Unlock iPhone 3.1.3 Baseband 05.11.07 with BlackSn0w

by iPhoneHeat on Mar 21, 2010

If you’ve updated your iPhone to OS 3.1.3 using custom firmware created with PwnageTool or Sn0wbreeze, you would probably know that even after preserving Baseband at 05.11.07 it’s not unlockable with BlackSn0w. BlackSn0w which is meant to unlock iPhone Baseband 05.11.07 (true for OS 3.1.2) but it cannot unlock iPhone 3GS and 3G on baseband 05.11.07 of when you’re running iPhone OS 3.1.3.

Update: UltraSn0w 0.93 is Out Now! It can unlock all basebands for iPhone 3GS and 3G. (Check the Updates at the bottom)

BlackSn0w is unable to unlock baseband 05.11.07 on firmware 3.1.3 because it locates a function to patch by searching the binary for reference to string “SIM is not supported” but in iPhone OS 3.1.3, the same function now uses the string “Verified”. Since the location to patch is determined by instruction search&replace, the patch itself still works in 3.1.3 after changing the string and its length in Blacksn0w binary.

To unlock iPhone 3GS and 3G running iPhone OS 3.1.3 Baseband 05.11.07 with BlackSn0w, simply follow the step by step instructions listed below.

Disclaimer: This guide is for educational and testing purposes only. Use it at your own risk.

Update:
This patch is now available in Cydia as BlackSn0w RC2 to unlock iPhone 3.1.3 Baseband 05.11.07:
Unlock iPhone 3.1.3 Baseband 05.11.07

Unlock iPhone 3.1.3 Baseband 05.11.07 with BlackSn0w

STEP 1

Download BlackSn0w.deb: blacksn0w.deb
extract it using 7-zip (Download 7-zip).

STEP 2

Install OpenSSH on your iPhone from Cydia. Then reboot your iPhone.

STEP 3

Connect your iPhone to your computer and close the iTunes.

STEP 4

Windows Users:

Download WinSCP and install it. Run the WinSCP and provide the following details:

Hostname: IP address of your iPhone. (Settings >> WiFi >> Tap the Arrow next to selected Network)
User name: root
Password: input your SSH password here. Default password is alpine
Protocol: SCP

Detailed SSH guide can be found here.

Mac Users:

Download Cyberduck for Mac and install. Run the Cyberduck and provide the following details:

Server: IP address of your iPhone. (Settings >> WiFi >> Tap the Arrow next to selected Network)
Username: root
Password: input your SSH password here. Default password is alpine
Protocol: SFTP

STEP 5

Copy the System\Library\LaunchDaemons\com.apple.CommCenter.plist from blacksn0w.deb to /tmp/ directory on the phone, you’ve SSH’d into.

STEP 6

Download the patched blacksn0w.dylib (Download Link 1 | Link 2)

Copy it to /usr/lib/ directory on the phone.

STEP 7

Install the MobileTerminal from Cydia. Open the Terminal app and run the following commands to login as root.

su root
alpine

Once you have logged in, enter the following command (yes it’s a single lengthy command)

launchctl unload /System/Library/LaunchDaemons/com.apple.CommCenter.plist ; launchctl load /tmp/com.apple.CommCenter.plist ; launchctl start com.apple.CommCenter

Check if you get the Signals with unofficial Carrier SIM.

In case the test load fails, your iPhone will freeze. Wait 20 seconds and reboot it using (Power+Home) buttons combination.

STEP 8

if test load is successful, copy the com.apple.CommCenter.plist file from /tmp/ directory on the iPhone to /System/Library/LaunchDaemons/.

Reboot your iPhone. That’s it.

If you’re looking for iPhone jailbreak, we have already shared tons of guide on jailbreaking iPhone 3GS, 3G, 2G running iPhone OS 3.1.3 using RedSn0w, Sn0wbreeze and PwnageTool. You can jailbreak iPod Touch using our guides on RedSn0w 0.9.4, Sn0wbreeze and PwnageTool 3.1.5.

You can follow us to Twitter, Join our Facebook Fan Page, and also Subscribed to RSS Feed to receive latest updates on iPhone, iPod Touch and iPad.

via [RedmondPie][msftguy]