[Mod Edit - The short summary to W9cae's terrific explanation is this - at this stage, you CAN NOT software unlock the newer iPhones that come with firmware 1.1.2 / modem baseband 04.02.13_G / bootloader 4.6 out of the box. You may still have some success with TurboSIM / SuperSIM, but you won't be able to use any SIM card as you could with the software unlock. As and when this changes - most likely after the release of the next firmware - we will update this post.]

I found this post over on Hackent0sh and thought others here might like to read as it does give you good insight into what is going on with iPhone & the firmware.

I see a lot of confusion recently about various software components inside the iPhone. Here is a small glossary that could help out some people actually understand what we are talking about here:


The iPhone is a small computer with two processors, some RAM and some eraseable FLASH for long-term storage (the 8GB of storage).

ARM Core: This is the processor used to run the Operating System (the OS), which is a scaled down version of MAC OS X. The job of the OS is as a general manager of the phone's resources (RAM, FLASH, Baseband, etc...) , as well as overview the concurrent running of the phone's applications.

Baseband: This is the processor that manages all the functions which need an antenna. The GSM phone, as well as the WiFi and bluetooth are all under the control of the baseband processor. The baseband processor has its own RAM and FLASH resources, separate from the ARM core resources. The baseband processor is a resource to the OS.

Boot Loader: This is a (normally) very small program in non-volatile memory (can be FLASH, often is un-eraseable) that 'bootstraps' a processor startup and calls the main (usually much larger) program. The boot loaderhas also the responsibility to provide a protocol for obtaining and storing an updated version of the main program. Normally, the boot loader changes very rarely, as there is no need to. It is the main program that gets upgraded, not the boot loader. Also, if something happens during the update of the main program, the boot loader will always be there to save you and restore the main program with a good one. However, when you update the boot loader, if anything bad happens, then you have no more boot loader, which means that the processor will not restart at all. A Brick.

Question: how are bootloaders first programmed into the system? The answer is left as an exercise to the student...

The ARM core processor has its own bootloader for restoring the OS, which implements the so-called .

The Baseband processor also has its own boot loader too. That boot loader is a lot more hardened with crypto protection, and will not normally let you update the baseband program with one that is not digitally signed with the special Infineon crypto key. Infineon are the makers of the baseband processor. However, there is a bug in version 3.9 of the baseband bootloader that enables re-programming the baseband even with a version that has the wrong crypto signature. Thus, with a 3.9 boot loader, anything is possible.

However, with the new 4.x bootloader, the backdoor has been closed and we are back to square one: any update to the baseband must be cryptographically signed with the correct signature. That is why no unlock is possible at the moment.

Now, finding the key is next to impossible. For the unlock to work, some people must find a new crack in the bootloader, a new backdoor. Considering that Apple must have put quite a bit of pressure on Infineon in order to have a well protected bootloader this time, I would tend to think that it might take some time before a crack is actually found.

Time will tell.

WHAT HAPPENS WHEN I UPGRADE:

When you upgrade (or restore), the OS will be changed to whatever version you want (1.0.2, 1.1.1, 1.1.2) , however the baseband bootloader will only allow baseband firmware updates UP in the version chain. Never down. Moreover, the bootloader itself is not upgraded or changed in any way (that would be quite daring to do for Apple). Which is why when you restore a UK phone from 1.1.2 to 1.1.1 you still have the new 4.02.13 baseband firmware and bootloader 4.x. It is UNLOCKABLE at the moment. And which is also why you can restore from an original 1.1.1 US phone (with bootloader 3.x) to 1.1.2 (it then has baseband 4.02.13, but still bootloader 3.x), then restore down to 1.0.2 and unlock the baseband 4.02.13 (because bootloader 3.x has backdoor and allows unlock) and then can re-upgrade all the way up to 1.1.2 (only the OS changes, the 4.02 baseband firmware is already there and does not get updated, it is already at highest version, thus it stays unlocked).

Since it is very unlikely that the old 3.9 boot loaders will ever be upgraded via software, and also it is unlikely that a backdoor will be found in the 4.x bootloader, I would tend to think that the market value of iPhones with the 3.9 bootloaders should become much higher very soon...

I hope this helps understand a bit more...

Thanks for this post. It clarifies a lot of stuff for me.

thanks mate this is useful to know. Might be time to invest in a nice case for our iPhones to keep them in pristine condition. Sounds like they'll be museum pieces at that rate!

Nice post, makes it easy for someone like myself to understand the process. I have been following the 1.1.2 'hacking' process on various sites with interest and there appear to be differing views on whether you can 'unlock' a 1.1.2 phone. Methinks that I quite like my 1.1.1 firmware and will be sticking with it for some time.

Very very good one

now i know a bit more when im unlocking !!
thanks for sharing !

So this means iPhones shipping with 1.1.2 are useless as far as being a phone goes?

Correct, for the time being (to be used as phones in Australia that is).

"So this means iPhones shipping with 1.1.2 are useless as far as being a phone goes?"

"Correct, for the time being (to be used as phones in Australia that is)."

NO, NOT CORRECT!

No problem ACTIVATING and JAILBREAKING and then slipping in a TurboSIM to "UNLOCK" for use on any Australian GSM SIM card (except for 3 of course).

And please, no FLAMES on my use of the word "unlock" as opposed to the 'term' "unlock". I know that the TurboSIM 'fools' the iPhone into working with any Australan SIM card.

I know it is not a free software unlock like the ones we were getting used to, but..... it is either buy a hardware device or get used to having a very thick 8GB iTouch.

I have used TurboSIMs on three iPhones so far - weeks 45 and 46 - and have a week 47 arriving next week.

Cheers

A3 Australia

Then you are the only person that can do this. I'm sitting here in the UK waiting for someone to come up with a method to unlock - clarify... Sim unlock the UK 1.1.2 iphone.

At the moment every single site lists the new bootloader with the UK iphone as a sticking block. The only unlock I've seen is that they can activate the UK phone without using a contract O2 sim - but still an O2 Network sim.

Show me where I can simunlock 1.1.2 and I'll be off down to my local Apple store.

Edit
Ok... re-read your post. TurboSim seems to be the only way - question is - Does it give full functionality? It's a shame that as a fix it's quite so expensive too

You can do it at home. Ohh... you meant point you to links where others have done this?

OK but there are so many I will just give you links to two forums where there are many successful TurboSIM users

http://www.hackint0sh.org/forum/forumdisplay.php?f=136

http://www.hackint0sh.org/forum/forumdisplay.php?f=124

and of course the iPhone Status Document

http://docs.google.com/View?docid=dgzw9xs_0gfhxns

And a warning if you plan to buy a TurboSIM on eBay - quoted from the BLADOX site today - "Please be warned there are scams selling fake Turbo SIMs, which are not produced by us and are something completely different. Turbo SIM is trade name of BLADOX(R) and we are the sole producer of Turbo SIM since 2004."

Here is a fake TurboSIM eBay listing - Item number: 220178250830

Where are you in the UK?

A3 Australia

I'm in Liverpool - Nearest Apple store is less than an hour away.

If the functionality is there then this may be the fix I've been looking for. Next up is trying to find somewhere selling TurboSim that is not fake.

Well I knew about the TurboSIM solution however most people won't shell out the money for (potentially fake) TurboSIMs like you've mentioned.

Also just spotted is this site seems to be some sort of turbo sim also.

http://www.stealthsim.com/index.htm

It is a PSS SIM / Hyper SIM type clone. No re-sellers, no prices, nothing.

AND SOMEONE IS SPAMMING ALL THE iPhone FORUMS PROMOTING THE SITE !!

Best to buy a genuine TurboSIM from the manufacturers BLADOX - they have been making them since 2004 - Euro 59 plus registered postage. Or if you can't wait, just compare the photos on their site to the ones used by eBay sellers so you bid/buy the right thing.

A3 Australia