sim iphone unlock review

During the last two years no significant sim unlocks were made by manufacturers available to the unlocker community. Even the manufacturers themselves concluded that the sim unlock is not attractive to most users. This is the reason why most of the analysts were confused by the recent announcement that Gevey sim has an unlock solution for iPhone 4.

The main reason Gevey did not publicize earlier their solution were quite logical as the cost of producing the sim card are initially quit high and they obviously were worried that any software unlock made by iPhone Dev team or some other group would make their product obsolete causing them significant financial loses. The exploit which Gevey uses for the unlock has its own issues.

This sim unlock is actually an Sim interposer which connects your sim card and the iPhones bb hardware. It uses the MITM hacking technique (man in the middle attack) to unlock the baseband.

How does it function?

Every sim card contains a lot of information byut the most important is so called IMSI (International Mobile Subscriber Identity) number. IMSI is an unique identification number for your account in your network carrier database.

Here is an example of an IMSI number:

310 150 123875348

First two sets of numbers represent the Mobile Country code (MCC) and your networks code (MNC). In our example above MCC code 310 is for USA and MNC code 150 is for AT&T.

When your iPhone adds the baseband into the memory it immediately checks the Mobile Country code and the Mobile Networks Code with the network lock which is hidden in the sec zone. If this matches the radio is allowed, if it doesn’t match the radio isn’t activated.

Older baseband versions on iPhone had only checked IMS number two times after iPhone reboots, and this was much easier to crack. In later versions baseband was made to check the sim much more actively so this method didn’t work anymore.

In pre GSM times it was relatively easy to do unauthorised surveillance of mobile phones so to counter this carriers have changed the technology so the IMSI number is not anymore sent during the initial phase of the transmission. Instead TMSI (Temporary Mobile Subscriber Identity) is used before the IMSI. Thus the carrier exchanged 128 bit security key with the handset before allowing it to gain connection to the mobile network.

So IMSI becamse non essential. When you security key is accepted you will gain the connection. And this is exactly how all those previous sim unlocks worked, they used forged IMSI alongside with the correct key. The iMSI is afterwards sent to another network but the signed connection in most cases allowed registration to the network.

For this approach to work, the Data roaming option needed to be on as the baseband firmware was made to work as if the iPhone was roaming between networks but still allowed the iPhone to be recognized as a network subscriber.

Those Sim unlocks were often unstable and they worked more or less depending on how did different networks accepted this behaviour with their policies and on how did different sim unlock work. So many people tried to find some kind of solution for these problems. One of the more useful tricks was to have an backup regular phone in which the sim was inserted from time to time.

Sim hacks were made obsolete byt eh Apple iOS2.2.1 upgrade when baseband was changed so it didn’t accept this fake IMSI crack. During this same time a software unlock was developed which was also a blow for sim unlock manufacturers. Still the sim unlock technology has remained viable for a smaller number of iPhones like those in Japan which were still open to such exploits.

It seems that some hackers have now found another way to use sim interposers. While the forge IMSI wasn’t working they have seemingly found a way to activate the baseband through the emergency dialer.

So this way is just a little bit different. Here is how it works this time:

You will have to cut the sim card to fit the sim unlock properly

Now insert the sim card with the sim unlock in your iPhone.

Start your iPhone and it will start searching for the network signal. Initially it wont find a signal and then it will find it but it will show only low signal with only one bar of signal strength available. The sim card will now try different IMSI numbers until it finds one which is allowed.

Now you will have to dial 112 and break the connection when it is connected. At this moment your network will assign you the TMSI.

At this moment you will need to turn on and of the Airplane mode. It is not known what happens in this moment but it seems that the sim interposer stops the connection which prevents the baseband to recognize the forged IMSI number.

Now you will see the signal bar as your carrier network has basically rejected the IMSI but connected your sim card

Why is number 112 dialed?

Well 112 was a emergency number in the early days of GSM in Europe which could be called from any network and it could be called with or without the sim card inside the cell phone.

Is it suitable for you?

Basically this sim unlock will work for you under the condition that your network will accept an 112 emergency call and if you network is susceptible to TSMI spoof and afterward doesn’t aggressively check your sim card.

An iPhone 4 sim interposer is not a plug and play device.You must repeat the procedure completely if you reboot or loose the signal. In such occurrences your TMSI is not valid anymore and you must renew it.

Another obstacle is that it is not legal to use emergency dial 112 if this is a real emergency number in your country.

This technique works for iPhone 4 with all firmware versions including iOS 4.3 but this doesnt mean Apple cant prevent it in their future upgrades. This means that the only permanent unlock is the NCK (Network Control Key) based one.

An sim unlock wont damage your iPhone hardware but your carrier can find and record your IMEI number when you dial the emergency dial code 112. Accordingly they are able to ban your IMEI number to access the network.

You breach the contract if you modify the sim card which makes thhis unlock barely legal or downright illegal in many places. On brighter side it wont drain your battery or make you problems with the signal reception.

At the end it can be said that this hack can unlock your iPhone 4 with all current baseband versions. But the problem stays, as the unlock is still vulnerable to future upgrades and other counter measures by your network and Apple. For a relatively high price of $50 you get an uncertain unlock and possible legal problems.

It is best to wait for the upcoming software unlock by the Dev Team, but if you cant wait you can try this sim interposer unlock solution.

Related Posts:

• No Related Posts