How do factory unlocks work?

Discussion in 'iPhone' started by isashach, Apr 2, 2013.

  1. isashach macrumors newbie

    Joined:
    Mar 20, 2008
    #1
    I keep seeing these sketchy-looking websites selling 'factory' unlocks for iPhones, but I always thought that they were a scam. But, last week I was reading up a thread on reddit, where this one guy said that he got his phone factory unlocked this way. So, I decided to buy one of these 'factory IMEI unlocks' on ebay for 2.50£. Although the listing was for AT&T, the guy told me over private message that he can unlock most carriers, and that all he needs is the IMEI as well as the name of the carrier. I bought this service, and a day later, he unlocked the iPhone 5.

    Now, my question is the following: how on earth do they do this? I read somewhere on macrumors that they just call the mobile operator repeatedly until they give the unlock code, but this seems quite unlikely to me. Another place they said that they 'hacked' into the unlock servers or something... but it still stumps me.

    The thing is, I repair iPhones and offer jailbreaking + JB unlock, but I recently noticed that one of my local competitors was offering a factory unlock instead of JB unlock, so I was wondering if this is something that works everytime or not. I'm not in the US if anything.
     
  2. boshii macrumors 68040

    boshii

    Joined:
    Jul 6, 2008
    Location:
    Atlanta, GA
    #2
    Some people may work for a carrier or know somebody who works for a carrier and has access to unlock codes.
     
  3. scaredpoet macrumors 604

    scaredpoet

    Joined:
    Apr 6, 2007
    #3
    All iPhones are basically software-locked (as I'm sure you know). For a "factory" unlock, there is a carrier-controlled whitelist of IMEIs. Basically, Apple consults this whitelist whenever an iPhone is restored via iTunes, and if your phone appears on the whitelist, the unlock gets authorized when the phone is restored and software is loaded on it.

    These vendors offering factory unlocks for iPhones have gained access to the whitelists for those carriers they say they can unlock. While it might be possible that they've hacked into the systems of those carriers, the more likely explanation is that they have a contact or two (or several) that works for those carriers... maybe a disgruntled employee who doesn't mind earning a little cash on the side in exchange for loading in a few dozen to a hundred extra IMEIs to the whitelist now and then. Once an iPhone IMEI shows up on that whitelist, you just restore your phone in iTunes, and you have your unlock.
     
  4. Tyler23 macrumors 603

    Tyler23

    Joined:
    Dec 2, 2010
    Location:
    Atlanta, GA
    #4
    Not to steal this thread, but just to be sure, Verizon iPhone 5's are already "factory unlocked," correct? Meaning, it'd be pointless to pay for one of these IMEI unlocks?
     
  5. scaredpoet macrumors 604

    scaredpoet

    Joined:
    Apr 6, 2007
    #5
    Pretty much. Verizon iPhone 5s are SIM unlocked, so they will work on any GSM carrier (LTE access may or may not work depending one what bands the carrier is using).

    You still can't move your Verizon iPhone 5 to a different CDMA carrier, like Sprint. But that's for different technical reasons that a factory unlock won't help you with.
     
  6. Tyler23 macrumors 603

    Tyler23

    Joined:
    Dec 2, 2010
    Location:
    Atlanta, GA
    #6
    Thanks for the info, appreciate it!
     
  7. isashach thread starter macrumors newbie

    Joined:
    Mar 20, 2008
    #7
    Although this does sound like a solid theory, what intrigues me is the fact that it's a relatively small provider (Swisscom) in a country where I highly doubt someone would risk their job over 2.50£ (Switzerland). Especially note how the ebay seller said that he can unlock most carriers... he can't have a contact everywhere!
     
  8. scaredpoet macrumors 604

    scaredpoet

    Joined:
    Apr 6, 2007
    #8
    Would it be more plausible that for 2.50£, someone is going to be on the phone with Swisscom, kindly but persistently and repeatedly asking for your iPhone to be unlocked and speaking with multiple people over what could be hours, until someone says "fine, I'll do it for you!"?

    "most" doesn't equal "everywhere." Having contacts in just a few of Europe's largest carriers means that eh vendor will get "most" people, since "most" subscribers will be on those large networks.

    The IMEI whitelists are real, not a theory. iTunes has to dip into some sort of database to know what carrier your iPhone "belongs to," or if it's okay to unlock it.

    The mystery is how these guys manage to get your IMEI on those whitelists. So, some of the other options are:

    - They have a single (or maybe two or three) contact at Apple who can edit multiple carrier lists and doesn't mind going behind the carrier's back. Or Apple may systematically not care how the unlock request gets to them, you just have to know what website/phone number/e-mail address to use to make it happen.

    - They're social engineering, pretending to be from Swisscom or whatever carrier that phone X is locked to, and is contacting someone at Apple to edit the lists, making them think these are carrier-sanctioned unlocks, or

    - Someone's hacked Apple's carrier whitelist at the source.

    None of these possibilities though, adequately explain why "most" but not "all" iPhone carriers can be unlocked, since having direct Apple whitelist access would imply that any carrier should be unlockable.
     

Share This Page