Group successfully details hardware-based iPhone unlocking

Posted:
in iPhone edited January 2014
A determined group of hobbyists has documented breaking the iPhone's ties to AT&T through a mixture of hardware and software, proving that the Apple handset can be hacked to permanently function with other cellular carriers.



Calling their project Finding JTAG after the Joint Test Action Group standard used to test access ports on circuit boards, the hobbyists claim to have refined a surefire but dangerous ten-step process that allows the iPhone to use an unmodified SIM card from T-Mobile or other GSM cellular networks.



The technique requires an iPhone that has already been "jailbroken," or derestricted to allow third-party programs, as well as soldering tools and wiring. Similar to the process for unlocking a Siemens phone from Europe, the process involves forcing the read-only boot memory on the iPhone to accept unsigned code on the phone's built-in NOR flash storage that controls some of the most essential functions. This permits the code to change the iPhone's default behavior, which normally bars all but specially approved SIM cards from placing and receiving calls.



"Once the code is on the NOR [memory] we can do whatever we want," said Finding JTAG's public representative, George Hotz. "So patch out the [carrier] lock; voila, unlocked iPhone."



While the summary appears straightforward, however, the actual process is potentially complicated -- and also potentially fatal to the phone for novice hackers. In addition to removing the back cover of the phone and exposing the circuit board, the procedure requires cleaning and then resoldering a single trace on the board to a power line and an unlock switch; a failure could render the whole phone unusable. "You only get one chance to do this right," Hotz warned.



Once this is accomplished, a reset of the phone's baseband frequencies and then selectively erasing and reloading firmware with special software that lets users send the needed code and a final instruction that removes the carrier lock, permanently unlocking calling service and allowing the phone to receive new code more easily in the future.



Despite of the team's success, the experiment would not immediately result in an easily reproduced means of derestricting the iPhone, Hotz added. Although it was apparent that a hardware modification would work, the goal was still to develop a completely software-driven equivalent, which he and Finding JTAG believed was possible but still relatively distant and would likely demand superior reverse engineering skills.



"If anyone finds a way to erase the [Apple-made] bootloader from software, this becomes a software unlock," according to Hotz. "I'm sorry about how hard [the instructions] are to follow, but someone will get them to work, and simplify them, and simplify them more. Hopefully a software unlock will be found in the near future."
«1

Comments

  • Reply 1 of 39
    gqbgqb Posts: 1,934member
    Ok, hats off. Really clever, really entertaining, if you're in the .001% of owners who might want to attack their $600 device with a soldering iron and warranty breaking escapades.



    But I really want to know. Are these the same folks who are the going to try to ream Apple a new one once their iPhone is compromised with the new 'feature' of accepting unsigned code from god-knows-where?



    Have fun...
  • Reply 2 of 39
    zunxzunx Posts: 620member
    Awesome. I wonder:



    1. Is legal for Apple to block the iPhone to prevent use with other company than AT&T or whatever they want?



    2. Is legal for people to break it and distribute the tool?



    Thanks.
  • Reply 3 of 39
    bauchbauch Posts: 20member
    Quote:
    Originally Posted by zunx View Post


    Awesome. I wonder:



    1. Is legal for Apple to block the iPhone to prevent use with other company than AT&T or whatever they want?



    2. Is legal for people to break it and distribute the tool?



    Thanks.



    1. Of course it's legal. Every other cell phone manufacturer/service provider does it.



    2. I'm not sure on that one, but my guess is no.
  • Reply 4 of 39
    I wouldn't want to lose visual voicemail.



    Oh also, I wouldn't want to crack this baby open and go to town with a soldering iron!



    I hope it's just a big joke and people end up breaking their phones.
  • Reply 5 of 39
    aaarrrggghaaarrrgggh Posts: 1,609member
    Too lazy to try myself, but when you put a "foreign" SIM into the iPhone, are you given an opportunity to enter an unlock code? Just wondering, since the 90-day post-purchase window after which you can request the unlock code from Cingular is approaching. Does anybody know if they are legally required to provide the unlock codes after the 90-day window expires?
  • Reply 6 of 39
    solipsismsolipsism Posts: 25,726member
    In the US T-Mobile is the only other GSM provider, but don't they use a spectrum that is outside the range of the iPhone?



    edit: T-Mobile US uses the 850MHz and 1900MHz bands for calls (well within the iPhone quad-band spectrum) but also uses 1700MHZ and 2100MHz frequencies. I assume these are mainly for 3G coverage. I'm assuming EDGE will work within the 850 and 1900MHz range.
  • Reply 7 of 39
    lkrupplkrupp Posts: 10,557member
    My son and his buddies, when younger, were always trying to modify their Nintendo, Playstation, Xbox with a bootleg chip that supposedly allowed you to run copied/pirated games. I don't have to tell you what the outcome of their tinkering almost always resulted in, do I?



    The really funny nonsense coming from these hackmeisters is that their work will result in millions of additional iPhones being purchased by like minded individuals who wish to throw off the bonds of Apple and the evil entity known as at&t (the new company is lower case by the way). Utter nonsense. Just look at how retail sales of OS X took off after it was hacked to be able to be run on standard PC hardware. Yeah, right.



    Unless and until Apple officially unlocks, frees up, or whatever, the iPhone this useless trick will remain an oddity known only to nerds who live in their parent's basements.



    And of course there's the little matter of iPhone updates.
  • Reply 8 of 39
    Quote:
    Originally Posted by lkrupp View Post


    Unless and until Apple officially unlocks, frees up, or whatever, the iPhone this useless trick will remain an oddity known only to nerds who live in their parent's basements.



    And of course there's the little matter of iPhone updates.





    That's a bit harsh!

    I managed to chip my original xbox without any dramas from following a similar guide and this iPhone hack seems pretty simple if you have any basic soldering skills - no doubt thou that skill isn't something possessed by all and this probably isn't a good place to start learning.

    According this hack you can still update your iPhone, it just gets relocked and requires you to re-run the software part of the process to unlock it again.



    Personally, i'm waiting on the 3G version of the iPhone (being in Oz) before i get the credit card out and hopefully by then Apple either let them be unlocked or it can be done via software.



    Hopefully this encourages Apple to start offering unlock options in the near future so when they launch locked phones in new countries they aren't compeating with cheap eBay auctions for hacked phones that work with any sim.
  • Reply 9 of 39
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by lkrupp View Post


    Just look at how retail sales of OS X took off after it was hacked to be able to be run on standard PC hardware.



    Users of OSx86 Project download the hacked software from the nets. They don't buy a new copy of OS X.



    But there certainly seemed to be a surge in Apple sales since Apple has officially allowed a simple partitioning and installation tool for Windows on Macs. Do in (at least) part to the EFI bootloader being hacked to allow Windows to run on Mac hardware.
  • Reply 10 of 39
    jeffdmjeffdm Posts: 12,951member
    Quote:
    Originally Posted by Matthew Yohe View Post


    I wouldn't want to lose visual voicemail.



    Oh also, I wouldn't want to crack this baby open and go to town with a soldering iron!



    I hope it's just a big joke and people end up breaking their phones.



    Why would you hope that people end up breaking their phones?



    Anyway, I think it's a curiousity, but if I owned an iPhone, I wouldn't consider this either unless I got _really_ screwed by AT&T, but there's only one other carrier with GSM. There's a chance that this sort of thing will get successively easier over time, but now is not the time to try it except for the very adept.



    The only thing I've ever chipped was a Panasonic DVD player. It works fine, though I don't need it often. It was best for removing the Macrovision signal because it causes distortions on the screen. I also had a projector that really flipped out when fed 480p with Macrovision.
  • Reply 11 of 39
    jeffdmjeffdm Posts: 12,951member
    Quote:
    Originally Posted by aaarrrgggh View Post


    Too lazy to try myself, but when you put a "foreign" SIM into the iPhone, are you given an opportunity to enter an unlock code? Just wondering, since the 90-day post-purchase window after which you can request the unlock code from Cingular is approaching. Does anybody know if they are legally required to provide the unlock codes after the 90-day window expires?



    There is no legal requirement to unlock a phone that I've heard.



    Quote:
    Originally Posted by bauch View Post


    1. Of course it's legal. Every other cell phone manufacturer/service provider does it.



    2. I'm not sure on that one, but my guess is no.



    For the moment, Apple and AT&T probably won't get a judgment in their favor in terms of bypassing copy protection. The US Register of Copyrights has given a three year (and possibly extensible) reprieve for those that unlock cell phones. I don't know if there's issue with the FCC though. The best that can be done by Apple is bully people and hope they just give up because litigation is expensive and takes a lot of time.
  • Reply 12 of 39
    nvidia2008nvidia2008 Posts: 9,262member
    Quote:
    Originally Posted by zunx View Post


    Awesome.



    Most definitely. I predicted within 3 months of iPhone launch. I was right! w00t



    Quote:
    Originally Posted by zunx View Post


    1. Is legal for Apple to block the iPhone to prevent use with other company than AT&T or whatever they want?



    Most definitely. Tons of companies all around the world do it.



    Quote:
    Originally Posted by zunx View Post


    Is legal for people to break it and distribute the tool?



    1. It is probably not legal to attempt such reverse engineering/hacking

    2. It is very likely to be not legal to distribute/publish such information

    3. It is definitely illegal to distribute any software that assists in such hacking

    4. It is 110% illegal to sell the hard-unlocked/soldered/etc iPhone on eBay



    http://cgi.ebay.com/ws/eBayISAPI.dll...m=230164884672
  • Reply 13 of 39
    Quote:
    Originally Posted by bauch View Post


    1. Of course it's legal. Every other cell phone manufacturer/service provider does it.



    2. I'm not sure on that one, but my guess is no.



    Actually in just about every country in the world (apart from the USA) it is illegal for a network operator to sell a phone that cannot be unlocked, by law if a customer want the phone unlocked the networks have to comply. in Europe it is normal practise for handsets to be given away and subsidised by the contract payments and in that case you need to finish paying for your contract and networks can also charge an unlocking fee.



    And actually in the USA it is now legal to unlock a mobile phone, so you can by all accounts unlock an iphone legally!! - Okay i am not a lawyer, any lawyers here??



    In some countries in it is even illegal to sell a locked phone.





    I will stick my neck out here and make a bold prediction...



    The iPhone when it goes in sale in Europe will be subsidised by the network operators and sold on a two year contract and wil probably cost a 1/4 of what it costs to buy in the US or actually even given away for nothing if the contract payments were high enough.



    From what i know of the regulations (and again i am no lawyer) i think this would be the only way that Apple's business plan will work because by law they will have to unlock iphones if asked, at least if the contract is subsidised they could force people to see out their agreed contract term with the network.
  • Reply 14 of 39
    http://www.copyright.gov/fedreg/2006/71fr68472.pdf



    LIBRARY OF CONGRESS



    Copyright Office



    37 CFR Part 201

    [Docket No. RM 2005–11]



    Exemption to Prohibition on Circumvention of Copyright Protection Systems for Access Control Technologies circumvention of technological measures employed by or on behalf of copyright owners to protect their works (hereinafter ‘‘access controls’’).




    -----



    5. Computer programs in the form of firmware that enable wireless telephone handsets to connect to a wireless telephone communication network, when circumvention is accomplished for the sole purpose of lawfully connecting to a wireless telephone communication network.





    Quote:

    The Register has concluded that the software locks are access controls that adversely affect the ability of consumers to make noninfringing use of the software on their cellular phones.

    Moreover, a review of the four factors enumerated in §1201(a)(1)(C)(i)–(iv) supports the conclusion that an exemption is warrantedassurances that there was no intention that the exemption be used to permit unauthorized access to those works. Rather, the exemption is sought for the sole purpose of permitting owners of cellular phone handsets to switch their handsets to a different network. .



  • Reply 15 of 39
    doemeldoemel Posts: 75member
    Quote:



    Man, I'd never buy an iPhone with someone elses fugly signature on it. Ruins the whole design... Tststs...
  • Reply 16 of 39
    cnocbuicnocbui Posts: 3,613member
    Quote:
    Originally Posted by lkrupp View Post


    My son and his buddies, when younger, were always trying to modify their Nintendo, Playstation, Xbox with a bootleg chip that supposedly allowed you to run copied/pirated games. I don't have to tell you what the outcome of their tinkering almost always resulted in, do I?



    Unless and until Apple officially unlocks, frees up, or whatever, the iPhone this useless trick will remain an oddity known only to nerds who live in their parent's basements.



    Nerd in basement buys phone for $540 spends a couple of hours on it then sells it for at least $1575. Probably does this several more times before getting a job offer with a salary that would make your eyes water. Silly, silly nerd.
  • Reply 17 of 39
    Quote:
    Originally Posted by lkrupp View Post




    Unless and until Apple officially unlocks, frees up, or whatever, the iPhone this useless trick will remain an oddity known only to nerds who live in their parent's basements.



    You are so right, just like those nerds Steve Jobs and Bill Gates eh? dear oh dear, whatever became of those little dweebs i wonder?
  • Reply 18 of 39
    cnocbuicnocbui Posts: 3,613member
    Quote:
    Originally Posted by murphyweb View Post


    You are so right, just like those nerds Steve Jobs and Bill Gates eh? dear oh dear, whatever became of those little dweebs i wonder?



    I entirely agree with your sentiments but Steve Jobs was a way astute businessman - Steve Wozniak was the nerd.
  • Reply 19 of 39
    a_greera_greer Posts: 4,594member
    Quote:
    Originally Posted by zunx View Post


    Awesome. I wonder:

    2. Is legal for people to break it and distribute the tool?



    Under the DMCA technically makes this illegal, but Apple and ATT will not have the balls to sue because it would bring a ton of publicity to something that the cell companies dont want in the open in the media, what about people that cant get ATT Cell phones? why should the whole state of VT be shut out of the greatest peice of wireless phone tech since the startac just because of carrier lockin...we need one network managment company and the carriers should be the middle man, paying the network company for access to the network, It would provide full coverage of every provider in every area that gets a cell signal. This would also solve roaming



    This sort of stuff is what Europe does and they dont have many of the cell problems that we have
  • Reply 20 of 39
    nvidia2008nvidia2008 Posts: 9,262member
    Quote:
    Originally Posted by murphyweb View Post


    You are so right, just like those nerds Steve Jobs and Bill Gates eh? dear oh dear, whatever became of those little dweebs i wonder?



    Quote:
    Originally Posted by cnocbui View Post


    I entirely agree with your sentiments but Steve Jobs was a way astute businessman - Steve Wozniak was the nerd.



    Quote:
    Originally Posted by cnocbui View Post


    Nerd in basement buys phone for $540 spends a couple of hours on it then sells it for at least $1575. Probably does this several more times before getting a job offer with a salary that would make your eyes water. Silly, silly nerd.



    Heh. ...Yeah this nerd might be Steve Jobs & Wozniak combined. Okay, maybe right now 10% of SJ and Woz combined. But he's got the business sense, the phone will probably sell in excess of $3k -- there's still SIX bloody days to go! And he's already making back 300% of his investment.



    Additionally, let's just say right now several covert arms of big telco companies are contacting him with many offers he can't refuse...
Sign In or Register to comment.