On Aug 5, 2007 unwillingly I discovered a new way of Carrier unlock…

On Aug 5, 2007 unwillingly I discovered a new way of Carrier unlock…

When I got my first iPhone from USA it was locked to AT&T. I know that it was not so easy to wait something when you know that will not work … but what can I du my love and passion to have the Apple’s first mobile phone put me on the game. After couple of weeks of waiting’s I got my iPhone and unboxed and turned on with big passion and curiosity and the famous connect to iTunes for activate logo was waiting me… no this is not happening because I was waiting this device more than 2 weeks and I cant even make a call… So I take my simclone box with all programmers and smart card from my basement and started to make some test with my AT&T and T-Mobile MK sim cards…

*So i tried to extract the KI, IMSI and ICCID from AT&T sim card but nothing because the sim card was V2Comp the new algorithm that cant be brute forced. Because my T-Mobile sim card was already cloned I started to make some test with IMSI, ICCID and KI from my T-Mobile sim card…

*I prepared my Gold Card (PIC 16f84 & EEPROM 24c16 smart card and Pic with Smart mouse programmer with SimScan v2.01 software for cloning and sim emu.

*I was using this tolls before couple of years ago to clone sim cards and I was well educated on this field. And started to make some tests about how to force the iPhone to thinks that inserted sim card is AT&T with different KI and ICCID because the sim lock mechanism of iphone was programmed to check the first 6 digit of IMSI number which is international carrier ID number for AT&T like we can see on the table below:

IMSI: 310150123456789

MCC

310 USA *So like we can see here the phone checks only the first 6 digits of the IMSI and if is the right one inside the POOL he unlocks the baseband.

MNC

150 AT&T Mobility

MSIN

123456789

 

*So I made a lot of combinations and test’s after a 10-15 hours i find out that emulating a sim card with :

IMSI form AT&T
KI and ICCID from T-mobile

*And BINGO that’s it my iPhone was worked I was able to receive and get calls. I was so happy …the first person that I called was my wife Emira.

*After that I announced the hack on hackint0sh forum and prepared a manual how to do the hack.

*So before this hack there was no method for unlock the carrier lock with sim clone, so basically I discovered a new way of carrier unlocks. So today there is a lot of other methods based on sim clone and still is killer method for carrier unlock.

*This is the most clean method of unlock without any copyrights violation because I was not modified the copyrighted Apple software and hardware 😉

 

Ps. I deserve a patent right for my sim clone carrier unlock method 😉

 

Here is some cloned sim cards.                                                  Picture of my equipment used for hack.

Sources:

http://digg.com/news/story/iPhone_Hacked_and_Used_With_European_Sim

http://www.hackint0sh.org/f124/2032.htm

http://www.hackint0sh.org/f124/2252.htm

http://en.wikipedia.org/wiki/International_Mobile_Subscriber_Identity

http://www.dejankaljevic.org/

www.apple.com/iphone

 

 

Senad Aruc (Certified ISMS Professional)

CEH,ISMS-MASTER,ISMS-LA,ISMS-LI,ISRMS-CRM

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: