Best way to unlock my iPhone 3GS?

**ExcelPremium** · 05-07-2012, 02:00 AM

I bought an unlocked iPhone 16GB 3GS about 3 months ago, the seller told me the original carrier was Bell(not 100% sure). So everything was working perfectly, til I gave the phone to my cousin and she wiped out everything and restored it to factory setting. Therefore deleting Cydia and the unlock.

So right now the phone is locked and I was wondering, what would be the best way to unlock a 3GS? It's at the "Activating iPhone, this could take a few minutes" screen.

Would I have to find the carrier the phone is locked to before I do anything? If so, damn! That mean's I have to somehow find someone with a Bell SIM

And is there a way to find out which carrier the phone is locked to(via Apple) or anything? Or is it trial and error?

Thanks!

**overdrive31** · 05-09-2012, 12:57 AM

Can try the iPad baseband, you may lose GPS functionality though. There is the baseband chip replacement option too

**ExcelPremium** · 05-09-2012, 06:47 PM

I can do the ipad baseband, I don't mind if I lose GPS functionality. But would I need the original carriers sim to activate the phone before I can unlock it or I can unlock the phone before activating it?

Cause right now I can't see any apps, since it hasn't been activated yet.

**overdrive31** · 05-09-2012, 08:56 PM

No need for original sim(you could use any activated, unactivated, used sim that the phone is locked to for activation), you update with iPad baseband and jailbreak, then install untrasnow for unlock. This will require a hacktivation if done without the original sim. Hacktivation will not issue push and youtube certs, so will need SAM to virtualize the correct sim for reactivation and thus install the missing certs. If SAM does not work you can extract old certs from an iTunes backup using iBackupbot and add them to your Keychain.db using Inject. You will either need to do this using IOS 4.3.3, or if you have the blobs try installing 5.0.1 for untethered jailbreak. If you use F0recast(Redsnow/Snowbreeze can now inform you of old/new bootrom too) you can look to see if your phone has old bootrom which supports untethered jailbreak in IOS 5.1(currently ultrasnow requires a fixer patch to work with IOS 5.1)

Note: You cannot install normal firmware once on the iPad baseband(probably a good thing, so this doesn't happen again, not sure if OTA updates work though..eek, hope not. OTA feature is removed in firmware built using Snowbreeze or you can search cydia for No Update tweak to block it). You will need to use custom iPad baseband-iPhone firmware everytime you restore/update from now on. The custom firmware is simple to create using the stock IPSW, you use Snowbreeze(builds custom firmware) or Redsnow, and choose custom IPSW.

**ExcelPremium** · 05-11-2012, 05:20 PM

Thanks for the brief overview! That sounds very complicated!

Is there a step by step tutorial? And where would I get the files?

**chesbak** · 05-11-2012, 05:24 PM

You could always just pay those services.. i think they're about $30 and they do it for you if you don't wanna do it yourself!

**overdrive31** · 05-11-2012, 08:40 PM

STEP #1... a) As a start, why don't you run iDetector and see if you have the old bootrom: 359.3
If you have 359.3.2, it is the new bootrom, and things will be much more complicated, requiring SHSH blobs and such.

b) If you don't know what the current IOS version is, you can use F0recast to find out, it should show bootrom version also.

c) Be absolutely sure you don't have a iPhone 3GS made in week 35 or newer of 2011 or the iPad baseband will brick the phone. Look at the serial number, the 3rd digit is the single digit year. (9 is 2009, 0 is 2010, 1 is 2011) 4th and 5th digit is the 2 digit week number. A year has 52 weeks. (35 is week 35, 11 is week 11, etc), so if it reads xx135xxxxxx or higher DO NOT ATTEMPT iPad baseband update. It is safe if it reads xx9** or xx0**, ** = 01-52, or if it reads xx134 or lower like xx133, xx132, etc. You should probably at least report the first 5 digits of the serial number in a reply before you continue.

STEP #2... a) If old bootrom, I'm assuming you're phone is on IOS 5.1.1 currently(if not restore in iTunes first to get it), just use Redsn0w and choose Extras>Select IPSW(point to IPSW 5.1 for your 3gs), now choose jailbreak, then once in DFU mode, choose install Cydia and the iPad baseband. If you have any problems, just do the jailbreak first(install Cydia), then run Redsn0w again to install just the iPad baseband.

b) If you have new bootrom, and if you happen to be on IOS 5.0.1 by chance, run iFaith to save your blobs, then use Redsn0w choosing Extras>Select IPSW and pointing to IPSW 5.0.1 for the 3gs, now choose jailbreak then install Cydia and the iPad baseband.

c) If you have new bootrom, and are currently on 5.1 or higher you will need to follow step 2a to get iPad baseband installed then read this tutorial, only after you have created a custom IPSW by using Redsn0w by choosing Extras>Custom IPSW and pointing to the 5.0.1 IPSW. Once restored to 5.0.1, you can jailbreak with Redsn0w.

d) If you have new bootrom, and are currently on 5.1 or higher and cannot restore to 5.0.1(no SHSH blobs), you will need to install 5.1.1, but the jailbreak will be tethered, and if you want untethered, you will have to install IOS 4.3.3(of course, after you have installed the iPad baseband), also to downgrade to 4.3.3, you will need to use TinyUmbrella and this tutorial after you have created a custom IPSW using Redsn0w by choosing Extras>Custom IPSW and pointing to the 4.3.3 IPSW. Once restored to 4.3.3, you can jailbreak with Redsn0w.

STEP #3... Not for certain this happens with hacktivation, but when first setting up IOS 5, be sure to Disable Location Services always when using iPad baseband, it can be enabled later, but during initial setup it needs to be off.

STEP #4... a) Old bootrom, open Cydia and add repo: repo.iparelhos.com - ultrasnow fixer 5.1.1, now search for and install ultrasnow fixer 5.1.1, then install ultrasnow 1.2.5

b) New bootrom tethered(5.1.1), open Cydia and add repo: repo.iparelhos.com - ultrasnow fixer 5.1.1, now search for and install ultrasnow fixer 5.1.1, then install ultrasnow 1.2.5

c) New bootrom untethered(5.0.1 or 4.3.3), open Cydia and search for and install ultrasnow 1.2.5

STEP #5... a) Open Cydia and add repo: repo.bingner.com - SAM, now search for and install SAM, open SAM prefs and choose Revert Lockdownd to Stock and De-Activate iPhone, now plug it into iTunes to activate. Open SAM prefs and choose Backup Activation then Restore Activation, then reboot the phone and sync with iTunes. Now connect to wifi, install iPusher then reboot and sync again with iTunes, now open iPusher to test push notifications and open Youtube app to see if all is working. Test out iMessage, if not working, turn it off and reboot, then turn it back on.

b) If SAM doesn't work and you're stuck at activation again, run Redsn0w jailbreak again to hacktivate. Now you will need to get iBackupbot and find a iTunes backup that had working push certs and export the keychain-2.db, now open Cydia and add repo: cmdshft.ipwn.me/apt - Inject and Nimble, now search for and install Inject and then Nimble. Next run iFunbox while plugged in via usb, choose Raw File System>private>var>Keychains now backup the current keychain-2.db by dragging to your desktop. Now delete the keychain-2.db in iFunbox and drop the one you exported from the iTunes backup where the one you deleted was. Now if jailbreaking didn't install terminal aka Mobile Terminal, open Cydia to search for and install Mobile Terminal, open terminal and type: su<return>, alpine<return>, cd /var/Keychains<return>, ./Nimble<return>. Now open up iFunbox again to the Keychains folder and delete the current keychain-2.db file and put the backup from your desktop that was originally there and open terminal again to type: ./Inject<return> which adds the certs extracted from the old iTunes backup to your new keychain file. Now reboot and test push notifications by installing iPusher, try out Youtube, it should work as well as iMessage.

STEP #6... Open Cydia and search for and install No Update to prevent over the air updates.

STEP #7... Open Cydia and search for and install ResetAllKiller to prevent someone from breaking the jailbreak/unlock by blocking access to Reset All and Erase All Settings buttons.

STEP #8... If you restored to 4.3.3, you will want to open Cydia and search for and install iSSLfix and PDF patcher 2 to protect your phone from the flaws fixed in 4.3.4 and 4.3.5(jailbreaks for 4.3.4 and 4.3.5 are tethered only is why we use 4.3.3).

STEP #9... If you want to regain GPS, you can open Cydia and search for and install BTstack GPS(paid) or RoqyBT(paid) to allow the use of bluetooth GPS receivers.

STEP #10... All the links you need are in bold, if not working use Google

STEP #11... If you're not confident enough, as an added precaution, run F0recast and report back with a screen cap or type what you see. Can help guide you more precisely.

STEP #12... PM me that $30

NOTE: Redsn0w can jailbreak untethered, the old bootrom 3GS on any IOS version, I instructed to update to 5.1.1, if it wasn't already, to fit the tutorial with the ultrasnow fixer version and be safe from the URL spoof flaw which I hope someone patches for jailbreakers on firmwares lower than 5.1.1 like they did with the SSL and PDF flaws, in the past.