본문 바로가기

Knowhow/iPhone 4s

[How to] Fully Unlock CDMA iPhone 4S 5.1.1 And fix MMS, Data, iMessage, FaceTime, and Carrier Settings

After a week of looking for solutions to every problem the Gevey Ultra S Unlock causes, I've finally gotten everything working. I figured there's a lot of people who also need this information so I'm making this tutorial.

Since there is a lot to do to have a fully-functional iPhone 4s on an unsupported carrier, such as T-Mobile US in my case, I've split this tutorial into 6 sections.


Section I: Jailbreaking your iPhone 4s

Section II: Installing Furi0us Mod and Unlocking via Gevey Ultra S

Section III: Patching the CommCenter

Section IV: Fixing FaceTime / iMessage

Section V: Misc. Fixes and Cosmetics

Section VI: Fixing MMS



Basically, before we start, let's understand what needs to be done. For a fully-functional iPhone 4s, we want talk, text, mms, data, and all the iOS specific features of a phone such as iMessage and FaceTime.

Now let's go over what tools you need as well as what knowledge. OBviously you'll need a computer, and on that computer you'll need to install 3 new programs. First we need absinthe 2.0.4 to jailbreak the iPhone, download it HERE. Next is i-Funbox which can be downloaded from HERE. Next we need a Hex Editor. I Prefer HxD, which can be downloaded HERE.

NOTE: Most of the steps can cause system instability and force you to restore your iphone and start over. So read, re-read, and re-re-read this tutorial until you have it memorized.



START!

-Section I- Jailbreaking



1.Connect your iPhone and open up iTunes.

2.Right click your iPhone in the sidebar and hit Backup.

3.After your iPhone's backed up, restore it.

4.Once it finishes, dont do anything on the phone yet, it will say iPhone has been activated on CDMA network (if you don't have the original SIM card) in iTunes.

5.Click OK, then register your iPhone.

6.Click Set up as new iPhone and choose not to sync apps or contact data. Wait for it to finish syncing. (Helpful tip: Deselect Open iTunes when this device connects while you're at it.

7.Close iTunes and open up absinthe 2.0.4.

8.You might have to unplug and plug your iPhone back in for it to read.

9.Click Jailbreak.

Wait until it says "Done! Enjoy."

You have officially jailbroken your iPhone 4s.

10.Restore your iPhone using the Backup you made earlier.



-Section II- Unlocking



1.On your iPhone, open up Cydia and wait while it rearranges the filesystem.

2.After it resprings, open Cydia again, click expert, ok. Click the Manage tab.

3.Click Sources, Edit, Add, and add this repository (http://www.cydia.furiousmod.com), click add source.

Attached File  IMG_0023.PNG (284.01K) 
Number of downloads: 2

4.Within that repository, find Furi0usMod-iPhone4s that says iOS 5.1.1 under it.

5.Click install, then continue queuing.

6.Also add to the install list: OpenSSH and Link identity editor (can be found under Development Section)

7.Install them all. Close out of Cydia when they finish installing.

8.Place the White Reset sim ontop of your Gevey Ultra S and insert them both into your iPhone. (Verizon iPhone users place your unofficial sim card on top of the Gevey, as this step is unnecessary)

9.Reboot your iphone. A list will show up, click the carrier your Phone is locked to.

10.Remove the Gevey and replace the White sim with your unnoficial sim (Verizon users already did this). Reboot iPhone again.

11.Wait until a popup appears saying you have successfully unlocked with Gevey. It will have a 6-digit register code. Write this code down.

12.Open up Furi0usMod, input your code and hit register. Turn both items on if they are not. Reboot once more.

13.The same "Success" screen from earlier will pop up 3-4 more times. just keep hitting accept. After a bit, your unofficial carrier name should pop up on the left of the status bar.

You have officially unlocked your iPhone 4s.

NOTE: Some of you may be satisfied with your iPhone at this point, but iMessage and FaceTime will not work. MMS and Data APNs also need fixed. The voicemail button in the phone app will not work, and all the carrier settings will be messed up if you live in the US. To fix this, we need to edit certain carrier setting files, which CommCenter will reject because their Signatures will no longer be valid. So now we need to patch CommCenter to accept unsigned carrier bundles.



-Section III- CommCenter

1.Plug your iPhone in and open up i-Funbox.

2.Click Raw Filesystem and navigate to /System/Library/Frameworks/CoreTelephony.framework/Support/CommCenter

3.Copy this file to a folder or your desktop.

4.Open CommCenter in HxD,

5.Navigate to offset A9C00. look for 30 46. Change it to 01 20. Save the file.

Attached File  tut_comm_patch.png (31.95K) 
Number of downloads: 14

6.Replace the CommCenter File on you iPhone with the modified one. DO NOT REBOOT.

7.Click SSH Terminal under USER's iPhone | iPhone 4S (5.1.1)

8.Type ldid -s /System/Library/Frameworks/CoreTelephony.framework/Support/Commcenter. Click Enter.

9.Type chmod +x /System/Library/Frameworks/CoreTelephony.framework/Support/Commcenter. Click Enter.

10.Click on USER's iPhone | iPhone 4S (5.1.1) and then Device Safe Eject. After it Disconnects, Reboot your iPhone. If it reboots properly, congratulations, you have successfully patched CommCenter.

If it doesn't, your only option is to put it in DFU mode and restore.



NOTE: The last two steps, if done properly, can all be done at once before rebooting.



-Section IV- FaceTime/iMessage



You will either need to 'obtain' iFile from cydia, or download a plist editor for your computer. This depicts the iFile route.

1.Open iFile on your iPhone. Navigate to /System/Library/Carrier Bundles/iPhone/00101/carrier.plist.

2.Make a backup of this file (as well as all others we edit).

3.Open the file in property list viewer.

4.Find PhoneNumberRegistrationGatewayAddress, and set it to: +011447786205094.

5.Find RedialOnRRCConnectionFailure and Change it to ON.

6.Save the file.

7.Go back to carrier bundles and find Unknown.bundle/carrier.plist.

8.Open the file in property list viewer.

9.Find PhoneNumberRegistrationGatewayAddress, and set all 10 sets of numbers to +011447786205094.

Attached File  IMG_0015.PNG (85.34K) 
Number of downloads: 4

10.Save the file.

11.Open the carrier bundle your iPhone is locked to (this can be found by opening the settings app, going to General, About, and looking at the Carrier).

12.Open the carrier.plist file in that bundle in property list viewer.

13.Find PhoneNumberRegistrationGatewayAddress, and set it to +011447786205094.

14.Click the plus in the bottom right of the screen.

15Type RedialOnRRCConnectionFailure. Type: Boolean. Click Create. Switch it to ON.

16.Click Done.

17.You can reboot now or continue to Section V without rebooting.

18.After you reboot, switch FaceTime and iMessage off then on and they should activate.



-Section V- Misc. Fixes and Cosmetics

1.Open iFile and navigate to the carrier bundle your phone is locked to.

2.Open the carrier.plist file in property list viewer.

3.Tap apns. 0: is your Data APN. 1: is your MMS APN. Change these to match your SIM carriers recommended APNs, and find your carriers correct MMS settings while you're at it.

Attached File  IMG_0018.PNG (129.65K) 
Number of downloads: 3

NOTE: Those using this unlock for T-Mobile US, i will have all the correct settings at the end.

4.Change CarrierName to your carrier's name.

Attached File  IMG_0019.PNG (90.19K) 
Number of downloads: 0

5.Tap MMS. Change these settings to match your SIM carriers recommended MMS settings.

Attached File  IMG_0020.PNG (91.4K) 
Number of downloads: 0

6.MyAccountURL and MyAccountURLTitle Show up under Phone/Services in the settings app. Change MyAccountURL to the web address you use to sign in to your carriers account. Change MyAccountURLTitle to something like Carrier MyAccount. (These can be anything you want, the URL could be facebook if you want it to).

Attached File  IMG_0021.PNG (99.54K) 
Number of downloads: 0

7.Tap Services. Change each dictionary to a number code you use to e.g. check minutes. e.g. ServiceName: Check Minutes, ServiceCode: #646#

Attached File  IMG_0024.PNG (60.35K) 
Number of downloads: 0Attached File  IMG_0025.PNG (51.44K) 
Number of downloads: 0

8.Find VoicemailPilotNumber. Change this to the number you would call to check your voicemail. Dont forget country code e.g. US - +1.

Attached File  IMG_0022.PNG (102.2K) 
Number of downloads: 0

9.Save the file.

10.Reboot your iPhone.

Your Phone should now seem as though it's on the right carrier.

11.Test the voicemail button and go through your settings to make sure you did everything right. You should see no sign of the other carrier.



NOTE: Section VI was going to be manually editting apns from the settings app, but I found the much easier and permanent carrier.plist solution after I'd written the first half of this tutorial. When I was doing Section V it made sense to stick it in there instead. If you go to settings, General, Network Cellular Data Network, and it has the wrong settings, click reset Network settings. This will reset them to the defaults from the carrier.plist file that we editted.



-Section VI- MMS

The only thing we need to do to fix MMS, since we did most of it in Section V, is add a UA Prof URL. Go to Settings, General, Network, Cellular Data Network, MMS UA Prof URL. Make it (http://www.apple.com/mms/uaprof.rdf).

If you hit Reset Network Settings after this, this is the only thing you need to re-enter.



-Congratulations!!!!!-

You've official cleaned up the mess of an unlock that the Gevey Ultra S provides.

Try to avoid anything on Cydia that could cause system instability, since you'll have to start from scratch again :(

I spent MANY hours figuring all this out, compiling it all, and making a tutorial, so please thank me and give me credit when it's due. Thanks :D.

If you dont understand something please respond and I will try to help. I will be constantly monitoring to respond fast and make this easy for everyone.

-Credits-

Jailbreak: Chronic Dev Team - http://www.Greenpois0n.com

Unlock: Gevey Ultra S - http://www.ApplenBerry.com

CommCenter Patch Tut: MrFabius - http://insanelyi.com...-511-iphone-4s/

FaceTime/iMessage Fix: cooldayr - http://support.t-mob...om/thread/23968

Misc. Fixes and Cosmetics/MMS: Steven0Ritt (ME)

Full tutorial: Steven0Ritt (ME)



T-Mobile US carrier.plist settings

APNs:
0: epc.tmobile.com
1: epc.tmobile.com

CarrierName - T-Mobile

MMS:
GroupModeEnabled - ON
MaxImageDimension - 1024
MaxMessageSize - 1048576
MaxRecipients - 10
MaxVideoBitrate - 131072
MMSC - (http://mms.msg.eng.t....com/mms/wapenc)
Proxy - 216.155.165.50:8080

MyAccountURLTitle - T-Mobile MyAccount

MyAccountURL - (https://auth.web2go....account/home.do)

Services:
ServiceName - Check Minutes
ServiceCode - #646#

ServiceName - Check Text Usage
ServiceCode - #674#

ServiceName - Check Balance
ServiceCode - #225#

VoicemailPilotNumber - +18056377243 


reference

[How to] Fully Unlock CDMA iPhone 4S 5.1.1 And fix MMS, Data ...

insanelyi.com/.../10755-how-to-f... - 저장된 페이지 - 이 페이지 번역하기
댓글 59 - 작성자 17 - 3일 전
4.Once it finishes, dont do anything on the phone yet, it will say iPhone has been activated on CDMA network (if you don't have the original SIM card) in iTunes.