OK, this may sound like a strange blog topic, right? Well, we’ve been trying to develop an unlock prototype for iPhone 3G and 3GS for all basebands without the need to jailbreak and use ultrasn0w. We have a video to prove it.
The video above shows an iPhone 3GS, model number MB715 (old bootrom) purchased from Apple Store with AT&T contract, unlocked to China Mobile network. This phone has baseband 5.13.04 that can be unlocked with ultrasn0w but I intentionally removed ultrasn0w to show that this method works.
I’ll try to find a 3GS with baseband 5.14.02, 5.15.04 or 5.16.02 and make the same video, hopefully over the next few days. Unfortunately this unlock doesn’t work on baseband 5.16.05 that comes with iOS 5.
If you don’t wish to update to baseband 6.15.00 to unlock your iPhone, this is your ultimate and safest solution. It will not affect your GPS and other risks associated with baseband 6.15.00.
It’s been a while since we last heard about baseband related hacks from the iPhone Dev Team.
sherif_hashim is bringing some good news for us today – he managed to erase the files on a baseband chip that has modem firmware 6.15.00. Technically, according to him, you can reflash the baseband with an earlier version of iOS that has baseband 5.13.04 or lower.
In his Twitter:
Successfully erased the 6.15 BB files http://twitpic.com/51co5p , should accept new BB flash files now, or at least i thought so :)
This is probably the best news we’ve heard since… mmm…. ages ago.
The image above shows Firmware Version as “unknown,” pretty much like a hard disk ready to receive data for writing.
This is how we believe the process should work:
Erase baseband 6.15.00 files with the hack developed by sherif_hashim (Erasing a baseband chip is very risky! You may end up bricking your device)
Create custom firmware with baseband 5.13.04 or lower, for iPhone 3G, restore directly via iTunes with firmware 4.0.1 or below, for 3GS, if you have SHSH for 4.0.1, you restore to this version
Restore successful with baseband 5.13.04 or lower
Jailbreak and install ultrasn0w 1.2.3 to unlock
Let’s hope that there will be more good news as people are desperate to get their GPS back. At the same time, those who are stuck with baseband 5.14.02, 5.15.04 and 5.16.02 may finally be able to see the light at the end of the tunnel.
Subscribe to us to get all the latest information on iPhone jailbreaking and unlocking.
On our previous post we briefly mentioned that maybe one of the reasons why iPhone Dev Team is delaying the release of the unlock for iPhone 4′s baseband 2.10.04 and 3.10.01 is because they want to make sure the newest baseband 4.10.01 can be unlocked as well.
Current i4 unlock goal includes til 04.10.01 (4.3b3). Very weird situation…vuln cmds are there, trying to invoke them!
[Note: vuln cmds = vulnerability commands, in simpler words mean a set of codes can be injected into a program (the baseband program in this case) and will crash it therefore revealing an exploit which can later be hacked and unlocked.]
It appears that the unlock for baseband 4.10.01 is a work in progress. Meanwhile, when he was asked if 5.14.02 can be unlocked, he replied:
ironically, the i4 unlock search has yielded 05.14 & 05.15 unlock 3G/3GS vectors… but i4 is 1st priority
That means it is now becoming possible to unlock iPhone 3G and 3GS’ baseband 5.14.02 and 5.15.04. Obviously, most of the effort will go into unlocking the iPhone 4 first, then the baseband 6.15.00 downgrader and eventually the unlock for older basebands.
We don’t wish to spoil the mood but if the goal is to unlock 4.10.01 as well, the release of the iPhone 4 unlock may be delayed even longer. :)
Due to the limitations and risks of using iPad’s baseband 6.15.00 on iPhone 3G or 3GS, many of our worldwide readers have been contacting us to find out more about the digital baseband processor replacement service that we offer. Primarily we only provide this service in China, however, we would consider overseas customers as well.
If you are stuck on baseband 5.14.02, 5.15.04 or 5.16.00 which presently cannot be unlocked by ultrasn0w, you may want to consider using this service. This is also for you if you lost your GPS due to baseband 6.15.00.
If you are adventurous enough, here’s a DIY project you can try.
We use genuine Infineon X-Gold 608 baseband chip which is designed for iPhone 3G, 3GS and iPad (FYI – that’s why iPad’s baseband 6.15.00 can be implanted into the iPhone). To learn more about this microchip, the full technical specifications can be downloaded from here. The baseband chip is pre-programmed with baseband version 5.13.04 or lower which can be unlocked using ultrasn0w.
The cost of the baseband chip is CNY450 (approximately US$68) and labor charge is CNY150 (US$23). Unfortunately we cannot provide estimate for shipping as it varies from one country to another. To save on cost, safety purposes and easier customs clearance, we highly recommend that you ship the logic board only. You can watch the following YouTube video (click on image to launch a new Window) on how to remove an iPhone 3G or 3GS logic board (Warning: This will void your warranty and may damage your iPhone!)
Replacing the baseband chip will not make your iPhone permanently unlocked – you still need to be careful not to update it directly via iTunes!
The replacement service will take approximately 3-4 business days; 2 additional days may be required for stress test.
It comes with standard 90-days warranty.
Backup your device if you decide to use this service!
This method is currently not possible on an iPhone 4.
There is no DIY method available as this requires specialized tools (hot air gun, microchip mounter using surface-mount technology).