iPhone Unlock iPhone 3GS BB 05.16.02 iOS 4.3.5 - no SHSH blobs

Discussion in 'Jailbreaks and iOS Hacks' started by alienvariety, Aug 13, 2011.

  1. macrumors newbie

    Jun 4, 2010
    Hi all,

    Here are the facts:

    - iPhone 3GS
    - BB 05.16.02
    - iOS 4.3.5
    - locked to O2
    - iPhone is not currently JailBroken but happy to do so.

    I've done a fair bit of research and as far as I can tell it is impossible to unlock an iPhone with these settings without changing either the iOS (downgrade) or the BB (update)? However...

    I have installed TinyUmbrella and I have no SHSH blobs saved which I think potentially rules out one or both of these options. Is there any solution still possible?

    I am able to use either Windows 7 or Mac OSX Snow Leopard so instruct me to use whichever with whatever software necessary.

    At this point I am crying inside! If this forum permits such things I will happily donate a fiver via PayPal to the person who I believe has made my new Vodafone SIM work in my iPhone, a tenner if it's within the hour (!) If this is forbidden then my undying thanks will have to suffice :p

    Over to you guys, all help very much appreciated, thank you in advance!
  2. thread starter macrumors newbie

    Jun 4, 2010
    Going to extend the offer of dough: willing to pay £10 via PayPal to anyone who can talk me through this and get it working...
  3. alienvariety, Aug 13, 2011
    Last edited: Aug 16, 2011

    thread starter macrumors newbie

    Jun 4, 2010

    UPDATE EDIT: This method will work to unlock and jailbreak, BUT will potentially affect your iPhone detrimentally in a few ways:

    1. Jailbreaking invalidates your warrantee.
    2. You will lose GPS if you change to iPad baseband.
    3. Once you have changed to iPad baseband, it is CURRENTLY supposedly impossible to downgrade. (The Dev Team are working on this...)
    3. You may not be able to update using official firmware from Apple in the future.

    HOWEVER: This tutorial is for the 3GS, which is now a relatively dated model, very soon to become even more outdated. I made these changes on my phone as I intend to get the iPhone 5/ 4S when it is released anyway - these were acceptable risks. Update according to your own situation.


    Ok, guys, despite a lack of response, after about 10 hours of rigorous googling I have successfully unlocked my iPhone.

    For all those who are interested, these two resources were essential:

    - http://jailbreakqa.com/questions/57088/how-to-unlock-435-on-51602
    - http://www.youtube.com/watch?v=m4H2tUcz890

    The YouTube video helped me specifically because I was unable to log in to Cydia to download UltraSn0w as I had no WiFi connection on my iPhone.

    You will need:

    - TinyUmbrella (whatever the latest version is)
    - RedSn0w 0.9.6rc18 (NOT the latest version...) here on Mac: https://sites.google.com/a/iphone-dev.com/files/home/redsn0w_mac_0.9.6rc18.zip?attredirects=0&d=1 and here on Windows: https://sites.google.com/a/iphone-dev.com/files/home/redsn0w_win_0.9.6rc18.zip?attredirects=0&d=1 (IMPORTANT: if you are doing this on Windows you will need to be in Windows XP Compatibility Mode.)
    - iTunes (the latest version)
    - 4.1 Official Apple Firmware from here: http://appldnld.apple.com/iPhone4/061-7938.20100908.F3rCk/iPhone2,1_4.1_8B117_Restore.ipsw

    You may need:

    - DiskAid (if you have no WiFi like me)

    Follow these steps:

    1. Run TinyUmbrella and go to the Advanced Tab.
    2. Make sure "Set hosts to Cydia on exit" is UNCHECKED.
    3. Exit TinyUmbrella.
    4. Open iTunes.
    5. Put your phone in DFU recovery mode (Hold 'Power Off' and the 'Home' button simultaneously for 10 seconds, then let go of 'Power Off' but continue to hold 'Home' for another 20 seconds)
    7. iTunes should recognise an iPhone in recovery mode.
    6. Hold 'alt/option' and click Restore.
    7. Choose to restore from the 4.1 IPSW file referred to above.
    8. iTunes will act like it is restoring and then at the last minute encounter error 1015. This is exactly what we want.
    9. Open TinyUmbrella again.
    10. Click 'Exit Recovery'.

    At this point, your iPhone now runs on 4.1 Firmware. Progress!

    11. Open RedSn0w and click Browse.
    12. Select the same IPSW as previously (4.1). Click next.
    13. Choose to Install Cydia. DON'T opt to change baseband yet or it might crash!
    14. Click next. Go back in to DFU mode as described above. The RedSn0w page will automatically begin to update and inform you that it is installing. Your iPhone will display: "Downloading Jailbreak Data..."
    15. When this is done (your phone will eventually reboot), exit RedSn0w and turn your phone back off.
    16. Now open RedSn0w again. Click Browse.
    17. Choose 4.1 IPSW again. Click next.
    18. This time deselect Install Cydia and instead check the box to install iPad Baseband. IMPORTANT NOTE: you may lose GPS connectivity in your phone if you do this, but it is an essential step to unlocking your phone. Bite the bullet.
    19. Click next and return to DFU mode as before. RedSn0w will now show another little Pineapple image and begin installation of iPad Baseband.
    20. Your phone should restart and your good to quit RedSn0w.

    At this point, your firmware is version 4.1 and your BB is 6.15.00! Now you just need a final step.

    21. If you can connect to WiFi, open Cydia. If you can't, watch the YouTube video I linked above.
    22. Once in Cydia, select the Manage tab (along the bottom).
    23. Click Sources. Click Edit, then in the top left, Add.
    24. Type: http://repo666.ultrasn0w.com/
    25. Click ok. Then in the top right click Install.

    It will install UltraSn0w and should provide you with a message which confirms it is able to unlock your BB (6.15.00)

    26. Restart your iPhone. (Do it twice to be on the safe side.)
    27. Put in your new SIM from your new carrier.
    28. Go to Settings and turn Airplane Mode off and on again.
    29. It will say 'Searching...' for a little while and then:

    I hope this guide has helped you. It was such a time consuming nightmare for me that I wanted to make sure it wouldn't be such a trial for everyone else. GOOD LUCK!

    ps. Yes, I'm afraid that means the offer of money is officially retracted :p
    pps. If in doubt, DFU mode and restore to 4.1 again and restart the process.
  4. macrumors newbie

    Aug 14, 2011
    dfu mode

    after i install the baseband it's stuck on the itunes screen.
    Any ideas?
  5. thread starter macrumors newbie

    Jun 4, 2010
    Can you elaborate a little?

    I assume if you're installing the Baseband then you've successfully Jailbroken and installed Cydia?

    One thing worth trying if your iPhone is hanging on startup is to kick it back in to DFU/ recovery mode and then use TinyUmbrella to exit recovery mode again and restart your iPhone.
  6. macrumors newbie

    Aug 15, 2011
    Thanks for this tutorial.

    I had the exact same specs as you but i just wanted to jailbreak and couldn't find anywhere on the internet before you posted this on how to do so.

    One quick question..

    Ive Jailbroken 4.1 and changed all my themes and tweaked it etc. Now if i wanted to change the base band would i lose all of this and have to install all the sources etc again?

    Also is changing the base band fully working? because i read somewhere that people are having issue after doing this due to it being the iPad baseband?

  7. macrumors 604


    Jun 9, 2009
    Mich near Detroit
    glad you solved it nice tutorial. Really shouldn't have been that tough. had this been posted in the proper section here we probably would have responded after. even though what you asked has been asked many many times before. you should also tell people the side effect of the Ipad baseband

    1 you will loose GPS
    2 Void your Warranty
    3 you can no longer upgrade firmware though Itunes. you must use cooded/hacktivated software. at least till baseband goes above 6.15
    4 it's not down gradable on a 3gs

    next time 1st look then post here!
    iPhone Hack Section
  8. thread starter macrumors newbie

    Jun 4, 2010
    @Labman I did look pretty thoroughly, almost every thread I found was either incomplete, ridden with irrelevant points, or required various differences to my circumstance, eg. SHSH blobs, different Baseband etc.

    Judging by this kind comment from another user, I wasn't the only one who had looked to no avail either:

    @04stirjam Pretty sure it's currently impossible to revert or change your baseband from 6.15.00 but I'm assured that the Dev team are working on it. I tried to make it clear initially that this was a fix for some very specific criteria.

    Changing baseband will almost definitely lose your GPS too, but other than that I'm not aware of any specific issues.

    I will edit the original post to alert users to the risks of changing baseband and jailbreaking.
  9. macrumors newbie

    Aug 16, 2011
    Thank you!

    Can't thank you enough alienvariety! After struggling on this for 3 days when i got back late from work, reading loads of articles I was about to give up. Then I came across your info and after a couple of attempts it worked. I missed out a couple of steps the first time I tried but second time around and it worked a treat!

    You are a legend my friend, thanks for posting!....
  10. macrumors newbie

    Aug 17, 2011

    HERO! That it what your user name should be instead of alienvariety! Thanks so much for your posts and all the information. I had being trying to unlock my iPhone since this past Saturday. Now it is working! My only question is, how do I know if I lost my GPS?

    Thanks a lot alienvariety!:)
  11. thread starter macrumors newbie

    Jun 4, 2010
    Really glad this has helped you guys, thanks for the kind words.

    You'll know if you've lost GPS if you're phone is unable to find it's position eg. on sat nav apps etc. To be honest, you almost definitely will have as the iPad baseband isn't designed to allow GPS (iPad's don't use it).
  12. macrumors newbie

    Aug 18, 2011
    hi, i really appreciate the effort on this, i too have been struggling with these exact same specs for the past two days yielding no results other than restores of 4.3.5. I got to the point in which the error after restoring 4.1 shows up. i went to tiny umbrella and hit exit recovery. the phone flashed to the apple logo before returning back to the "usb to itunes" logo. i tried exit recovery several more times as well as putting the phone into dfu for fix recovery which didn't do anything. in tiny umbrella, both "set hosts to cydia on exit" and "update iphone 4 baseband" are unchecked. any suggestions? thanks
  13. macrumors newbie

    Aug 20, 2011
    unlock 3gs

    hi...just to say thank you for your solution...its works...cool
  14. blaximus, Aug 20, 2011
    Last edited: Aug 21, 2011

    macrumors newbie

    Aug 20, 2011
    Thank you!!!

    Hey alienvariety-

    Excellent work and thank you for the detail in the process. This was successful for me. I am not sure if the GPS works on 3G yet, but it does work on WiFi for me. First of all, I took the risk despite a couple variations from your details:

    - iPhone 3GS (same)
    - BB 05.16.02 (same)
    - iOS 4.3.3 (instead of 4.3.5)
    - Already unlocked by UltraSn0w (but unsuccessfully... still said "Searching...")
    - Already Jailbroken

    I was unsuccessful in unlocking with UltraSn0w because I did not read ahead and realize that 05.16.02 was unsupported in the latest version.

    I would also add that it took about 4 long minutes frozen on the "Flashing Baseband (do not interrupt!)" pineapple screen in your step 19. This made me worried but it eventually restarted and continued as you described.

    I had to hold "Shift-Alt" when clicking restore from iTunes instead of just Alt-Restore.

    Also, after your Step 12 and before Step 13, there was an intermediate step in which I had to click, "Yes, this is a 'newer' version of the 3GS." Same screen came up when we do the step over again later on.

    But in the end it worked!!! Or seemed to work. Admittedly, I have not tried it with a foreign SIM. But after being stuck on "Searching..." with the initial failed unlocking attempt with UltraSn0w, it now has signal overseas. Thank you for your perseverance, curiosity, and attention to detail! Hero indeed.


    Update 1 day later:

    My GPS works completely fine (with compass), using a prepaid SIM + data plan in the Netherlands. I had forgot to mention my iPhone 3GS was brand-new (got it a couple weeks ago as a replacement for a prior phone from the Apple Store). It was AT&T from the US. One thing I would add is that I do not have visual voicemail overseas. This is so great though!
  15. iThat, Aug 20, 2011
    Last edited: Aug 20, 2011

    macrumors member

    Aug 20, 2011

    Not to doubt what you're saying will work i just want to be clear on something.

    So, you're basically saying that if i have a brand new 3GS this will let me use any carrier I want if it works ?


    Can someone please confirm that this indeed works on a brand new 3GS or gen 4 iphone with 4.3.5 8L1 and 05.16.02 ???????????????????????????

    Because I tried this like 20 times following the steps exactly the way you have them there and even tried different configuations of steps and even at one time formatting / using a new machine to try this on.

    But got nothing each time.

    My 3GS is brand new I just got it yesterday morning.

    I feel like crap because i gave someone 20 bucks to unlock it and he took my money and ran.

    so im like WTF now !!!!
  16. macrumors member

    Aug 20, 2011

    I think you should make it very clear that using a iPad baseband could indeed leave your iphone screwed for life.
  17. thread starter macrumors newbie

    Jun 4, 2010

    That's pretty clear isn't it? I don't recommend doing this on a brand new phone. Use your service providers official means of unlocking which usually requires filling in a form on their website and waiting a few days.

    Ironically, after using this method to unlock my phone, a few days later O2 sent me a text to say they had unlocked it officially anyway. Epic fail :p

    Each persons circumstances will differ and this definitely won't be a solution to everyone's problem (and I don't recommend it as one), but if this is what you are looking for and you're prepared to take the risks, this should work and it seems to have done so for a few happy people already! Good luck.
  18. macrumors newbie

    Aug 23, 2011
    help please!!

    alienvariety i've done steps 1-9 and i got the error 1015 message.. now i went to tinyumbrella but it won't let me press enter recovery, exit or save shsh
    please help !
  19. iThat, Aug 25, 2011
    Last edited: Aug 25, 2011

    macrumors member

    Aug 20, 2011
    You can try using iReb or redSn0w to kick you out of recovery


    RecBoot might also be helpful
  20. iThat, Aug 25, 2011
    Last edited: Aug 25, 2011

    macrumors member

    Aug 20, 2011
    Is the actual GPS chip in the iPad and 3G/S/4 different ?


    Yep, this borks the GPS chip as I suspected , (just tried it on 3 units) a old bb iphone 4 and new 3g and 3gs .
    (The actual Infini chip)

    I dont know yet if the chip is being fried or just left with a bottleneck. But I suspect its pretty hard to fry those things.

    If you try a app like waze you will know what i mean. The GPS icon in the upper right corner of waze is grayed out. There is nothing special about each individual phone or config. Its the cellID location(5-10M RADIUS) that all of you are seeing .

    O' well tho, if being unlocked means i have to trade 2M location data for 5-15M, thats not a big loss at all!

    So in closing:

    I only recommend this hack if you live in a area where there are many towers.
    If you're out in a place like new mexico or something, this hacktivation isn't for you.

    EDIT II:

    Here is a pinout of the more popular 3GS board.


    As you can see it has its own dedicated GPS ?receiver?/?transceiver? chip located on the bottom mid left of the board.

    I think its also fair to note that this chip is 100% proprietary where in reverse if you take the chip on 3rd and 4th gen android phones. The qualcom "on chip" GPS systems are opensource and will be able to be upgraded to use future satellite systems once they become available. Which isn't to say the infineon chips wont. However most qualcom gps on-chips have published specifications and source code, so future development can never die.

    That being said, my droid legend can pickup the track in the car when my i4 is busy getting facetime ;)

    See http://goo.gl/xoIZV as a footnote for more info on future development with gps systems.
  21. iThat, Aug 25, 2011
    Last edited: Aug 26, 2011

    macrumors member

    Aug 20, 2011
    I'm sorry for the 3rd post here but I felt it important to stress that I will indeed be writing a guide for you guys on how to use 802.11R (yes R! as in ROMEO) closed AP hopping on your 3rd and 4th gen iphones that will give you as close to 1/2M location lock as possible.

    A good start however is the app "wefi". spelled WeFi , also known as ExtremeWifi on cydia
    Its also noteworthy that google maps uses a system similar to skyhook, you can bounce existing access point names against it via any and all GPRS connections (any [1G/2G/3G/HSPA/HSPA+] GSM connection) that gets a stable connection to maps.google.com even if the access points are locked they have a enormous database that assists with, and compliments positioning.

    I'll have that guide up by tomorrow night.


    In closing:

    Like i said above however and let me stress again.

    I only recommend this hack if you live in a area where there are many towers.
    If you're out in a place like new mexico or something, this hacktivation isn't for you.
  22. macrumors newbie

    Aug 25, 2011

    It took me 5 long, agonizing hours of restoring, jailbreaking, unjailbreaking, and restoring my phone over and over again but I finally unlocked the carrier.

    Question though: Will un-jailbreaking the phone (3GS) possibly reverse the carrier unlock? Does the phone need to be constantly jailbroken for it to remain unlocked? Or is it a one-time deal where I can jailbreak, unlock, switch SIM cards and gain access to the 3G network, then un-jailbreak?
  23. macrumors newbie

    Aug 25, 2011
    stuck on still searching during jailbreak...

    Hey Ive been trying to unlock this iphone forever and I was hoping this was the solution but I am having troubles. When I get to the redsnow to install cydia it goes thru the jailbreak process but when the black screen comes on with all the info running through it it just gets stuck on "Please wait...." and doesn't do anything. After waiting like 10 mins of it doing this it reboots just to stay in recovery mode with it asking to connect to Itunes...

    Any Ideas??:confused::confused::confused:
  24. macrumors member

    Aug 20, 2011

    This guide is def. not for the faint of heart.
    Keep trying, also checkout the guide here http://goo.gl/hUSlg which might also provide some useful information.

    I was getting frustrated myself. But it did eventually work.
    Also, I think the guide needs to be updated slightly. Because the steps i took where certainly not exact.
  25. macrumors newbie

    Aug 26, 2011
    looooost :'(

    Hello Guys!

    I had exactly the same config when i started the process.
    I dont think i have the same "geek level" as you do guys but i think i understood how to do this.
    However, the first time i tried, i got to step 21 and my Iphone still showed the "connect to itunes" logo. and never could open in DiskAid.

    Then i restore to factory settings and tried again, several times...and now everytime it shows or "eror 20" or "not eligible" right before step 8...

    Im n mexico. its a refurb 3GS. im back on BB=05.16.02-6.4_M3S2 and v4.3.5...
    its blocked on AT&T but i have no access to AT&T chip. only Telcel...


Share This Page