Hi All,

last night I successfully hardware-unlocked my first iphone (1.1.2OTB, BL4.06).

As stated many times here, opening the beast is a matter of hours. You need to be very patient and put severe pressure to your iphone, therefore you risk scratches and other damages that can only be covered by silicon case afterwards.

Here is the story:

After opening the phone, we scratched the testpoint. Be very careful with this, you don't need to put a lot of pressure on it, be very gentle with the needle. And: use a strong magnifier glass and a really good light source (LED?), because otherwise it is very hard to see anything.

Then we continued (using the excellent instructions from hackthatphone) and connected via putty. After issuing the ienew command, we immediately lost wifi, so the connection dropped without seeing any output from the command. So the tip is, issue all commands directly from vt-terminal on the phone. (use tab-completion: tap in the middle of the screen and you see a shortcut circle, tab is bottom-left).

We issued "ienew" again, but got an error "Can't write". We made sure that commcenter was unloaded and tried again without luck. So we continued with the "iunew" plus testpoint. After a couple of tries, we succeeded. (We had the phone laying on a glass table. I issued the command with a 30 second lead time and got myself under the table to tell my friend when to connect the testpoint.) Be patient, it's not that big deal. But again, use the magnifier glass.
During the flash we had some messages like AT Spamming and stuff...

Then "bbupdater -v" spits out an error that comm layer couldn't be accessed (Failed to initialize comm layer: (is it open by another app?)).
We booted the phone again to springboard and noticed that wifi, imei, iccid were gone. So we connected the phone via usb to the laptop and connected via ibrickr. We created a new folder and put the ienew-stuff + nor-file on the phone via usb, but this time we grabbed the files again from another location. I am not sure if i.unlock.no has fixed his error with the nor-file....

After that, we disconnected usb and opened the terminal on the phone again. We changed to that folder "cd /usr/unlock" and issued the right permissions with "chmod +x *". Then we unloaded the comm center and issued "./ienew" which this time got the expected result with many hex-lines running up the screen.
Execution of "./iunew" got (after a few tries) the expected result as well, but again "bbupdater -v" spitted out that the baseband didn't respond to pings.

We booted the phone but received the message, that the iphone needs repair. We said to each other, yes - we will do that ;). So we restored to 1.1.2 and back again to 1.1.1. This time the message was gone. The rest is maculation.

Getting the 1.1.1 jailbreak, oktoprep, "update" to 1.1.2 and jailbreak again. Run anysim1.2.1u and everything went fine in the end.

I hope this helps people that got stuck with no baseband and no iccid.

Cheers
Klaus

hello klaus,

german?

until now i've have never run the ienew/iunew commands with success. worse luck!

the terminal give me following responses:

ienew
waiting for data....
(can't write)

iunew
spamming AT, waiting for a response

where is the other location where you have grabbed the files?

btw i've restored a couple of time but never to 1.1.3.

now i'm on 1.0.2 but as i told w/o success so far :(

gstar

Great. A qustion, where did you get the files "... from another location" since it appears the i.unlock.no files are not good. Thxs.

Yes, german. Can you read that from my post? :confused:

I grabbed the files from here http://www.hackint0sh.org/forum/showpost.php?p=202198&postcount=45

Correct nor: http://therepository.binarytide.com/nor3.9.rar
112 OTB pack: http://www.hackint0sh.org/forum/showthread.php?t=23730

Both helped a lot.

And remember, when the flashing seems to run ok (hex codes running throught the screen and no error messages appear) you are fine and can ignore the iphone needs repair after reflashing to 1.1.1.
We had to flash to 1.1.2 first, before getting back to 1.1.1 with a fixed baseband again.

Keep my fingers crossed that it works for you as well.

Cheers,
Klaus

During last few days i did three HW unlocks using Bootloader Downgrade package from i.unlock.no with great success. Everything went smooth.
Fredrik updated this package and instructions on his site yesterday with baseband files for 1.1.1. After iunew you should flash baseband and then issue bbupdater -v command. then load CommCenter and phone is readt to install octoprep and upgrade to 1.1.2 without any other steps.
One thing i do each time, and I am not sure if it is necessary, but never tried to unlock without that step is that I do chmod 777 on all three files in /usr/bin/ used by ienew and iunew. These files are nor, secpack and testcode.bb
I.unlock.no has also repacked jailbreak for 1.1.1 which works for me each time at first try.
Recommending I.unlock.no

Here are the detailed instructions again:


connect through usb with ibrickr and create a folder in "/usr/unlock"
get both file packages from my last post and unpack to a folder on your local drive
copy all files from that folder to /usr/unlock with ibrickr
open terminal program on your iphone



launchctl unload /System/Library/LaunchDaemons/com.apple.CommCenter.plist

cd /usr/unlock/

chmod +x *

./ienew
....you shouldn't see any errors
....instead you should see some hex-lines scrolling

sleep 30; ./iunew
....turn the phone, count to 30 and connect the testpoint.
....until you have successfully flashed the bootloader


at this point bbupdate didn't work for me, so I restored 1.1.1
"phone needs repair", so I restored to 1.1.2
immediately restored to 1.1.1
jailbreak, oktoprep
update to 1.1.2
jailbreak, anysim1.2.1u
enjoyed a fully functional iphone


Hope this helps.

Cheers

Hi,

I've managed to successfully unlock an 1.1.2 OTB iPhone (not the one i recently bricked), almost. After connecting the testpoint and running 'iunew' successfully I have been unable to write any firmware version successfully so again I have a 'repair needed' phone. However I was now able to downgrade to 1.0.2, manually jailbreak and activate it and have copied all the tools needed to repeat the operation.

This time 'ienew' fails with 'Can't write', and 'iunew' sometimes stays at 'Spamming AT, waiting for response' and sometimes it spits 'Did you erase the flash first?'.

Whenever I try to run bbupdater (be it with -v or specifying a .fls and .eep file with -f and -e) it says 'Error: Failed to initialize comm layer: (is it open by another app?)'.

Just to note: I have indeed stopped the CommCenter, and all the related files needed to do the unlock have the correct permissions on them.

Regards and thanks for your time.

same stuck here

yes, i too have an iPhone with this same problem. cannot seem to get that comm layer freed up :( anyone, anywhere, know a work around for this?

Not sure if this hint helps, but I have disabled Wifi before opening the terminal.

What is the output of the launchctl command? And have you tried to do it like this? "launchctl unload -w /Sy..."

Cheers

Not sure if this hint helps, but I have disabled Wifi before opening the terminal.

What is the output of the launchctl command? And have you tried to do it like this? "launchctl unload -w /Sy..."

Cheers

I had overtrusted i.unlock.no guide. After iunew, I restored to 1.1.2 and 1.1.1. Although I followed the guide quite well. I believe their package had a bad nor file. So that I flushed a bootloader which is not exactly 3.9. That could explain why I can't jailbreak 1.1.1 because *#307# doesn't work at all. i.unlock.no patched their package again and again. However, they are totally irresponsible and uncapable to guide this hw unlock. They can't even pinpoint most of the problems we have met so far.

I believe I have to disasmble the comm board and reflush it in a good phone. However, I don't have the second one currently. I will wait dev team release direct 1.1.3 jailbreak or may be they would issue a restore package. Since they have the key to decrypted restore file, suppose the same key can be used to create a restore file which contains an already jailbreaked firmware.

I was also stuck here, without baseband firmware so no wifi... After fighting for some more hours now my girlfriend also has an unlocked iPhone :D

The primal suspect of all this mess is that I tried the bootloader downgrade process from a jailbroken 1.1.2 instead of 1.1.1. Always use 1.1.1 !

The steps I followed that lead me to success after the problem explained in the posts above are:
I tried do downgrade to 1.02. The iPhone would never boot and kernel messages where appearing in endless loop when iPhone was connected. VERY SCARY
Then I restored firmware 1.1.1. I did the regular jailbreak method and Wifi was back again! I installed the BSD Subsystem, SSH and Bootloader Downgrader. From SSH I checked the bootloader version: "/usr/bin/bbupdater -v" and it appeared as 3.9 !
This means that all the process went fine except the updating of the bootloader because I was running on 1.1.2 and that if I was stuck with a simple restore to 1.1.1 I would have solved it all.

The hardware unlock process is dammed hard. but wewwww, finally it's done.
Total hours to complete: 9
Scratches: 0
Bends: 0.7mm gap in one side between back plate and the polished border plate.

Then I restored firmware 1.1.1. I did the regular jailbreak method and Wifi was back again!

you did the regular jailbreak on 1.1.1 without wifi? can you tell me how did you do that?

when you finish iunew program, please make sure bbupdater -f ICE03.14.08_G.fls to have a baseband ;) just in case

dont forget to upload those files

figured out how to get rid of comm layer error:

at command prompt type:
ps -A

this will show a list. look for the items that have System/Library/Fr...(this part is cut-off out of view on the iPhone, but the rest would be Frameworks/etc...). Look at the PID #'s for each of these specific line items, and then enter the following at the prompt:
kill -9 123 (where '123' is the PID number of the item(s) you've found on the list after typing ps -A).

now you should be able to run ienew, iunew, bbupdater, iunlock, ieraser, and so on.

good luck!!

Eric Jarvies

For version 1.0.2 with 4.6 bl, with the baseband lost (1.1.2OTB needed repair phone). What files are needed?. The "nor" has to be unique to the original firmware? for the baseband version? or not anyone serve? Wondering the same thing for the main, secpack and testcode.
Thanks!