Pwnage Tool logoOver the past year and a half I had assisted many people with the unlocking of their iPhones. Many more people ask me about unlocking. So instead of answering each of these people over and over again, I thought I post an article in my blog, which I can refer them to for more details.

  1. What Does iPhone Unlock mean? Many carriers around the world will "carrier lock" a cell phone that they had subsidized for their customers. To ensure the purchaser of the cell phone stays as a customer of the carrier after the purchase, the carrier will normally do two things:

    • Make the purchaser commit to a contract that bounds them to the carrier for a number of years (2 years is common). Of course the purchaser can break the contract, but there is usually a penalty to compensate the carrier for the subsidizing the cell phone.
    • Carrier Lock the cell phone to the carrier's network, meaning the cell phone cannot be used on any other cellular network in the world.

  2. Is "Carrier Unlocking" the iPhone Illegal? In most countries with consumer protection regulations it is not illegal, but I am not a lawyer so I will not attempt to advise you with this matter. If you are concern I suggest you seek legal advise in your local area.
  3. Is It Illegal to Use a "Carrier Unlocked" iPhone on My Carrier? In almost all countries there are some regulations that prevent the use of unauthorized equipments on a mobile carrier network. In Hong Kong the individual carrier is responsible for managing the OFTA license, and has the rights to disallow the use of any unauthorized cell phone on their network including the canceling of an individual's cell phone service for using an unauthorized cell phone.
  4. What is the Difference Between Jailbreaking and Unlocking the iPhone? Jailbreaking is to process of hacking the iPhone so that "unauthorized" 3rd party applications can be installed on the iPhone. Ever since the launch of the Apple "iPhone AppStore" it is less important to jailbreak, unless there are applications that one really need. For me one such application is BiteSMS. Unlocking includes jailbreaking and it is the process of hacking the iPhone so that it is not carrier restricted (carrier locked) to a particular carrier partner. As of this writing you can find a list of Apple worldwide carrier partners for the iPhone at
  5. How Do I Jailbreak/Unlock My iPhone? Since June 2007 there had been many methods to jailbreak or unlock the iPhone. First there were the 23 steps method, including the use of SSH client and various other manipulations of proprietary files on the iPhone. Fortunately, since then we now have simple programs like the Pwnage Tool from the iPhoneDev Team, who has been the major hacking group coming out with methods and software to "carrier" unlock the iPhone. If you have a 1st generation iPhone you can follow the guide at for the 1G iPhone. If you have the iPhone 3G, you should follow's guide for the iPhone 3G. The same site you will find Windows equivalent instructions for both versions of the iPhone.
  6. Can I Unlock my iPhone 3G? As of the writing of this post there are no software unlock method for the iPhone 3G. The only way to "carrier" unlock an iPhone 3G is to use a hardware unlock; tools like TurboSIM. I do not recommend this hardware unlock, since in many case it will damage the iPhone. The iPhoneDev Team claims to be making available a tool on New Year's Eve 2008 that will unlock the iPhone 3G, similar to the ease of use of the current Pwnage Tool. To prove that their method is successful and simple, they have released a video of this tool; code name "Yellowsn0w".
  7. What is the Best Carrier Plan for the iPhone in Hong Kong? Although, carrier plans changes almost monthly, like anything in Hong Kong, mobile carrier price plans (tariff plans) have been very competitive. Over this past year and a half I had examined most of them. You can read my findings of these mobile carrier plans analyzed from an iPhone user in Hong Kong's perspectives.

Member of the iPhoneDev Team, MuscleNerd, posted a video of him unlocking the iPhone 3G from his Mac.

The layman version is expected to be release on New Year's Eve 2008.

Fortunately, people who lives in Hong Kong, Belgium and Taiwan do not need this unlocking method, as those iPhone 3G sold are already officially carrier (SIM) unlocked straight from Apple.


The iPhoneDev Team has released a note addressing the issue reported regarding the problem with activating the DFU (device firmware update) mode for the iPhone, after the Mac has been upgraded to Mac OS 10.5.6. The next release of the iPhoneDev Team's Pwnage Tool is not expected until Christmas Eve (Dec. 31.2008), but there is no mention if this upcoming release will resolve the DFU problem.

Original Store: WARNING: Mac OS 10.5.6 Breaks Hacked iPhone

Categorieshack, iphone

Pwnage Tool logoApple released Mac OS 10.5.6 update on Monday (US PST). As always I would suggest everyone follow the instructions on the release notes plus use the Combo Upgrade to upgrade your Mac. Although, if you are the millions who owns iPhones that had been jailbroken and/or Unlocked, you need to stay AWAY from this Mac OS X update for now. It has been reported that this version of Mac OS X will not recognize hacked iPhones. Until either this report has been independently verified or until the iPhoneDev Team has a method to get around the problem, hacked iPhone users should stay avoid updating their Macintosh for now.

Please stay tuned here, I will update everyone as news develop.

[Update: December 17, 2008] The iPhoneDev Team has released a note addressing the issue reported regarding the problem with activating the DFU (device firmware update) mode for the iPhone, after the Mac has been upgraded to Mac OS 10.5.6. The next release of the iPhoneDev Team's Pwnage Tool is not expected until Christmas Eve (Dec. 31.2008), but there is no mention if this upcoming release will resolve the DFU problem.

[Update: December 19, 2008] Finally an Automator script that will perform the fix suggested by the iPhoneDev Team. This method will not require a layman to jump into Terminal and fuzz with the inner workings of the Mac.

I have yet to try this so will report when I have.

[Update: December 20, 2008] Now there are two solutions: one is to connect the iPhone to the Mac via an USB hub. The other is to replace the IOUSBFamily.kext with the version from 10.5. Someone had created an AppleScript to do this for you as explained in the iPhoneWiki forum thread.


It has been over two weeks since my first post, Phone Firmware 2.2 NOT for Hacked iPhones about the new iPhone firmware 2.2. Since then the famed hacker team iPhone Dev Team had quickly released 2.2.1 of its Pwnage Tool to correct the bug found back in late-November. I had also used this version of the firmware for two weeks and can safely report that it has indeed fixed most of the bugs found in previous versions of the iPhone firmware. Although, Safari still crashes when visiting certain sites (ie., but that may have to do with functionalities on these sites; hard to say.

PS: please read all of iPhone Dev Team's notes before using the any of the tools released for jailbreaking and/or unlocking your iPhone 2G and 3G. If you do not read all the notes you may be sorry.

As rumored Apple has released the iPhone firmware 2.2 today. This is a warning to all users who had either jailbroken or unlocked their iPhone or iPhone 3G, this warning even goes for anyone using the iPhone 3G who had not done either, but may want to unlock in the future.

I strongly advice these users not to upgrade their iPhone firmware to 2.2 until the iPhone Dev Team had released an updated version of their PwnageTool.

This applies to the new version of iTunes 8.0.2 also, as we currently do not know if the latest version of iTunes will be compatible with jailbroken or unlocked iPhone and iPhone 3G.

I will update here when it is safe to upgrade your iPhone or iPhone 3G, please stay tuned.

Categorieshack, iphone

Pwnage ToolEven though I am not in Hong Kong and on vacation in Beijing I am blogging and keeping an eye on the iPhone hacking community. In the past 14 months I had unlocked/restored my iPhone over 30+ times, and documented my experience and findings with fellow readers. Much of these repeated unlocking and restoring was because I was testing various "unauthorized" 3rd party applications ("hacks") for the iPhone, and some of them were not as stable as they should be. Even with authorized 3rd party applications my iPhone was sluggish and crashes when I run some of the applications.

When Apple claims that the iPhone firmware 2.1, released on September 12th, will correct much of the problems I've been encountering, I was again excited for the possibilities of returning my iPhone (1st generation) to its efficient spiffy 1.x state. Unfortunately, since my iPhone is unlocked and jailbroken I had to wait for the iPhone Dev team to upgrade their hacking tool, Pwnage Tool.

The iPhone Dev Team released their new version of Pwnage Tool 2.1 (Bittorent download) on Sunday (September 14), but I did not have time; rightfully, to check it out. I was planning to visit the Forbidden City this morning, but it is raining heavily in Beijing, so I decided to upgrade my iPhone (1st generation) instead.

I had wanted to hold myself back for 24 hours to give iPhone web sites: ModMyiFone, Hack the iPhone, MacGeekBlog, etc. time to refine the procedures and all the possible things that may go wrong during the process.

Now I am happy to say that I have now successfully unlocked my iPhone running firmware 2.1. The process went without a hitch.

I did not have to do anything to my already unlocked iPhone running firmware 2.0.2. All I did to prepare myself for the unlocking was the following:

  1. Upgrade my iTunes to 8.0
  2. Download the firmware 2.1 (5F136) (for 1st generation iPhone), placing this firmware (IPSW file) in ~/Library/iTunes/iPhone Software Updates/ folder on your Mac.
  3. If you had not already done so, you will need to download the 3.9 and 4.6 bootloaders. onto your computer.

The rest is simple. You can choose the well written tutorials from Hack the iPhone.

Enjoy and do share you experience with rest of the readers here. Particularly iPhone users from Hong Kong.


After Apple released the iPhone firmware 2.0.2 over a week ago and the rumored fixes it contains, which suppose to resolve many of the issues introduced by the iPhone firmware 2.0. I was eager to be able to upgrade my iPhone (1st generation). Unfortunately, my iPhone was jailbroken and unlocked, so I had to wait for the hacking community; mainly iPhone Dev Team, to release a tool that will allow me to upgrade my pwned iPhone. The iPhone Dev Team did introduce such a tool (Pwnage Tool 2.0.3) several days ago, but quickly pulled it off its server after several hours. Dispointed but happy that iPhone Dev Team reacted quickly on a bug that they found to be serious.

Yesterday, they finally released a new version of the Pwnage Tool that resolved all know issues. I quickly downloaded it and after giving it 24 hours began to upgrade my iPhone.

I was happy to report that my iPhone upgraded successfully and all the issues I've had in the past with my iPhone running pre-2.0.2 firmware had all disappeared. Particularly the slowness when typing a message.

Last week I unlocked an iPhone and tested it with a SIM card from Smartone-Vodafone. Today I unlocked another iPhone and this time using a SIM Card from Three (2G service without Data plan). Next I will be unlocking my own iPhone on Smartone-Vodafone. I have commented on my article last week, regarding the most appropriate data plan to choose from Smartone-Vodafone for iPhone use in Hong Kong. I have copied the comment here for my readers' convenience.

... As for the data plan. You need to be very careful with Smartone-Vodafone’s service offerings. I had tried their “Internet browsing plan” last month with my Nokia E61i. In case you do not know, the Nokia E61i has many advance functions. The result was an over and above data charge of approximately HKD119.00.

The reason is because Smartone-Vodafone’s “Internet browsing plan” only covers “web browsing using the mobile phone’s native web browser’. They also tell me that only certain HTTP ports are included in the plan. But they are not able to tell me exactly what those ports are.

It is obviously they did not think through the service before they launched the service. It is ridiculous for them to restrict the service to certain ports. As you may know, web browsing is not limited to certain ports; yes, there are the documented defaults: port 80 and port 443, but these are not the only ones used in practice. The exact port used by each web site is up to the webmaster’s configuration of their respective web servers.

Also, the 20MB limit is per day and if you go over it, Smartone-Vodafone will automatically change your monthly plan to the unlimited usage rate of HKD68.00 until your next billing date. On which they will drop it back down to the regular rate (HKD38.00 without commitment and HKD28.00 with 12 months commitment).

BTW: you do realize that the HKD20.00 per month rate for the plan in question requires a commitment to the said plan for 12 months. The non-commitment rate for the plan is HKD38.00.

Since the iPhone allows you to use it for web browsing, email downloads (POP/IMAP) and sending (SMTP), YouTube streaming, weather widget, Google map lookup, etc. I would suggest you subscribe to Smartone-Vodafone’s “Internet browsing plan”, which covers majority of the traffic through Safari, Weather widget, Google Map application on your iPhone. With that plan also add one of Smartone-Vodafone’s “Data Price plan”, this latter plan should cover the remainder of the Internet traffic.

Up to this day, after numerous conversations with Customer Service on the telephone, I still have yet to receive an exact answer from Smartone-Vodafone, as to what the “Internet browsing plan” covers.

I believe none of their staff know themselves. Unfortunately, it will be a trail an error on our (the customers) part. Fortunately, Smartone-Vodafone is one of the only mobile carrier that does not require any commitment for any of their plans or VAS.


Many of you know that I was in North America this past two weeks and was also in New York City. While at NYC I spent some time at the 5th Ave. Apple Store gaining some hands on experience with the iPhone. This was the first time I saw the iPhone in person and played with its applications and Multitouch interface. I will talk more about this in a separate post.

Getting back to the topic in question. While in NYC last week much had transpired regarding the unlocking (release of the lock down of the iPhone to the AT&T carrier). End of last month iPhone SIM Free announced that they had a software to unlock the iPhone from AT&T iron fist. They said that they will be selling the software on a per user (iPhone) license within a few days. Weeks had past and no announcements.All of a sudden last Sunday iPhone SIM Free announced 4 resellers for their software and on Monday this past week the resellers started to sell the software within hours the pre-order were full and Tuesday was when the iPhone SIM Free resellers started to fulfill their pre-orders.

Then Tuesday evening there was news of the Internet that the iPhone SIM Free software had been hacked. On Wednesday morning news of a verified OpenSource hack was spreading throughout the iPhone hacker community. On that same afternoon a beta application to unlock the iPhone had been made available. Later that evening written guides for people to follow start to appear. I personally like the guide by

I told this to my friends back in Hong Kong and one of them asked me to get an iPhone for them and unlock it using the OpenSource method.

I was very excited to have the opportunity to try the hack, while at the same time a bit worry that I will create a USD400+ iPhone Brick if the hack fails.

Unfortunately, I was not able to get a clear WiFi signal from the hotel room and none of the Starbucks had free WiFi access and requires the patrons to be T-Mobile customers.

I even attempted to use the WiFi network at the 5th Ave. Apple Store, but the signal was too weak from the street level. I thought setting up my MacBook Pro and a brand new iPhone, to hack the iPhone using Apple's WiFi network was going a bit too far.

So, I had to give up and hope for the best when I return to Hong Kong with the brand new iPhone.

Tonight I got off the plane and as soon as I had unpacked and clean up, I attempted the hack. It was amazing aside from having to change my home WiFi network's channel, I did not have any other problems with the hack.

Within 45 minutes I had an iPhone on the Smartone-Vodafone network. Made a test call and then used the Edge network to connect to the Internet.

As far as I know this is the first published unlock hack of an iPhone in Hong Kong using the pure software (free) method, without reprograming the SIM card or opening up the iPhone itself.

[Update: October 3, 2007] The above described hack was done on a Macintosh, running Mac OS 10.4.10, iTunes 7.4.1, iPhone firmware 1.0.2, iNdependence 1.2.1a and the "iUnlock" application from iPhone Dev Team dated September 12, 2007.

[Update: October 4, 2007] For all those who are trying to get their EDGE connection working, please check out either Ross Barkman's GPRS Info page or ModMyiPhone's "Carrier APN Settings" page for assistance. If the carrier you're trying to connect is not listed on the ModMyiPhone Wiki page, please do your part to add to the list.

[Update: October 4, 2007] I am happy to confirm that I was able to synchronize successfully an unlocked iPhone to iTunes 7.4.2 running on the Macintosh.

[Update: October 5, 2007] All, especially those thinking of switching to Smartone-Vodafone.

I believe that some of the sales people at the stores are now telling customers that the "Internet Browsing Plan" is for 3G Voice Plan customers only. This is based on feedback from others who have spoken to Smartone-Vodafone.

I personally have a 3G Voice Plan from a previous phone, so the question never came up. I will try to confirm this at a store this afternoon.

One other thing is relating to the so called "extra features" that Smartone-Vodafone is offering for extra fees are not worth it. Do not fall into the trap. Also be aware of their "Fair Use" policy to avoid violating any of their policies.

[Update: October 23, 2007] Instead of my readers having to scroll down to the comments below or email me about the following must have knowledge about hacking your iPhone. I will post it here for all:

  • Activate the Voicemail button so that it calls your carrier's Voicemail service. Prior to doing this hack you will need to know the code to dial from your own mobile phone to access your carrier's Voice Mail service.For example, Smartone-Vodafone in Hong Kong, the code is "138" to reach the Voicemail from your OWN mobile phone.

    1. Go to the Phone button;
    2. Click on the Keypad button;
    3. Type the command: *5005*86*XXX#
      • where "XXX" is the access code for your carrier's Voice Mail service. In my example, I will enter "138" in place of the "XXX";
      • if your carrier's Voice Mail service has a number in the format *XXX, then you should enter the command *5005*86+XXX# instead.
    4. Click on the Call button.
  • Determine the firmware version of your iPhone straight out of the box from Apple before any hacking, activation or unlocking.
    1. Go to the Phone button;
    2. Click on the Keypad button;
    3. Type the command: *3001#12345#* to enter the Field Test mode;
    4. Select the Version item

    The following are the definitions of the "Firmware version" values:

    • 1.0.0 firmware has the modem firmware version 03.12.06_G
    • 1.0.1 firmware has the modem firmware version 03.12.08_G
    • 1.0.2 firmware has the modem firmware version 03.14.08_G
    • 1.1.1 firmware has the modem firmware version 04.01.13_G
    • 1.1.2 firmware has the modem firmware version 04.02.13_G
    • 1.1.3 firmware has the modem firmware version 04.03.13_G
    • 1.1.4 firmware has the modem firmware version 04.04.05_G
    • 2.0 firmware has the modem firmware version 04.05.04_G (all 1st generation iPhone stays at this modem firmware)
    • 2.0 firmware has the modem firmware version 01.45.00
    • 2.0.1 firmware has the modem firmware version 01.48.02
    • 2.0.2 firmware has the modem firmware version 02.08.01
    • 2.1 firmware has the modem firmware version 02.11.07
    • 2.2 firmware has the modem firmware version 02.28.00
    • 2.2.1 firmware has the modem firmware version 02.30.03
    • 3.0 firmware has the modem firmware version 04.26.08
    • 3.0.1 firmware has the modem firmware version 04.26.08
    • 3.1 firmware has the modem firmware version 05.11.07
    • 3.1.2 firmware has the modem firmware version 05.11.07

[Update: November 21, 2007] On November 12, the German courts ruled against T-Mobile and issued an injunction preventing T-Mobile from selling Apple iPhones requiring a 2 years contract. The injunction also prevents T-Mobile from selling Apple iPhones with the so called "SIM lock" that prevents users from switching the Apple iPhone to any other carriers.

This evening T-Mobile announced that they will be selling the Apple iPhone for EUR999.00 without a 2 years contract and continues to sell the Apple iPhone for EUR399 with a 2 years contract commitment. In addition T-Mobile will remove the SIM lock for any customers who wishes, including any customers who previously purchased the Apple iPhone from them.

This is all quite interesting. As there is now official "unlocked Apple iPhones" in the market. What will the iPhone hacking community do? Will they stop their continue unlock hack of the iPhone?

Last week the iPhone firmware 1.1.2 had been unlocked for iPhones with firmware 1.0.2 and 1.1.1, but not brand new out-of-the-box iPhones with firmware 1.1.2.

May be the iPhone hacking community can work on jailbreaking future iPhone firmwares and continue allowing unauthorized 3rd party native application on the iPhone. Hold on a sec... Apple will be doing the same in the coming February.

I guess the work and efforts of the iPhone Hacking community had succeeded. With the helps of various courts (first the French and then German), by Spring of 2008 the iPhone with be officially open to all networks and contains sanctioned 3rd party native applications.

This is another example of people power.

[Update: December 1, 2007] Sorry for the late posting of my findings regarding the most appropriate package(s) to subscribe to from Smartine-Vodafone.

After one and a half month of use, I have a fairly good idea whether my original proposed "Internet Browsing" and "2G/3G Data" plans are sufficient to allow for the freedom of using the iPhone, without worrying about the amount may be charged for the privilege.

Although these packages are not unlimited usage plans, they do provide enough data (GPRS/EDGE) allowance to cover the typical use of an iPhone. This includes features like: Mail, Stock application, Weather application, YouTube application, web browsing and various 3rd party applications that require Internet access.

These Smartone-Vodafone plans are: the HKD38.00/month "Internet Browsing" and the HKD118.00/month "2G/3G Data" plans; both these are non-commitment/contract prices.

As explained in my previous posting, for some undisclosed reason, the "Internet Browsing" plan does not cover all data usage on the iPhone, therefore one needs to also subscribe to a "2G/3G Data" plan. Otherwise you will be charged a data charge of HKD0.06/kb.

My test last month had me using 5.5MB of additional data usage aside from my "Internet Browsing" plan allowance. If I did not have a "2G/3G Data" plan I will have to pay an additional HKD330.00. If I had the HKD48.00/month "2G/3G Data" plan (the lowest available), I will still have to pay an extra HKD100.00.

Therefore I found the HKD118.00 "2G/3G Data" plan is the most economical choice, while allowing me to use the iPhone without any worries of being charged an extremely high data usage fee.

I hope these findings will help my fellow iPhone users in Hong Kong.

[Update: November 1, 2008]

I have now confirmed that the Internet Browsing plan; now known as IOM plan, indeed only cover HTTP and the corresponding HTTPS traffic. So any web traffic through Mobile Safari on your iPhone and any applications; whether it is downloaded from the Apple AppStore or unauthorized 3rd party, that uses the HTTP Posts and Gets will be covered in the Internet Browsing plan.

Any POP3 traffic will be outside of the Internet Browsing plan allowance and Smartone-Vodafone has a separate POP3 Email monthly plan for HKD30/month. As a result any IMAP or Exchange Push traffic will be count as regular Data traffic. I think this omission of IMAP and Exchange traffic from the Email monthly plan is the wrong thing to do for Smartone-Vodafone. Why would anyone choose POP3 over IMAP or Exchange email is beyond me. Especially when the iPhone is only one of many devices most users will use to access their emails, and definitely not the primary device. I urge Smartone-Vodafone to listen to its customers and change their Email monthly plan.