Egyptian neurosurgeon Sherif Hashim seems to have found something very interesting. He found a way to actually crash the iPhone’s baseband 05.12.01 of the latest firmware update 3.1.3.
MuscleNerd of the iPhone Dev Team has confirmed this bug. Though the iPhone Dev Team posted later today that they cannot tell if this bug actually leads to an unlock. The iPhone Dev Team also warns for potential scammers trying to rip us off.
More information to come. Congrats to Egypt! Nice find…
It is well known, that there are commercial thieves who use freely available programs and ideas by the iPhone Dev Team, GeoHot, Chronic Dev Team and others.
We highly recommend not to buy any unlocking or jailbreaking solution. They are available for free.
We prepped a list of current scammers making a business modell out of other people’s efforts. The links don’t work as we don’t want you to go there.
Unlock Ur iPhone Now (http://www.unlockuriphonenow.com)
Unlocked iPhone (http://www.unlockediphone.info)
Unlock Any iPhone (http://www.unlockanyiphone.net)
iPhone unlocking seems to be a large market. Say any of these companies sold 5,000 unlocks (which is a quite conservative estimation). For an average price of 25US$. This makes 125,000US$ for setting up a stupid internet page with stolen and repackaged content.
About a year ago a company called ASEM released a device called EFI-X. This device has been claimed to be capable of booting several Microsoft Windows versions and Mac OS X Leopard.
Legal concerns
From the beginning there were question regarding the legal status of the device. But ASEM claimed the device is legal, although it circumvents Apple’s binary protection using Apple’s copyrighted secret operating system keys (OSK1 and OSK2).
Technical issues
Anyway EFI-X devices had some issues. Many forums reported about problems with Bonjour and sharing in general. In the meantime articles from the official EFI-X support forums have been suddenly disappeared. Customers reporting issues or solutions and workaround to severe bugs have been banned from EFI-X support forums – our own help article to recover almost lost data was removed aswell and one of our members has been officially banned from their forums (the reason was this article in october 2008).
Examining EFI-X in deep
Now some frustrated customers who are on the other hand technologically very familiar have examined the EFI-X device in deep. One of the main points AsereBln found: in contrast to what EFI-X is stating: “Our approach is entirely different, (..) all our code and development is our own only” – they seem to be using program code that has been developed by the OSX86 community though. They seem to be using “Disabler.kext“. Moreover another user (RezRov) found out the EFI-X Windows update software seems to be violating the LGPL as it incorporates a modified USB device library (libusb-win32).
Use of possibly unlicensed 3rd party program code, possibly illegal use of Apple security keys, and customer support below grade for a 170€ (250US$) commercial product that seems to be the summary about a year after product launch.
Lessons learnt
We suppose end users should be aware of this possible hassle. Only an original Apple Mac is really hassle free and 100% compatible to a Mac. But if you are technologically interested and have the time and motivation search the OSX86 communities for setups. The OSX86 forums are full of knowledge and willing to help. But remember a PC won’t ever be 100% compatible to a real Mac.
[Update] Aug/25th/2008: read here, everything you gotta know about Proxy SIM solutions.
The Brazilian based company DesbloqueioBr.com.br claims to have unlocked the 3G iPhone. The whole procedure is like a deja-vu. It is said it works almost the same like with TurboSIM for the “old” iPhone. The difference is they say they make use of a faked IMSI test card, while Bladox’ TurboSIM solution emulated an AT&T card.
The Theory behind
The guys at DesbloqueioBr claim that the iPhone 3G only checks on first card detection (means after hot-swapping or after reboot) for the type of SIM. It is said it checks the IMSI code. During card-detection, the IMSI test card emulation now returns that it is a test card. The next requests to the card will then be answered by the normal SIM card. Same working like with the TurboSIM, except that the TurboSIM was coded to emulate an AT&T card during card detection stage.
Empiricism
Since this has not been confirmed on forums and the video provided (see below) doesn’t show the unlock procedure, this is likely to be a rip-off. Anyway for proving the theory the iPhone Dev Team already provided a sample application for the TurboSIM, that does exactly what the theory requires: emulating a test IMSI at card detection stage. As of now there is no feedback. For legal reasons we cannot link the application, as we are located in Germany. During the next 24 hours google will index the page that contains the link, search for lamesaft-0.1.zip then.
Limitations
The video provided does not clarify how the unlock is performed. It simply shows a call being made from one iPhone to the other. It does not show the SIM adapter to be taken out. Moreover you still need to have the iPhone 3G activated. Currently there is no application available to do this. People on forums report that the DesbloqueioBr guys seem not to be willing to answer concrete questions.
Since there is no prove: we currently classify the DesbloqueioBr SIM adapter as SCAM. Update: at 00:29 the video shows the model as MB046LL, which could be identified as a U.S. american AT&T locked iPhone 3G (see model list here). This model obviously works with a different carrier (not AT&T, but TIM) in a different country (not the US, but Brazil).
Here’s the video that shows calls being made from one iPhone to another. The guy is talking portuguese, a translation is not available.