How to Unlock 1.1.3 with 3.9BL - GeoHot IPSF Method

I must first start off by saying that you do this at your own risk, I am posting this because the Tutorial will be helpful to anyone trying this method, and can fix all the 0049 IMEI iphones that currently cant be unlocked.

First thing, you should know or check your baseband, i have made a very comprehensive post about what your baseband and bootloader is and how to check them, please do that now if you have not already.

This will ONLY work on bootloader 3.9 iPhones if yours came with 1.1.2, this WILL NOT WORK!!!

Second, I will be starting from scratch, i.e. will be restoring the phone to factory mode (or as close as) for a clean install/upgrade. It is up to you how you want to do this. Before you begin, please sync you iphone, make sure it is charged and downlaod all the needed files, make sure you have enough time and that you read through the tutotrial a few times and if you dont feel comfortable doing this, then maybe you should wait for it to be done easier.

I created a shorter version of this tutorial on hackint0sh.org using iClarified for those who are already Soft-Updated to 1.1.3, and want to simply update the baseband and unlock with the IPSF method - this method cust about 45 mins or more out of the tutorial usually spent restoring/jailbreaking etc..

Below is the Long method - if you want to start from scratch or have 0049 IMEI

Files needed on your PC/Mac

1) ipsftool install pack for 1.1.3 - Download it here.
2) iPhone firmware 1.1.1, 1.1.2, 1.1.3
3) WinSCP (PC) or Fugu (Mac)
4) iBrickr (Pc) or Independence (Mac)
5) iTunes 7.6
6) jailbreak.jar (1.1.2 jailbreak)

Files needed on your iPhone
1) BsdSubsystem
2) OpenSSH
3)Term-vt100

**** Instructions ****

1) Sync your iPhone with iTunes
2) Upgrade your iPhone to 1.1.3 via iTunes
3) Put your Phone into recovery mode (hold power+home for 10 secs, then let go power - screen will be blank and itunes will prompt you to restore - say ok)
4) Hold Shift+click restore and find the 1.1.1 iPhone Firmware you should have downloaded
5) When it's done restoring you will get error 1015 - this is normal
6) Use iBrickr or Independence to boot the iPhone (if in ibrickr the screen turns green or independence cant boot it, in Itunes hold alt/shift+click restore and restore to 1.1.1 again and this time it will boot with Independence or iBrickr
7) Jailbreak 1.1.1. with *#307#, prefs://1F and jailbreakme.com
8) Install oktoprep from Installer
9) Shift/Alt+click UPGRADE to 1.1.2 (not restore - a restore will erase oktoprep)
10) Use jailbreak.jar to jailbreak 1.1.2 (it will reboot a couple times - if it doesn't - itunes 7.6 sometimes interrupts - boot the iphone with ibrickr or independence and let it reboot if it needs to again)
11) 1.1.2 iphone should be jailbreaked, now setup your wifi and make sure autolock is set to NEVER, update installer!!!
12) Install BSDSubsystem on your iPhone
13) In installer on your iPhone install "Official 1.1.3 Soft-Update" from Dev team.
14) Run the Soft-Update from your Springboard (follow instructions - this can take from 30 mins to an hour depending on your internet speed) allow it to complete and reboot the iphone (if it gets stuck on reboot, use independence or ibrickr to reboot it, or hold power and home till the phone turns off)
15) Once completed you should have 1.1.3 Firmware and 1.1.3 baseband
16) Download the ipsf install pack from here
17) Extract the ipsftool-1.1.3-3.9_ONLY_-try5.rar file to your desktop - it should be a folder called ipsftool
18) Install BSDSubsystem, OpenSSH and Term-vt100 on your iphone.
a) you will need to add www.trejan.com/irepo to your sources in installer (if you are on jailbreked 1.1.3 with 04.03.13_G firmware/baseband/modem firmware) and install the "SUID Lib Fix" and "Term-vt100 SUID Fix" fix for 1.1.3 for term-vt100 to work - this is very important - the Termvt-100 password will be alpine - you can't delete in Term-vt100, so make sure you type everything carefully and slowly - if you make a mistake, exit Term-vt100 and re-open it and start over)
19) Now log in with WinSCP or FUGU into your iphone (use your iphone ip address and username: root - password: alpine)
20) Create a folder called "ipsf" in /usr/bin
21) Copy all the files from ipsf tool on your desktop to /usr/bin/ipsf
22) Give ALL the files in the "ipsf" folder 0777 permissions (either in winscp/fugu or terminal)
This is a very important step, most if not all errors of this process will occur if you don't have the right permissions - In WinSCp or Fugu right click the files and give them the right permissions, from terminal you can issue the following commands:

cd /usr/bin/ipsf
chmod 777 *

23) Once you have copied all the files from ipsftool to /usr/bin/ipsf open Term-vt100 on your iphone and issues the following commands.

cd /usr/bin/ipsf
./ipsf.sh

It will start going through allot fo code, please look out for erros and if you have any please search or post them for help.. but once successful, it should go through in about 5-7 mins and reboot after.

24) You should now have 1.1.3 totally unlocked - If your signal is giving trouble, run the Signal.app that should be on your springboard on your iphone. If after running signal.app you have no sound, simply play a song or ringtone to fix. Signal.app is set up to run on every reboot to get you signal, this is because the lockdown for 1.1.3 haes not been fixed to work with the IPSF unlock yet. and will hopefully be fixed soon

25) **** VERY IMPORTANT **** copy the entire "ipsf" dir from iphone somewhere "safe" (aka computer, usb key....), you SHOULD have copy of at file seczone pretty much as long as you will have that iphone

26) you can now sync as usuall and use your iphone, hope this helped and please post any problems, and we will try to fix.


This is all fairly new, and allot of the bugs have not been reported/fixed yet. Good luck and post any problems. I had to run the ipsf twice (i ran it once from 1.1.2 firmware with 1.1.3 baseband and when i softupgraded to 1.1.3 it wasnt working, i ran it again from 1.1.3 and all was fine)

Besides bragging rights there is no real benefit as of yet to upgrade to 1.1.3 with this method, it will be hard to reverse (if you have to, make sure you saved/backed up the ipsf folder from your phone to your PC - you will need the seczone files in there) and this method may be made allot easier soon.