BIG FAT DISCLAIMER: Use these methods at your own discretion/risk. I am not responsible for bricked or non-functioning iPhones as the result of you following these step-by-step. These steps merely reflect the processes i went through to unlock mine. You have been warned.

Background info:- iPhone 8Gb Week 30, unlocked on firmware 1.0.2 using iUnlock from iphone.unlock.no. Extensive modification were done via Summerboard, Customise and Dock. Customisation include custom bar dialers, sliders, icons and ringer tones. iPhone was not returned to any semblance of the factory default looks/settings when these processes were done.

Here are the workflow for the entire process:-

Unlocked AnySIM/iUnlock 1.02 iPhone
==>Revirginize(either use my own as described here in this thread, or the Idiot-Proof Guide on Virginizing your iPhone at 1.0.2 )
==>Update to 1.1.1 via iTunes
==>Jailbreak(TIFF exploit + TouchFree or Carnaval by Brasuco
==>Unlock using AnySIM 1.1

RUJU's End result = a 1.1.1 updated unlocked iPhone!

Alternatively, you may also want to try this workflow for more automated process. Not tested by me, but reported to work by others. As always, proceed with caution.

Unlocked AnySIM/iUnlock 1.0.2 iPhone
==>Revirginize using the Idiot-Proof Guide on Virginizing your iPhone at 1.0.2 )
==>Update/Shift-Restore/"10-10 Reset" Restore to 1.1.1 via iTunes
==>Jailbreak via [url=http://www.hackint0sh.org/forum/showthread.php?t=12867]Carnaval by Brasuco[/url
==>Unlock using AnySIM 1.1

**I have not tested the Idiot-Proof Guide on Virginizing your iPhone at 1.0.2 OR Carnaval by Brasuco) to vouch for their effectiveness. Use these at your own risk.**


My own step-by-step installation process:-

Seczone Backup Process

This process ASSUMES that you already have an unlocked 1.0.2, in which in that process should already require you to install OpenSSH and BSD Subsystems to enable WinSCP to SSH into your iPhone.

1 - Download the Virginizer Pack from this link.
2 - Extract and copy the entire directory into iPhone. This is done via WinSCP. Place it under /usr/bin directory.
3 - Load up puTTy. Login into your iPhone with the similar login/password as WinSCP.
4 - Change directory to the Virginizer Pack directory by typing "cd /usr/bin/virginizer_pack"
5 - Unload CommCenter, so that you can proceed with the seczone dump by typing "launchctl unload /System/Library/LaunchDaemons/com.apple.CommCenter.plist"
6 - Run the norz seczone dumper by typing " norz seczone.backup 0x3FA000 0x2000 ". You should see:-


This creates a file called seczone.backup in your /usr/bin/virginizer_pack directory.

6a- If this does not happen, and you come up to the case where you are waiting for a long time for the seczone dump, try this remedy.Close puTTY, load up WinSCP, set permission to 0766 to the file called "seczone.backup".This is done by right clicking on the file and setting "0766" as the number in the Octal field. Repeat Step 6 AGAIN and make sure you get the expected result as shown.[/color]
7 - Close puTTy, and load up WinSCP , navigate to /usr/bin/virginizer_pack, and copy the seczone.backup to a folder of your choice.

Virginizing: Press Start button!

1 - Run puTTy , log into your iPhone , and change directory by typing "cd /usr/bin/virginizer_pack"
2 - Run iUnlock, together with the .fls file and elliteloader.bin by typing "iUnlock ICE03.14.08_G.fls eliteloader.bin"

You will see:-


3 - Update the baseband by typing this "bbupdater -v"

You will see:-


Your seczone is now repaired.

4 - Reflash the 3.14.0 baseband firmware by typing this "bbupdater - f ICE03.14.08_G.fls -e ICE03.14.08_G.eep"

You will see this:-



To check if your baseband firmware is flashed properly, type "bbupdater -v"

You will see this:-



Revirginizing process complete!

Alternatively, there is also an Idiot-Proof Guide on Virginizing your iPhone at 1.0.2 available. Looking at it's pictorial results, looks the same, except it is set in a wizard-like environment, so n00bs will feel more comfortable, rather than playing around with command lines. This may be easier for n00bs , but i cannot vouch for the authenticity or the result of you following this process. As always, proceed at your own discretion/risk.

ADDENDUM: A revirginized 1.0.2 iPhone, at this stage, will not necessary mean that it will look like how it came out of the box when you first got it. You may still have your Summerboard theme installed, with customised icons and other modifications to the looks. What this process does is that it returns the iPhone, particularly its baseband and seczone data, modified during the previous unlocking process, back to how it is when it came out of the box. Do not be alarmed when you see that you still see it looking the same as before, the internal restoration/virginization has been applied. To certify this, your iPhone now will display "Incorrect SIM" after the virginization process, which is reflective of what would happen when you have unlocked your iPhone to an AT&T sim card, but inserted any other sim card instead.

Update to 1.1.1 via iTunes

What you need to do next is go back into iTunes and click that Update button, or Shift-Update if you already have the file on your desktop. Once iTunes has updated your iPhone, it will return you to the Activation screen again, but this time it's already 1.1.1.

Jailbreaking: Prologue

You then follow with the initial part of the jailbreaking.

1. Slide to reach the emergency dial screen

2. Enter *#307# and then press call

3. Your phone will ring itself, make sure the dialed number on top of the screen is "O", then hit call again, press answer.

4. Press hold now and your phone will start ringing again

5. Press Dismiss and your phone will go into the contacts/dial screen

6. Press contacts from the bottom bar and add a contact

7. Add a contact with a random name and homepage as >> prefs://1F <--This is to get into the Settings page

8. Save it and click on the contact's homepage. this will take you straight into the setting menu of the iPhone, and you can take all the time to select a WIFI network! **It is recommended for you to turn on the Auto-Lock to NEVER, so that you get a steady, strong Wifi signal when you are using WinSCP and puTTy.**

Leave your phone like that now for a minute or two. Then shut down your iphone and restart.

8b. After the iPhone restarts it should have the Wifi icon showing at the top...if it does not do steps 1 - 8 again. If you do this right, your iPhone will remember your network and log into it automatically.

9. Once the wifi is working, do steps 1 - 5 again.

9a. For the next step add another contact give it another name and this time add the address as >> http://jailbreak.toc2rta.com/

10. Save the contact and then go to the 2nd url you just saved. Safari will load the page and then close automatically to the home screen (the screen that says activate iphone).

This is the TIFF exploit. You can now proceed to install TouchFree.

Jailbreaking :Touchfree

Get TouchFree (it works on iPhone too) http://www.slovix.com/touchfree/touchfree-setup.exe (Get/Install .Net Framework 3.0 before you move on)

***If you are having trouble with touch free (like it gets stuck at step 2 and stuff, uninstall the old version and use this one : http://www.slovix.com/touchfree/touchfree-alpha.exe)

- Follow the steps on TouchFree (You have to shut down the iPhone 2 times during this process, it will tell you to do it even after the 2nd time you have done it but ignore that and close the program!)
- After touchfree finishes you should restart your iphone and get to the springboard
- Set auto-lock on your phone as "never" (on your iphone: Settings > General > Auto-Lock > Never)

You need to install OpenSSH and BSD Subsystem via Installer before you use WinSCP to SSH into your iPhone. This will enable you to login into your iPhone*many thanks to wideawake.

- Now get WinSCP (http://winscp.net/download/winscp404setup.exe)

You can find your iphone ip by going to (on your iphone) settings > Wi-Fi > "Your selected WiFi" > Look under IP Address
- Connect to your iPhone using WinSCP (user: root password: alpine)


Just press login after your screen on WinScp is like this ^

- Get AnySIM 1.1 (http://conceitedsoftware.com/iphone/anySIM-1.1.zip)
- Upload AnySIM 1.1 to the /Applications folder (Make sure both the folder anySim.app and the file inside that folder named anysim are chmodded to 0755)

Make sure the directory anySim.app and the FILE named "anysim" inside the directory are chmodded to 0755!!

*To "chmod" in WinSCP, log into your iPhone, select the files/folders needed to be "chmodded", and set their permission to "0755".

- Download this file http://rapidshare.com/files/63229501/killall.html
- Upload it to your /usr/bin folder (on the iphone)
- Set permissions to 0655 via WinSCP(if you get problems later, try setting them to 0755)
- Run Installer from your springboard
- Install BSD Subsystem from Installer
- Restart your phone

Unlocking 1.1.1 using AnySim 1.1

- Run anySIM 1.1 (MAKE sure your new simcard in inserted) (IF ANYSIM CRASHES, CHMOD the ANYSIM FILES AS STATED at step marked in gray)
- Restart your phone again
- Get this file: http://rapidshare.com/files/63231299/lockdownds.zip.html
- Upload the three files to your /usr/libexec folder on your iphone
- Set permissions to 0755 via WinSCP to these three files
- Rename the file called lockdownd on your /usr/libexec folder to lockdownd.back
- Rename the file lockdownd.1.0.2 to lockdownd
- Download iAsign (http://rapidshare.com/files/64056361/iasign.zip)

*You may need this dlls to run iAsign http://rapidshare.com/files/63351413/iasign-dlls.zip.html

- There is a file called iphoneactivation.pem under the /iAsign/bin/ folder of the zip you just downloaded
- Uploaded to your iphone, to the folder /System/Library/Lockdown
- Get Putty from here http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe
- Connect to your iPhone using putty (user: root password: alpine)
- Run this command without the quotes "killall lockdownd"
- Extract the iasign folder to your C:/ Drive (That folder can be found in this file >> http://d.turboupload.com/d/2098918/unlock111.zip.html)
- Open a command line in your pc (Start menu > Run > cmd)
- Navigate to the folder where you have iasign.exe (This means you need to point the command prompt to the iasign folder):



- Now run this command from the command line "iasign --automatic iPhoneActivation_private.pem"
- Your iphone should popup a message telling you that it is Activated
- Now rename lockdownd to lockdownd.1.0.2 using WinSCP (This is in /usr/libexec)
- Now rename lockdownd.swap to lockdownd using WinSCP (This is in /usr/libexec)
- Run this command without the quotes "killall lockdownd" on putty
- Restart your phone
- And it should be unlocked by now

Alternate YouTube Activation:

Just upload youtube certificate files (data_ark.plist, device_private_key.pem and device_public_key.pem) to /var/root/Library/Lockdown/

You can find the files here: http://rapidshare.com/files/58461644/youtube.zip.html

After reinstalling, recustomising and syncing everything back, the end result:-



Good luck!

This post has been edited by stringfellow: Nov 2 2007, 12:19 AM

Hi, I'm stuck at " norz seczone.backup 0x3FA000 0x2000 ".
It's waiting forever. Maybe drawback until BSD subsytem can install properly.

1 - Unload CommCenter as explained before proceeding with the dump

2 - Use Windows XP instead of Vista

3 - What are the messages you receive? Post them here, exactly word for word.

Good guide for all. Ought to be stickied IMO.

I've done something similar to the above for my own unlocking - though I do not remember dumping the seczone.. but always backup !

The rest of it looks the same as what I did to unlock mine and it should work. (unless you guys have messed up your iphone's internal organs beyond repair .. lol)

There is also an Idiot-Proof Guide on Virginizing your iPhone at 1.0.2 available. Looking at it's pictorial results, looks the same, except it is set in a wizard-like environment, so n00bs will feel more comfortable, rather than playing around with command lines. This may be easier for n00bs , but i cannot vouch for the authenticity or the result of you following this process. As always, proceed at your own discretion/risk.

I actually replied to your prob in another thread. Did you try it? Here it is again.

Hit CTRL-C to cancel the process. You should have a 0 byte seczone.backup. Now try

chmod 766 ./seczone.backup

and try the dump again and see if that helps.

The dump should only take 3 seconds. So if you're waiting, somethings wrong.

Note that if you restart the phone, remember to:

launchctl unload /System/Library/LaunchDaemons/com.apple.CommCenter.plist

If you do this twice, you'll get a process not found message which confirms that it's been unloaded.
If it's not unloaded and you run norz, you get a resource busy message or something like that.

So basically you have to set permission to 0766 to get Norz to do the dump. I'll add that to the RUJU step-by-step for reference, thanks Soonwai!

# ./norz seczone.backup 0x3FA000 0x2000
geohot's nor dumper
all your norz are belong to us
super fast...just the way i like it
Dumping: A03FA000-A03FC000
Waiting for data...


this only all the night

I'm sorry I'm drawing a blank here. Other than unloading CommCenter or that set permission number, I don't know what's going on your unit.



This post has been edited by stringfellow: Oct 26 2007, 05:55 AM

Thanks to wideawake for catching the omission in the guide. You need to install OpenSSH and BSD Subsystem via Installer before you can do any kind of SSHing into your iPhone using WinSCP.

This guide have been amended to reflect that.

I followed this guide last night and managed to upgrade and unlock my week 38 1.0.2 iphone to firmware 1.1.1.

One thing about the virginizer though, it does not reformat the whole iphone, which is a good thing.

Before I update to 1.1.1 using Itunes, it is in a jailbreaked mode and I can access springboard and see all my programs/contacts/SMS/pictures.

And after updating using itunes (I clicked on Update, not Restore), I still can see my old contacts/caller history/SMS/pictures.

After the whole session, I have all my data intact, only had to reinstall the third party programs. I had Mobile Money installed when I was on 1.0.2, and after upgrading, I had to re-install the program, but all the data was still intact.

I was glad that I didn't lose the pictures from the iphone because some of them was from Raya and I forgot to copy it out before upgrading. Saves my wife from killing me for losing the photos.

A bit out of topic, but how the h@ll do I transfer pictures out of this thing?

If you have photo management programs like Picasa, once you plug the iPhone in, it should come up with the notification of it detecting that a digital camera is attached and if you want to transfer it out or not. Otherwise, you could WinSCP into the iPhone and manually copy it out.

Hey Stringfellow,

Thx again for all your work (and general help) in putting guides like this together... People out here really appreciate it!!!


This post has been edited by Great_Cookie: Oct 26 2007, 09:51 PM

What I did was just piecing the mess together into a workable solution. The real heroes are the folks who made all these tools, they are the ones who made this all possible.

Abang,
Do at the last choice in the earth, restore firmware to 1.0.2, then update to firmware 1.1.1.
Then do like in the guide, after get wifi signal. Got one more problem.
Touchfree stuck at step 2, uninstall touchfree.
Instal touchfree alpha, all going good, then stuck at step 3,
Uninstall touchfree alpha, install it again, and do it again
Then more problem stuck at last reboot...cisss
God must test me tonight... unistall touchfree alpha,
Install back touchfree, start again all the process.
This time all going good, step1, step2, step3, step.....4 woooihhh
then take a break go to smoking....
hahahaa got it at last.

Did you get the prompt to install Frameworks 3.0 before installing TouchFree?

I found out a few bugs in the 1.1.1 fw today.

1. My DiGi APN key keeps missing. After a restart, have to re-enter the key again. FIX
2. While driving and minor browsing (kids don't do this at home) using Edge, it always stumbles upon wifi signals from nearby houses and prompts me. Had to disable wifi to avoid being irritated.
3. Called someone and the line got cut-off due to bad signal. Unfortunately, my phone also hung when that happen. Had to hold the power on and home button for a while to reset. (the iPhone is missing those fance buttons you can poke).
4. While on Wifi, Safari keeps crashing when trying to reply my PM box in Lowyat.net.. duh...
5. Somewhat slow to open SMS messages when they arrive.
6. I always get this SMS from DiG and with rubbish content. I suspect it is Digi's normal spam SMS's, but somehow the message comes out garbage. Problem described here.

Spending some time in Hackintosh tonight to see if there is some fixes....

This post has been edited by wideawake: Oct 28 2007, 03:20 AM

nice thread thanks for the information

Hi,
I'd like to try revirginise my iphone 8g with 1.0.2 firmware.
but problem is i bought this from from a friend who got it unlocked from singapore. how do i know whether it's unlocked with AnySIM/iUnlock or simfree?
feel quite worry of doing it.

This guide should work for either the AnySIM or iUnlock method. The only method this guide does not cover to work with is if you used the IPSF unlock. Good luck!

thx for ur reply.
but are those iphone selling in singapore shops unlocked with AnySIM/iUnlock or simfree?
what i'm worry is what if it's unlocked with ipsf (simfree) method?
is there a way to determine whether it's ipsf or AnySIM/iUnlock method being used on my phone?
thx again.

I'm sorry, but I wouldn't know how an IPSF unlock looks like. We never had one of those here.

Hey String, would your guide need to have a "make sure bsd subsystem is installed or openssh is installed" etc? before beginning?..

Just wondering - cause.. you can't winscp/ssh into the phone on its own right?

Good point, I'll edit that in once I'm near a computer. The dangers of typing a response in here while driving supersedes that.

holy crap? you're posting that while you're driving?

you forum troll/addict!! lol

Ahahah, the traffic was relatively not moving, so it wasnt that critical. Still, traffic is traffic.

Edited to reflect the need for the BSD Subsystem + OpenSSH to let your computer "talk" to your iPhone. Otherwise, they will give each other the "silent treatment"