What you need:
- iPhone (OBVIOUSLY!)
- bypassed Activation (methods found here.)
- Jailbreaked
- SSH Enabled (method found here along with jailbreak: Windows - Macintosh)
- sftp-server installed (instruction found here, improvise with windows.)
- binkit installed (instructions found here.)
- 2 needles to conduct electricity (or use your imagination.)
- and the files in the following rar package: iphone.unlock.toolkit.rar

- bypass the Activation.
- jailbreak
- install SSH
- install sftp-server
- install binkit
Now the fun stuff...
Take the back panels off using the following method found here (Use anything you can think of that would not scratch it a guitar pick is good but I used a 1.4mm screwdriver which made a few scratches, but if you want to I am sure you will find something that wont scratch). Once that's done you're gonna need to pry open the logic board metal shield (found right ontop of the battery) sadly, I can't find a guide online but it's easy.. use a tiny tiny screwdriver and proceed by unclipping the metal shield from the side (you'll see little dimples, those are the clips.)
Once that's done...
- Start up your iPhone and plug it into your computer.
- get the ip address of your iPhone (this is done by going to WiFi / To the right of ur selected network you will find a blue arrow, click it and this should show you your iPhones ip address.
- connect to your iPhone via SCP using the username: root and the password: dottie (unless you changed the password, then use your chosen password.) ... ignore the errors if there are any..
- Goto: /usr and create a folder "local" and then goto "local" and create a folder called "etc"
- then go back to the root directory of your iPhone (a.k.a. "/") and then you will see a folder called "etc", double-click on this folder, it should now take you into that folder... once you're there upload termcap from the .rar into that directory.
- copy bbupdater from the .rar into the /bin directory.
- Goto the folder /system/library/launchdeamons and move the file commcenter.plist to your desktop (MAKE SURE YOU MOVE IT AND NOT COPY IT!)
- Once you're done rebooting, login to your iPhone with the specified username and password mentioned to login via SCP and type: minicom -s and an ASCII menu will appear...
- Select "Serial Port Setup" and type A and change that information to /dev/tty.baseband and hit Enter then Esc.
- Select "Save Setup as dfl"
- Now Goto Exit and you should see "Initializing Modem"
- once you're in the minicom type: AT and it should respond OK
- Open a new SSH window and login to your iPhone
- now type: bbupdater -v
- you will see AT OK AT OK AT OK in the minicom SSH window..
- close the minicom SSH window.. don't wait for the AT OK AT OK AT OK to stop..
Now back to the software..
- Copy the files from folder NORDumper from the rar to /usr/bin on your iPhone using SCP
- in ssh type: cd /usr/bin
- in ssh type: ls
- you should see NORDumper
- now type: NORDumper dump.bin (CASE SENSITIVE.)
- now you have to wait for about 10-20 mins.. go watch a tv show or something and by the time you get back.. it should be done ^^
- Copy the contents of the folder ieraser from the rar also to /usr/bin on your iphone using SCP.
- Start Cygnus Hex Editor. and open the file ICE03.14.08_G.fls. (included in the rar) (only for firmware 1.0.1 and 1.0.2 !!!!)
- Select the range from 000001A4-000009a4. In the taskbar the selection should show 1A4-9A4. (verry important !!)
- then goto menu edit–> select copy to file. name the file : secpack
- Upload this file to /usr/bin on the iphone.
- in SSH type ieraser. (if it hangs try http://lpahome.com/ieraser.rar )
- copy the dump.bin from /usr/bin to your PC using SCP.
- Open this file with Cygnus Hex Editor.
- Select the range 00020000-00304000
- In the taskbar it should show 20000-304000 (if not do the selection again)
- goto menu edit–> select copy to file. name the file : nor
- open this file with the hexeditor.
- Find the row 215148 and change 04 00 A0 E1 to 00 00 A0 E3
- save the file, and upload it to /usr/bin using SCP.
- copy the files in the folder iunlocker from ther rar to /usr/bin
- Touch YOUR NEEDLES TOGETHER HERE AND KEEP THEM TOUCHING! (Touching where they should)
- with SSH goto /usr/bin and type iunlocker
- when the program halts. Remove your needles and press a character on your keyboard followed by Enter.
- you will see a lot of numbers running on your screen. This also takes a while… so go get yourself a cup of coffee or something..
- after it’s done type : bbupdater -v
- it should show : +xgendata and some more text ... not really sure about the rest..
- in SSH type: minicom
- then type: AT+CLCK=”PN”,0,”00000000″
- then type: AT+CLCK=”PN”,2 this should respond in a 0 .
Congrats !!!! youre phone is now simlockfree.
- now copy back the commcenter.plist file (don’t forget!!!)
- now copy the file lockdownd located in the .rar to /usr/libexec
- put your iPhone back together and insert your chosen sim..
- Reboot your iPhone.. and Welcome to the Unlocked iPhone Club ^^ Congratulations...
Take care...
- emmo