This page has been robot translated, sorry for typos if any. Original content here.

Instructions for unlocking (hacking) iPhone

iPhone unlocked! The standoff between Apple and the hackers that lasted since the release of the iPhone has been temporarily suspended. It is impossible to call this a complete victory for hackers, because the way that the sims of other operators can be used on the iPhone is more like a “cunning deception” of protection and not its hacking.

The unlock method is very simple, you do not need any military technology.
All that is required is easily bought in online stores:
- SIM card programmer (read / write SIM cards), about 1800 rub.
- Net mytissimka is Silvercard (CPU card chip PIC16F876 + Memory 24C64 + 8 different cellular operators, 208 numbers in a notebook, 10 SMS), 250 rubles;
- Programs for calculating KI and firmware of SIM cards (Woron Scan will do - works faster than its counterparts), for free.
The method consists in the following:
Attention, is not responsible for the consequences of the following actions. You perform them at your own risk.
1. Preparatory stage.
For MAC users
For Windows users
2. Work with AT & T sim card.
Now you need the AT & T sim card that came with the phone.
For MAC users
For Windows users
3. Read IMSI, ICCID and KI
It takes time to read the IMSI, ICCID and KI. Although it is not difficult to find out the IMSI number, it is much more difficult to find out the KI value; this requires physical access to the SIM card, since on air KI is not broadcast in the open form. When authenticating the subscriber at the operator’s base station, the sim card encrypts with the KI key some message (pseudo-random request) transmitted by the operator’s network and returns the result. The network performs the same action on its part - and if the keys match, then the encrypted messages will also match.

Experimental data on Russian operators.

SIM card Raven Scan
Time min The number of calls to the SIM card Frequency, Mhz
MTS-Jeans five 5354 14.28
MTS-media thirty 14696 7.14
MTS-info 20 18330 7.14
MTS-info 27 18863 7.14
MTS-media eleven 6349 7.14
BeeLine 96 17566 3.57

Most programmers operate at a fixed frequency of 3.57 Mhz, but in our case (USI v 2.0) there was a choice of frequency between 3.57, 7.14 and 14.28 Mhz. The higher the frequency of the crystal oscillator, the faster the scanning process will end. However, one should take into account that SIM cards of different operators can be scanned at different frequencies, more precisely, at 3.57 Mhz, all SIM cards are scanned, at a higher frequency, not all. For example, in Moscow, BiLine sim cards are scanned only at 3.57 Mhz, sim MTS cards at 7.14 Mhz (MTS media and MTS info) and 14.28 Mhz (Jeans). Megaphone SIM cards are scanned at a frequency of 14.28 Mhz, but you will not be able to find out KI.

So we need:
- Insert your own, not AT & T SIM card in Woronscan and pull out IMSI + KI from it (the process can take up to 40-50 minutes);
- To do the same operations with AT & T SIM to get IMSI + ICCID.

As a result, we obtain approximately the following result (depending on your card):

Save the result to a file. Then open the resulting file with a text editor and find the KI and IMSI values ​​of your SIM card in it. If it is impossible to find a KI, the program will stop working on the 60000th calls to the SIM card. This was done in order to avoid blocking the card due to exceeding the threshold number of hits. However, you can forcibly continue scanning, but from personal experience we can say that if KI was not found in less than 60,000 attempts, then it will never be found. We checked on the megaphone SIM card, after 90,000 calls the SIM card was blocked. Those. It became impossible to use it (such cases, experiment on maps that are not sorry).

Fine. We continue. You will be required to:

- Download utility SIM_EMU_6.01_iPhone.rar [ Download ] [ Download ] [ Download ]
- Put the Silvercard in the programmer, run the SIM-EMU;
- Configure tab >> Read from disk >> hook SIM_EMU_6.01_iphone. HEX and SIM_EMU_6.01_iphone_EP. HEX >> make sure that the utility cells from 0 to 9 are red;
- We drive in the 0-cell IMSI and Ki of your sim card, then AT & T ICCID. For ADN / SMS / FDN # we manually put in 161, 15, 4. For SMS Center we use your service number for sending SMS (look in the phone settings or on the operator’s website);
- Insert 9th cell IMSI AT & T;
- In the Config mode options, mark the Card;
- Click Write to card;
- Turn off the iPhone, insert the created super-SIM;
- Turn on the iPhone;
- Observe the icon of your operator and make a test call.

Congratulations to all the iPhone fans in Russia! Now this miracle phone will work with us!

Photo of the first unlocked Russian iPhone