Gevey iPhone 4 SIM Can Unlock Baseband 2.10.04, 3.10.01 on iOS 4.1, 4.2.1, and 4.3

Now that iOS 4.3 is out for iPhone 4 users, what’s next for the unlockers?
We understand that the software-based unlock from the iPhone Dev Team for basebands 2.10.04 and 3.10.01 won’t probably be coming out until they released an untethered jailbreak for iOS 4.3, despite discovering an exploit for the said basebands. Yet, we still don’t have specifics when the next baseband unlock would be coming. It’s just really a matter of time, and soon the Dev Team will bring something good news for unlockers in the jailbreaking community.

But for those who really can’t wait for the next software-based unlock (could it still be Ultrasn0w?), a team from China behind what is called a Gevey SIM, published images and videos showing how they managed to unlock iPhone 4 basebands 2.10.04 and 3.10.01 on iOS 4.1 and iOS 4.2.1 (iOS 4.3 could be vulnerable too) – just by using a SIM card. The specialized SIM is called “SIM Interposer” by which Laforet of Singularity blog explained everything behind the baseband unlocking action in detail.

Below is the video showing two carrier locked iPhone 4 running on different iOS firmware versions, and have been unlocked just by using the Gevey SIM.

How did It Work?

SIM card holds many different types of information, but the part most involved with carrier lock is the IMSI number, which is a unique code that corresponds to your account in the mobile carrier’s database.

A sample IMSI might look like this

310 150 987654321

The first two segments are known as Mobile Country Code (MCC) and Mobile Network Code (MNC) respectively, and in the example above the IMSI indicate the SIM is from USA (310) AT&T (150).

When the iPhone baseband is loaded into memory, it checks the MCC and MNC against its own network lock state stored in the seczone. If the combination is allowed, the cell radio is activated and vice versa.

The earliest iPhone baseband revisions only check IMSI twice following a restart, therefore it is very easy to send spoof information in order to bypass the check. Nevertheless, the baseband was soon updated to validate SIM more aggressively and the method soon became obsolete.

What does it mean to unlockers?

1. It works if A.your network handles 112 calls properly according to the GSM standard; B.they are tolerant to TSMI spoofing and does not actively validate your SIM again for incoming calls.
2. Unlike its ancestors, the i4 SIM interposer is not a drop-in-and-forget device. The exact precedure must be performed should the device restart, lose reception for an extended period of time or move to another PLMN. In all situations the TMSI expires and has to be obtained again. Theoretically it is possible for a daemon to automate the process similar to ZeroG, but that only makes thing more convoluted.
3. It is, without question, unethical or downright illegal to use the technique anywhere 112 is a legitimate emergency number. Not a huge issue in China where the number is only used for informative purpose; the providers have no immediate incentive to fix the loophole.
4. All firmware/baseband combinations for the i4 up to iOS4.3 are vulnerable; however the exploit may be patched in any future software updates or via the carrier. If apple can influence providers to block Lydia it is not impossible for them to press them to fix the exploit. The only way to permanently unlock your baseband is via NCK.
5. SIM interposer should not harm your phone hardware; however your network could request IMEI and identify your device during the emergency call. Your identity cannot be faked and it is possible that they will ban your account. There is a reason why SIM cards remain legally the property of the service provider: you are not supposed to tamper with them without breaching contract.
6. Notwithstanding all the problems, SIM interposer does not cause any battery drain since it is only active transiently, nor would it cause signal loss because it does not change cellular transmission other than the initial validation step.

Albeit being legally questionable, an initial price of the Gevey SIM is at US$50, but the official pricing is still yet to be announced when it go on sale comes March 18th to 21st. Stay tuned as I’m going to let you know once it’s officially out. So anyone buying?

Update: Gevey SIM is now being sold online for US $75.

To receive latest technology updates, you can subscribe either by E-mail or by RSS Feeds. Follow me also on Twitter.