Yes you read it right, here's a new team called Gevey team has announced a new unlock hardware tool called Gevey SIM which able to unlock iPHone 4 running iOS 4.1 and 4.2.1 basebands 2.10.04 / 3.10.01.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
You will need to use the SIM tray supplied and file your MicroSIM slightly to accommodate the EEPROM chip.
[You must be registered and logged in to see this link.]
Installing the SIM, only with something in between.
[You must be registered and logged in to see this link.]
The phone will search for signal, comes up with no service and finally settling on this "one bar" icon. Earlier hacks required the fake IMSI to be programmed manually however this device is obviously capable of rapidly cycling a list of IMSI until an accepted MCC/MNC combination is found.It may also spoof ICCID since the iOS is known to cross-reference
[You must be registered and logged in to see this link.]
Dial 112 and hang up after the call is connected. The network issues a TMSI for your connection.
[You must be registered and logged in to see this link.]
Toggle flight mode On/Off. What exactly happens is not too clear but apparently the interposer ROM block electrical connection to prevent the BB from detecting the fake IMSI
[You must be registered and logged in to see this link.]
The signal bars appear, we are safe:-) That is after the network ignored the fake IMSI (which the phone has no knowledge of) but allowed the SIM onboard because it is able to validate that.
How does Gevey SIM Work?
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
You will need to use the SIM tray supplied and file your MicroSIM slightly to accommodate the EEPROM chip.
[You must be registered and logged in to see this link.]
Installing the SIM, only with something in between.
[You must be registered and logged in to see this link.]
The phone will search for signal, comes up with no service and finally settling on this "one bar" icon. Earlier hacks required the fake IMSI to be programmed manually however this device is obviously capable of rapidly cycling a list of IMSI until an accepted MCC/MNC combination is found.It may also spoof ICCID since the iOS is known to cross-reference
[You must be registered and logged in to see this link.]
Dial 112 and hang up after the call is connected. The network issues a TMSI for your connection.
[You must be registered and logged in to see this link.]
Toggle flight mode On/Off. What exactly happens is not too clear but apparently the interposer ROM block electrical connection to prevent the BB from detecting the fake IMSI
[You must be registered and logged in to see this link.]
The signal bars appear, we are safe:-) That is after the network ignored the fake IMSI (which the phone has no knowledge of) but allowed the SIM onboard because it is able to validate that.
How does Gevey SIM Work?
What does this mean to Unlockers?
SIM card holds many different types of information, but the part most involved with carrier lock is the IMSI number, which is a unique code that corresponds to your account in the mobile carrier’s database.
A sample IMSI might look like this
310 150 987654321
The first two segments are known as Mobile Country Code (MCC) and Mobile Network Code (MNC) respectively, and in the example above the IMSI indicate the SIM is from USA (310) AT&T (150).
When the iPhone baseband is loaded into memory, it checks the MCC and MNC against its own network lock state stored in the seczone. If the combination is allowed, the cell radio is activated and vice versa.
The earliest iPhone baseband revisions only check IMSI twice following a restart, therefore it is very easy to send spoof information in order to bypass the check. Nevertheless, the baseband was soon updated to validate SIM more aggressively and the method soon became obsolete.
It works if A.your network handles 112 calls properly according to the GSM standard; B.they are tolerant to TSMI spoofing and does not actively validate your SIM again for incoming calls.
Unlike its ancestors, the i4 SIM interposer is not a drop-in-and-forget device. The exact precedure must be performed should the device restart, lose reception for an extended period of time or move to another PLMN. In all these situations the TMSI expires and has to be obtained again. Theoretically it is possible for a daemon to automate the process similar to ZeroG, but that only makes thing more convoluted.
It is, without question, unethical or downright illegal to use the technique anywhere 112 is a legitmate emergency number. Not a huge issue in China where the number is only used for informative purposes and the networks cannot be bothered to fix the issue.
All firmware/baseband combinations for the i4 up to iOS4.3 are vulnerable, however the exploit may be patched in any future software updates or via the carrier. If apple can influence providers to block Cydia it is not impossible for them to press them to fix the exploit. The only way to permanently unlock your baseband is NCK.
SIM interposer should not harm your phone hardware, however your network could request IMEI and identify your device during the emergency call. Your identity cannot be faked and it is possible that they will ban your account. There is a reason why SIM cards remain legally the property of the service provider: you are not supposed to tamper with them without breaching contract.
Notwithstanding all the problems, SIM interposer does not cause any battery drain since it is only active transiently, nor would it cause signal loss because it does not change cellular transmission other than the initial validation step.
[You must be registered and logged in to see this link.]