iPhone Unlock Methods

There are lots of different iPhone unlock methods right now and in this post we’ll try to figure out who is who and tell you about basic working principles of each of them.

iPhone does not appear to be different from others cell phones, except for the fact that it needs activation. So here are some of the unlock methods. Couple of them are less known or simply pretty old methods.

iphone-unlock-methods

iPhone Unlock Methods:

  • Firmware patch is just a way to patch the firmware to bypass the unlock verification. The handset will still remain locked but the is tricked into it’s not. Here’s a good example of it- the iPhone starts up and runs the following code “if(phoneIsLocked == false) doStartphone();” – the patch just changes “false” to “true”. That causes doStatphone() to run even in case the device is still locked. When the OS is upgraded or restored patches like this will be removed and the phone owners will have to do it all over again. This type of unlock is called semi-unlock. Firmware patch is only applied if all the other methods fail (considered as the temporary solution)
  • Direct-unlock is the real way of unlocking phones. Usually it involves just rebuilding the entire lockdata in EEPROM with “blank” unlocked data. Or the safest way is to get the phone itself to clear the data by making it unlock itself – which could be achieved by for example finding the unlock codes and feed it with them. This would leave absolutely no trace of “hacking” – it will be 100% correctly done, as intended by the manufacturer.
  • Sim Cloning – The method is not consumer-friendly but there is a way to unlock an iPhone using other carrier’s SIM card and SIM cloning procedure. The SIM works like a small computer. Besides of storing some data it also performs a challenge-response sequence with the help of secret internal key. The key is used to make the card detectable by a carrier and doesn’t allow the card to be faked. The key (called Ki) is impossible to read from the card. The other way to get it is the directly from the carrier (sure, huh?). The only real way to grab the Ki from the particular SIM is the bruteforce which usually takes 4 to 5 hours to complete. The trick allows iPhone to accept the alternative SIM as a contract one.
  • IPFS– aka iPhone SimFree unlock tool. That’s an old type of unlock and it doesn’t work anymore. Developed for unlocking the original iPhone it was able to work with firmwares 1.0.0-1.1.3 and unlocked all the existing versions of Modem Firmware. It didn’t patch the device firmware. The first version was paid but the legendary GeoHot released an unlock method that is a clone of the iPFS method.Geohot’s version of IPFS unlock edits the unique seczone section and zeros out the token value. That action allows to return a responce that passes the Apple system check.

These unlock methods are only the part of the huge unlocking solutions. You can read about the rest of them on our site within corresponding categories or by entering the corresponding request to the search bar on the right side. If you want to know more about other unlocking methods or have some questions – please tell us in the comment section below.

Tags: ,