Cracker's iPhone Needle Unlock Guide

Guide Updates will be suspended until next week. If you have not started the HW unlock already I suggest you wait until next week - Cracker

Huge thanks to my baby who, without her help I would not have gotten this far let alone written this guide. She pressed my enter!


HUGE ASS DISCLAIMER
By following this guide you do so at your own risk. I nor anyone else are responsible if you brick your phone or worse. This should only be attempted by people who are familiar with circuitry and who want to RISK bricking their phone, scratching their phone or even personal injury. You have Been Warned!
People have been known to blow up their battery, scratch the crap out of their phone, Fully brick their phone, hurt themselves, hurt others. Also the laws on unlocking are different in every country.
Do not even try to attempt this if you are not confident, static electricity and improper opening can damage for your phone forever.
You have Been Warned!

Thanks to http://steve-jobs.com and Francisco who this guide is based on and also the guy who made the needle method. Geohot, all the people who wrote guides and made this stuff happen. Also Sam & The Dev Team.

Even though we are using the guide written from the above link, this guide is totally different in many regards. So do not use the other guides along with this one. Use one or the other or you will mess up.

Mac & PC Guides

Download the Alpha Guide Package with Tools. Has the latest version of this guide + All files you will need. http:///*no NORdump or parts may be ... copyright! */

THINGS TO KNOW - READ BEFORE PROCEEDING

[COLOR="red"]- NEW: DO NOT UPGRADE TO ITUNES 7.4 UNLESS YOU KNOW WHAT YOUR DOING. MORE INFO TO COME SOON.

- I need a cheap iphone to use as a guinea pig for testing. Way too many errors people are getting, I wanna risk a phone to help everyone.

- You may lose a wifi connection to the iphone. Make sure you have a command line tool installed on your iphone.

- If you don't restore to 1.0.2 and upgrade later you can UNDO your whole Unlocking process. MAKE SURE YOU RESTORE TO 1.0.2 BEFORE ATTEMPTING THIS GUIDE. DO NOT UPDATE TO ANY FUTURE VERSIONS JUST IN CASE.

- The Test point can be found here: http://steve-jobs.com/wp-content/upl.../08/realtp.jpg

- To make the needles get 2 fine tip needles and solder a wire at the end of both. A picture can be found here: http://steve-jobs.com/wp-content/upl.../08/tools1.jpg

- Nordumper, Secpac and a few other steps do not need to be done because Francisco modified the files for you.

- I can confirm that my IMEI Number has not changed using the packaged files. It is safe. No need to use Nordumper and no need to use hex edit etc. If it turns out to be false I will post up ASAP. Someone else confirm please!


- ANY Problems or anything I have missed just let me know and it will be added.


Preliminary Steps:
• Have the system restored with 1.02. Have it brand new restored in order to avoid halting on Waiting for Data (ieraser): Very important if you get the bus error later.

• Open your iPhone - A great Video of opening your iPhone can be found here: http://www.youtube.com/watch?v=X1z0pw2VK7M. Do not unscrew anything besides the first 3 screws on the bottom of the case. Don't take the battery out, don't unscrew the logic board. Do take off the metal shielding and do leave the orange headphone cable connected.

• To install the required apps and to jailbreak you need to make sure the headphone/switch cable is left plugged in. You can disconnect it after. The Headphone switch/cable is the orange cord that is the only thing still connected once you open your iphone. Leave it in.

Lets Start

• Connect your iPhone via USB Cable to your computer

• Ignore and shut down iTunes

MAC: The following tasks involve using iNdependence. (http://tinyurl.com/2sr3ag)
PC: The following tasks involve using iBrickr (http://ibrickr.com/downloads/ibrickr_v0.8.zip)

• Jailbreak your iPhone using iNdependence or Brickr
• Activate your iPhone using iNdependence or Brickr (or Iasign for PC)
• Install SSH using iNdependence or Brickr

Install the BSD Subsystem

PC: Use ibrickr (If ibrickr is not supported let me know.)

MAC: Install "Installer.app" by using AppTapp. http://www.nullriver.com/~zigzag/AppTappInstaller.zip

• Your phone will soft reset and you should have "Installer" on your menu.

• Make sure you have your wireless connection set up. Take note of the ip.

• Open Installer and select the BSD Subsystem and click install.

• The files will download, unpack and install. Give it time.

PC+MAC:

• Now we want to copy the files from the "Archive2.zip" /*no NORdump or parts may be redistributed -> copyright! */ to your iPhone.

• Unzip the archive on your desktop.

Use an SFTP client

Mac: I used fetch http://fetchsoftworks.com/Fetch5.dmg) to connect to your iPhone. - Some people are having problems with fetch. I will investigate and update soon.
PC: Use WinSCP http://winscp.net/eng/download.php

• Make a new connection using your iphones ip and the login: root and pass: dottie (All lowercase)

• Specify the path as /usr/bin

• If you can't directly connect to the /usr/bin directory try locate it in your Sftp client.

• Copy (drag from your computer to ipod dir screen) the files across and specify that they are all 0755 permissions.

SSH Connection:

MAC: Open Terminal (on mac) and type in: "ssh -l root xxx.xxx.xxx.xxx" (The xxx's are your iphones ip address - dont type the "")

PC: Open Putty and type in your ip of your iphone and hit connect. (http://the.earth.li/~sgtatham/putty/.../x86/putty.exe)
PC: You will be asked for a login: root and a password dottie

MAC: You should be asked for a password, enter dottie

MAC: Now at the prompt type launchctl unload -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist NOTE if this didn't work, just do the PC method directly below.

PC : This bit didnt work for me, the unload of the commcenter so I went into my SFTP client, navigated to the LaunchDaemons directory and just copied the commcenter file to my desktop, then deleted it from the iphone

• Type mkdir -p /usr/local/etc and hit enter.

• Your folder to save minicom data is now prepared.

• Type in: minicom -s and hit enter

• Navigate with the arrow keys down to Change serial and press enter

• Press A

• Press delete until all you are left with is /dev/

• Type in tty.baseband (it should now look like /dev/tty.baseband)

• Press Enter

• Press ESC

• Navigate to Save as DFL and hit enter. It will save.

• Navigate down to exit and hit Enter

• Type in AT and hit enter. You should see it say OK.

• Hold Control and press A. Let go of the buttons and Then press X. It will ask if you wish to exit. Hit enter.

iEraser Time:

• Type in cd /usr/bin and hit Enter

• Type in ieraser and hit enter. It should complete after a little while. (If this halts you didn't restore your iphone at the start!) Also if it gives an error try this version of ieraser http://lpahome.com/ieraser2.zip

• Type in iunlocker BUT DONT PRESS ENTER YET. (This is where you NEED 2 people. Get them to hit enter when YOU are ready with the needles. Let them tell you the screen data)

• Connect your needles to the "test point" and get someone else to press enter for you. (The test point is on the above link at steve jobs.com. I will add this soon.) If it doesn't work it more than likely means the points are not touching correctly.

• Hold it until the program halts. Then Let go.

• Type A and hit enter.

• You will now see a dump screen. This will take a few minutes to complete.

• After it is complete type in bbupdater -v and hit enter

• It should show : xgendata and some more text

• Type minicom and hit enter

• Type AT+CLCK=”PN”,0,”00000000″ and hit enter
• Type AT+CLCK=”PN”,2 and hit enter

• This should respond in a 0 . 


The iphone has now been hardware unlocked

• If you could not get the unload of commcenter done before you need to copy it back to your iphone using your sftp client.

PC: Make sure you copy it back to the /System/Library/LaunchDaemons folder. (DO THIS FOR MAC ONLY IF THE UNLOAD COMMAND DID NOT WORK ABOVE IN THE GUIDE)

• Exit your SFTP Client if you had to open it

• Now put your phone back together and insert your chosen simcard

• Turn on the phone 
- The new simcard will not be accepted yet.

• You may see an ICCID Mismatch or error. This is Fine, it just means we haven't activated your sim with this phone yet.

Mac: Run iNdependence once more
PC: Run iAsign or brickr (Need confirmation about activating in windows, easiest method please)

• Jailbreak your iphone if it isn't already

• Generate a new activation plist.

• Activate your iphone

• You will feel awesome!•

If you succeeded click me a thumbs up for my rep. I am looking to get a cheap iphone for testing. If anyone can help me out or donate towards it that would be awesome. PM me.

Common Questions and Problems
Click Here: http://hackint0sh.org/forum/showpost...74&postcount=4 or Scroll down.

It seems a heap of people after unlocking their phone can help but there are even more who just leave the rest to it. I will continue to help.

Thanks guys

Oh!! Thanks!.

Where to get iNdependence?

Great tutorial wish you did it yesterday.
I did the hack last night but I had to translate the PC one for mac, as I am on a PowerPC Powerbook. Unfortunately I have scrapped the case a bit (man that thing is a bast@$d to get apart). I am still very happy to have one of the first fully unlocked iPhones.

Incidentally I am in the UK and my iPhone is very happy on Orange!

Many thanks to all at the Dev Team, geohot and everyone who has contributed. I am now a very happy bloke!

Common Questions and Problems

"But how I suppose to Copy the Commcenter back to /System/Library/LaunchDaemons folder ?????"

You need to use a SFTP to copy it back. This is only if the unload command did not work. I will post pictures soon.


"Don't use the nor file from the ********** package, you'll change your IMEI number and this is not legal. Extract your own and unique nor dump from your iphone"

I can confirm my IMEI number is the same after using the new package.

"minicom: WARNING: configuration file not found, using defaults
minicom: cannot open /dev/modem: No such file or directory"

You missed the step about setting the minicom -s. You need to change the /dev/modem to /dev/tty.baseband. Its in the guide.

"One question: After you press Enter how long do you need to maintain contact with the test points before success? approximately..."

You need to hold them until the screen halts. You should do it with 2 people so you can just focus on holding them in place and let the other person tell you when it stops.

"i get this error:

Got Header: 77 0b cc
zsh: bus error ieraser"

You need to restore your iphone to 1.0.2 before you attempt this method. This will prevent ieraser hanging.

"Connect your needles to the "test point" and get someone else to press enter for you."

The test point picture is linked at the start of this thread.

"I am in the process of doing the hardware unlock, however the guide says hold alt and press A and X. I've tried that but it certainly doesnt ask me to exit. "

Hold Control and hit A. Then wait till you see text at the bottom of the screen. Then let go of everything and hit X.

"well got past my first prob but when i type in ieraser i get zsh: permission denied: "

Make sure you have set the correct permissions (0755) on your newly copied files.

"Tried to run this step:

After it is complete type in bbupdater -v and hit enter

It should show : xgendata and some more text

There was no love. Nothing.

now:

# bbupdater -v
Resetting target...
pinging the baseband...
baseband unresponsive to pinging

i tried # bbupdater -f ICE03.14.08_G.fls
Preparing to flash using /dev/tty.baseband at 750000 baud
Please reset target
Resetting target...
ProcessOutlineUpdated: Process time was 10.0 sec.
Retry attempt 1
Resetting target...
ProcessOutlineUpdated: Process time was 10.0 sec.
Retry attempt 2
Resetting target...
etc.etc. until it shows:
Retry attempt 10
Error: Baseband bootloader is too old; update to 1.8 or later and try again
Done"

You need to restore your iphone to 1.0.2. Plug it into your mac, start again and use itunes to restore.

"thank's but the tutorial dosen't say any about "secpack"...if is necesary where i can get the file"

The file is included in the archive2.zip linked above. Instructions are also above

"Attempting to read[1]...c1
Attempting to read[3]...c1
Please connect the testpoint"

This means you have not connected your needles to the testpoint correctly. It may take a few goes but keep trying until you get past the message.

"So I'm at the part of connecting to the iPhone via ssh. However, whenever I start typing stuff it just closes the connection. I'm trying to mkdir -p /usr/local/etc. Ideas?"

I got this a few times. I had to re-install BSD Subsystem and then re-connect.

" restore my precius... about 3 times... and always get the same error...

ieraser
bus error

any one knows if i'm doing something wrong"

I had same problem and solve it by typing 'bbupdater -v' before 'ieraser', i mean:
bbupdater -v
ieraser

Important: For Everyone waiting for a full software unlock from the dev team, please do not ask for updates every few minutes. Sam and the guys work very hard and they choose to keep replying to people's questions. This will slow them down.
You can bet that as soon as it's done or even close to being done you will hear about it on the wiki right away. Hell, I will write up the guide for them that same moment so everyone can enjoy.
Thank you for your patience.

Thanks Cracker,

Folowwing the geohot (steve-hob.com) method, my Iphone get black. Only logo and 25scnds. open Itunes message.

Do you know a soft for restore firmware with usb? Maybe iNdependence?

Itunes restore doesn´t work.

Thanks.

Am I missing something or is the NORdump step not in this guide? Is it automated somehow, or is it not necessary?

Jadjada:
NORDump is not required because Francisco did all the hard work for you and thats why you download the new archive files.

macguai:
I had this problem once, I made sure the iphone was off. Then I held down the sleep and home buttons for ages. (While it was connected to the computer). After awhile I opened itunes manually and waited.

It seemed to work after that.

Super Tutorial !!!!!!!!!!!!!!!!!!!!

I am a Windows PC user.
Please post it also for Windows.
Thank you !!!!!!!!!!!!!!!!!!

Aaaaalrighty then! The all I miss is a good guide on how to open the iPhone, perhaps with pictures. The one on ifixit.com is not good... Many say that getting the phone open was the hardest step, and that it resulted in scratched up an dented iPhones.

Is there a good illustrated "open your iphone guide"?

mkdir -p /usr/local/etc will do the trick, instead of all those mkdir commands/