This page has been robot translated, sorry for typos if any. Original content here.


YOU VERY WELL MAY BRICK YOUR PHONE WITH THIS. Be careful. I have done it in my life.
So lets get down to business. I am repeating the bootloader. You need to have a 1.1.2 4.6 phone for this to work. If you upgraded to 1.1.3, have fun waiting for 1.1.4!

First download

112otb.rar [ Download ] [ Download ] [ Download ]

, you will need these files. This includes the NEW secpack, a new ieraser, a new, and a new iunlocker.

1. Copy all your files to a directory on your phone. It is imperative that you can’t wake up on the phone after the phone. Also I advise doing this on 1.0.2, since resetting the baseband doesn’t cause problems.

2. Run ienew. This is the 1.1.2 firmware to testpoint to work.

3. Find an old 3.9 no dump and create a file with the first 0x20000 bytes of the old nor dump. This is the 3.9 bootloader.

4. Copy "nor" into the folder and run iunew. This is iunlocker and runs just like the old one. You will need the A17 testpoint on before running this. See Step 3 for info on this testpoint. If you restarted and lost wi-fi, it is fine. Just run it from mobileterminal.

Note: "bbupdater -v" shouldn’t work at this point, since your phone has no firmware, just a bootloader.

5. The bootloader is now 3.9 !!! Run bbupdater -f or restore phone with the AnySimmable firmware of your choice. It seems people are the most luck with the firmware from 1.1.2

6. Run AnySim and, as usual, enjoy your unlocked iPhone.

Ps. The secpack was the only obstacle to the unlock.

The red line is covering the A17 trace. In this case, it is not a problem. Scale away with a multimeter probe. Then solder a very thin wire to it. Be very careful. Only scrape away at that solder mask above that one trace. YOU DO NOT WANT TO BREAK THE TRACE. This is the hardest step in the whole process; the rest is cake. Also solder a wire to the 1.8v line. 1.8v to your unlock switch. Be careful, you only get one chance to do this right.