utils.png

3. connect with putty to your iPhone (user root, pass alpine) (btw, changing your password is a good idea: passwd)

4. change permissions

chmod 755 /bin/turbo-*

5. run turbo-info

iPhone:~ root# turbo-info
initializing modem
modem initiated
Kernel Version 1.2.7.0
Serial Number <...>
OK. No Error

If this does not end with "ok" you have connection problems: (also try putting it in flight mode and enable only wifi)

localhost:~ root# turbo-info
initializing modem
AT+CPMS="SM","SM"
ERROR
AT+CPMS?
ERROR
modem initiated
Mobile Phone/Serial Cable Communication Error

Check your turboSim-Sim-pack, sometimes there are some bumps from the cutting process which need to be removed. If all electrical contacts work well, this error will vanish.

6. use WinScp to copy unpacked zero-g-trb to folder /private/var/root

File:Winscp zerog.png

7. run turbo-reset and then turbo-app to programme your turboSim

iPhone:~ root# turbo-app zerog095.trb
SRC zerog095.trb
SIZE 1023
initializing modem
modem initiated
OK. No Error

You now should see zero-g sim app in settings -> phone -> sim applications (ignore the carrier, I took screen shots later on)

Ip simapp.png

Ip zerog.png

9. Remove official card + turboSim and replace it with your contract card + turboSim, turbo-info should end with okay

10. reboot / switch on/off phone

I have to type in my SIM-Pin first

File:Ip unlocksim.png

then: no service, okay...

Ip noservice.png

10. commit green button of zero-g application, which appears after some seconds

Ip zerog2.png

11. Some timing problems? Lost carrier? Just closing...

File:Ip noservice2.png

'cos it works at the end...

Ip unlocked.png


2G data settings

  • roaming must be enabled
  • make sure APN settings are correct (if APN options don't show up, just install a configuration file created with Apple's 'Web Configuration Utility' (Mac / Windoze) (In Windoze you can reach it with http://localhost:3000 ). Send this file to yourself and open it with the mail client.
  • in BossPref (if you don't use it, don't care) 'edge' should be left enabled, even if network does not provide it (seems the BossPref option is a little bit misleading and 'edge' actually means 'GPRS/edge')

3G-SIM / USIM

It works with (some?) USIMs (blau.de Germany) as well. 3G must no be activated on the iPhone. Once 3G is activated, it stops working, even if it is deactivated afterwards. To revive such SIM, put it in a non UMTS capable phone (did it together with turboSIM), check phone and GPRS functions and then this USIM will work again on the iPhone-3G. The SIM application (zero-g) was not visible, but it worked though. If GPRS does not work after a while (3 minutes or so), reboot your phone and try again.

GPRS-'Fix'

Today GPRS stopped working for me. Seems to be there are some 'states', stored on the SIM. This fixed the issue:

  • removed SIM+TSim
  • put SIM (without TSim) into non UMTS, but GPRS/edge mobile
  • checked GPRS
  • repacked Sim+TSim and put it back to the iPhone

Voilà, here we go :-) GPRS for another few days :-)

Tho' this might really not be the ultimate solution, I could hardly switch back to my old XDA Orbit. But XDA is a good device to revive the TSim solution... For that, I still love it a litte bit ;-)


Stuck in No Signal after a period

Randomly you can get stuck in a bad No Signal. To correct that:

  • remove SIM+TSim
  • put SIM (without TSim) into non 3G phone
  • Manually select your provider (desired to unlock) network
  • repack Sim+TSim and put it back to the iPhone

Here we go again, unlock iphone for a few days more also.

Status

Locked (Official)
Provider
Unlocked Provider SIM type calls SMS 2G data 3G data
Swisscom Blau.de Germany 3G yes yes yes no
Swisscom O2 Germany 2G, V?
(1996)
yes yes ? -
Swisscom O2 Germany 3G yes yes yes no
AT&T Turkcell 2G yes yes yes -
AT&T (US) TIM Brazil 2G yes yes yes -
...
...
ATNT mYiPhone uk 3G yes incoming unknown n.a.

Remarks

  • Could be, you could do the programming with your contract card too, so you don't have to massacre your official provider card. I didn't, because incidentally my official card was the first not to have contact issues. So I don't know, at the end.
  • Important is you get zero-g into your turboSim. So you could also try with a first gen iphone, probably this needs the other version of turbo-cable-utils (bin-iphonev1)
  • If you get ERROR: Not Enough RAM run turbo-rm-apps