Tag Archives: TurboSIM

[iPhone] Status Report for iPhone 3G Unlock Solutions

Abstract

There have been rumors about circumventing that annoying SIM lock. As Geohot stated (read here), modifying the 3G baseband will not be an easy task. Because this task still needs to be solved, some guys thought bypassing simlock by using Proxy SIMs might be a good idea for 3G iPhones as well.

Differences between 2G and 3G iPhones

For 2G iPhones Proxy SIMs worked very good, because only the iPhone checked once at startup, if the SIM is from a supported country and carrier. SIM Proxys faked this first answer only and gave control back to the real SIM card, which has been asked for all details (IMSI, Country Code etc.) again. The then gotten details have been used to transfer to the network and to try to log in.

After investigating in the Proxy SIM possibilities for the 3G iPhone the iPhone Dev Team (namely: _ZF) stated that in contrast to the behaviour with 2G Proxy SIM solutions, the behaviour of 3G basebands is like transferring the first gotten IMSI code to the network. This means: for 3G iPhones the Proxy SIM will fake a test IMSI card and the iPhone will send this test IMSI code to the carrier to log in.

Legal and technical issues with 3G Proxy SIMs

Although applying methods like this in order to unlock the iPhone 3G is most likely illegal in many countries (because it violates contract), members of the Hackint0sh forum have played with Proxy SIMs on different networks in the world.

As expected the results are disappointing. Besides the questionable legal status of those operations there have been heavy technical problems.

  1. First being support for 3G. Currently no Proxy SIM supports it. You can only surf the net and check emails and so on using 2G/EDGE/GPRS technology – means same functions like with a 2G iPhone.
  2. Second being the problem of the IMSI fake ID. At least european carriers seem to have applied security precautions to their networks. After some time you will be logged out of the network. This may take some minutes to some hours.
  3. Third being the problem that people reported the Proxy SIMs are still too thick. Several people broke their trays when trying to release the tray from the iPhone.

Types and Brands of Proxy SIMs

Tested cards include:

Currently none of these Proxy SIMs work reliable (cf. iPhone Wiki). Our recommendation is simple: keep on waiting, the iPhone Dev Team will make it sooner or later. In case you cannot wait, get yourself a factory unlocked iPhone 3G from one of the countries supplying them (see country list here) and save precious life time.

[iPhone] iPhone 3G unlocked using Bladox Turbo SIM

[Update] Aug/25th/2008: read here, everything you gotta know about Proxy SIM solutions.

The Bladox Team has released an application for their Turbo SIM (see here how proxy SIMs work) that is obviously able to bypass the SIM lock of 3G iPhones – means unlocking it. The application is still beta and might not work on the entire planet, but it obviously does in the U.K. The name of the app is zerog-0.95.tar.gz, but for legal reasons we will not directly link it.

See this video:

It takes ages until it is logged it, but anyway it documents the current status quite well…

[iPhone] iPhone 3G allegedly unlocked using SIM Adapter

[Update] Aug/25th/2008: read here, everything you gotta know about Proxy SIM solutions.

The Brazilian based company DesbloqueioBr.com.br claims to have unlocked the 3G iPhone. The whole procedure is like a deja-vu. It is said it works almost the same like with TurboSIM for the “old” iPhone. The difference is they say they make use of a faked IMSI test card, while Bladox’ TurboSIM solution emulated an AT&T card.

The Theory behind

The guys at DesbloqueioBr claim that the iPhone 3G only checks on first card detection (means after hot-swapping or after reboot) for the type of SIM. It is said it checks the IMSI code. During card-detection, the IMSI test card emulation now returns that it is a test card. The next requests to the card will then be answered by the normal SIM card. Same working like with the TurboSIM, except that the TurboSIM was coded to emulate an AT&T card during card detection stage.

Empiricism

Since this has not been confirmed on forums and the video provided (see below) doesn’t show the unlock procedure, this is likely to be a rip-off. Anyway for proving the theory the iPhone Dev Team already provided a sample application for the TurboSIM, that does exactly what the theory requires: emulating a test IMSI at card detection stage. As of now there is no feedback. For legal reasons we cannot link the application, as we are located in Germany. During the next 24 hours google will index the page that contains the link, search for lamesaft-0.1.zip then.

Limitations

The video provided does not clarify how the unlock is performed. It simply shows a call being made from one iPhone to the other. It does not show the SIM adapter to be taken out. Moreover you still need to have the iPhone 3G activated. Currently there is no application available to do this. People on forums report that the DesbloqueioBr guys seem not to be willing to answer concrete questions.

Since there is no prove: we currently classify the DesbloqueioBr SIM adapter as SCAM. Update: at 00:29 the video shows the model as MB046LL, which could be identified as a U.S. american AT&T locked iPhone 3G (see model list here). This model obviously works with a different carrier (not AT&T, but TIM) in a different country (not the US, but Brazil).

Here’s the video that shows calls being made from one iPhone to another. The guy is talking portuguese, a translation is not available.

empty line for distance to the text.