[iPhone] iPhone 3G allegedly unlocked using SIM Adapter

1 Reply

[Update] Aug/25th/2008: read here, everything you gotta know about Proxy SIM solutions.

The Brazilian based company DesbloqueioBr.com.br claims to have unlocked the 3G iPhone. The whole procedure is like a deja-vu. It is said it works almost the same like with TurboSIM for the “old” iPhone. The difference is they say they make use of a faked IMSI test card, while Bladox’ TurboSIM solution emulated an AT&T card.

The Theory behind

The guys at DesbloqueioBr claim that the iPhone 3G only checks on first card detection (means after hot-swapping or after reboot) for the type of SIM. It is said it checks the IMSI code. During card-detection, the IMSI test card emulation now returns that it is a test card. The next requests to the card will then be answered by the normal SIM card. Same working like with the TurboSIM, except that the TurboSIM was coded to emulate an AT&T card during card detection stage.

Empiricism

Since this has not been confirmed on forums and the video provided (see below) doesn’t show the unlock procedure, this is likely to be a rip-off. Anyway for proving the theory the iPhone Dev Team already provided a sample application for the TurboSIM, that does exactly what the theory requires: emulating a test IMSI at card detection stage. As of now there is no feedback. For legal reasons we cannot link the application, as we are located in Germany. During the next 24 hours google will index the page that contains the link, search for lamesaft-0.1.zip then.

Limitations

The video provided does not clarify how the unlock is performed. It simply shows a call being made from one iPhone to the other. It does not show the SIM adapter to be taken out. Moreover you still need to have the iPhone 3G activated. Currently there is no application available to do this. People on forums report that the DesbloqueioBr guys seem not to be willing to answer concrete questions.

Since there is no prove: we currently classify the DesbloqueioBr SIM adapter as SCAM. Update: at 00:29 the video shows the model as MB046LL, which could be identified as a U.S. american AT&T locked iPhone 3G (see model list here). This model obviously works with a different carrier (not AT&T, but TIM) in a different country (not the US, but Brazil).

Here’s the video that shows calls being made from one iPhone to another. The guy is talking portuguese, a translation is not available.

empty line for distance to the text.

[iPhone] Factory Unlocked 3G List (“Locked to Carrier” List) (update)

14 Replies

[Update] Sep, 26th: News from Hong Kong added (details here)
[Update] Aug, 25th: Apple’s list update included.

Almost unnoticed on july, 11th 2008 Apple also published a list of carriers offering the iPhone. The interesting thing with this list is, it also contains information about the status of the SIM lock in specific countries.

Apple’s official “Locked to Carrier” list

This is an extract from the official Apple list found here:

Country Carrier SIM Lock Available without Agreement
Italy Vodafone No Yes (499€/8GB, 569€/16GB)
Italy TIM No Yes (499€/8GB, 569€/16GB)
Hong Kong 3 No No (375€/8GB, n.a.€/16GB)
Hong Kong (Apple Store) No Yes (476€/8GB, 547€/16GB)
Greece Vodafone No No (Details here)
Czech Republic O2 No Yes (490€/8GB, 570€/16GB)
New Zealand Vodafone No Yes (470€/8GB, 535€/16GB)
Singapore SingTel No No (490€/8GB, 570€/16GB)
Slovakia Orange No No? (Details)
Macao 3 No No? (Details)

It is rumored, the unlocked iPhones need to be activated aswell, but in this case it can be done at home using iTunes. No matter how often you change your carrier, it seems you can always re-activate.

Forum reports

In addition to the offical Apple list, this is what people report in forums:

Country Carrier SIM Lock Available without Agreement
Belgium Mobistar No Yes (n.a.€/8GB, 615€/16GB)
France Orange Yes (100€ Unlock fee) Yes (509€/8GB, 609€/16GB)

This list may not be 100% accurate and refers to reports on forums, like hackint0sh. Feel free to add more details like pricing and how to obtain unlocked devices elsewhere as comments below. Thanks!

The cheapest iPhone 3G

For people living in Switzerland, Swisscom offers the iPhone 3G for beating prices between 519 CHF (=510 US$, =325€) for the 8GB version and 619 CHF (=610US$, =385€) for the 16GB version. This includes a prepaid tariff with no obligations. Disadvantages: 1. iPhone 3G is simlocked to Swisscom. You currently cannot unlock, since Proxy SIMs have heavy (legal) disadvantages (read here), 2. This offer is limited to people living in Switzerland. Your citizenship and rights of residence are checked in Swisscom stores. Tourists (=foreigners) not living in Switzerland cannot buy it.

[iPhone] XPwn Command Line Utility released

1 Reply

As member of the iPhone Dev Team, planetbeing today released “XPwn”. He describes “XPwn” as an experimental pwnage tool for Linux. Although XPwn was proposedly developed for Linux users, it actually is a cross-platform tool for command line users. Update: It does not support firmware 2.0 yet.

Warning

The XPwn tool is not intended to be used by newbies. That’s why it’s called experimental pwnage tool. It provides a command line interface only, what means you can dreadfully screw up your iPhones using it. The first version of XPwn seemed to have issues when writing the NOR firmware. Although planetbeing has obviously fixed this problem, we really recommend to wait for Pwnage 2.0.

XPwn’s versions

Experimental Pwnage comes in different flavours:

XPwn’s features

Experimental Pwnage implements many of Apple’s proprietary container formats: img2, 8900, complzss, iBootIm, dmg, HFS+/HFSX.

Nice work. Congrats to planetbeing. See XPwn hackint0sh thread here.

[iPhone] Is German T-Mobile about to bar Sipgate’s VoIP client?

Leave a reply

It is rumored in german media, that T-Mobile is about to bar Sipgate’s application, that allows the iPhone to use Sipgate’s Voice-Over-IP (VoIP) services. T-Mobile argues Sipgate’s makes use of unfair business practices (like requiring to jailbreak in order to install Sipgate’s client) to pull customers from T-Mobile to Sipgate.

[iPhone] One Million 3G iPhones sold

Leave a reply

Only three days ago on friday, 11th 2008 the iPhone 3G has been launched in 21 countries. Until saturday, 12th (means on first weekend) one million 3G iPhones have been sold. Last year it took 74 days to sell that amount of iPhones. Steve Jobs will be very glad about this. Since this makes about 7 million possible customers for Apple’s App-Store…

[iPhone] Geohot confirms 3G uses new Bootloader

3 Replies

Although we didn’t get our hands on a new iPhone 3G yet, things are as expected: the iPhone 3G uses a new bootloader for its baseband modem as confirmed by Geohot.

Bootloader versions from the “old” iPhones

As far as we are aware the there are those 3 different bootloader versions known on old iPhones:

  • 3.8 (very rare)
  • 3.9 (iPhones before november 2007) and
  • 4.6 (iPhones after november 2007).

It is widely known, that exploits for these old bootloaders have been found, that allow to SIM unlock any of these old iPhones. No matter which software revision is running.

No Unlock for iPhone 3G, but for old iPhones

For the new iPhone 3G bootloader, there is no (public) exploit known yet. Although the iPhone Dev Team states they can unlock firmware 2.0 – the unlock is most likely meant to work on “old” iPhones only. The only exploit yet known (in both old and new iPhones) is an iBoot bug. The iPhone Dev Team provided a video showing Pwnage Tool neutering the baseband for firmware 2.0:

Video: Pwnage Tool Bootneuter on firmware 2.0 (on an old iPhone)

Bootneuter 2.0 from iphonedev on Vimeo.

A new jailbreak for iPhone 3G and old iPhones

The Pwnage Tool 2.0 (and Geohot’s yiPhone) will most likely feature an iBoot bug to jailbreak old and new iPhones. iBoot is needed by iTunes to talk to when restoring firmware. About a year ago, Geohot found out that iBoot provides a full interactive shell. The only problem was, iBoot only allowed signed code to run. The iPhone Dev Team now managed to break the chain of trust from the earliest boot stage. Thus allowing to run unsigned code and in the end jailbreaking old and new iPhones (see video):

Video: Talking to iBoot unsigned

Talking to iBoot? from iphonedev on Vimeo.

Both videos are provided by iPhone Dev Team. Kudos to you guys.

[Muzaq] Reclaim the Beats at Cassiopeia’s

Leave a reply

Whenever you visit Berlin and you like independent Techno and Electro, we got a nice hint for you. You gotta see the Cassiopeia in the Friedrichshain district. As a matter of chance our team went to the Cassiopeia place yesterday and enjoyed accidently an event named “Reclaim the Beats“.

Reclaim the Beats

To make things shorts as possible. That were by far the most intelligent sounds we’ve heard for a long time. The guys playing the records on the floor under the roof were almost half as young as we am, but we take a bow in deepest respect. You guys definitly have shown a unique taste for sounds. Reclaim the Beats is the only adequate wording for that event. We’d recommend to simply call it DIT (Demanding intelligent Techno). Information and dates of Reclaim the Beats to be found here.

Cassiopeia

The Cassiopeia is fairly unique in Berlin. It’s got three club locations, and indoor skate park, a beer garden, probably the largest climbing tower in Berlin and many more things to discover. The price of a Caipirinha is at 5€. More information to be found here

[iPhone] Pwnage Tool for Firmware 2.0

1 Reply

Update 15.07.2008: iPhone 3G allegedly unlocked using SIM Adapter (read here)
Update 15.07.2008: XPwn command line utility released by iPhone Dev Team (read here)
Update 14.07.2008: Geohot confirms that iPhone 3G got a new bootloader (read here)

It is rumored, the Pwnage Tool for firmware 2.0 (= firmware 1.2) will not be released this weekend. Enjoy youself and don’t play around until we tell you.

Anyway the iPhone Dev Team has released a video of Pwnage Tool 2.0. See here:

empty line

[iPhone] Activation and iTunes Download Servers collapsed

Leave a reply

The iPocalypse has begun. Many iPhone 3G customers all over the world report activation issues after having bought their new gadget. The same also applies to customers of the “old” iPhone who tried to update to firmware 2.0 and needed to re-activate.

We recommend weather to upgrade nor to buy a new iPhone 3G now. Stay tuned.

[AppleTV] AppleTV gets safer… who cares?

Leave a reply

incomplete Tales

It is commonly known that Apple’s products don’t belong to the safest products in the computer industry. For quite some time now: Botnet builders are using the well known zombie technique to gain control over AppleTV to use it in botnets. This is due to AppleTV’s large market share (of about 0,5%)… Yes…

This is how these Botnet builders do it:

  1. they walk into stores and buy newly released blurays like “I am Legend”
  2. they illegally decrypt it
  3. convert it to x264 for better compatibility as eMail-attachments (we all know: many providers only allow 10GB per attachment)
  4. then they modify the x264 headers to include buffer overflows adjusted to work on AppleTV only.

For several years now bad guys were sending prepared x264 movies as email-attachments. But now the time is up. Apple released a security update for AppleTV, that prevents buffer overflows. All our AppleTVs will from now on be safe from bad botnetters…

The truth behind it

Ok, you got us here. Besides from kidding: there is no need for this update. The only reason in our opinion is: they wanna stop people using AppleTV for more than the allowed things. There are no buffer overflows that we are aware that are being used by botnetters currently. Since AppleTV’s market share is so low, this wouldn’t even make any sense from an economical point of view for the botnetters.