[Updated]Unofficial Review: Superior Sim Ultra + For iPhone 4 Modemfirmware 04.12.09 with Ios 7.0.4 SIM hack
Disclaimer: I am not associated in any way with the manufacturers and/or resellers of the products mentioned here. A lot of technical information has been (overly) simplified to facilitate understanding however I try to keep them as accurate as possible. The Superior device in concern has just began shipping earlier this week, I have had very limited time with it so consider all information as preliminary and expect frequent updates/corrections. Your feedback and inputs are most appreciated, Facebook: https://www.facebook.com/superiorsimultraplus
For much of the last two years time, even the manufacturer of these SIM hack products acknowledge that their product is no longer needed; so it was quite a surprise when Superior Solution announced that they have something that will unlock the iPhone 4 BB 04.12.09 with Ios 7.0.4 . Contrary to conspiracy theories, they withheld onto the product because:
- Initial production cost is high, they risk losing a lot of their investment should the dev team come up with a software unlock that does the same job if not better, before they were able to recover their cost.
- The exploit they used is not without serious problems, hence they were reluctant to produce it until there seems to be no alternatives coming for a while.
- The exploit they used is very simple, provided you have the tools and skill, details to follow...
I have made a mistake earlier by calling it TurboSIM and it is not. @MuscleNerd reminded me of the correct term "SIM interposer", since it sits electrically between the SIM card and baseband hardware to perform a classic.
How did It Work?
SIM card holds many different types of information, but the part most involved with carrier lock is the IMSI number, which is a unique code that corresponds to your account in the mobile carrier's database.
A sample IMSI might look like this
310 150 987654321
The first two segments are known as Mobile Country Code (MCC) and Mobile Network Code (MNC) respectively, and in the example above the IMSI indicate the SIM is from USA (310) AT&T (150).
When the iPhone baseband is loaded into memory, it checks the MCC and MNC against its own network lock state stored in the seczone. If the combination is allowed, the cell radio is activated and vice versa.
The earliest iPhone baseband revisions only check IMSI twice following a restart, therefore it is very easy to spoof information in order to bypass the check. Never theless, the baseband was soon updated to validate SIM more aggressively and the method no longer works.
To guard against eavesdropping that plagued pre-GSM cellular networks, the initial connection to a network does not only involve IMSI, but a 4-byte TMSI to identify each handset before IMSI is sent. The base station recognises the IMSI as one of their users and replies with a nonce
(RAND) to the handset, where is signed with a 128bit key (Ki, stored encrypted on the SIM) and sent back. The network checks the string against their own result using the same RAND and Ki and allows the device to register if the two value matches.
You see, the IMSI is only sent once and never directly involved with authentication; as long as your key is valid, you will be able to get service. This is exactly what the various SIM hacks where a fake IMSI is sent along with the correct key. In our case, the IMSI is invalid but some network proceed to the next step anyway - I will explain this in detail later.
Apparently somebody figured out that while the i4 baseband has been patched to prevent test IMSI from working, it is still possible to force activate the baseband using the emergency dialer.
After that, it is relatively the same trick all over again. Let's see what it does at each step.
You will need to use the SIM tray supplied and file your MicroSIM slightly to accommodate the EEPROM chip.
Installing the Superior Sim Ultra +.
The phone will search for signal, comes up with no service and finally settling on this "one bar" icon. At this stage the sim interposer is passing the parameters from the SIM as is.
Dial 112 and hang up after the call is connected. The emergency call overrides the network lock and activates the cell radio. The network issues a TMSI for your real IMSI.
Note: This Step No Appear Normally This step When I Do When I Not Got Sinals In Bars.
Toggle Airplane mod On/Off. Once the interposer senses Airplane mod, it transiently blocks electrical connection between the phone and the SIM (hence it will show "No SIM card installed")
The signal bars appear, we are safe:-) The network is able to register you again because the TMSI you obtained earlier is still valid, and the IMSI is not checked again.
They Said No Need 112 So why We use ?
This Is no needed normaly I Show Here For If Have Trouble So You Can Do This Step No Issue.
If You Thing This review helps you Please Like my Page In Facebook: