Gevey SIM Unlocks iPhone 4 Including iOS 4.3.1, iOS 4.3 Baseband 04.10.01 But It’s Illegal

iOS 5

If you’ve been eagerly waiting for iPhone Dev Team to release a software solution to unlock your iPhone then may have also heard about a SIM card hack called Gevey SIM.

Gevey SIM Interproser doesn’t need users to jailbreak their iPhone but works by forcing the activation of the baseband using the emergency dialer. It can unlock iPhone 4 basebands 04.10.01 (bundled with iOS 4.3, iOS 4.3.1), 03.10.01 (bundled with iOS 4.2.1), 02.10.04 (bundled with iOS 4.1).

This is how it works:

SIM card holds many different types of information, but the part most involved with carrier lock is the IMSI number, which is a unique code that corresponds to your account in the mobile carrier’s database.

A sample IMSI might look like this

310 150 987654321

The first two segments are known as Mobile Country Code (MCC) and Mobile Network Code (MNC) respectively, and in the example above the IMSI indicate the SIM is from USA (310) AT&T (150).

When the iPhone baseband is loaded into memory, it checks the MCC and MNC against its own network lock state stored in the seczone. If the combination is allowed, the cell radio is activated and vice versa.

The earliest iPhone baseband revisions only check IMSI twice following a restart, therefore it is very easy to send spoof information in order to bypass the check. Nevertheless, the baseband was soon updated to validate SIM more aggressively and the method soon became obsolete. [..]

[..] Apparently somebody figured out that while the i4 baseband has been patched to prevent test IMSI from working, it is still possible to force activate the baseband using the emergency dialer.

It works if A.your network handles 112 calls properly according to the GSM standard; B.they are lax on TMSI management and does not actively validate your IMSI again for incoming calls.

Unlike its ancestors, the i4 SIM interposer is not a drop-in-and-forget device. The exact precedure must be performed should the device restart, lose reception for an extended period of time or move to another PLMN. In all these situations the TMSI expires and has to be obtained again. Theoretically it is possible for a daemon to automate the process similar to ZeroG, but that only makes thing more convoluted.

You can checkout the video of an iPhone 4 unlocked using the Gevey SIM hack below:

Now for some bad news. Since the hack works using the emergency dialer (by dialing 112), it is illegal in the US and probably in other countries.

MuscleNerd, member of the iPhone Dev Team has also warned users from using the Gevey SIM card hack:

That “dial 112 then hang up” in gevey is illegal in USA, and probably other countries. Buyer beware.

Since the Gevey SIM Interproser fakes your handset’s identity, you also run the risk of your carrier shutting down your account for breach of contract:

SIM interposer should not harm your phone hardware, however your network could request IMEI and identify your device during the emergency call, leading to your handset getting banned. Your identity cannot be faked and it is possible that they will shut down your account. There is a reason why SIM cards remain legally the property of the service provider: you are not supposed to tamper with them without breaching contract.

So we would strongly recommend our readers to stay away from the Gevey SIM hack.

There is currently no update on the software method to unlock iPhone from the Dev team since our last update.

We’ll let you know if there are any further updates so stay tuned here at iPhone Hacks or join our Facebook Fan page or follow us on Twitter or  subscribe to our RSS feed.

[via Singularity, Twitter (MuscleNerd)]