It overwrote your previous token, which means the phone could no longer be officially unlocked, unless a restore of the token was performed from a previously made backup. This exploit changed the lockstate table in the seczone to read unlocked and created a spoofed RSA token that was seen as valid by bootloader 3.9 (4.6 was not vulnerable to IPSF). In addition, AnySIM 1.1 fixed the "Spamming AT" problems from iUnlock and earlier AnySIM versions.
It must be reapplied for every baseband upgrade to maintain the unlock.
This patch is overwritten on a reflash of the baseband, and doesn't touch the seczone or the locktables at all. This patch, also know as the ignore MCC/MNC patch, makes every MCC/MNC pair appear valid. This removed the crypto failure and allowed the application of the ignore MCC/MNC patch. The virginizer was written in response to this problem and allowed users to write locked, virgin locktables. This patch caused the locktables to be rewritten to the unlocked state which resulted in a cypto failure once the patch was removed during a baseband upgrade, causing the 0049 IMEI issue. So the RSA signature would always validate, and the phone would always appear to be unlocked and every NCK would appear to be valid. This deprecated patch disabled signature checks. The first iPhone unlocking method (for the original iPhone) actually required opening up your phone.Ĭurrently, it isn't possible to hardware unlock current devices the closest thing would be SIM hacks, which function as interposers, not a hardware modification. The unlock-able basebands and tools are listed below.
This is a way to unlock your iPhone for free with a package from Cydia, however, it only works on selected basebands. This type of unlock does not require a jailbreak and is permanent, even surviving a restore (unless Apple or your carrier decides to re-lock the phone, something that has rarely happened ). On startup, if the lockstate table says the phone is unlocked, it validates that RSA token. If that decryption, after deRSAing with Key 2, is a valid token for the phone, it is stored back to that flash with the token TEA, but not RSA decrypted. The phone receives an AT+CLCK="PN",0,".NCK." It decrypts the token with the generated key. Apple, knowing the NCK, sends it using an activation token over iTunes. At +0x400 in the seczone, a token is stored encrypted with (NCK + NORID + HWID).