How to Unlock a 1.1.1 or 1.1.2 Upgraded iPhone Using Windows
Posted November 22, 2007 at 7:27pm by iClarified
These are instructions are on how to unlock a 1.1.1 iPhone or an iPhone that has been upgraded to 1.1.2 firmware. These instructions do not work for a 1.1.2 iPhone new from the store.
If your firmware is 1.1.1 please use iTunes to update to latest firmware(1.1.2) before starting this tutorial! You need to do this otherwise the unlocker used in this tutorial won't work.
DOWNGRADE TO 1.1.1
For this you will need iBrickr 0.91, iTunes 7.5, and iPhone Firmware 1.1.1
- Update iTunes to get the latest version.
- Download iBrickr 0.91 from: here
- Download iPhone Firmware 1.1.1 from: here
Step One
Connect your iPhone to your PC and launch iTunes
Step Two
Press and hold Home and Power button of your iPhone at the same time. Once the screen turns black, release the power button but keep on holding the Home button until Apple logo changes to the restore screen. Note: The screen may also just stay black. This is normal. Just hold the home button till iTunes detects the iPhone.
Step Three
iTunes will then detect an iPhone in restore mode.
Hold down the Shift key and click Restore.
A dialog window will appear asking you to select the firmware to restore to. Select the 1.1.1 firmware we downloaded earlier (iPhone1,1_1.1.1_3A109a_Restore.ipsw)
At the end of the restore you will get Error 1015. This is okay. Simply click the Ok button.
Another popup will appear telling you your iPhone is in recovery mode. Click the Ok button.
Step Four
Exit iTunes by selecting Exit from the File menu. Press Control+Alt+Delete on the keyboard. Select to Start Task Manager.
Click to select the Processes tab from the Windows Task Manager window.
Select iTunesHelper.exe from the list of processes and then click the End Process button. A popup will appear asking you to confirm the end process. Click the End Process button from the popup.
You can now close Windows Task Manager by click the X at the top right of the window.
Step Five
You will notice your iPhone is still in recovery mode. To exit recovery mode launch iBrickr.exe which you downloaded earlier.
Click the Boot the phone link.
iBrickr will say Please wait while iBrickr tries to fix your phone.
The iPhone will reboot and display the Activate screen again!
You can now close iBrickr.
JAILBREAK 1.1.1
Step One
At the "Activate iPhone" screen move the slider to the right for emergency calling.
Step Two
Dial "*#307#" then press the Call button.
Step Three
You will hear the phone call itself. Use the back arrow to clear the number you just enter. Now dial "0" then press the Call button.
Step Four
Now you will be able to see the incoming call. Press the Accept button.
Step Five
Now press the Hold button to put the call on hold.
Step Six
The phone will call itself again. This time press the Decline button.
Step Seven
We now are shown the keypad again. Click the contacts tab at the bottom. We are now presented with an empty contacts menu. Click the plus(+) button to add a new contact.
Step Eight
Press Add New URL.
Step Nine
Input prefs: as the url then press the Save button.
Step Ten
Press Add New URL again.
Step Eleven
Input http://jailbreakme.com as the url then press the Save button.
Step Twelve
Now in the contact view you will see the 2 urls. Press the prefs: url.
Step Thirteen
This will bring up the iPhone's Settings Menu. Select your wireless network from the Wi-Fi category. Press the Settings button at the top left to go back to the Settings Menu.
Step Fourteen
Select the General category from the Settings Menu. Then select the Auto-Lock subcategory.
Press to select Never from the list of Auto-Lock times.
Press the Settings button at the top left to return to the settings window.
Step Fifteen
Press the Home button. At the "Activate iPhone" screen move the slider to the right for emergency calling.
Step Sixteen
Now dial "0" then press the Call button.
Step Seventeen
Now you will be able to see the incoming call. Press the Accept button.
Step Eighteen
Now press the Hold button to put the call on hold.
Step Nineteen
The phone will call itself again. This time press the Decline button.
Step Twenty
We now are presented with our contacts menu. Press to select the contact we added.
Step Twenty One
Press the http://jailbreakme.com url. This will open Safari and take you to jailbreakme.com
Step Twenty Two
Scroll down to the bottom of the page and press Install AppSnapp.
Phone will return to activation screen, but don't panic, just wait. iPhone should automaticly restart after almost a minute. When the phone starts again, it should no longer say Slide to emergency, but rather Slide to Unlock. This means it was successfull!
UNLOCK 1.1.1
Step One
Press to select Settings from your springboard.
Step Two
Press to select General from the list of categories.
Step Three
Press to select Auto-Lock from the General menu.
Step Four
Press to select Never from the list of Auto-Lock times.
Step Five
Press the Home button to return to your springboard.
Step Six
Press to select Installer from your springboard.
Step Seven
Press Donate Later to continue into the Installer app. Note: Come back later and donate as this app is helping you out a ton!
Step Eight
Press to select the Install tab at the bottom of the screen.
Step Nine
Press to select the System category.
Step Ten
Press to select BSD Subsystem from the list of packages.
Step Eleven
Press to select the Install button at the top right.
Step Twelve
Press the Install button to confirm installation.
Step Thirteen
Once installation is complete press to select the Sources tab at the bottom right of the screen.
Step Fourteen
Press to select the Edit button at the top right hand corner.
Step Fifteen
Press to select the Add button at the top left hand corner.
Step Sixteen
Enter http://installer.iClarified.com as the source url and press the Ok button.
Step Seventeen
Press the Done button at the top right of the screen.
Step Eighteen
Press the Install tab at the bottom of the screen.
Step Nineteen
Press to select iClarified from the list of categories.
Step Twenty
From the list of packages press to select anySIM 1.2u.
Step Twenty One
Press the Install button at the top right of the screen.
Step Twenty Two
Press to select the red Install button that appears.
Step Twenty Three
Once install is complete return to the springboard by pressing the Home button.
Step Twenty Four
Press the anySIM icon to begin the unlock.
Step Twenty Five
Make sure your authorized SIM is in the phone and press the Ok button.
Step Twenty Six
Slide to slider to right to begin unlocking
Step Twenty Seven
Scroll down and press Unlock my phone
Step Twenty Eight
Once its done click the Ok button. and you will be returned to your springboard.
UPGRADE TO 1.1.2
- Download the Jailbreak 1.1.2 package from: 1.1.2-jailbreak.zip
- Download the new ipetools from: ipetools.zip
- Download the 1.1.2 Firmware from: here
At this point normally we would have installed OktoPrep from Installer (Tweaks 1.1.1 Category). The new jailbreakme.com is supposed to do this for you now. I've heard a couple reports of the site not doing it so I've left this in the tutorial for now!
Step One
Reboot your phone by holding down the Sleep/Wake button for three seconds. Move the power slider to right to power down. Then press the Sleep/Wake button again to power back on.
Step Two
Launch iTunes.
Name your iPhone if it asks then click the Done button.
Step Three
If you get a dialog window asking you to update to 1.1.3 click the Don't Install button.
(NOTE*: The image says 1.1.2 in this example because i don't have the new image yet).
Hold down Shift and click the Update button to update to 1.1.3
A dialog window will appear asking you to select the firmware to restore to. Select the 1.1.2 firmware we downloaded earlier (iPhone1,1_1.1.2_3B48b_Restore.ipsw)
Once complete a dialog box will appear letting you know you have updated successfully.
When it finishes updating, the iPhone will have been restarted. The new emergency slider and connect to iTunes image will be on the iPhone.
Step Four
Close iTunes then extract the 1.1.2-jailbreak.jar we downloaded earlier. A folder will be extracted called 1.1.2-jailbreak.
Double click windows.bat from within this folder to start the jailbreak.
Step Five
A popup will appear asking you to enter the desired password and whether or not to enable SSH. Make sure you check to enable SSH and then press Jailbreak!
Whens it done a popup will appear letting you know the jailbreak has been successful! During this process the phone may be rebooted a few times.
Step Six
From your springboard press to run the Installer application.
Press to select the Install tab at the bottom.
Press to open the System category.
From the System Category press to select BSD Subsystem.
Then press the Install button at the top right of the screen. When prompted select Install again to begin the installation.
Once the install has finished you will be placed back at the Category list.
Step Seven
Extract ipetools.zip that we downloaded earlier. You will extract a folder called ipetools. Inside this folder is "ipe-lockdownd-tools.tgz". We need to copy this to the iPhone.
Go back to WinSCP. Log back into your iPhone using the same procedure as before.
On the left navigate to the folder that contains "ipe-lockdownd-tools.tgz" and on the right navigate to your root directory. Copy "ipe-lockdownd-tools.tgz" to your root directory.
Step Eight
Select Open Terminal from the Commands menu.
You may be asked to Confirm. Click Ok.
Step Nine
Enter the following commands then press the Execute button after each line:
cd /
cp /usr/libexec/lockdownd /usr/libexec/lockdownd.bak
tar -xvzf ipe-lockdownd-tools.tgz
cd ipetools
./ipatcher -a
Step Ten
Reboot your phone by holding down the Sleep/Wake button for three seconds. Move the power slider to right to power down. Then press the Sleep/Wake button again to power back on.
Step Eleven
Go back to WinSCP. Log back into your iPhone using the same procedure as before.
Step Twelve
Select Open Terminal from the Commands menu.
You may be asked to Confirm. Click Ok.
Step Thirteen
Enter the following commands then press the Execute button after each line:
killall -9 lockdownd
cd /ipetools
./bricktool
Step Fourteen
Reboot your phone by holding down the Sleep/Wake button for three seconds. Move the power slider to right to power down. Then press the Sleep/Wake button again to power back on.
You can now put in any SIM. You have an unlocked iPhone!!!
NOTES:
I'd rapidly improving the quality of my own screenshots; however, some of them have been obtained from around the net. Most notably I'd like to give thanks to Mark from HacktheiPhone.
THANKS:
Well, I also really need to thank all the developers who have been working like crazy to make this tutorial even possible, the iPhone Dev Team and the ipetools creators - 79b1caf2c95695e0af0e6216216eec54 -BlaCkBirD -Zibri -b1llyb0y -kiwi66 -rdh.
A big thanks to chainsawwws who helped me get through these steps successfully!
If your firmware is 1.1.1 please use iTunes to update to latest firmware(1.1.2) before starting this tutorial! You need to do this otherwise the unlocker used in this tutorial won't work.
DOWNGRADE TO 1.1.1
For this you will need iBrickr 0.91, iTunes 7.5, and iPhone Firmware 1.1.1
- Update iTunes to get the latest version.
- Download iBrickr 0.91 from: here
- Download iPhone Firmware 1.1.1 from: here
Step One
Connect your iPhone to your PC and launch iTunes
Step Two
Press and hold Home and Power button of your iPhone at the same time. Once the screen turns black, release the power button but keep on holding the Home button until Apple logo changes to the restore screen. Note: The screen may also just stay black. This is normal. Just hold the home button till iTunes detects the iPhone.
Step Three
iTunes will then detect an iPhone in restore mode.
Hold down the Shift key and click Restore.
A dialog window will appear asking you to select the firmware to restore to. Select the 1.1.1 firmware we downloaded earlier (iPhone1,1_1.1.1_3A109a_Restore.ipsw)
At the end of the restore you will get Error 1015. This is okay. Simply click the Ok button.
Another popup will appear telling you your iPhone is in recovery mode. Click the Ok button.
Step Four
Exit iTunes by selecting Exit from the File menu. Press Control+Alt+Delete on the keyboard. Select to Start Task Manager.
Click to select the Processes tab from the Windows Task Manager window.
Select iTunesHelper.exe from the list of processes and then click the End Process button. A popup will appear asking you to confirm the end process. Click the End Process button from the popup.
You can now close Windows Task Manager by click the X at the top right of the window.
Step Five
You will notice your iPhone is still in recovery mode. To exit recovery mode launch iBrickr.exe which you downloaded earlier.
Click the Boot the phone link.
iBrickr will say Please wait while iBrickr tries to fix your phone.
The iPhone will reboot and display the Activate screen again!
You can now close iBrickr.
JAILBREAK 1.1.1
Step One
At the "Activate iPhone" screen move the slider to the right for emergency calling.
Step Two
Dial "*#307#" then press the Call button.
Step Three
You will hear the phone call itself. Use the back arrow to clear the number you just enter. Now dial "0" then press the Call button.
Step Four
Now you will be able to see the incoming call. Press the Accept button.
Step Five
Now press the Hold button to put the call on hold.
Step Six
The phone will call itself again. This time press the Decline button.
Step Seven
We now are shown the keypad again. Click the contacts tab at the bottom. We are now presented with an empty contacts menu. Click the plus(+) button to add a new contact.
Step Eight
Press Add New URL.
Step Nine
Input prefs: as the url then press the Save button.
Step Ten
Press Add New URL again.
Step Eleven
Input http://jailbreakme.com as the url then press the Save button.
Step Twelve
Now in the contact view you will see the 2 urls. Press the prefs: url.
Step Thirteen
This will bring up the iPhone's Settings Menu. Select your wireless network from the Wi-Fi category. Press the Settings button at the top left to go back to the Settings Menu.
Step Fourteen
Select the General category from the Settings Menu. Then select the Auto-Lock subcategory.
Press to select Never from the list of Auto-Lock times.
Press the Settings button at the top left to return to the settings window.
Step Fifteen
Press the Home button. At the "Activate iPhone" screen move the slider to the right for emergency calling.
Step Sixteen
Now dial "0" then press the Call button.
Step Seventeen
Now you will be able to see the incoming call. Press the Accept button.
Step Eighteen
Now press the Hold button to put the call on hold.
Step Nineteen
The phone will call itself again. This time press the Decline button.
Step Twenty
We now are presented with our contacts menu. Press to select the contact we added.
Step Twenty One
Press the http://jailbreakme.com url. This will open Safari and take you to jailbreakme.com
Step Twenty Two
Scroll down to the bottom of the page and press Install AppSnapp.
Phone will return to activation screen, but don't panic, just wait. iPhone should automaticly restart after almost a minute. When the phone starts again, it should no longer say Slide to emergency, but rather Slide to Unlock. This means it was successfull!
UNLOCK 1.1.1
Step One
Press to select Settings from your springboard.
Step Two
Press to select General from the list of categories.
Step Three
Press to select Auto-Lock from the General menu.
Step Four
Press to select Never from the list of Auto-Lock times.
Step Five
Press the Home button to return to your springboard.
Step Six
Press to select Installer from your springboard.
Step Seven
Press Donate Later to continue into the Installer app. Note: Come back later and donate as this app is helping you out a ton!
Step Eight
Press to select the Install tab at the bottom of the screen.
Step Nine
Press to select the System category.
Step Ten
Press to select BSD Subsystem from the list of packages.
Step Eleven
Press to select the Install button at the top right.
Step Twelve
Press the Install button to confirm installation.
Step Thirteen
Once installation is complete press to select the Sources tab at the bottom right of the screen.
Step Fourteen
Press to select the Edit button at the top right hand corner.
Step Fifteen
Press to select the Add button at the top left hand corner.
Step Sixteen
Enter http://installer.iClarified.com as the source url and press the Ok button.
Step Seventeen
Press the Done button at the top right of the screen.
Step Eighteen
Press the Install tab at the bottom of the screen.
Step Nineteen
Press to select iClarified from the list of categories.
Step Twenty
From the list of packages press to select anySIM 1.2u.
Step Twenty One
Press the Install button at the top right of the screen.
Step Twenty Two
Press to select the red Install button that appears.
Step Twenty Three
Once install is complete return to the springboard by pressing the Home button.
Step Twenty Four
Press the anySIM icon to begin the unlock.
Step Twenty Five
Make sure your authorized SIM is in the phone and press the Ok button.
Step Twenty Six
Slide to slider to right to begin unlocking
Step Twenty Seven
Scroll down and press Unlock my phone
Step Twenty Eight
Once its done click the Ok button. and you will be returned to your springboard.
UPGRADE TO 1.1.2
- Download the Jailbreak 1.1.2 package from: 1.1.2-jailbreak.zip
- Download the new ipetools from: ipetools.zip
- Download the 1.1.2 Firmware from: here
At this point normally we would have installed OktoPrep from Installer (Tweaks 1.1.1 Category). The new jailbreakme.com is supposed to do this for you now. I've heard a couple reports of the site not doing it so I've left this in the tutorial for now!
Step One
Reboot your phone by holding down the Sleep/Wake button for three seconds. Move the power slider to right to power down. Then press the Sleep/Wake button again to power back on.
Step Two
Launch iTunes.
Name your iPhone if it asks then click the Done button.
Step Three
If you get a dialog window asking you to update to 1.1.3 click the Don't Install button.
(NOTE*: The image says 1.1.2 in this example because i don't have the new image yet).
Hold down Shift and click the Update button to update to 1.1.3
A dialog window will appear asking you to select the firmware to restore to. Select the 1.1.2 firmware we downloaded earlier (iPhone1,1_1.1.2_3B48b_Restore.ipsw)
Once complete a dialog box will appear letting you know you have updated successfully.
When it finishes updating, the iPhone will have been restarted. The new emergency slider and connect to iTunes image will be on the iPhone.
Step Four
Close iTunes then extract the 1.1.2-jailbreak.jar we downloaded earlier. A folder will be extracted called 1.1.2-jailbreak.
Double click windows.bat from within this folder to start the jailbreak.
Step Five
A popup will appear asking you to enter the desired password and whether or not to enable SSH. Make sure you check to enable SSH and then press Jailbreak!
Whens it done a popup will appear letting you know the jailbreak has been successful! During this process the phone may be rebooted a few times.
Step Six
From your springboard press to run the Installer application.
Press to select the Install tab at the bottom.
Press to open the System category.
From the System Category press to select BSD Subsystem.
Then press the Install button at the top right of the screen. When prompted select Install again to begin the installation.
Once the install has finished you will be placed back at the Category list.
Step Seven
Extract ipetools.zip that we downloaded earlier. You will extract a folder called ipetools. Inside this folder is "ipe-lockdownd-tools.tgz". We need to copy this to the iPhone.
Go back to WinSCP. Log back into your iPhone using the same procedure as before.
On the left navigate to the folder that contains "ipe-lockdownd-tools.tgz" and on the right navigate to your root directory. Copy "ipe-lockdownd-tools.tgz" to your root directory.
Step Eight
Select Open Terminal from the Commands menu.
You may be asked to Confirm. Click Ok.
Step Nine
Enter the following commands then press the Execute button after each line:
cd /
cp /usr/libexec/lockdownd /usr/libexec/lockdownd.bak
tar -xvzf ipe-lockdownd-tools.tgz
cd ipetools
./ipatcher -a
Step Ten
Reboot your phone by holding down the Sleep/Wake button for three seconds. Move the power slider to right to power down. Then press the Sleep/Wake button again to power back on.
Step Eleven
Go back to WinSCP. Log back into your iPhone using the same procedure as before.
Step Twelve
Select Open Terminal from the Commands menu.
You may be asked to Confirm. Click Ok.
Step Thirteen
Enter the following commands then press the Execute button after each line:
killall -9 lockdownd
cd /ipetools
./bricktool
Step Fourteen
Reboot your phone by holding down the Sleep/Wake button for three seconds. Move the power slider to right to power down. Then press the Sleep/Wake button again to power back on.
You can now put in any SIM. You have an unlocked iPhone!!!
NOTES:
I'd rapidly improving the quality of my own screenshots; however, some of them have been obtained from around the net. Most notably I'd like to give thanks to Mark from HacktheiPhone.
THANKS:
Well, I also really need to thank all the developers who have been working like crazy to make this tutorial even possible, the iPhone Dev Team and the ipetools creators - 79b1caf2c95695e0af0e6216216eec54 -BlaCkBirD -Zibri -b1llyb0y -kiwi66 -rdh.
A big thanks to chainsawwws who helped me get through these steps successfully!