188 replies to this topic

[Steven0Ritt]

After a week of looking for solutions to every problem the Gevey Ultra S Unlock causes, I've finally gotten everything working. I figured there's a lot of people who also need this information so I'm making this tutorial.

Since there is a lot to do to have a fully-functional iPhone 4s on an unsupported carrier, such as T-Mobile US in my case, I've split this tutorial into 6 sections.


Section I: Jailbreaking your iPhone 4s

Section II: Installing Furi0us Mod and Unlocking via Gevey Ultra S

Section III: Patching the CommCenter

Section IV: Fixing FaceTime / iMessage

Section V: Misc. Fixes and Cosmetics

Section VI: Fixing MMS



Basically, before we start, let's understand what needs to be done. For a fully-functional iPhone 4s, we want talk, text, mms, data, and all the iOS specific features of a phone such as iMessage and FaceTime.

Now let's go over what tools you need as well as what knowledge. OBviously you'll need a computer, and on that computer you'll need to install 3 new programs. First we need absinthe 2.0.4 to jailbreak the iPhone, download it HERE. Next is i-Funbox which can be downloaded from HERE. Next we need a Hex Editor. I Prefer HxD, which can be downloaded HERE.

NOTE: Most of the steps can cause system instability and force you to restore your iphone and start over. So read, re-read, and re-re-read this tutorial until you have it memorized.



START!

-Section I- Jailbreaking



1.Connect your iPhone and open up iTunes.

2.Right click your iPhone in the sidebar and hit Backup.

3.After your iPhone's backed up, restore it.

4.Once it finishes, dont do anything on the phone yet, it will say iPhone has been activated on CDMA network (if you don't have the original SIM card) in iTunes.

5.Click OK, then register your iPhone.

6.Click Set up as new iPhone and choose not to sync apps or contact data. Wait for it to finish syncing. (Helpful tip: Deselect Open iTunes when this device connects while you're at it.

7.Close iTunes and open up absinthe 2.0.4.

8.You might have to unplug and plug your iPhone back in for it to read.

9.Click Jailbreak.

Wait until it says "Done! Enjoy."

You have officially jailbroken your iPhone 4s.

10.Restore your iPhone using the Backup you made earlier.



-Section II- Unlocking



1.On your iPhone, open up Cydia and wait while it rearranges the filesystem.

2.After it resprings, open Cydia again, click Developer, ok. Click the Manage tab.

3.Click Sources, Edit, Add, and add this repository (http://www.cydia.furiousmod.com), click add source.

 IMG_0023.PNG   284.01K   330 downloads

4.Within that repository, find Furi0usMod-iPhone4s that says iOS 5.1.1 under it.

5.Click install, then continue queuing.

6.Also add to the install list: OpenSSH and Link identity editor (can be found under Development Section)

7.Install them all. Close out of Cydia when they finish installing.

8.Place the White Reset sim ontop of your Gevey Ultra S and insert them both into your iPhone. (Verizon iPhone users place your unofficial sim card on top of the Gevey, as this step is unnecessary)

9.Reboot your iphone. A list will show up, click the carrier your Phone is locked to.

10.Remove the Gevey and replace the White sim with your unnoficial sim (Verizon users already did this). Reboot iPhone again.

11.Wait until a popup appears saying you have successfully unlocked with Gevey. It will have a 6-digit register code. Write this code down.

12.Open up Furi0usMod, input your code and hit register. Turn both items on if they are not. Reboot once more.

13.The same "Success" screen from earlier will pop up 3-4 more times. just keep hitting accept. After a bit, your unofficial carrier name should pop up on the left of the status bar.

You have officially unlocked your iPhone 4s.

NOTE: Some of you may be satisfied with your iPhone at this point, but iMessage and FaceTime will not work. MMS and Data APNs also need fixed. The voicemail button in the phone app will not work, and all the carrier settings will be messed up if you live in the US. To fix this, we need to edit certain carrier setting files, which CommCenter will reject because their Signatures will no longer be valid. So now we need to patch CommCenter to accept unsigned carrier bundles.



-Section III- CommCenter

1.Plug your iPhone in and open up i-Funbox.

2.Click Raw Filesystem and navigate to /System/Library/Frameworks/CoreTelephony.framework/Support/CommCenter

3.Copy this file to a folder or your desktop.

4.Open CommCenter in HxD,

5.Navigate to offset A9C00. look for 30 46. Change it to 01 20. Save the file.

 tut_comm_patch.png   31.95K   701 downloads

6.Replace the CommCenter File on you iPhone with the modified one. DO NOT REBOOT.
EDIT: Delete the original, THEN place the modified CommCenter on your phone.

7.Click SSH Terminal under USER's iPhone | iPhone 4S (5.1.1)

8.Type ldid -s /System/Library/Frameworks/CoreTelephony.framework/Support/CommCenter. Click Enter.

9.Type chmod +x /System/Library/Frameworks/CoreTelephony.framework/Support/CommCenter. Click Enter.

10.Click on USER's iPhone | iPhone 4S (5.1.1) and then Device Safe Eject. After it Disconnects, Reboot your iPhone. If it reboots properly, congratulations, you have successfully patched CommCenter.

If it doesn't, your only option is to put it in DFU mode and restore.



NOTE: The last two steps, if done properly, can all be done at once before rebooting.



-Section IV- FaceTime/iMessage



You will either need to 'obtain' iFile from cydia, or download a plist editor for your computer. This depicts the iFile route.

NOTE:If you live in the United States, and don't have international texting, use the number +28818773 in place of all +011447786205094 numbers in this section

1.Open iFile on your iPhone. Navigate to /System/Library/Carrier Bundles/iPhone/00101/carrier.plist.

2.Make a backup of this file (as well as all others we edit).

3.Open the file in property list viewer.

4.Find PhoneNumberRegistrationGatewayAddress, and set it to: +011447786205094.

5.Find RedialOnRRCConnectionFailure and Change it to ON.

6.Save the file.

7.Go back to carrier bundles and find Unknown.bundle/carrier.plist.

8.Open the file in property list viewer.

9.Find PhoneNumberRegistrationGatewayAddress, and set all 10 sets of numbers to +011447786205094.

 IMG_0015.PNG   85.34K   401 downloads

10.Save the file.

11.Open the carrier bundle your iPhone is locked to (this can be found by opening the settings app, going to General, About, and looking at the Carrier).

12.Open the carrier.plist file in that bundle in property list viewer.

13.Find PhoneNumberRegistrationGatewayAddress, and set it to +011447786205094.

14.Click the plus in the bottom right of the screen.

15Type RedialOnRRCConnectionFailure. Type: Boolean. Click Create. Switch it to ON.

16.Click Done.

17.You can reboot now or continue to Section V without rebooting.

18.After you reboot, switch FaceTime and iMessage off then on and they should activate.



-Section V- Misc. Fixes and Cosmetics

1.Open iFile and navigate to the carrier bundle your phone is locked to.

2.Open the carrier.plist file in property list viewer.

3.Tap apns. 0: is your Data APN. 1: is your MMS APN. Change these to match your SIM carriers recommended APNs, and find your carriers correct MMS settings while you're at it.

 IMG_0018.PNG   129.65K   153 downloads

NOTE: Those using this unlock for T-Mobile US, i will have all the correct settings at the end.

4.Change CarrierName to your carrier's name.

 IMG_0019.PNG   90.19K   92 downloads

5.Tap MMS. Change these settings to match your SIM carriers recommended MMS settings.

 IMG_0020.PNG   91.4K   92 downloads

6.MyAccountURL and MyAccountURLTitle Show up under Phone/Services in the settings app. Change MyAccountURL to the web address you use to sign in to your carriers account. Change MyAccountURLTitle to something like Carrier MyAccount. (These can be anything you want, the URL could be facebook if you want it to).

 IMG_0021.PNG   99.54K   79 downloads

7.Tap Services. Change each dictionary to a number code you use to e.g. check minutes. e.g. ServiceName: Check Minutes, ServiceCode: #646#

 IMG_0024.PNG   60.35K   54 downloads  IMG_0025.PNG   51.44K   40 downloads

8.Find VoicemailPilotNumber. Change this to the number you would call to check your voicemail. Dont forget country code e.g. US - +1.

 IMG_0022.PNG   102.2K   37 downloads

9.Save the file.

10.Reboot your iPhone.

Your Phone should now seem as though it's on the right carrier.

11.Test the voicemail button and go through your settings to make sure you did everything right. You should see no sign of the other carrier.



NOTE: Section VI was going to be manually editting apns from the settings app, but I found the much easier and permanent carrier.plist solution after I'd written the first half of this tutorial. When I was doing Section V it made sense to stick it in there instead. If you go to settings, General, Network Cellular Data Network, and it has the wrong settings, click reset Network settings. This will reset them to the defaults from the carrier.plist file that we editted.



-Section VI- MMS

The only thing we need to do to fix MMS, since we did most of it in Section V, is add a UA Prof URL. Go to Settings, General, Network, Cellular Data Network, MMS UA Prof URL. Make it (http://www.apple.com/mms/uaprof.rdf).

If you hit Reset Network Settings after this, this is the only thing you need to re-enter.



-Congratulations!!!!!-

You've official cleaned up the mess of an unlock that the Gevey Ultra S provides.

Try to avoid anything on Cydia that could cause system instability, since you'll have to start from scratch again

I spent MANY hours figuring all this out, compiling it all, and making a tutorial, so please thank me and give me credit when it's due. Thanks .

If you dont understand something please respond and I will try to help. I will be constantly monitoring to respond fast and make this easy for everyone.

-Credits-

Jailbreak: Chronic Dev Team - http://www.Greenpois0n.com

Unlock: Gevey Ultra S - http://www.ApplenBerry.com

CommCenter Patch Tut: MrFabius - http://insanelyi.com...-511-iphone-4s/

FaceTime/iMessage Fix: cooldayr - http://support.t-mobile.com/thread/23968

Misc. Fixes and Cosmetics/MMS: Steven0Ritt (ME)

Full tutorial: Steven0Ritt (ME)



T-Mobile US carrier.plist settings

APNs:
0: epc.tmobile.com
1: epc.tmobile.com

CarrierName - T-Mobile

MMS:
GroupModeEnabled - ON
MaxImageDimension - 1024
MaxMessageSize - 1048576
MaxRecipients - 10
MaxVideoBitrate - 131072
MMSC - (http://mms.msg.eng.t....com/mms/wapenc)
Proxy - 216.155.165.50:8080

MyAccountURLTitle - T-Mobile MyAccount

MyAccountURL - (https://auth.web2go....account/home.do)

Services:
ServiceName - Check Minutes
ServiceCode - #646#

ServiceName - Check Text Usage
ServiceCode - #674#

ServiceName - Check Balance
ServiceCode - #225#

VoicemailPilotNumber - +18056377243

[Chris]

If you legit did this tutorial I'm impressed as it's the most in-depth I have seen. Kudo's

Only thing that would bug me is VisualVoicemail not working. I talked to the Dev of YouMail, and they have had troubles with Virtual carriers (3rd party like Straight Talk, which I'm on) as it's not an official one they don't support it.

None the less, good job.

[Steven0Ritt]

I'm don't know much about forums as this is my first post EVER, but is there anyway to get this topic noticed more by the people who need it? I'm not trying to say this is the greatest thing ever that everyone needs to see, but it's very useful

[code600]

I am guessing this guide will work for those with CDMA phone? Just instead of unlocking add PRL of the carrier?

[Steven0Ritt]

I am guessing this guide will work for those with CDMA phone? Just instead of unlocking add PRL of the carrier?

As long as you install the correct CommCenter Patch for your device and iOS, all of the carrier bundle editting should work. Don't trust me though, as I've never tinkered with iPhone 4 or below carrier.plists. Do some research and tell us how it goes for you.

[0_o]

Why would you need Gevey Ultra S on a CDMA iphone?

[Dalla5]

No matter what I do, I get to patching the CommCenter and when I reboot my phone it doesn't come back on and I have DFU and restore. I'm typing in everything exactly as shown - Everything works flawlessly up until I get to the reboot part. Any help?

[Steven0Ritt]

No matter what I do, I get to patching the CommCenter and when I reboot my phone it doesn't come back on and I have DFU and restore. I'm typing in everything exactly as shown - Everything works flawlessly up until I get to the reboot part. Any help?

Case is VERY important in terminal.
Also the first command is LDID (lower case). Very important that everything is typed in correctly.

Why would you need Gevey Ultra S on a CDMA iphone?

CDMA iPhones 4S's (not 4's). Have a SIM tray built in for international use. There is a way to unlock with SAM, but it requires your iPhone to be activated with a valid sim and not be ESN blacklisted. Thr Gevey is more for people with bad ESN iPhones. (lost/stolen/unpaid bills)

[Jacsoccerdude3]

Does this unlock all basebands? Including 04.12.01?

[cooldayr]

Does this unlock all basebands? Including 04.12.01?

There will probably never be an unlock for this baseband.

[Steven0Ritt]

Does this unlock all basebands? Including 04.12.01?

In case no one pays attention to anything.
This is SPECIFICALLY for IPHONE 4S running on IOS 5.1.1, which is baseband 2.0.12.

Also this is meant for those who have bought a Gevey Ultra S or similar SIM Interposer.
I haven't had any other iPhone on any other iOS.
If you have ANYTHING other than an iPhone 4S on iOS 5.1.1, PLEASE direct your questions somewhere else.
This is a Tutorial Topic and i guarentee this to work for sprint and verizon iPhone 4S's on 5.1.1.
Go ask about iphone 4's and 3GS's, iOS 4.x and 5.0.1 in another discussion topic.
Thank you

[Tito_1]

I purchased a BAD ESN Verizon 4s for my mom on at&t. I have done pretty much everything to get the APN settings to stick on reboot prior to seeing this guide. Knowing that the 4s is obviously available on at&t. Is there a way to essentially trick the phone into thinking its an at&t phone? When ever I try and to a carrier bundle swap it works until reboot. Then when I go to about in Settings>General>About in the carrier section it says "Not Available", before I rebooted though, the carrier bundle worked and the phone had every at&t option available and the APNs where correct. Voicemail worked as well. I have tried everything, but I absolutely cannot have it defaulting to vodafone.nl carrier bundle because the voicemail button calls internationally, as well as the apns resetting, unless you install the carrier apn package from unlockit.co.nz and that only fixes data not MMS.


The gevey ultra s program on Cydia is not needed since I have found a simpler way that does not prompt to activate 3 or 4 times. Only the Commcenter patch(Available at "http://v.backspace.jp/repo"), and the Mr. Sim Network package(Avaliable at "http://www.iglive.cn/cydia").

[Steven0Ritt]

I purchased a BAD ESN Verizon 4s for my mom on at&t. I have done pretty much everything to get the APN settings to stick on reboot prior to seeing this guide. Knowing that the 4s is obviously available on at&t. Is there a way to essentially trick the phone into thinking its an at&t phone? When ever I try and to a carrier bundle swap it works until reboot. Then when I go to about in Settings>General>About in the carrier section it says "Not Available", before I rebooted though, the carrier bundle worked and the phone had every at&t option available and the APNs where correct. Voicemail worked as well. I have tried everything, but I absolutely cannot have it defaulting to vodafone.nl carrier bundle because the voicemail button calls internationally, as well as the apns resetting, unless you install the carrier apn package from unlockit.co.nz and that only fixes data not MMS.


The gevey ultra s program on Cydia is not needed since I have found a simpler way that does not prompt to activate 3 or 4 times. Only the Commcenter patch(Available at "http://v.backspace.jp/repo"), and the Mr. Sim Network package(Avaliable at "http://www.iglive.cn/cydia").

The Gevey Ultra S is a physical SIM tray replacement with a SIM Interposer chip.

I don't know what Mr. SIM is but I'll check it out. And what are you doing to unlock your phone?

EDIT: The Mr-SIM seems to be a SIM Interposer supported by the network package, which can be updated to support more carriers. I personally wouldn't trust this because it's not an American based company. Not good support and probably bad returns. I'd stick with the Gevey Ultra S but whatever floats your boat

[Tito_1]

I have a Gevey Ultra S CDMA, using on a Verizon 4s to work on at&t. My goal is to essentially use the at&t carrier bundle as the default carrier bundle. When I try it works before reboot, but after it just shows carrier "Not Available" when I do it. This also happens when I drop the carrier bundle files from at&t into the vodafone.nl carrier bundle folder(deleting contents before hand of course).

Those cydia packages where used to enable the Gevey Ultra S to work. That network package actually works just fine, along with the commcenter patch I linked as well. I found them via this guide - http://unlockboot.co...s-ios-511.html]

All I want to do is remove vodafone.nl as the default carrier bundle and replace it with the at&t ones. I have tried to change the carrier bundles in the system folders with the carrier bundles effectively changing the default one, but on reboot as I said it just says Carrier "Not Available".

Edit - Forgot to mention that I have already had the phone working on at&t, the issue isn't unlocking the phone.

[Dalla5]

[quote name='Steven0Ritt' timestamp='1342664486' post='84214']
Case is VERY important in terminal.
Also the first command is LDID (lower case). Very important that everything is typed in correctly.

I have tried with both typing in manually (of course double-checking for spaces and CasE) as well as copy and pasting. If i copy and paste, do I need the "." before the instruction to "Click enter."?

Thanks in advance for your help - AWESOME tutorial by the way

[Steven0Ritt]

I have a Gevey Ultra S CDMA, using on a Verizon 4s to work on at&t. My goal is to essentially use the at&t carrier bundle as the default carrier bundle. When I try it works before reboot, but after it just shows carrier "Not Available" when I do it. This also happens when I drop the carrier bundle files from at&t into the vodafone.nl carrier bundle folder(deleting contents before hand of course).

Those cydia packages where used to enable the Gevey Ultra S to work. That network package actually works just fine, along with the commcenter patch I linked as well. I found them via this guide - http://unlockboot.co...s-ios-511.html]

All I want to do is remove vodafone.nl as the default carrier bundle and replace it with the at&t ones. I have tried to change the carrier bundles in the system folders with the carrier bundles effectively changing the default one, but on reboot as I said it just says Carrier "Not Available".

Edit - Forgot to mention that I have already had the phone working on at&t, the issue isn't unlocking the phone.

Instead of copying files over to the vf carrier bundle, try changing the vf carrier.plist files to match at&t's. The Gevey works off of a bug in vf nl's carrier bundle files. So changing them might screw it up. (idk ? ;D)

Also try manually patching the CommCenter

[Steven0Ritt]

Case is VERY important in terminal.
Also the first command is LDID (lower case). Very important that everything is typed in correctly.

I have tried with both typing in manually (of course double-checking for spaces and CasE) as well as copy and pasting. If i copy and paste, do I need the "." before the instruction to "Click enter."?

Thanks in advance for your help - AWESOME tutorial by the way

So You've changed the hex values 30 46 to 01 20 on the commcenter file right? Then replaced the commcenter file on you phone with the modified one? Then opened SSH Terminal on i-Funbox or MobileTerminal on your iPhone? Then typed in (exactly, don't forget anything) "ldid -s /System... Etc." hit enter, execute, whatever. Then "chmod +x /System... Etc." remember to install "Link Identity Editor" to add the ldid command. You need to set your preference on cydia to Developer instead of User or Hacker to find the link identity editor package.

[Dalla5]

So You've changed the hex values 30 46 to 01 20 on the commcenter file right? Then replaced the commcenter file on you phone with the modified one? Then opened SSH Terminal on i-Funbox or MobileTerminal on your iPhone? Then typed in (exactly, don't forget anything) "ldid -s /System... Etc." hit enter, execute, whatever. Then "chmod +x /System... Etc." remember to install "Link Identity Editor" to add the ldid command. You need to set your preference on cydia to Developer instead of User or Hacker to find the link identity editor package.

Yes sir, I've done it exactly as described (to the best of my knowledge). I have Link Identity installed, and OpenSSH, running Terminal from iFunBox. The only thing in the string of commands that I'm not typing is the ending ". Click enter." on both lines. Both lines execute seemingly correctly. Everything is kosher until I reboot my phone. Does it matter if my phone is still plugged in after I execute the commands and reboot?

[Steven0Ritt]

No I believe not. I usually keep it plugged in. To be honest. I don't know what the problem is -.-

[Dalla5]

No I believe not. I usually keep it plugged in. To be honest. I don't know what the problem is -.-

Well, poop. Maybe it's when I'm editing the CommCenter file in HxD.....I highlight 30 46 and type 01 20 (no spaces as it creates them automagically), and then I hit save. Then I go back to iFunbox and select "Copy from PC" and select the CommCenter file. Then, I go down to Remove Device Safely and unplug it. Then I turn phone off by holding the power button and sliding to power off. When I turn it back on, I get the Apple for a long while, then the spinner for a second, then it freezes. Rinse, and repeat.

I've done this procedure about 6 times now, all with the same results :-(...HEEELLLLLPPPPPPPPPPPP.