(Last Updated On: June 18, 2020)
Updated your iPhone 3GS to iOS 5.1.1 with baseband 5.16.05 and need to unlock it? There’s still hope if you don’t mind using the dreaded iPad baseband 6.15.00.
UPDATE: You can now permanently unlock AT&T iPhone 3G/3GS/4/4S/5 on any iOS or baseband.
There’s no unlock for modem firmware or baseband version 5.16.05. To be precise, there’s no ultrasn0w unlock since baseband 5.14.02 was first released. So if you really need to unlock your iPhone 3GS, it’s still possible to do so by flashing it with iPad’s baseband 6.15.00. However, it’s extremely important that you read and understand the following:
This tutorial will guide you on how to build a custom iOS 5.1.1 firmware with iPad baseband 6.15.00 embedded. This eliminates the step of manually flashing your iPhone using redsn0w.
Did you read and understand all the risks? Final warning: Proceed at your own risks!
IMPORTANT: Make sure that your iPhone 3GS is fully charged before you begin.
1. Backup your contacts, photos, apps etc. Remove your SIM card. (FYI: If you made a backup on the latest iOS, you won’t be able to restore it if you’re running on an earlier iOS version.)
2. Download iOS 5.1.1 firmware for iPhone 3GS directly from Apple.
3. Download Snowbreeze 2.9.5 from ih8sn0w.com.
4. Launch sn0wbreeze and click on the blue arrow at the bottom right corner.
5. Browse for the firmware you just downloaded in step (2). Click next.
6. Select your Bootrom type. If you’re not sure, sn0wbreeze can detect it for you. IPSW is verified and click the blue arrow to continue.
7. Select Expert Mode. Click General and hit next. It’s very likely that you don’t have the official SIM card so check ‘Activate The iPhone [Hacktivate]‘. Hit next.
8. If you really sure of installing iPad baseband, check ‘Install 06.15.00 iPad Baseband.’ (ARE YOU REALLY SURE?!)
9. Click Build IPSW and hit next. Wait until the custom firmware is ready. Once done, you should find it on your desktop with the file name:
sn0wbreeze_iPhone_3GS-5.1.1-9B206.ipsw [you can also download it here (filefactory premium membership required)]
10. Before restoring, ‘pawn’ DFU your iPhone to allow it to accept custom firmware. Otherwise, you will get error 16xx. Sn0wbreeze will guide you on how to pawn DFU (black screen) your iPhone using iREB. iREB will show up as soon as you’ve done building the custom fimrware.
11. Launch iTunes, press shift on your keyboard and then click Restore. Point it to the custom firmware on your desktop. Wait until the restore is complete. Your iPhone will boot up and you’re ready to unlock it once you’ve gone through the setup process. Just to be sure, go to Settings, General, About and check that your Modem Firmware (baseband) is 06.15.00.
Ultrasn0w 1.2.7 is now available for older basebands including iPad baseband 06.15.00.
UPDATE: You can now downgrade from 6.15.00 to 5.13.04 using redsn0w 0.9.14b2. Use this guide.
At posting time, the latest ultrasn0w is not yet supported on iOS 5.1.1. Thus, you must intall an ultrasn0w fixer patch first.
12. If you’ve installed ultrasn0w, remove it now.
13. Launch Cydia.
14. Add the following to your source:
15. Tap on the iParelhos repo to see Ultrasn0w Fixer for iOS 5.1.1 utility. Tap install to begin installation.
16. Once installation is complete, we need to install ultrasn0w. Launch Cydia.
17. Search for ultrasn0w on Packages in Cydia. If you cannot find it, add new sources by typing ultrasn0w repo:
repo666.ultrasn0w.com (with zero, not o).
18. Install Ultrasnow
19. Reboot your iPhone.
20. Turn off 3G and insert your SIM card. It should pick up your carrier signal.
- If you get an iTunes error 3194, read here on how to fix it.
- In any case if you get error 1015 and recovery loop on the iPhone, this can be resolved using the “Exit Recovery” button using TinyUmbrella.
- Phone isn’t activated? You missed step (7).
Any issue? Leave your comments below.