We will still have to wait for a long while before we get a software unlock for iPHone 4 Baseband 2.10.04, 3.10.01but Gevey SIM is our next hope for iPhone 4 baseband unlock.
The Gevey SIM transposes the SIM card signals while they are delivered to the baseband hardware. As a result, Unlocking iPhone is a child’s play.
How to Unlock iPhone 4 2.10.04 3.10.01
1. Just Install the Gevey SIM and then call 112, once the call connects you hang up.
2. Toggle Airport mode on and off and that’s it.
On one side the unlock is dirt easy, while on the darker side of the method, dialing the emergency number without any reason is punishable offense in some countries. Another drawback of the method is that a firmware update or carrier update will again lock the iPhone 4.
How Gevey SIM iPhone 4 Unlock works
SIM card holds many different types of information, but the part most involved with carrier lock is the IMSI number, which is a unique code that corresponds to your account in the mobile carrier’s database. When the iPhone baseband is loaded into memory, it checks the MCC and MNC against its own network lock state stored in the seczone. If the combination is allowed, the cell radio is activated and vice versa. The earliest iPhone baseband revisions only check IMSI twice following a restart, therefore it is very easy to send spoof information in order to bypass the check. Nevertheless, the baseband was soon updated to validate SIM more aggressively and the method soon became obsolete.
A sample IMSI might look like this
310 150 987654321
To guard against eavesdropping that plagued pre-GSM cellular networks, the initial connection to a network does not only involve IMSI, but a 4-byte TMSI to identify each handset before IMSI is sent processed.
The base station then send a 16-byte nonce to the handset, where is signed with a 128bit DES key (Ki, stored encrypted on the SIM) and sent back. The network checked the string against their database and allow that number to connect to the network.
You see, the IMSI is not essential; as long as your key is valid, you will be able to get service. This is exactly what the various SIM hacks where a fake IMSI is sent along with the correct key. The IMSI is redirected to another network and lost, and the signed nonce usually allows you to register (without cross-checking IMSI)
With this technique, “Data Roaming” needs to be enabled to allow data connection because the baseband is acting on the assumption that the phone is roaming however the network do correctly recognise the phone as a home user. Further details here.
What does it mean to unlockers?
- It works if A.your network handles 112 calls properly according to the GSM standard; B.they are tolerant to TSMI spoofing and does not actively validate your SIM again for incoming calls.
- Unlike its ancestors, the i4 SIM interposer is not a drop-in-and-forget device. The exact precedure must be performed should the device restart, lose reception for an extended period of time or move to another PLMN. In all situations the TMSI expires and has to be obtained again. Theoretically it is possible for a daemon to automate the process similar to ZeroG, but that only makes thing more convoluted.
- It is, without question, unethical or downright illegal to use the technique anywhere 112 is a legitmate emergency number. Not a huge issue in China where the number is only used for informative purpose; the providers has no immediate incentive to fix the loophole.
- All firmware/baseband combinations for the i4 up to iOS4.3 are vulnerable, however the exploit may be patched in any future software updates or via the carrier. If apple can influence providers to block Cydia it is not impossible for them to press them to fix the exploit. The only way to permanently unlock your baseband is via NCK.
- SIM interposer should not harm your phone hardware, however your network could request IMEI and identify your device during the emergency call. Your identity cannot be faked and it is possible that they will ban your account. There is a reason why SIM cards remain legally the property of the service provider: you are not supposed to tamper with them without breaching contract.
- Notwithstanding all the problems, SIM interposer does not cause any battery drain since it is only active transiently, nor would it cause signal loss because it does not change cellular transmission other than the initial validation step.
An overpriced (US$50), unreliable and legally questionable mod; works for some but your mileage may vary; get it if you are desperate or wait for the 40-bit NCK hack by dev team.