Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

How do factory unlocks work?

I

isashach

macrumors newbie
Original poster
Mar 20, 2008
29
0
I keep seeing these sketchy-looking websites selling 'factory' unlocks for iPhones, but I always thought that they were a scam. But, last week I was reading up a thread on reddit, where this one guy said that he got his phone factory unlocked this way. So, I decided to buy one of these 'factory IMEI unlocks' on ebay for 2.50£. Although the listing was for AT&T, the guy told me over private message that he can unlock most carriers, and that all he needs is the IMEI as well as the name of the carrier. I bought this service, and a day later, he unlocked the iPhone 5.

Now, my question is the following: how on earth do they do this? I read somewhere on macrumors that they just call the mobile operator repeatedly until they give the unlock code, but this seems quite unlikely to me. Another place they said that they 'hacked' into the unlock servers or something... but it still stumps me.

The thing is, I repair iPhones and offer jailbreaking + JB unlock, but I recently noticed that one of my local competitors was offering a factory unlock instead of JB unlock, so I was wondering if this is something that works everytime or not. I'm not in the US if anything.
 
Some people may work for a carrier or know somebody who works for a carrier and has access to unlock codes.
 
All iPhones are basically software-locked (as I'm sure you know). For a "factory" unlock, there is a carrier-controlled whitelist of IMEIs. Basically, Apple consults this whitelist whenever an iPhone is restored via iTunes, and if your phone appears on the whitelist, the unlock gets authorized when the phone is restored and software is loaded on it.

These vendors offering factory unlocks for iPhones have gained access to the whitelists for those carriers they say they can unlock. While it might be possible that they've hacked into the systems of those carriers, the more likely explanation is that they have a contact or two (or several) that works for those carriers... maybe a disgruntled employee who doesn't mind earning a little cash on the side in exchange for loading in a few dozen to a hundred extra IMEIs to the whitelist now and then. Once an iPhone IMEI shows up on that whitelist, you just restore your phone in iTunes, and you have your unlock.
 
Not to steal this thread, but just to be sure, Verizon iPhone 5's are already "factory unlocked," correct? Meaning, it'd be pointless to pay for one of these IMEI unlocks?
 
Tyler23 said:
Not to steal this thread, but just to be sure, Verizon iPhone 5's are already "factory unlocked," correct? Meaning, it'd be pointless to pay for one of these IMEI unlocks?
Click to expand...

Pretty much. Verizon iPhone 5s are SIM unlocked, so they will work on any GSM carrier (LTE access may or may not work depending one what bands the carrier is using).

You still can't move your Verizon iPhone 5 to a different CDMA carrier, like Sprint. But that's for different technical reasons that a factory unlock won't help you with.
 
scaredpoet said:
Pretty much. Verizon iPhone 5s are SIM unlocked, so they will work on any GSM carrier (LTE access may or may not work depending one what bands the carrier is using).

You still can't move your Verizon iPhone 5 to a different CDMA carrier, like Sprint. But that's for different technical reasons that a factory unlock won't help you with.
Click to expand...

Thanks for the info, appreciate it!
 
scaredpoet said:
All iPhones are basically software-locked (as I'm sure you know). For a "factory" unlock, there is a carrier-controlled whitelist of IMEIs. Basically, Apple consults this whitelist whenever an iPhone is restored via iTunes, and if your phone appears on the whitelist, the unlock gets authorized when the phone is restored and software is loaded on it.

These vendors offering factory unlocks for iPhones have gained access to the whitelists for those carriers they say they can unlock. While it might be possible that they've hacked into the systems of those carriers, the more likely explanation is that they have a contact or two (or several) that works for those carriers... maybe a disgruntled employee who doesn't mind earning a little cash on the side in exchange for loading in a few dozen to a hundred extra IMEIs to the whitelist now and then. Once an iPhone IMEI shows up on that whitelist, you just restore your phone in iTunes, and you have your unlock.
Click to expand...
Although this does sound like a solid theory, what intrigues me is the fact that it's a relatively small provider (Swisscom) in a country where I highly doubt someone would risk their job over 2.50£ (Switzerland). Especially note how the ebay seller said that he can unlock most carriers... he can't have a contact everywhere!
 
isashach said:
Although this does sound like a solid theory, what intrigues me is the fact that it's a relatively small provider (Swisscom) in a country where I highly doubt someone would risk their job over 2.50£ (Switzerland).
Click to expand...

Would it be more plausible that for 2.50£, someone is going to be on the phone with Swisscom, kindly but persistently and repeatedly asking for your iPhone to be unlocked and speaking with multiple people over what could be hours, until someone says "fine, I'll do it for you!"?

Especially note how the ebay seller said that he can unlock most carriers... he can't have a contact everywhere!
Click to expand...

"most" doesn't equal "everywhere." Having contacts in just a few of Europe's largest carriers means that eh vendor will get "most" people, since "most" subscribers will be on those large networks.

The IMEI whitelists are real, not a theory. iTunes has to dip into some sort of database to know what carrier your iPhone "belongs to," or if it's okay to unlock it.

The mystery is how these guys manage to get your IMEI on those whitelists. So, some of the other options are:

- They have a single (or maybe two or three) contact at Apple who can edit multiple carrier lists and doesn't mind going behind the carrier's back. Or Apple may systematically not care how the unlock request gets to them, you just have to know what website/phone number/e-mail address to use to make it happen.

- They're social engineering, pretending to be from Swisscom or whatever carrier that phone X is locked to, and is contacting someone at Apple to edit the lists, making them think these are carrier-sanctioned unlocks, or

- Someone's hacked Apple's carrier whitelist at the source.

None of these possibilities though, adequately explain why "most" but not "all" iPhone carriers can be unlocked, since having direct Apple whitelist access would imply that any carrier should be unlockable.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back