Never miss an update Follow AppleInsider
Thursday, August 23, 2007, 07:15 pm
Group successfully details hardware-based iPhone unlocking
A determined group of hobbyists has documented breaking the iPhone's ties to AT&T through a mixture of hardware and software, proving that the Apple handset can be hacked to permanently function with other cellular carriers.Calling their project Finding JTAG after the Joint Test Action Group standard used to test access ports on circuit boards, the hobbyists claim to have refined a surefire but dangerous ten-step process that allows the iPhone to use an unmodified SIM card from T-Mobile or other GSM cellular networks.
The technique requires an iPhone that has already been "jailbroken," or derestricted to allow third-party programs, as well as soldering tools and wiring. Similar to the process for unlocking a Siemens phone from Europe, the process involves forcing the read-only boot memory on the iPhone to accept unsigned code on the phone's built-in NOR flash storage that controls some of the most essential functions. This permits the code to change the iPhone's default behavior, which normally bars all but specially approved SIM cards from placing and receiving calls.
"Once the code is on the NOR [memory] we can do whatever we want," said Finding JTAG's public representative, George Hotz. "So patch out the [carrier] lock; voila, unlocked iPhone."
While the summary appears straightforward, however, the actual process is potentially complicated -- and also potentially fatal to the phone for novice hackers. In addition to removing the back cover of the phone and exposing the circuit board, the procedure requires cleaning and then resoldering a single trace on the board to a power line and an unlock switch; a failure could render the whole phone unusable. "You only get one chance to do this right," Hotz warned.
Once this is accomplished, a reset of the phone's baseband frequencies and then selectively erasing and reloading firmware with special software that lets users send the needed code and a final instruction that removes the carrier lock, permanently unlocking calling service and allowing the phone to receive new code more easily in the future.
Despite of the team's success, the experiment would not immediately result in an easily reproduced means of derestricting the iPhone, Hotz added. Although it was apparent that a hardware modification would work, the goal was still to develop a completely software-driven equivalent, which he and Finding JTAG believed was possible but still relatively distant and would likely demand superior reverse engineering skills.
"If anyone finds a way to erase the [Apple-made] bootloader from software, this becomes a software unlock," according to Hotz. "I'm sorry about how hard [the instructions] are to follow, but someone will get them to work, and simplify them, and simplify them more. Hopefully a software unlock will be found in the near future."
On Topic: General
- Apple's iWatch to come in late 2014 with focus on biometrics, analyst says
- Apple software update brings QuickTime for Windows to 7.7.4
- With spotlight on it & Apple, Ireland calls for worldwide tax crackdown
- Former Gartner analyst Michael Gartenberg joins Apple marketing
- Sony to consider spinning off its entertainment division
Previous Comments View All
Awesome. I wonder:
1. Is legal for Apple to block the iPhone to prevent use with other company than AT&T or whatever they want?
2. Is legal for people to break it and distribute the tool?
Thanks.
Awesome. I wonder:
1. Is legal for Apple to block the iPhone to prevent use with other company than AT&T or whatever they want?
2. Is legal for people to break it and distribute the tool?
Thanks.
1. Of course it's legal. Every other cell phone manufacturer/service provider does it.
2. I'm not sure on that one, but my guess is no.
I wouldn't want to lose visual voicemail.
Oh also, I wouldn't want to crack this baby open and go to town with a soldering iron!
I hope it's just a big joke and people end up breaking their phones.
Too lazy to try myself, but when you put a "foreign" SIM into the iPhone, are you given an opportunity to enter an unlock code? Just wondering, since the 90-day post-purchase window after which you can request the unlock code from Cingular is approaching. Does anybody know if they are legally required to provide the unlock codes after the 90-day window expires?
In the US T-Mobile is the only other GSM provider, but don't they use a spectrum that is outside the range of the iPhone?
edit: T-Mobile US uses the 850MHz and 1900MHz bands for calls (well within the iPhone quad-band spectrum) but also uses 1700MHZ and 2100MHz frequencies. I assume these are mainly for 3G coverage. I'm assuming EDGE will work within the 850 and 1900MHz range.
My son and his buddies, when younger, were always trying to modify their Nintendo, Playstation, Xbox with a bootleg chip that supposedly allowed you to run copied/pirated games. I don't have to tell you what the outcome of their tinkering almost always resulted in, do I?
The really funny nonsense coming from these hackmeisters is that their work will result in millions of additional iPhones being purchased by like minded individuals who wish to throw off the bonds of Apple and the evil entity known as at&t (the new company is lower case by the way). Utter nonsense. Just look at how retail sales of OS X took off after it was hacked to be able to be run on standard PC hardware. Yeah, right.
Unless and until Apple officially unlocks, frees up, or whatever, the iPhone this useless trick will remain an oddity known only to nerds who live in their parent's basements.
And of course there's the little matter of iPhone updates.
Unless and until Apple officially unlocks, frees up, or whatever, the iPhone this useless trick will remain an oddity known only to nerds who live in their parent's basements.
And of course there's the little matter of iPhone updates.
That's a bit harsh!
I managed to chip my original xbox without any dramas from following a similar guide and this iPhone hack seems pretty simple if you have any basic soldering skills - no doubt thou that skill isn't something possessed by all and this probably isn't a good place to start learning.
According this hack you can still update your iPhone, it just gets relocked and requires you to re-run the software part of the process to unlock it again.
Personally, i'm waiting on the 3G version of the iPhone (being in Oz) before i get the credit card out and hopefully by then Apple either let them be unlocked or it can be done via software.
Hopefully this encourages Apple to start offering unlock options in the near future so when they launch locked phones in new countries they aren't compeating with cheap eBay auctions for hacked phones that work with any sim.
Just look at how retail sales of OS X took off after it was hacked to be able to be run on standard PC hardware.
Users of OSx86 Project download the hacked software from the nets. They don't buy a new copy of OS X.
But there certainly seemed to be a surge in Apple sales since Apple has officially allowed a simple partitioning and installation tool for Windows on Macs. Do in (at least) part to the EFI bootloader being hacked to allow Windows to run on Mac hardware.
I wouldn't want to lose visual voicemail.
Oh also, I wouldn't want to crack this baby open and go to town with a soldering iron!
I hope it's just a big joke and people end up breaking their phones.
Why would you hope that people end up breaking their phones?
Anyway, I think it's a curiousity, but if I owned an iPhone, I wouldn't consider this either unless I got _really_ screwed by AT&T, but there's only one other carrier with GSM. There's a chance that this sort of thing will get successively easier over time, but now is not the time to try it except for the very adept.
The only thing I've ever chipped was a Panasonic DVD player. It works fine, though I don't need it often. It was best for removing the Macrovision signal because it causes distortions on the screen. I also had a projector that really flipped out when fed 480p with Macrovision.
Latest Apple Headlines
-
Apple's iWatch to come in late 2014 with focus on biometrics, analyst says
~2 hours ago -
Google's new 3D Maps destroy Manhattan in the wake of Apple's Flyover
~2 hours ago -
Google to activate voice search in Chrome iOS app
~3 hours ago -
With spotlight on it & Apple, Ireland calls for worldwide tax crackdown
~5 hours ago -
Former Gartner analyst Michael Gartenberg joins Apple marketing
~5 hours ago - more...
Want to write for AppleInsider? Submit your application now!
Lowest Prices Anywhere!
| Model | Price | You Save |
|---|---|---|
| Core i5 MacBook Pros w/ Retina | ||
| 13" 2.5GHz/8GB/128GB | $1,406.48 | $292.52 |
| 13" 2.5GHz/8GB/256GB | $1,479.99 | $519.01 |
| 13" 2.5GHz/8GB/512GB | $1,699.99 | $799.01 |
| Core i7 MacBook Pros w/ Retina | ||
| 13" 2.9GHz/8GB/256GB | $1,599.99 | $599.01 |
| 13" 2.9GHz/8GB/512GB | $1,799.99 | $899.01 |
| 15" 2.3GHz/8GB/256GB | $1,899.99 | $299.01 |
| 15" 2.6GHz/8GB/512GB | $2,299.99 | $568.01 |
| 15" 2.7GHz/16GB/768GB | $2,699.99 | $499.01 |
| Model | White | Black | |
|---|---|---|---|
| iPad mini (WiFi only) | |||
| 16GB WiFi |  |
$329.99 | $329.99 |
| 32GB WiFi | |
$429.99 | $429.99 |
| 64GB WiFi | |
$529.99 | $529.99 |
| iPad mini (WiFi + 4G) | |||
 |
 |
 |
|
| 16GB 4G White | $459.99 | $459.99 | $459.99 |
| 32GB 4G White | $559.99 | $559.99 | $559.99 |
| 64GB 4G White | $659.99 | $659.99 | $659.99 |
| 16GB 4G Black | $459.99 | $459.99 | $459.99 |
| 32GB 4G Black | $559.99 | $559.99 | $559.99 |
| 64GB 4G Black | $659.99 | $659.99 | $659.99 |
Ok, hats off. Really clever, really entertaining, if you're in the .001% of owners who might want to attack their $600 device with a soldering iron and warranty breaking escapades.
But I really want to know. Are these the same folks who are the going to try to ream Apple a new one once their iPhone is compromised with the new 'feature' of accepting unsigned code from god-knows-where?
Have fun...