Although I’m running an iPhone as decreed by Jobs – locked to O2, non-jailbroken – I’ve also been trying, on and off, to get my mate’s US-bought iPhone jailbroken and unlocked for him for about 2 months now.
I took a couple of goes to jailbreak his phone, which was bought with 1.1.2 firmware just before people became aware that Apple had changed the bootloader from 3.9 to 4.6. This new bootloader stopped the most-used unlocking software – AnySIM – from working.
So, his phone remained locked, even when he bought a StealthSIM, which is effectively a hardware unlock. Its a small sliver of plastic that aligns with the SIM card, making the iPhone believe the SIM is valid. After a lot of trying, even that didn’t work. But the answer was just around the corner.
Last week, the original iPhone hardware unlocker, Geohot released a software unlock for phones with 4.6 bootloader. You still had to perform an upgrade to 1.1.3 (if you wanted) and then run the unlock software “Gunlock” from within the Installer application. However, it was pretty straightforward and it worked (with only a slight hitch). My mate’s iPhone was finally unlocked, and he and many others around the world were very, very happy.
Like I said though, it took a long time to get there. Even following the very detailed instructions posted on iClarified and with a masters degree in Computer Science, it was quite a detailed procedure to go from store-bought iPhone to an unlocked device. You had to ensure that you knew which bootloader and baseband you were running, firmware had to be downgraded and upgraded several times, and errors had to be worked around. Some intuition was definitely required.
But not any more.
Yesterday, Zibri released ZiPhone. This programme jailbreaks, activates and unlocks all iPhones running bootloader 4.6 – meaning all recent phones running 1.1.2 & 1.1.3 when taken out of the box (OTB). In addition, it can repair bricked iPhones – those damaged during earlier hacking attempts – and can even change the IMEI of the phone (1). iPhone Atlas reports that ZiPhone uses the “true unlock method” developed by Zibri and the iPhone-elite dev team (2).
So I downloaded the software, and went out and bought a new 16Gb iPhone from an O2 store. Got home. Unboxed the iPhone, and ran the software on my Windows machine. It’s this simple:
Type this at the command prompt:
ziphone -j -a -u
And here’s what happened:
Loading zibri.dat.
Searching for iPhone…
At this point I had to hold down the Home button and connect the iPhone to the PC using the cable.
Working…
Please wait 2’30”.
Done!
That’s right – in two minutes and thirty seconds, the iPhone had been jailbroken, activated and unlocked to any network! Incredible! Plus Installer had been loaded, giving access to all the current installable applications from the unofficial developement community. The full tutorial is available at iClarified.
Zibri is now working on compatability for older iPhones with the 3.9 bootloader, although you can now just use ZiPhone using the -j switch only, put the iPhone in airplane mode, then use AnySIM to unlock.
So what’s next?
A gui version of ZiPhone has already been released, although reports indicate it may be a little buggy. But that will improve.
Most users will want to stay within the walled garden of Apple’s device experience – that’s one of the reasons that people buy Apple. The programmers in Cupertino will surely close this loophole, and we’re in a whole new ballgame once the 3G iPhone comes out with a wholly different baseband. But in the meantime there may well be a new wave of unlocked devices hitting the streets, given that this method makes unlocking accessible to many more people.
Notes
(1) A work of caution on this for UK users relating to the Mobile Reprogramming Act (2002). It is a criminal offence to offer, change or reprogramme the IMEI of any mobile phone. It is an arrestable offence and has a maximum 5 year sentence. It may also be an offence for me to link to the software if there’s intent to change the IMEI, so I’d just like to make clear that I don’t condone in any way unbarring blocked phones. There’s some more information from Out-Law and some details on barred phones from Fone Fun Shop.
(2) It’s made possible by a ramdisk exploit – here’s the technical lowdown on what actually happens:
- copies a new fstab for write access to system
- runs iPatcher to patch lockdownd
- copies installer
- runs Geohot’s gunlock to unlock