1.1.2 OTB UNLOCKED
So lets get down to business. It is a hardware method, so I will not repeat steps. You need to have a 1.1.2 4.6 phone for this to work. If you upgraded to 1.1.3, have fun waiting for 1.1.4!
112otb.rar [ ] [ ] [ ]
, you will need these files. This includes the NEW secpack, a new ieraser, a new testcode.bb, and a new iunlocker.
1. Copy all the files to a directory on your phone. It is imperative you do not shut off the phone after ieraser, or you can not restore wifi, since the only fls which works on 4.6 is 1.1.3 Install mobileterminal before you begin, in case you lose wi-fi. Also I advise doing this on 1.0.2, since resetting the baseband.
2. Run the ienew. This is ieraser, and it erases your 1.1.2 firmware to allow the testpoint to work.
3. Find an old 3.9 nor dump and create a file called "nor" with the first 0x20000 bytes of the old nor dump. This is the 3.9 bootloader.
4. Copy "nor" into the folder and run iunew. This is iunlocker and runs just like the old one. You will need the A17 testpoint on before running this. See Step 3 for info on this testpoint. If you restarted and lost wi-fi, it is fine. Just run it from mobileterminal.
Note: "bbupdater -v" should not work at this point, since your phone has firmware, just a bootloader.
5. The bootloader is now 3.9 !!! Run bbupdater -f or restore phone with the AnySimmable firmware of your choice. It seems people are having the most luck with the firmware from 1.1.2
6. Run AnySim and, as usual, enjoy your unlocked iPhone.
PS. The secrecy was the only obstacle to the unlock.
The red line is covering the A17 trace. In order to trick the chip into thinking the flash is erased in the correct section, you will need to pull this high. Scrape away at the same time as a multimeter. Then solder a very thin wire to it. Be very careful. Only scrape away at that solder mask above that one trace. YOU DO NOT WANT TO BREAK THE TRACE. This is the hardest step in the whole process; the rest is cake. Also solder a wire to the 1.8v line. Connect to wire from the 1.8v to your unlock switch. Be careful, you just get one chance to do this right.