| The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. | 
Difference between revisions of "SIM hacks"
| Nvidia2008 (talk | contribs)  (→SIM Hacks for iPhone 3G) | Nvidia2008 (talk | contribs)   (→SIM Hacks for iPhone 3G) | ||
| Line 14: | Line 14: | ||
| At this stage due to complications all SIM Hack testing and discussion is merged into one thread: http://www.hackint0sh.org/forum/showthread.php?p=329221 | At this stage due to complications all SIM Hack testing and discussion is merged into one thread: http://www.hackint0sh.org/forum/showthread.php?p=329221 | ||
| + | (Sorted Alphabetically) | ||
| − | ===StealthSim=== | ||
| − | The most expensive variant of the SIM hacks on sale now. Initial reports on Hackint0sh Forums indicate full 2G and possibly 3G function. However these are new posters with small post counts. More information on this is required. | ||
| − | |||
| − | ===Yessim / Furiousim=== | ||
| − | Conflicting reports on whether this works. Samples have been provided to various users on Hackint0sh Forums. Initial challenges faced because of a RJ45 type connector that is needed to set "Boost Mode". It is recommended that if ordering, the USB "YesUP" or "FuriousUP" cable is used. The company mentions that unfortunately instead of USB cables, RJ45 cables were provided to testers due to a "shipping error". | ||
| ===iPhonix / Juma=== | ===iPhonix / Juma=== | ||
| MacBug.de reports only 2G mode works with this. | MacBug.de reports only 2G mode works with this. | ||
| + | |||
| + | ===RebelSim=== | ||
| + | Claims tested iPhone 3G operation. | ||
| + | |||
| + | ===StealthSim=== | ||
| + | The most expensive variant of the SIM hacks on sale now. Initial reports on Hackint0sh Forums indicate full 2G and possibly 3G function. However these are new posters with small post counts. More information on this is required. | ||
| ===TurboSim=== | ===TurboSim=== | ||
| Indications are that no stable TurboSIM exploit is available at this time. For some providers in Germany there appears to be some success, see [[Unlock iphone-3G with TurboSim|TurboSIM Unlock]]. | Indications are that no stable TurboSIM exploit is available at this time. For some providers in Germany there appears to be some success, see [[Unlock iphone-3G with TurboSim|TurboSIM Unlock]]. | ||
| + | |||
| + | ===Yessim / Furiousim=== | ||
| + | Update: Yessim and a fresh new UK O2 PAYG appears working in very early initial 2G call and SMS testing. Testing has only been done for 2 hours since first try. Overall, conflicting reports on whether this works on various SIMs and networks. Samples have been provided to various users on Hackint0sh Forums. Initial challenges faced because of a RJ45 type connector that is needed to set "Boost Mode". It is recommended that if ordering, the USB "YesUP" or "FuriousUP" cable is used. The company mentions that unfortunately instead of USB cables, RJ45 cables were provided to testers due to a "shipping error". | ||
| ==iPhone 3G SIM Tray Warning== | ==iPhone 3G SIM Tray Warning== | ||
Revision as of 17:49, 1 August 2008
These hacks all require a SIM card passthrough to be used. They typically work by spoofing the MCC/MNC. Some examples include TurboSIM, XSim, SuperSIM, Yessim, Furiousim, StealthSim.
Contents
Old SIM Exploit
This relies on the fact that the IMSI is read twice, once to validate the IMSI and once to connect to the network. So the SIM card spoofs the first IMSI read to trick the device into thinking it is operating on the AT&T network, or whatever network the device is locked to. The second time it allows the IMSI to be read properly from the SIM card, and this IMSI is used for the network login.
A slight variant of this exploit uses a silvercard to program the IMSI and ICCID differently. This variant requires your Ki to be known, which can only be extracted from COMPEMU v1 sim cards.
SIM Hacks for iPhone 3G
Baseband Feedback
Currently it is possible to see some information at the baseband level of how the iPhone 3G baseband "interacts" with the SIM and SIM hack co-device. Investigations are ongoing.
Hackint0sh.Org Policy
At this stage due to complications all SIM Hack testing and discussion is merged into one thread: http://www.hackint0sh.org/forum/showthread.php?p=329221
(Sorted Alphabetically)
iPhonix / Juma
MacBug.de reports only 2G mode works with this.
RebelSim
Claims tested iPhone 3G operation.
StealthSim
The most expensive variant of the SIM hacks on sale now. Initial reports on Hackint0sh Forums indicate full 2G and possibly 3G function. However these are new posters with small post counts. More information on this is required.
TurboSim
Indications are that no stable TurboSIM exploit is available at this time. For some providers in Germany there appears to be some success, see TurboSIM Unlock.
Yessim / Furiousim
Update: Yessim and a fresh new UK O2 PAYG appears working in very early initial 2G call and SMS testing. Testing has only been done for 2 hours since first try. Overall, conflicting reports on whether this works on various SIMs and networks. Samples have been provided to various users on Hackint0sh Forums. Initial challenges faced because of a RJ45 type connector that is needed to set "Boost Mode". It is recommended that if ordering, the USB "YesUP" or "FuriousUP" cable is used. The company mentions that unfortunately instead of USB cables, RJ45 cables were provided to testers due to a "shipping error".
iPhone 3G SIM Tray Warning
The iPhone 3G SIM tray is very very thin. If using SIM hacks (dual sim, etc.) a long thin tape should be attached in a way that you can easily extract the sim tray without relying on the normal tiny SIM ejector button. You have been warned. Should you not apply tape beforehand, you can still eject the simtray with an L-shaped pin and a quick but forceful yank. It sounds scary but it's just plastic, after all.
