iPhone 4S 5.1.1FULL Unlock Tutorial

[Steven0Ritt]

EDIT: This is just a quick TEXT tutorial. I Made a WAY better tutorial on insanelyi with pictures and videos. Check it out here ([Only registered and activated users can see links. ]) Not trying to promote traffic to their website, I just didn't want to take another 2 hours putting it here.

After a week of looking for solutions to every problem the Gevey Ultra S Unlock


causes, I've finally gotten everything working. I figured there's a lot of


people who also need this information so I'm making this tutorial.


Since there is a lot to do to have a fully-functional iPhone 4s on an


unsupported carrier, such as T-Mobile US in my case, I've split this tutorial


into 6 sections.




Section I: Jailbreaking your iPhone 4s


Section II: Installing Furi0us Mod and Unlocking via Gevey Ultra S


Section III: Patching the CommCenter


Section IV: Fixing FaceTime / iMessage


Section V: Misc. Fixes and Cosmetics


Section VI: Fixing MMS






Basically, before we start, let's understand what needs to be done. For a


fully-functional iPhone 4s, we want talk, text, mms, data, and all the iOS


specific features of a phone such as iMessage and FaceTime.


Now let's go over what tools you need as well as what knowledge. OBviously


you'll need a computer, and on that computer you'll need to install 3 new


programs. First we need absinthe 2.0.4 to jailbreak the iPhone, download it


here ([Only registered and activated users can see links. ]). Next is i-Funbox which can be downloaded from


here ([Only registered and activated users can see links. ]). Next we need a Hex Editor. I Prefer HxD, which can be


downloaded here ([Only registered and activated users can see links. ]).


NOTE: Most of the steps can cause system instability and force you to restore


your iphone and start over. So read, re-read, and re-re-read this tutorial


until you have it memorized.






START!


-Section I- Jailbreaking


Connect your iPhone and open up iTunes.


Right click your iPhone in the sidebar and hit Backup.


After your iPhone's backed up, restore it.


Once it finishes, dont do anything on the phone yet, it will say iPhone has


been activated on CDMA network (if you don't have the original SIM card) in


iTunes.


Click OK, then register your iPhone.


Click Set up as new iPhone and choose not to sync apps or contact data. Wait


for it to finish syncing. (Helpful tip: Deselect Open iTunes when this device


connects while you're at it.


Close iTunes and open up absinthe 2.0.4.


You might have to unplug and plug your iPhone back in for it to read.


Click Jailbreak.


Wait until it says "Done! Enjoy."


You have officially jailbroken your iPhone 4s.


Restore your iPhone using the Backup you made earlier.






-Section II- Unlocking


On your iPhone, open up Cydia and wait while it rearranges the filesystem.


After it resprings, open Cydia again, click expert, ok. Click the Manage tab.


Click Sources, Edit, Add, and add this repository


([Only registered and activated users can see links. ]), click add source.


Within that repository, find Furi0usMod-iPhone4s that says iOS 5.1.1 under it.


Click install, then continue queuing.


Also add to the install list: OpenSSH and Link identity editor (can be found


under Development Section)


Install them all. Close out of Cydia when they finish installing.


Place the White Reset sim ontop of your Gevey Ultra S and insert them both into


your iPhone. (Verizon iPhone users place your unofficial sim card on top of the


Gevey, as this step is unnecessary)


Reboot your iphone. A list will show up, click the carrier your Phone is locked


to.


Remove the Gevey and replace the White sim with your unnoficial sim (Verizon


users already did this). Reboot iPhone again.


Wait until a popup appears saying you have successfully unlocked with Gevey. It


will have a 6-digit register code. Write this code down.


Open up Furi0usMod, input your code and hit register. Turn both items on if


they are not. Reboot once more.


The same "Success" screen from earlier will pop up 3-4 more times. just keep


hitting accept. After a bit, your unofficial carrier name should pop up on the


left of the status bar.


You have officially unlocked your iPhone 4s.


NOTE: Some of you may be satisfied with your iPhone at this point, but iMessage


and FaceTime will not work. MMS and Data APNs also need fixed. The voicemail


button in the phone app will not work, and all the carrier settings will be


messed up if you live in the US. To fix this, we need to edit certain carrier


setting files, which CommCenter will reject because their Signatures will no


longer be valid. So now we need to patch CommCenter to accept unsigned carrier


bundles.






-Section III- CommCenter


Plug your iPhone in and open up i-Funbox.


Click Raw Filesystem and navigate to


/System/Library/Frameworks/CoreTelephony.framework/Support/CommCenter


Copy this file to a folder or your desktop.


Open CommCenter in HxD,


Navigate to offset A9C00. look for 30 46. Change it to 01 20. Save the file.


Replace the CommCenter File on you iPhone with the modified one. DO NOT REBOOT.


Click SSH Terminal under USER's iPhone | iPhone 4S (5.1.1)


Type ldid -s


/System/Library/Frameworks/CoreTelephony.framework/Support/Commcenter. Click


Enter.


Type chmod +x


/System/Library/Frameworks/CoreTelephony.framework/Support/Commcenter. Click


Enter.


Click on USER's iPhone | iPhone 4S (5.1.1) and then Device Safe Eject. After it


Disconnects, Reboot your iPhone. If it reboots properly, congratulations, you


have successfully patched CommCenter.


If it doesn't, your only option is to put it in DFU mode and restore.






NOTE: The last three steps, if done properly, can all be done at once before


rebooting.






-Section IV- FaceTime/iMessage


You will either need to 'obtain' iFile from cydia, or download a plist editor


for your computer. This depicts the iFile route.


Open iFile on your iPhone. Navigate to /System/Library/Carrier


Bundles/iPhone/00101/carrier.plist.


Make a backup of this file (as well as all others we edit).


Open the file in property list viewer.


Find PhoneNumberRegistrationGatewayAddress, and set it to: +011447786205094.


Find RedialOnRRCConnection and Change it to ON.


Save the file.


Go back to carrier bundles and find Unknown.bundle/carrier.plist.


Open the file in property list viewer.


Find PhoneNumberRegistrationGatewayAddress, and set all 10 sets of numbers to


+011447786205094.


Save the file.


Open the carrier bundle your iPhone is locked to (this can be found by opening


the settings app, going to General, About, and looking at the Carrier).


Open the carrier.plist file in that bundle in property list viewer.


Find PhoneNumberRegistrationGatewayAddress, and set it to +011447786205094.


Click the plus in the bottom right of the screen.


Type RedialOnRRCConnection. Type: Boolean. Click Create. Switch it to ON.


Click Done.


You can reboot now or continue to Section V without rebooting.


After you reboot, switch FaceTime and iMessage off then on and they should


activate.






-Section V- Misc. Fixes and Cosmetics


Open iFile and navigate to the carrier bundle your phone is locked to.


Open the carrier.plist file in property list viewer.


Tap apns. 0: is your Data APN. 1: is your MMS APN. Change these to match your


SIM carriers recommended APNs, and find your carriers correct MMS settings


while you're at it.


NOTE: Those using this unlock for T-Mobile US, i will have all the correct


settings at the end.


Change CarrierName to your carrier's name.


Tap MMS. Change these settings to match your SIM carriers recommended MMS


settings.


MyAccountURL and MyAccountURLTitle Show up under Phone/Services in the settings


app. Change MyAccountURL to the web address you use to sign in to your carriers


account. Change MyAccountURLTitle to something like Carrier MyAccount. (These


can be anything you want, the URL could be facebook if you want it to).


Tap Services. Change each dictionary to a number code you use to e.g. check


minutes. e.g. ServiceName: Check Minutes, ServiceCode: #646#


Find VoicemailPilotNumber. Change this to the number you would call to check


your voicemail. Dont forget country code e.g. US - +1.


Save the file.


Reboot your iPhone.


Your Phone should now seem as though it's on the right carrier.


Test the voicemail button and go through your settings to make sure you did


everything right. You should see no sign of the other carrier.






NOTE: Section VI was going to be manually editting apns from the settings app,


but I found the much easier and permanent carrier.plist solution after I'd


written the first half of this tutorial. When I was doing Section V it made


sense to stick it in there instead. If you go to settings, General, Network


Cellular Data Network, and it has the wrong settings, click reset Network


settings. This will reset them to the defaults from the carrier.plist file that


we editted.






-Section VI- MMS


The only thing we need to do to fix MMS, since we did most of it in Section V,


is add a UA Prof URL. Go to Settings, General, Network, Cellular Data Network,


MMS UA Prof URL. Make it ([Only registered and activated users can see links. ]).


If you hit Reset Network Settings after this, this is the only thing you need


to re-enter.






-Congratulations!!!!!-


You've official cleaned up the mess of an unlock that the Gevey Ultra S


provides.


Try to avoid anything on Cydia that could cause system instability, since


you'll have to start from scratch again


I spent MANY hours figuring all this out, compiling it all, and making a


tutorial, so please thank me and give me credit when it's due. Thanks . I'll


Be posting this on several iPhone oriented websites since I believe this


information is desperately needed for a lot of people.


If you dont understand something please respond and I will try to help. I will


be constantly monitoring to respond fast and make this easy for everyone.


-Credits-


Jailbreak: Chronic Dev Team - [Only registered and activated users can see links. ]


Unlock: Gevey Ultra S - [Only registered and activated users can see links. ]


CommCenter Patch Tut: MrFabius - [Only registered and activated users can see links. ]


patch-commcenter-511-iphone-4s/


FaceTime/iMessage Fix: cooldayr - [Only registered and activated users can see links. ]


Misc. Fixes and Cosmetics/MMS: Steven0Ritt (ME)


Full tutorial: Steven0Ritt (ME)






T-Mobile US carrier.plist settings


APNs:
0: epc.tmobile.com
1: epc.tmobile.com


CarrierName - T-Mobile


MMS:
GroupModeEnabled - ON
MaxImageDimension - 1024
MaxMessageSize - 1048576
MaxRecipients - 10
MaxVideoBitrate - 131072
MMSC - ([Only registered and activated users can see links. ])
Proxy - 216.155.165.50:8080


MyAccountURLTitle - T-Mobile MyAccount


MyAccountURL - ([Only registered and activated users can see links. ]


src=myaccount&redirectUrl=http://ma.web2go.com/myaccount/home.do)


Services:
ServiceName - Check Minutes
ServiceCode - #646#


ServiceName - Check Text Usage
ServiceCode - #674#


ServiceName - Check Balance
ServiceCode - #225#


VoicemailPilotNumber - +18056377243

[***TRINISON***]

EDIT: This is just a quick TEXT tutorial. I Made a WAY better tutorial on insanelyi with pictures and videos. Check it out here ([Only registered and activated users can see links. ]) Not trying to promote traffic to their website, I just didn't want to take another 2 hours putting it here.

After a week of looking for solutions to every problem the Gevey Ultra S Unlock


causes, I've finally gotten everything working. I figured there's a lot of


people who also need this information so I'm making this tutorial.


Since there is a lot to do to have a fully-functional iPhone 4s on an


unsupported carrier, such as T-Mobile US in my case, I've split this tutorial


into 6 sections.




Section I: Jailbreaking your iPhone 4s


Section II: Installing Furi0us Mod and Unlocking via Gevey Ultra S


Section III: Patching the CommCenter


Section IV: Fixing FaceTime / iMessage


Section V: Misc. Fixes and Cosmetics


Section VI: Fixing MMS






Basically, before we start, let's understand what needs to be done. For a


fully-functional iPhone 4s, we want talk, text, mms, data, and all the iOS


specific features of a phone such as iMessage and FaceTime.


Now let's go over what tools you need as well as what knowledge. OBviously


you'll need a computer, and on that computer you'll need to install 3 new


programs. First we need absinthe 2.0.4 to jailbreak the iPhone, download it


here ([Only registered and activated users can see links. ]). Next is i-Funbox which can be downloaded from


here ([Only registered and activated users can see links. ]). Next we need a Hex Editor. I Prefer HxD, which can be


downloaded here ([Only registered and activated users can see links. ]).


NOTE: Most of the steps can cause system instability and force you to restore


your iphone and start over. So read, re-read, and re-re-read this tutorial


until you have it memorized.






START!


-Section I- Jailbreaking


Connect your iPhone and open up iTunes.


Right click your iPhone in the sidebar and hit Backup.


After your iPhone's backed up, restore it.


Once it finishes, dont do anything on the phone yet, it will say iPhone has


been activated on CDMA network (if you don't have the original SIM card) in


iTunes.


Click OK, then register your iPhone.


Click Set up as new iPhone and choose not to sync apps or contact data. Wait


for it to finish syncing. (Helpful tip: Deselect Open iTunes when this device


connects while you're at it.


Close iTunes and open up absinthe 2.0.4.


You might have to unplug and plug your iPhone back in for it to read.


Click Jailbreak.


Wait until it says "Done! Enjoy."


You have officially jailbroken your iPhone 4s.


Restore your iPhone using the Backup you made earlier.






-Section II- Unlocking


On your iPhone, open up Cydia and wait while it rearranges the filesystem.


After it resprings, open Cydia again, click expert, ok. Click the Manage tab.


Click Sources, Edit, Add, and add this repository


([Only registered and activated users can see links. ]), click add source.


Within that repository, find Furi0usMod-iPhone4s that says iOS 5.1.1 under it.


Click install, then continue queuing.


Also add to the install list: OpenSSH and Link identity editor (can be found


under Development Section)


Install them all. Close out of Cydia when they finish installing.


Place the White Reset sim ontop of your Gevey Ultra S and insert them both into


your iPhone. (Verizon iPhone users place your unofficial sim card on top of the


Gevey, as this step is unnecessary)


Reboot your iphone. A list will show up, click the carrier your Phone is locked


to.


Remove the Gevey and replace the White sim with your unnoficial sim (Verizon


users already did this). Reboot iPhone again.


Wait until a popup appears saying you have successfully unlocked with Gevey. It


will have a 6-digit register code. Write this code down.


Open up Furi0usMod, input your code and hit register. Turn both items on if


they are not. Reboot once more.


The same "Success" screen from earlier will pop up 3-4 more times. just keep


hitting accept. After a bit, your unofficial carrier name should pop up on the


left of the status bar.


You have officially unlocked your iPhone 4s.


NOTE: Some of you may be satisfied with your iPhone at this point, but iMessage


and FaceTime will not work. MMS and Data APNs also need fixed. The voicemail


button in the phone app will not work, and all the carrier settings will be


messed up if you live in the US. To fix this, we need to edit certain carrier


setting files, which CommCenter will reject because their Signatures will no


longer be valid. So now we need to patch CommCenter to accept unsigned carrier


bundles.






-Section III- CommCenter


Plug your iPhone in and open up i-Funbox.


Click Raw Filesystem and navigate to


/System/Library/Frameworks/CoreTelephony.framework/Support/CommCenter


Copy this file to a folder or your desktop.


Open CommCenter in HxD,


Navigate to offset A9C00. look for 30 46. Change it to 01 20. Save the file.


Replace the CommCenter File on you iPhone with the modified one. DO NOT REBOOT.


Click SSH Terminal under USER's iPhone | iPhone 4S (5.1.1)


Type ldid -s


/System/Library/Frameworks/CoreTelephony.framework/Support/Commcenter. Click


Enter.


Type chmod +x


/System/Library/Frameworks/CoreTelephony.framework/Support/Commcenter. Click


Enter.


Click on USER's iPhone | iPhone 4S (5.1.1) and then Device Safe Eject. After it


Disconnects, Reboot your iPhone. If it reboots properly, congratulations, you


have successfully patched CommCenter.


If it doesn't, your only option is to put it in DFU mode and restore.






NOTE: The last three steps, if done properly, can all be done at once before


rebooting.






-Section IV- FaceTime/iMessage


You will either need to 'obtain' iFile from cydia, or download a plist editor


for your computer. This depicts the iFile route.


Open iFile on your iPhone. Navigate to /System/Library/Carrier


Bundles/iPhone/00101/carrier.plist.


Make a backup of this file (as well as all others we edit).


Open the file in property list viewer.


Find PhoneNumberRegistrationGatewayAddress, and set it to: +011447786205094.


Find RedialOnRRCConnection and Change it to ON.


Save the file.


Go back to carrier bundles and find Unknown.bundle/carrier.plist.


Open the file in property list viewer.


Find PhoneNumberRegistrationGatewayAddress, and set all 10 sets of numbers to


+011447786205094.


Save the file.


Open the carrier bundle your iPhone is locked to (this can be found by opening


the settings app, going to General, About, and looking at the Carrier).


Open the carrier.plist file in that bundle in property list viewer.


Find PhoneNumberRegistrationGatewayAddress, and set it to +011447786205094.


Click the plus in the bottom right of the screen.


Type RedialOnRRCConnection. Type: Boolean. Click Create. Switch it to ON.


Click Done.


You can reboot now or continue to Section V without rebooting.


After you reboot, switch FaceTime and iMessage off then on and they should


activate.






-Section V- Misc. Fixes and Cosmetics


Open iFile and navigate to the carrier bundle your phone is locked to.


Open the carrier.plist file in property list viewer.


Tap apns. 0: is your Data APN. 1: is your MMS APN. Change these to match your


SIM carriers recommended APNs, and find your carriers correct MMS settings


while you're at it.


NOTE: Those using this unlock for T-Mobile US, i will have all the correct


settings at the end.


Change CarrierName to your carrier's name.


Tap MMS. Change these settings to match your SIM carriers recommended MMS


settings.


MyAccountURL and MyAccountURLTitle Show up under Phone/Services in the settings


app. Change MyAccountURL to the web address you use to sign in to your carriers


account. Change MyAccountURLTitle to something like Carrier MyAccount. (These


can be anything you want, the URL could be facebook if you want it to).


Tap Services. Change each dictionary to a number code you use to e.g. check


minutes. e.g. ServiceName: Check Minutes, ServiceCode: #646#


Find VoicemailPilotNumber. Change this to the number you would call to check


your voicemail. Dont forget country code e.g. US - +1.


Save the file.


Reboot your iPhone.


Your Phone should now seem as though it's on the right carrier.


Test the voicemail button and go through your settings to make sure you did


everything right. You should see no sign of the other carrier.






NOTE: Section VI was going to be manually editting apns from the settings app,


but I found the much easier and permanent carrier.plist solution after I'd


written the first half of this tutorial. When I was doing Section V it made


sense to stick it in there instead. If you go to settings, General, Network


Cellular Data Network, and it has the wrong settings, click reset Network


settings. This will reset them to the defaults from the carrier.plist file that


we editted.






-Section VI- MMS


The only thing we need to do to fix MMS, since we did most of it in Section V,


is add a UA Prof URL. Go to Settings, General, Network, Cellular Data Network,


MMS UA Prof URL. Make it ([Only registered and activated users can see links. ]).


If you hit Reset Network Settings after this, this is the only thing you need


to re-enter.






-Congratulations!!!!!-


You've official cleaned up the mess of an unlock that the Gevey Ultra S


provides.


Try to avoid anything on Cydia that could cause system instability, since


you'll have to start from scratch again


I spent MANY hours figuring all this out, compiling it all, and making a


tutorial, so please thank me and give me credit when it's due. Thanks . I'll


Be posting this on several iPhone oriented websites since I believe this


information is desperately needed for a lot of people.


If you dont understand something please respond and I will try to help. I will


be constantly monitoring to respond fast and make this easy for everyone.


-Credits-


Jailbreak: Chronic Dev Team - [Only registered and activated users can see links. ]


Unlock: Gevey Ultra S - [Only registered and activated users can see links. ]


CommCenter Patch Tut: MrFabius - [Only registered and activated users can see links. ]


patch-commcenter-511-iphone-4s/


FaceTime/iMessage Fix: cooldayr - [Only registered and activated users can see links. ]


Misc. Fixes and Cosmetics/MMS: Steven0Ritt (ME)


Full tutorial: Steven0Ritt (ME)






T-Mobile US carrier.plist settings


APNs:
0: epc.tmobile.com
1: epc.tmobile.com


CarrierName - T-Mobile


MMS:
GroupModeEnabled - ON
MaxImageDimension - 1024
MaxMessageSize - 1048576
MaxRecipients - 10
MaxVideoBitrate - 131072
MMSC - ([Only registered and activated users can see links. ])
Proxy - 216.155.165.50:8080


MyAccountURLTitle - T-Mobile MyAccount


MyAccountURL - ([Only registered and activated users can see links. ]


src=myaccount&redirectUrl=http://ma.web2go.com/myaccount/home.do)


Services:
ServiceName - Check Minutes
ServiceCode - #646#


ServiceName - Check Text Usage
ServiceCode - #674#


ServiceName - Check Balance
ServiceCode - #225#


VoicemailPilotNumber - +18056377243

THANKS ALOT!!!!!!! This was by far the most comprehensive tutorial i have seen on the internet thus far!!! Everything worked! I am in Trinidad and Tobago, and I have finally gotten everything to work! Its almost as though it factory unlocked now....Thanks a billion....

[Scuba]

Nice Guide.

Or there is a tab at the top of this forum for FACTORY Unlock of your Iphone which isnt too much more than a Gevey card..Then your phone will stay unlocked and you dont have to worry about upgrades except for jailbreaking